[jboss-cvs] JBossAS SVN: r85382 - in branches/Branch_5_x: profileservice and 7 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Mar 6 02:39:43 EST 2009
Author: scott.stark at jboss.org
Date: 2009-03-06 02:39:43 -0500 (Fri, 06 Mar 2009)
New Revision: 85382
Added:
branches/Branch_5_x/profileservice/src/main/org/jboss/profileservice/ejb/
branches/Branch_5_x/profileservice/src/main/org/jboss/profileservice/ejb/SecureDeploymentManager.java
branches/Branch_5_x/profileservice/src/main/org/jboss/profileservice/ejb/SecureManagementView.java
branches/Branch_5_x/profileservice/src/main/org/jboss/profileservice/ejb/SecureProfileServiceBean.java
branches/Branch_5_x/profileservice/src/resources/ejb-jar.xml
branches/Branch_5_x/profileservice/src/resources/profileservice-roles.properties
branches/Branch_5_x/profileservice/src/resources/profileservice-users.properties
branches/Branch_5_x/testsuite/src/main/org/jboss/test/profileservice/testsecure/
branches/Branch_5_x/testsuite/src/main/org/jboss/test/profileservice/testsecure/ProfileServiceUnitTestCase.java
Modified:
branches/Branch_5_x/build/build-distr.xml
branches/Branch_5_x/profileservice/.classpath
branches/Branch_5_x/profileservice/build.xml
branches/Branch_5_x/profileservice/src/resources/profileservice-jboss-beans.xml
branches/Branch_5_x/testsuite/build.xml
branches/Branch_5_x/testsuite/imports/sections/profileservice.xml
Log:
JBAS-6137, add secured facades for ProfileService
Modified: branches/Branch_5_x/build/build-distr.xml
===================================================================
--- branches/Branch_5_x/build/build-distr.xml 2009-03-06 07:32:01 UTC (rev 85381)
+++ branches/Branch_5_x/build/build-distr.xml 2009-03-06 07:39:43 UTC (rev 85382)
@@ -1864,14 +1864,20 @@
<!-- The profileservice module output -->
<copy todir="${install.all.lib}" filtering="no">
- <fileset dir="${_module.output}/lib" includes="*.jar"/>
+ <fileset dir="${_module.output}/lib" includes="jboss-profileservice.jar"/>
</copy>
<!-- Copy the profileservice hdscanner bean to deploy -->
<copy todir="${install.server}/all/deploy/"
file="${_module.output}/resources/hdscanner-jboss-beans.xml" />
- <!-- Copy the profileservice beans to an optional file -->
+ <!-- Copy the profileservice beans to deploy -->
<copy todir="${install.server}/all/deploy/"
file="${_module.output}/resources/profileservice-jboss-beans.xml" />
+ <!-- Copy the profileservice secured ejb facade to deploy -->
+ <unzip dest="${install.server}/all/deploy/profileservice-secured.jar">
+ <fileset dir="${_module.output}/lib">
+ <include name="profileservice-secured.jar"/>
+ </fileset>
+ </unzip>
</target>
<!-- ============ -->
Modified: branches/Branch_5_x/profileservice/.classpath
===================================================================
--- branches/Branch_5_x/profileservice/.classpath 2009-03-06 07:32:01 UTC (rev 85381)
+++ branches/Branch_5_x/profileservice/.classpath 2009-03-06 07:39:43 UTC (rev 85382)
@@ -19,5 +19,6 @@
<classpathentry kind="lib" path="/thirdparty/jboss/jboss-security-spi/lib/jboss-security-spi.jar" sourcepath="/thirdparty/jboss/jboss-security-spi/lib/jboss-security-spi-sources.jar"/>
<classpathentry kind="lib" path="/thirdparty/jboss/microcontainer/lib/jboss-kernel.jar" sourcepath="/thirdparty/jboss/microcontainer/lib/jboss-kernel-sources.jar"/>
<classpathentry kind="lib" path="/thirdparty/jboss/microcontainer/lib/jboss-dependency.jar" sourcepath="/thirdparty/jboss/microcontainer/lib/jboss-dependency-sources.jar"/>
+ <classpathentry kind="lib" path="/thirdparty/jboss/jboss-ejb3-ext-api/lib/jboss-ejb3-ext-api.jar" sourcepath="/thirdparty/jboss/jboss-ejb3-ext-api/lib/jboss-ejb3-ext-api-sources.jar"/>
<classpathentry kind="output" path="output/eclipse-classes"/>
</classpath>
Modified: branches/Branch_5_x/profileservice/build.xml
===================================================================
--- branches/Branch_5_x/profileservice/build.xml 2009-03-06 07:32:01 UTC (rev 85381)
+++ branches/Branch_5_x/profileservice/build.xml 2009-03-06 07:39:43 UTC (rev 85382)
@@ -88,6 +88,8 @@
<path refid="org.jboss.aspects.classpath"/>
<path refid="jboss.systemjmx.classpath"/>
<path refid="jboss.j2se.classpath"/>
+ <path refid="jboss.jboss.ejb3.ext.api.classpath"/>
+ <path refid="jboss.jboss.javaee.classpath"/>
</path>
<!-- The combined dependant module classpath -->
@@ -147,6 +149,16 @@
</fileset>
</jar>
+ <!-- secured ManagementView jar -->
+ <jar destfile="${build.lib}/profileservice-secured.jar">
+ <metainf dir="${build.resources}">
+ <include name="ejb-jar.xml" />
+ </metainf>
+ <fileset dir="${build.resources}">
+ <include name="profileservice-users.properties"/>
+ <include name="profileservice-roles.properties"/>
+ </fileset>
+ </jar>
</target>
</project>
Added: branches/Branch_5_x/profileservice/src/main/org/jboss/profileservice/ejb/SecureDeploymentManager.java
===================================================================
--- branches/Branch_5_x/profileservice/src/main/org/jboss/profileservice/ejb/SecureDeploymentManager.java (rev 0)
+++ branches/Branch_5_x/profileservice/src/main/org/jboss/profileservice/ejb/SecureDeploymentManager.java 2009-03-06 07:39:43 UTC (rev 85382)
@@ -0,0 +1,127 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.profileservice.ejb;
+
+import java.net.URL;
+
+import javax.annotation.PostConstruct;
+import javax.annotation.PreDestroy;
+import javax.annotation.Resource;
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Remote;
+import javax.ejb.Stateless;
+
+import org.jboss.deployers.spi.management.ManagementView;
+import org.jboss.deployers.spi.management.deploy.DeploymentManager;
+import org.jboss.deployers.spi.management.deploy.DeploymentProgress;
+import org.jboss.ejb3.annotation.SecurityDomain;
+import org.jboss.logging.Logger;
+import org.jboss.managed.api.ManagedDeployment.DeploymentPhase;
+import org.jboss.profileservice.spi.ProfileKey;
+import org.jboss.profileservice.spi.ProfileService;
+
+/**
+ * A secured ejb facade over the DeploymentManager interface
+ * @author Scott.Stark at jboss.org
+ * @version $Revision:$
+ */
+ at Stateless(name="SecureDeploymentManager")
+ at SecurityDomain(value="profileservice", unauthenticatedPrincipal="nobody")
+ at Remote(DeploymentManager.class)
+ at RolesAllowed({"Administrator"})
+public class SecureDeploymentManager implements DeploymentManager
+{
+ static Logger log = Logger.getLogger(SecureManagementView.class);
+
+ /** The local ProfileService to obtain the DeploymentManager delegate from */
+ @Resource(mappedName="ProfileService")
+ private ProfileService profileService;
+ private DeploymentManager delegate;
+
+ @PostConstruct
+ public void postConstruct()
+ {
+ log.debug("Looking up ProfileService.DeploymentManager");
+ delegate = profileService.getDeploymentManager();
+ }
+ @PreDestroy
+ public void preDestroy()
+ {
+ delegate = null;
+ }
+ public DeploymentProgress distribute(String name, DeploymentPhase phase,
+ URL contentURL, boolean copyContent) throws Exception
+ {
+ return delegate.distribute(name, phase, contentURL, copyContent);
+ }
+ public DeploymentProgress distribute(String name, DeploymentPhase phase,
+ URL contentURL) throws Exception
+ {
+ return delegate.distribute(name, phase, contentURL);
+ }
+ public String[] getRepositoryNames(String[] names, DeploymentPhase phase)
+ throws Exception
+ {
+ return delegate.getRepositoryNames(names, phase);
+ }
+ public boolean isRedeploySupported()
+ {
+ return delegate.isRedeploySupported();
+ }
+ public void loadProfile(ProfileKey key, boolean allowHotDeployments)
+ throws Exception
+ {
+ delegate.loadProfile(key, allowHotDeployments);
+ }
+ public DeploymentProgress prepare(DeploymentPhase phase, String... names)
+ throws Exception
+ {
+ return delegate.prepare(phase, names);
+ }
+ public DeploymentProgress redeploy(String name, DeploymentPhase phase,
+ URL contentURL) throws Exception
+ {
+ return delegate.redeploy(name, phase, contentURL);
+ }
+ public void releaseProfile(ProfileKey key, boolean allowHotDeployments)
+ throws Exception
+ {
+ delegate.releaseProfile(key, allowHotDeployments);
+ }
+ public DeploymentProgress start(DeploymentPhase phase, String... names)
+ throws Exception
+ {
+ return delegate.start(phase, names);
+ }
+ public DeploymentProgress stop(DeploymentPhase phase, String... names)
+ throws Exception
+ {
+ return delegate.stop(phase, names);
+ }
+ public DeploymentProgress undeploy(DeploymentPhase phase, String... names)
+ throws Exception
+ {
+ return delegate.undeploy(phase, names);
+ }
+
+
+}
Property changes on: branches/Branch_5_x/profileservice/src/main/org/jboss/profileservice/ejb/SecureDeploymentManager.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Added: branches/Branch_5_x/profileservice/src/main/org/jboss/profileservice/ejb/SecureManagementView.java
===================================================================
--- branches/Branch_5_x/profileservice/src/main/org/jboss/profileservice/ejb/SecureManagementView.java (rev 0)
+++ branches/Branch_5_x/profileservice/src/main/org/jboss/profileservice/ejb/SecureManagementView.java 2009-03-06 07:39:43 UTC (rev 85382)
@@ -0,0 +1,173 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.profileservice.ejb;
+
+import java.util.Set;
+
+import javax.annotation.PostConstruct;
+import javax.annotation.PreDestroy;
+import javax.annotation.Resource;
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Remote;
+import javax.ejb.Stateless;
+
+import org.jboss.deployers.spi.management.ManagementView;
+import org.jboss.ejb3.annotation.SecurityDomain;
+import org.jboss.deployers.spi.management.NameMatcher;
+import org.jboss.logging.Logger;
+import org.jboss.managed.api.ComponentType;
+import org.jboss.managed.api.DeploymentTemplateInfo;
+import org.jboss.managed.api.ManagedComponent;
+import org.jboss.managed.api.ManagedDeployment;
+import org.jboss.managed.api.ManagedDeployment.DeploymentPhase;
+import org.jboss.profileservice.spi.NoSuchDeploymentException;
+import org.jboss.profileservice.spi.ProfileKey;
+import org.jboss.profileservice.spi.ProfileService;
+
+/**
+ * A secured ejb facade over the ManagementView interface
+ * @author Scott.Stark at jboss.org
+ * @version $Revision:$
+ */
+ at Stateless
+ at SecurityDomain(value="profileservice", unauthenticatedPrincipal="nobody")
+ at Remote(ManagementView.class)
+ at RolesAllowed({"Administrator"})
+public class SecureManagementView implements ManagementView
+{
+ static Logger log = Logger.getLogger(SecureManagementView.class);
+
+ /** The local ProfileService to obtain the ManagementView delegate from */
+ @Resource(mappedName="ProfileService")
+ private ProfileService profileService;
+ private ManagementView delegate;
+
+ @PostConstruct
+ public void postConstruct()
+ {
+ log.debug("Looking up ProfileService.ManagementView");
+ delegate = profileService.getViewManager();
+ }
+ @PreDestroy
+ public void preDestroy()
+ {
+ delegate = null;
+ }
+
+ public void applyTemplate(DeploymentPhase phase, String deploymentBaseName,
+ DeploymentTemplateInfo info) throws Exception
+ {
+ delegate.applyTemplate(phase, deploymentBaseName, info);
+ }
+
+ public ManagedComponent getComponent(String name, ComponentType type)
+ throws Exception
+ {
+ return delegate.getComponent(name, type);
+ }
+
+ public Set<ManagedComponent> getComponentsForType(ComponentType type)
+ throws Exception
+ {
+ return delegate.getComponentsForType(type);
+ }
+
+ public ManagedDeployment getDeployment(String name, DeploymentPhase phase)
+ throws NoSuchDeploymentException, Exception
+ {
+ return delegate.getDeployment(name, phase);
+ }
+
+ public Set<String> getDeploymentNames()
+ {
+ return delegate.getDeploymentNames();
+ }
+
+ public Set<String> getDeploymentNamesForType(String type)
+ {
+ return delegate.getDeploymentNamesForType(type);
+ }
+
+ public Set<ManagedDeployment> getDeploymentsForType(String type)
+ throws Exception
+ {
+ return delegate.getDeploymentsForType(type);
+ }
+
+ public Set<ManagedComponent> getMatchingComponents(String name,
+ ComponentType type, NameMatcher<ManagedComponent> matcher)
+ throws Exception
+ {
+ return delegate.getMatchingComponents(name, type, matcher);
+ }
+
+ public Set<String> getMatchingDeploymentName(String regex)
+ throws NoSuchDeploymentException
+ {
+ return delegate.getMatchingDeploymentName(regex);
+ }
+
+ public Set<ManagedDeployment> getMatchingDeployments(String name,
+ NameMatcher<ManagedDeployment> matcher)
+ throws NoSuchDeploymentException, Exception
+ {
+ return delegate.getMatchingDeployments(name, matcher);
+ }
+
+ public DeploymentTemplateInfo getTemplate(String name)
+ throws NoSuchDeploymentException
+ {
+ return delegate.getTemplate(name);
+ }
+
+ public Set<String> getTemplateNames()
+ {
+ return delegate.getTemplateNames();
+ }
+
+ public void loadProfile(ProfileKey key) throws Exception
+ {
+ delegate.loadProfile(key);
+ }
+
+ public void process() throws Exception
+ {
+ delegate.process();
+ }
+
+ public void reloadProfile() throws Exception
+ {
+ delegate.reloadProfile();
+ }
+
+ public void removeDeployment(String deploymentName, DeploymentPhase phase)
+ throws NoSuchDeploymentException, Exception
+ {
+ delegate.removeDeployment(deploymentName, phase);
+ }
+
+ public void updateComponent(ManagedComponent comp) throws Exception
+ {
+ delegate.updateComponent(comp);
+ }
+
+}
Property changes on: branches/Branch_5_x/profileservice/src/main/org/jboss/profileservice/ejb/SecureManagementView.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Added: branches/Branch_5_x/profileservice/src/main/org/jboss/profileservice/ejb/SecureProfileServiceBean.java
===================================================================
--- branches/Branch_5_x/profileservice/src/main/org/jboss/profileservice/ejb/SecureProfileServiceBean.java (rev 0)
+++ branches/Branch_5_x/profileservice/src/main/org/jboss/profileservice/ejb/SecureProfileServiceBean.java 2009-03-06 07:39:43 UTC (rev 85382)
@@ -0,0 +1,93 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.profileservice.ejb;
+
+import java.util.Collection;
+
+import javax.annotation.Resource;
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.EJB;
+import javax.ejb.Remote;
+import javax.ejb.Stateless;
+
+import org.jboss.deployers.spi.management.ManagementView;
+import org.jboss.deployers.spi.management.deploy.DeploymentManager;
+import org.jboss.ejb3.annotation.RemoteBinding;
+import org.jboss.ejb3.annotation.SecurityDomain;
+import org.jboss.profileservice.spi.NoSuchProfileException;
+import org.jboss.profileservice.spi.Profile;
+import org.jboss.profileservice.spi.ProfileKey;
+import org.jboss.profileservice.spi.ProfileService;
+
+/**
+ * A secured ejb facade over the ProfileService interface
+ * @author Scott.Stark at jboss.org
+ * @version $Revision:$
+ */
+ at Stateless(name="SecureProfileService")
+ at SecurityDomain(value="profileservice", unauthenticatedPrincipal="nobody")
+ at Remote(ProfileService.class)
+ at RolesAllowed({"Administrator"})
+public class SecureProfileServiceBean implements ProfileService
+{
+ @Resource(mappedName="ProfileService")
+ private ProfileService delegate;
+ @EJB(beanName="SecureManagementView") ManagementView mgtView;
+
+ public Profile getActiveProfile() throws NoSuchProfileException
+ {
+ return delegate.getActiveProfile();
+ }
+ public DeploymentManager getDeploymentManager()
+ {
+ return delegate.getDeploymentManager();
+ }
+ public String[] getDomains()
+ {
+ return delegate.getDomains();
+ }
+ public Profile getProfile(ProfileKey key) throws NoSuchProfileException
+ {
+ return delegate.getProfile(key);
+ }
+ public String[] getProfileDeploymentNames(ProfileKey key)
+ throws NoSuchProfileException
+ {
+ return delegate.getProfileDeploymentNames(key);
+ }
+ public Collection<ProfileKey> getProfileKeys()
+ {
+ return delegate.getProfileKeys();
+ }
+ public ManagementView getViewManager()
+ {
+ return mgtView;
+ }
+ public Profile newProfile(ProfileKey key) throws Exception
+ {
+ return delegate.newProfile(key);
+ }
+ public void removeProfile(ProfileKey key) throws Exception
+ {
+ delegate.removeProfile(key);
+ }
+}
Property changes on: branches/Branch_5_x/profileservice/src/main/org/jboss/profileservice/ejb/SecureProfileServiceBean.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Added: branches/Branch_5_x/profileservice/src/resources/ejb-jar.xml
===================================================================
--- branches/Branch_5_x/profileservice/src/resources/ejb-jar.xml (rev 0)
+++ branches/Branch_5_x/profileservice/src/resources/ejb-jar.xml 2009-03-06 07:39:43 UTC (rev 85382)
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ejb-jar
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd"
+ version="3.0">
+ <display-name>Secured ManagementView</display-name>
+ <enterprise-beans>
+ <session>
+ <ejb-name>SecureProfileService</ejb-name>
+ <ejb-class>org.jboss.profileservice.ejb.SecureProfileServiceBean</ejb-class>
+ <session-type>Stateless</session-type>
+ <resource-ref>
+ <res-ref-name>profileService</res-ref-name>
+ <res-type>org.jboss.profileservice.spi.ProfileService</res-type>
+ <mapped-name>ProfileService</mapped-name>
+ <injection-target>
+ <injection-target-class>org.jboss.profileservice.ejb.SecureProfileServiceBean</injection-target-class>
+ <injection-target-name>delegate</injection-target-name>
+ </injection-target>
+ </resource-ref>
+ </session>
+ <session>
+ <ejb-name>SecureManagementView</ejb-name>
+ <ejb-class>org.jboss.profileservice.ejb.SecureManagementView</ejb-class>
+ <session-type>Stateless</session-type>
+ <resource-ref>
+ <res-ref-name>profileService</res-ref-name>
+ <res-type>org.jboss.profileservice.spi.ProfileService</res-type>
+ <mapped-name>ProfileService</mapped-name>
+ <injection-target>
+ <injection-target-class>org.jboss.profileservice.ejb.SecureManagementView</injection-target-class>
+ <injection-target-name>profileService</injection-target-name>
+ </injection-target>
+ </resource-ref>
+ </session>
+ <session>
+ <ejb-name>SecureDeploymentManager</ejb-name>
+ <ejb-class>org.jboss.profileservice.ejb.SecureDeploymentManager</ejb-class>
+ <session-type>Stateless</session-type>
+ <resource-ref>
+ <res-ref-name>profileService</res-ref-name>
+ <res-type>org.jboss.profileservice.spi.ProfileService</res-type>
+ <mapped-name>ProfileService</mapped-name>
+ <injection-target>
+ <injection-target-class>org.jboss.profileservice.ejb.SecureDeploymentManager</injection-target-class>
+ <injection-target-name>profileService</injection-target-name>
+ </injection-target>
+ </resource-ref>
+ </session>
+ </enterprise-beans>
+</ejb-jar>
Modified: branches/Branch_5_x/profileservice/src/resources/profileservice-jboss-beans.xml
===================================================================
--- branches/Branch_5_x/profileservice/src/resources/profileservice-jboss-beans.xml 2009-03-06 07:32:01 UTC (rev 85381)
+++ branches/Branch_5_x/profileservice/src/resources/profileservice-jboss-beans.xml 2009-03-06 07:39:43 UTC (rev 85382)
@@ -10,44 +10,17 @@
-->
<deployment xmlns="urn:jboss:bean-deployer:2.0">
- <bean name="ProfileServiceAuthenticationManager" class="org.jboss.security.AuthenticationManager">
- <constructor factoryMethod="getAuthenticationManager">
- <factory bean="JNDIBasedSecurityManagement"/>
- <parameter>profileservice</parameter>
- </constructor>
- </bean>
- <bean name="ProfileServiceAuthorizationManager" class="org.jboss.security.AuthorizationManager">
- <constructor factoryMethod="getAuthorizationManager">
- <factory bean="JNDIBasedSecurityManagement"/>
- <parameter>profileservice</parameter>
- </constructor>
- </bean>
-
- <interceptor xmlns="urn:jboss:aop-beans:1.0" class="org.jboss.aspects.security.AuthenticationInterceptor">
- <constructor>
- <parameter><inject bean="ProfileServiceAuthenticationManager"/></parameter>
- </constructor>
- </interceptor>
- <!-- TODO: the second param is a RealmMapping interface, but the
- JNDIBasedSecurityManagement.getAuthorizationManager returns an AuthorizationManager.
- The RoleBasedAuthorizationInterceptor should be updated to accept an
- AuthorizationManager. This only works because the AuthorizationManager
- still implements RealmMapping.
- -->
- <interceptor xmlns="urn:jboss:aop-beans:1.0" class="org.jboss.aspects.security.RoleBasedAuthorizationInterceptor">
- <constructor>
- <parameter><inject bean="ProfileServiceAuthenticationManager"/></parameter>
- <parameter><inject bean="ProfileServiceAuthorizationManager"/></parameter>
- </constructor>
- </interceptor>
+ <!-- profileservice secureview application-policy definition -->
+ <application-policy xmlns="urn:jboss:security-beans:1.0" name="profileservice">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
+ <module-option name="unauthenticatedIdentity">nouser</module-option>
+ <module-option name="usersProperties">profileservice-users.properties</module-option>
+ <module-option name="rolesProperties">profileservice-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
-<!-- Uncomment to require secure access
- <bind xmlns="urn:jboss:aop-beans:1.0" pointcut="execution(* $instanceof{org.jboss.deployers.spi.management.ManagementView}->$implements{org.jboss.deployers.spi.management.ManagementView}(..))">
- <interceptor-ref name="org.jboss.aspects.security.AuthenticationInterceptor"/>
- <interceptor-ref name="org.jboss.aspects.security.RoleBasedAuthorizationInterceptor"/>
- </bind>
--->
-
<bean name="ConnectorMBean">
<constructor factoryClass="org.jboss.mx.util.MBeanTyper" factoryMethod="typeMBean">
<parameter><inject bean="JMXKernel" property="mbeanServer"/></parameter>
@@ -142,6 +115,11 @@
<property name="remotingSubsystem">DeploymentManager</property>
</bean>
+ <!-- To remove the unsecure proxy binding, change the jndiName property to
+ a local binding like java:ProfileService and update the
+ deploy/profileservice-secured.jar ejb-jar.xml profileService
+ resource-ref/mapped-name.
+ -->
<bean name="ProfileServiceProxyFactory" class="org.jboss.profileservice.remoting.ProxyFactory">
<property name="dispatchName">ProfileService</property>
<property name="jndiName">ProfileService</property>
Added: branches/Branch_5_x/profileservice/src/resources/profileservice-roles.properties
===================================================================
--- branches/Branch_5_x/profileservice/src/resources/profileservice-roles.properties (rev 0)
+++ branches/Branch_5_x/profileservice/src/resources/profileservice-roles.properties 2009-03-06 07:39:43 UTC (rev 85382)
@@ -0,0 +1,2 @@
+jduke=User
+javaduke=Administrator
\ No newline at end of file
Added: branches/Branch_5_x/profileservice/src/resources/profileservice-users.properties
===================================================================
--- branches/Branch_5_x/profileservice/src/resources/profileservice-users.properties (rev 0)
+++ branches/Branch_5_x/profileservice/src/resources/profileservice-users.properties 2009-03-06 07:39:43 UTC (rev 85382)
@@ -0,0 +1,2 @@
+jduke=theduke
+javaduke=anotherduke
Modified: branches/Branch_5_x/testsuite/build.xml
===================================================================
--- branches/Branch_5_x/testsuite/build.xml 2009-03-06 07:32:01 UTC (rev 85381)
+++ branches/Branch_5_x/testsuite/build.xml 2009-03-06 07:39:43 UTC (rev 85382)
@@ -765,6 +765,7 @@
<include name="**/test/perf/test/SecurePerfStressTestCase.class"/>
<include name="**/test/timer/test/SecureTimerUnitTestCase.class"/>
<include name="**/test/security/test/client/*UnitTestCase.class"/>
+ <include name="**/test/profileservice/testsecure/*UnitTestCase.class"/>
</patternset>
<patternset id="security.excludes">
<exclude name="**/test/naming/test/Security*"/>
@@ -780,6 +781,7 @@
<exclude name="**/test/timer/test/SecureTimerUnitTestCase.class"/>
<exclude name="**/test/web/security/authorization/XACMLWeb*.class"/>
<exclude name="**/test/security/test/client/*UnitTestCase.class"/>
+ <exclude name="**/test/profileservice/testsecure/*UnitTestCase.class"/>
</patternset>
<!-- A patternset that requires jboss to run with a security manager -->
<patternset id="securitymgr.includes">
Modified: branches/Branch_5_x/testsuite/imports/sections/profileservice.xml
===================================================================
--- branches/Branch_5_x/testsuite/imports/sections/profileservice.xml 2009-03-06 07:32:01 UTC (rev 85381)
+++ branches/Branch_5_x/testsuite/imports/sections/profileservice.xml 2009-03-06 07:39:43 UTC (rev 85382)
@@ -76,5 +76,6 @@
</fileset>
</jar>
+
</target>
</project>
Added: branches/Branch_5_x/testsuite/src/main/org/jboss/test/profileservice/testsecure/ProfileServiceUnitTestCase.java
===================================================================
--- branches/Branch_5_x/testsuite/src/main/org/jboss/test/profileservice/testsecure/ProfileServiceUnitTestCase.java (rev 0)
+++ branches/Branch_5_x/testsuite/src/main/org/jboss/test/profileservice/testsecure/ProfileServiceUnitTestCase.java 2009-03-06 07:39:43 UTC (rev 85382)
@@ -0,0 +1,243 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.profileservice.testsecure;
+
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import javax.naming.InitialContext;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.jboss.deployers.spi.management.ManagementView;
+import org.jboss.managed.api.ComponentType;
+import org.jboss.managed.api.ManagedComponent;
+import org.jboss.managed.api.ManagedProperty;
+import org.jboss.metatype.api.types.GenericMetaType;
+import org.jboss.metatype.api.types.MetaType;
+import org.jboss.metatype.api.values.MetaValue;
+import org.jboss.profileservice.spi.ProfileKey;
+import org.jboss.profileservice.spi.ProfileService;
+import org.jboss.test.profileservice.test.AbstractProfileServiceTest;
+import org.jboss.test.util.AppCallbackHandler;
+
+/** Basic tests of using ProfileService via secured ejb facades
+
+ @author Scott.Stark at jboss.org
+ @version $Revision$
+ */
+public class ProfileServiceUnitTestCase extends AbstractProfileServiceTest
+{
+ private LoginContext loginContext;
+
+ /**
+ * We need to define the order in which tests runs
+ * @return
+ * @throws Exception
+ */
+ public static Test suite() throws Exception
+ {
+ TestSuite suite = new TestSuite(ProfileServiceUnitTestCase.class);
+
+ return suite;
+ }
+
+ public ProfileServiceUnitTestCase(String name)
+ {
+ super(name);
+ // set the login config file if it hasn't been set yet.
+ if (System.getProperty("java.security.auth.login.config") == null)
+ System.setProperty("java.security.auth.login.config", "output/resources/security/auth.conf");
+ }
+
+ /**
+ * Basic test of accessing the ProfileService and checking the
+ * available profile keys.
+ */
+ public void testNonAdminProfileKeys()
+ throws Exception
+ {
+ login("jduke", "theduke".toCharArray());
+ ProfileService ps = getProfileService();
+ try
+ {
+ Collection<ProfileKey> keys = ps.getProfileKeys();
+ fail("jduke was able to invoke getProfileKeys, keys: "+keys);
+ }
+ catch(Exception e)
+ {
+ log.info("jduke calling getProfileKeys failed as expected, "+e.getMessage());
+ }
+ finally
+ {
+ logout();
+ }
+ }
+
+ /**
+ * Basic test of accessing the ProfileService and checking the
+ * available profile keys.
+ */
+ public void testProfileKeys()
+ throws Exception
+ {
+ login("javaduke", "anotherduke".toCharArray());
+ ProfileService ps = getProfileService();
+ Collection<ProfileKey> keys = ps.getProfileKeys();
+ log.info("getProfileKeys: "+keys);
+ ProfileKey defaultKey = new ProfileKey("default");
+ assertTrue("keys contains default", keys.contains(defaultKey));
+ logout();
+ }
+
+
+ /**
+ * Try to
+ * @throws Exception
+ */
+ public void testNonAdminDefaultDSComponentCount()
+ throws Exception
+ {
+ login("jduke", "theduke".toCharArray());
+ ManagementView mgtView = getManagementView();
+ ComponentType type = new ComponentType("DataSource", "LocalTx");
+ try
+ {
+ Set<ManagedComponent> comps = mgtView.getComponentsForType(type);
+ fail("jduke was able to invoke getComponentsForType");
+ }
+ catch(Exception e)
+ {
+ log.info("jduke calling getComponentsForType failed as expected, "+e.getMessage());
+ }
+ finally
+ {
+ logout();
+ }
+ }
+
+ /**
+ * Validate that there is only 1 DefaultDS ManagedComponent
+ * @throws Exception
+ */
+ public void testDefaultDSComponentCount()
+ throws Exception
+ {
+ login("javaduke", "anotherduke".toCharArray());
+ ManagementView mgtView = getManagementView();
+ ComponentType type = new ComponentType("DataSource", "LocalTx");
+ Set<ManagedComponent> comps = mgtView.getComponentsForType(type);
+ int count = 0;
+ for (ManagedComponent comp : comps)
+ {
+ String cname = comp.getName();
+ if( cname.endsWith("DefaultDS") )
+ {
+ count ++;
+ }
+ }
+ assertEquals("There is 1 DefaultDS ManagedComponent", 1, 1);
+ logout();
+ }
+
+
+ // Private and protected
+
+ @Override
+ protected String getProfileName()
+ {
+ return "profileservice";
+ }
+
+ protected ProfileService getProfileService()
+ throws Exception
+ {
+ InitialContext ctx = super.getInitialContext();
+ ProfileService ps = (ProfileService) ctx.lookup("SecureProfileService/remote");
+ return ps;
+ }
+ @Override
+ protected ManagementView getManagementView()
+ throws Exception
+ {
+ InitialContext ctx = super.getInitialContext();
+ ManagementView mgtView = (ManagementView) ctx.lookup("SecureManagementView/remote");
+ return mgtView;
+ }
+
+ /**
+ * Authenticates the client identified by the given {@code username} using the specified {@code password}.
+ *
+ * @param username identifies the client that is being logged in.
+ * @param password the password that asserts the client's identity.
+ * @throws LoginException if an error occurs while authenticating the client.
+ */
+ protected void login(String username, char[] password) throws LoginException
+ {
+ // get the conf name from a system property - default is profileservice.
+ String confName = System.getProperty("conf.name", "profileservice");
+ AppCallbackHandler handler = new AppCallbackHandler(username, password);
+ this.loginContext = new LoginContext(confName, handler);
+ this.loginContext.login();
+ }
+
+ /**
+ * Perform a logout of the current user.
+ *
+ * @throws LoginException if an error occurs while logging the user out.
+ */
+ protected void logout() throws LoginException
+ {
+ this.loginContext.logout();
+ }
+
+ protected void validatePropertyMetaValues(Map<String, ManagedProperty> props)
+ {
+ HashMap<String, Object> invalidValues = new HashMap<String, Object>();
+ HashMap<String, Object> nullValues = new HashMap<String, Object>();
+ for(ManagedProperty prop : props.values())
+ {
+ Object value = prop.getValue();
+ if((value instanceof MetaValue) == false)
+ {
+ if(value == null)
+ nullValues.put(prop.getName(), value);
+ else
+ invalidValues.put(prop.getName(), value);
+ }
+ }
+ log.info("Propertys with null values: "+nullValues);
+ assertEquals("InvalidPropertys: "+invalidValues, 0, invalidValues.size());
+
+ // Validate more details on specific properties
+ ManagedProperty securityDomain = props.get("security-domain");
+ assertNotNull("security-domain", securityDomain);
+ MetaType securityDomainType = securityDomain.getMetaType();
+ assertTrue("security-domain type("+securityDomainType+") is a GenericMetaType", securityDomainType instanceof GenericMetaType);
+ log.debug("security-domain type: "+securityDomainType);
+ }
+}
Property changes on: branches/Branch_5_x/testsuite/src/main/org/jboss/test/profileservice/testsecure/ProfileServiceUnitTestCase.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
More information about the jboss-cvs-commits
mailing list