[jboss-cvs] JBossAS SVN: r91252 - in branches/JBPAPP_5_0/profileservice/src: main/org/jboss/profileservice/remoting and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Jul 14 16:57:23 EDT 2009
Author: scott.stark at jboss.org
Date: 2009-07-14 16:57:23 -0400 (Tue, 14 Jul 2009)
New Revision: 91252
Added:
branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/management/upload/remoting/SecurityActions.java
Modified:
branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/management/upload/remoting/AbstractDeployHandler.java
branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/ProfileServiceInvocationHandler.java
branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/ProxyFactory.java
branches/JBPAPP_5_0/profileservice/src/resources/profileservice-jboss-beans.xml
Log:
JBAS-7085, JBAS-7097, Replace ejb3 secured profile service facade with secured remoting proxy
Modified: branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/management/upload/remoting/AbstractDeployHandler.java
===================================================================
--- branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/management/upload/remoting/AbstractDeployHandler.java 2009-07-14 20:32:13 UTC (rev 91251)
+++ branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/management/upload/remoting/AbstractDeployHandler.java 2009-07-14 20:57:23 UTC (rev 91252)
@@ -36,6 +36,7 @@
import org.jboss.deployers.spi.management.deploy.DeploymentManager;
import org.jboss.logging.Logger;
import org.jboss.profileservice.management.client.upload.SerializableDeploymentID;
+import org.jboss.profileservice.remoting.SecurityContainer;
import org.jboss.profileservice.spi.DeploymentRepository;
import org.jboss.profileservice.spi.NoSuchProfileException;
import org.jboss.profileservice.spi.ProfileDeployment;
@@ -45,6 +46,8 @@
import org.jboss.remoting.ServerInvoker;
import org.jboss.remoting.callback.InvokerCallbackHandler;
import org.jboss.remoting.stream.StreamInvocationHandler;
+import org.jboss.security.ISecurityManagement;
+import org.jboss.security.SecurityContext;
import org.jboss.system.server.profileservice.repository.DefaultProfileDeploymentFactory;
import org.jboss.system.server.profileservice.repository.MainDeployerAdapter;
import org.jboss.virtual.VirtualFile;
@@ -66,6 +69,10 @@
/** The deployer. */
private MainDeployerAdapter deployer;
+ /** The profile service security domain name */
+ private String securityDomain = "jmx-console";
+ /** The security management layer to use in the security context setup */
+ private ISecurityManagement securityManagement;
/** The deployment factory */
private static final DefaultProfileDeploymentFactory deploymentFactory = DefaultProfileDeploymentFactory.getInstance();
@@ -101,6 +108,24 @@
return deploymentRepository.getRepositoryNames(names);
}
+ public String getSecurityDomain()
+ {
+ return securityDomain;
+ }
+ public void setSecurityDomain(String securityDomain)
+ {
+ this.securityDomain = securityDomain;
+ }
+
+ public ISecurityManagement getSecurityManagement()
+ {
+ return securityManagement;
+ }
+ public void setSecurityManagement(ISecurityManagement securityManagement)
+ {
+ this.securityManagement = securityManagement;
+ }
+
public void addListener(InvokerCallbackHandler arg0)
{
}
@@ -141,11 +166,16 @@
*/
public Object invoke(InvocationRequest request) throws Throwable
{
+ // Create a security context for the invocation
+ establishSecurityContext(request);
Object parameter = request.getParameter();
+
Object returnValue = null;
if(parameter instanceof Invocation)
{
+ Invocation inv =(Invocation) parameter;
+ SecurityContainer.setInvocation(inv);
returnValue = super.invoke(request);
}
else
@@ -364,4 +394,12 @@
return deploymentFactory.createProfileDeployment(file);
}
+ private void establishSecurityContext(InvocationRequest invocation) throws Exception
+ {
+ SecurityContext newSC = SecurityActions.createAndSetSecurityContext(securityDomain);
+
+ // Set the SecurityManagement on the context
+ SecurityActions.setSecurityManagement(newSC, securityManagement);
+ log.trace("establishSecurityIdentity:SecCtx="+SecurityActions.trace(newSC));
+ }
}
Added: branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/management/upload/remoting/SecurityActions.java
===================================================================
--- branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/management/upload/remoting/SecurityActions.java (rev 0)
+++ branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/management/upload/remoting/SecurityActions.java 2009-07-14 20:57:23 UTC (rev 91252)
@@ -0,0 +1,93 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.profileservice.management.upload.remoting;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import org.jboss.security.ISecurityManagement;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @author Scott.Stark at jboss.org
+ * @version $Revision: 85526 $
+ */
+class SecurityActions
+{
+ static SecurityContext createAndSetSecurityContext(final String domain) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<SecurityContext>()
+ {
+ public SecurityContext run() throws Exception
+ {
+ SecurityContext sc = SecurityContextFactory.createSecurityContext(domain);
+ setSecurityContext(sc);
+ return sc;
+ }}
+ );
+ }
+
+ static void setSecurityContext(final SecurityContext sc)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ SecurityContextAssociation.setSecurityContext(sc);
+ return null;
+ }}
+ );
+ }
+ static void setSecurityManagement(final SecurityContext sc, final ISecurityManagement sm)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ sc.setSecurityManagement(sm);
+ return null;
+ }}
+ );
+ }
+ static String trace(final SecurityContext sc)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.append(" Principal = " + sc.getUtil().getUserPrincipal());
+ sb.append(" Subject:"+sc.getUtil().getSubject());
+ sb.append(" Incoming run as:"+sc.getIncomingRunAs());
+ sb.append(" Outgoing run as:"+sc.getOutgoingRunAs());
+ return sb.toString();
+ }
+ }
+ );
+ }
+}
Modified: branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/ProfileServiceInvocationHandler.java
===================================================================
--- branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/ProfileServiceInvocationHandler.java 2009-07-14 20:32:13 UTC (rev 91251)
+++ branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/ProfileServiceInvocationHandler.java 2009-07-14 20:57:23 UTC (rev 91252)
@@ -49,7 +49,7 @@
/** The DeploymentManager proxy */
private DeploymentManager deployMgrProxy;
/** The profile service security domain name */
- private String securityDomain = "profileservice";
+ private String securityDomain = "jmx-console";
/** The security management layer to use in the security context setup */
private ISecurityManagement securityManagement;
Modified: branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/ProxyFactory.java
===================================================================
--- branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/ProxyFactory.java 2009-07-14 20:32:13 UTC (rev 91251)
+++ branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/ProxyFactory.java 2009-07-14 20:57:23 UTC (rev 91252)
@@ -29,6 +29,7 @@
import org.jboss.aop.Dispatcher;
import org.jboss.aop.advice.Interceptor;
import org.jboss.aop.proxy.Proxy;
+import org.jboss.aop.proxy.container.GeneratedAOPProxyFactory;
import org.jboss.aspects.remoting.InvokeRemoteInterceptor;
import org.jboss.aspects.remoting.MergeMetaDataInterceptor;
import org.jboss.aspects.remoting.Remoting;
@@ -39,6 +40,7 @@
import org.jboss.profileservice.spi.ProfileService;
import org.jboss.remoting.InvokerLocator;
import org.jboss.util.id.GUID;
+import org.jboss.util.naming.NonSerializableFactory;
import org.jboss.util.naming.Util;
/**
@@ -53,6 +55,7 @@
private static final Logger log = Logger.getLogger(ProxyFactory.class);
private String dispatchName = "ProfileService";
private String jndiName = "ProfileService";
+ private String localJndiName = "java:ProfileService";
private String mgtViewJndiName = "java:ManagementView";
private String deployMgrJndiName = "java:DeploymentManager";
private InvokerLocator locator;
@@ -217,6 +220,9 @@
SecurityContainer container = new SecurityContainer(serverProxyInterceptors, ps);
psProxySecure = (ProfileService) java.lang.reflect.Proxy.newProxyInstance(loader, ifaces, container);
+ //
+ NonSerializableFactory.bind(localJndiName, ps);
+
// Create the remote ProfileService proxy using the secured proxy as the target
Dispatcher.singleton.registerTarget(dispatchName, psProxySecure);
// Create a default client proxy interceptor stack
Modified: branches/JBPAPP_5_0/profileservice/src/resources/profileservice-jboss-beans.xml
===================================================================
--- branches/JBPAPP_5_0/profileservice/src/resources/profileservice-jboss-beans.xml 2009-07-14 20:32:13 UTC (rev 91251)
+++ branches/JBPAPP_5_0/profileservice/src/resources/profileservice-jboss-beans.xml 2009-07-14 20:57:23 UTC (rev 91252)
@@ -44,7 +44,7 @@
</uninstall>
<property name="managementViewProxy"><inject bean="ProfileServiceProxyFactory" property="managementViewProxy"/></property>
<property name="deployMgrProxy"><inject bean="ProfileServiceProxyFactory" property="deployMgrProxy"/></property>
- <property name="securityDomain">profileservice</property>
+ <property name="securityDomain">jmx-console</property>
<property name="securityManagement"><inject bean="JNDIBasedSecurityManagement"/></property>
</bean>
@@ -63,6 +63,8 @@
<property name="deployer"><inject bean="ProfileServiceDeployer"/></property>
<property name="profileService"><inject bean="ProfileService"/></property>
<property name="profileRepository"><inject bean="ProfileRepositoryFactory" /></property>
+ <property name="securityDomain">jmx-console</property>
+ <property name="securityManagement"><inject bean="JNDIBasedSecurityManagement"/></property>
<depends>TransientDeploymentsProfileManager</depends>
</bean>
More information about the jboss-cvs-commits
mailing list