[jboss-cvs] JBossAS SVN: r88424 - in branches/JBPAPP_4_2_0_GA_CP/ejb3: src/main/org/jboss/ejb3/security and 8 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Fri May 8 08:00:24 EDT 2009


Author: wolfc
Date: 2009-05-08 08:00:24 -0400 (Fri, 08 May 2009)
New Revision: 88424

Added:
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/test/jbpapp1951/
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/test/jbpapp1951/META-INF/
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/test/jbpapp1951/META-INF/jboss.xml
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/test/jbpapp1951/roles.properties
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/test/jbpapp1951/users.properties
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/AnonymousMDB.java
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/ReplierMDB.java
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/RunAsRootMDB.java
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/WhoAmI.java
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/WhoAmIBean.java
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/unit/
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/unit/CallerPrincipalTestCase.java
Modified:
   branches/JBPAPP_4_2_0_GA_CP/ejb3/build-test.xml
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptor.java
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/main/org/jboss/ejb3/security/SecurityActions.java
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/ejb3-interceptors-aop.xml
   branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/common/EJB3TestCase.java
Log:
JBPAPP-1951: establish a security context with a MDB

Modified: branches/JBPAPP_4_2_0_GA_CP/ejb3/build-test.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/ejb3/build-test.xml	2009-05-08 11:44:20 UTC (rev 88423)
+++ branches/JBPAPP_4_2_0_GA_CP/ejb3/build-test.xml	2009-05-08 12:00:24 UTC (rev 88424)
@@ -2167,6 +2167,16 @@
       <build-simple-jar name="jbpapp1224"/>
    </target>
 
+   <target name="jbpapp1951" depends="compile-classes">
+      <mkdir dir="${build.lib}"/>
+      <jar jarfile="${build.lib}/jbpapp1951.jar">
+         <fileset dir="${build.classes}">
+            <include name="org/jboss/ejb3/test/jbpapp1951/*.class"/>
+         </fileset>
+         <fileset dir="${resources}/test/jbpapp1951"/>
+      </jar>
+   </target>
+   
    <target name="jaxws"
       description="Builds a simple jar."
       depends="compile-classes">
@@ -3865,6 +3875,7 @@
       jbpapp999,
       jbpapp1186,
       jbpapp1224,
+      jbpapp1951,
       jbas4489, epcpropagation, jaccpropagation, 
       aspectdomain, ejbcontext, schema, mail, scopedclassloader, dependency, jaxws,
       pkg, securitydomain, enventry, externalpersistenceunit,
@@ -4509,6 +4520,9 @@
       <antcall target="test" inheritRefs="true">
          <param name="test" value="jbpapp1224"/>
       </antcall>
+      <antcall target="test" inheritRefs="true">
+         <param name="test" value="jbpapp1951"/>
+      </antcall>
    </target>
 
    <target name="entity-tests" depends="init" description="Execute all tests">

Modified: branches/JBPAPP_4_2_0_GA_CP/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptor.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptor.java	2009-05-08 11:44:20 UTC (rev 88423)
+++ branches/JBPAPP_4_2_0_GA_CP/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptor.java	2009-05-08 12:00:24 UTC (rev 88424)
@@ -22,21 +22,20 @@
 package org.jboss.ejb3.security;
 
 import java.security.GeneralSecurityException;
-import java.security.Principal; 
+import java.security.Principal;
 
 import javax.ejb.EJBAccessException;
+import javax.security.auth.Subject;
 
-import org.jboss.ejb3.Container;
-import org.jboss.ejb3.EJBContainer;
-import org.jboss.logging.Logger;
-
 import org.jboss.annotation.security.SecurityDomain;
 import org.jboss.aop.joinpoint.MethodInvocation;
-
 import org.jboss.aspects.security.AuthenticationInterceptor;
 import org.jboss.aspects.security.SecurityContext;
+import org.jboss.ejb3.Container;
+import org.jboss.ejb3.EJBContainer;
+import org.jboss.logging.Logger;
 import org.jboss.security.AuthenticationManager;
-import org.jboss.security.RealmMapping; 
+import org.jboss.security.RealmMapping;
 import org.jboss.security.SecurityAssociation;
 import org.jboss.security.SecurityRolesAssociation;
 import org.jboss.security.SimplePrincipal;
@@ -70,6 +69,11 @@
       throw eae;
    }
 
+   private static boolean hasRunAsIdentity()
+   {
+      return SecurityActions.peekRunAsIdentity() != null;
+   }
+   
    public Object invoke(org.jboss.aop.joinpoint.Invocation invocation) throws Throwable
    {
       MethodInvocation mi = (MethodInvocation)invocation;
@@ -80,17 +84,38 @@
          Principal principal = (Principal)invocation.getMetaData("security", "principal");
          if (principal == null)
             principal = SecurityAssociation.getPrincipal();
-           
-         if (principal == null)
+         
+         // JBPAPP-1951: if we are the unauthenticated principal, then no authentication is needed
+         Principal unauthenticatedPrincipal = new SimplePrincipal(domain.unauthenticatedPrincipal());
+         if (principal == null || principal.equals(unauthenticatedPrincipal))
          {
-            invocation.getMetaData().addMetaData("security", "principal", new SimplePrincipal(domain.unauthenticatedPrincipal()));
+            if(principal == null)
+            {
+               principal = unauthenticatedPrincipal;
+               invocation.getMetaData().addMetaData("security", "principal", principal);
+            }
             
             Object oldDomain = SecurityContext.getCurrentDomain().get();
-            
             try
             {
                SecurityContext.getCurrentDomain().set(authenticationManager);
-               return invocation.invokeNext();
+               
+               // JBPAPP-1951: we must establish a security context
+               
+               Object credential = null;
+               Subject subject = null;
+               // JBPAPP-1951: this is just crock, run-as-identity is a mess in the security framework
+               //if(!hasRunAsIdentity())
+                  SecurityActions.pushSubjectContext(principal, credential, subject);
+               try
+               {
+                  return invocation.invokeNext();
+               }
+               finally
+               {
+                  //if(!hasRunAsIdentity())
+                     SecurityActions.popSubjectContext();
+               }
             }
             finally
             {

Modified: branches/JBPAPP_4_2_0_GA_CP/ejb3/src/main/org/jboss/ejb3/security/SecurityActions.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/ejb3/src/main/org/jboss/ejb3/security/SecurityActions.java	2009-05-08 11:44:20 UTC (rev 88423)
+++ branches/JBPAPP_4_2_0_GA_CP/ejb3/src/main/org/jboss/ejb3/security/SecurityActions.java	2009-05-08 12:00:24 UTC (rev 88424)
@@ -27,10 +27,11 @@
 import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
+
 import javax.security.auth.Subject;
 import javax.security.jacc.PolicyContext;
 import javax.security.jacc.PolicyContextException;
-  
+
 import org.jboss.security.RunAsIdentity;
 import org.jboss.security.SecurityAssociation;
 
@@ -216,6 +217,25 @@
       }
    }
    
+   static void popSubjectContext()
+   {
+      privileged(new PrivilegedAction<Void>() {
+            public Void run()
+            {
+               SecurityAssociation.popSubjectContext();
+               return null;
+            }
+         });
+   }
+   
+   private static <T> T privileged(PrivilegedAction<T> action)
+   {
+      if(System.getSecurityManager() == null)
+         return action.run();
+      else
+         return AccessController.doPrivileged(action);
+   }
+   
    static void pushRunAsIdentity(RunAsIdentity principal)
    {
       if(System.getSecurityManager() == null)
@@ -228,6 +248,17 @@
       }
    }
    
+   static void pushSubjectContext(final Principal principal, final Object credential, final Subject subject)
+   {
+      privileged(new PrivilegedAction<Void>() {
+            public Void run()
+            {
+               SecurityAssociation.pushSubjectContext(subject, principal, credential);
+               return null;
+            }
+         });
+   }
+   
    static RunAsIdentity popRunAsIdentity()
    {
       if(System.getSecurityManager() == null)

Modified: branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/ejb3-interceptors-aop.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/ejb3-interceptors-aop.xml	2009-05-08 11:44:20 UTC (rev 88423)
+++ branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/ejb3-interceptors-aop.xml	2009-05-08 12:00:24 UTC (rev 88424)
@@ -281,6 +281,10 @@
    </domain>
 
    <domain name="Message Driven Bean">
+      <bind pointcut="execution(public * *->*(..))">
+         <!-- JBPAPP-1951: establish a security context -->
+         <interceptor-ref name="org.jboss.ejb3.security.AuthenticationInterceptorFactory"/>
+      </bind>
       <bind pointcut="execution(public * @javax.annotation.security.RunAs->*(..))">
          <interceptor-ref name="org.jboss.ejb3.security.RunAsSecurityInterceptorFactory"/>
       </bind>

Added: branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/test/jbpapp1951/META-INF/jboss.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/test/jbpapp1951/META-INF/jboss.xml	                        (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/test/jbpapp1951/META-INF/jboss.xml	2009-05-08 12:00:24 UTC (rev 88424)
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<jboss
+        xmlns="http://java.sun.com/xml/ns/javaee"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+                            http://www.jboss.org/j2ee/schema/jboss_5_0.xsd"
+        version="3.0">
+   <security-domain>java:/jaas/other</security-domain>
+   <unauthenticated-principal>anonymous</unauthenticated-principal>
+</jboss>
\ No newline at end of file

Added: branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/test/jbpapp1951/roles.properties
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/test/jbpapp1951/roles.properties	                        (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/test/jbpapp1951/roles.properties	2009-05-08 12:00:24 UTC (rev 88424)
@@ -0,0 +1 @@
+somebody=allowed
\ No newline at end of file

Added: branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/test/jbpapp1951/users.properties
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/test/jbpapp1951/users.properties	                        (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/ejb3/src/resources/test/jbpapp1951/users.properties	2009-05-08 12:00:24 UTC (rev 88424)
@@ -0,0 +1 @@
+somebody=password

Modified: branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/common/EJB3TestCase.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/common/EJB3TestCase.java	2009-05-08 11:44:20 UTC (rev 88423)
+++ branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/common/EJB3TestCase.java	2009-05-08 12:00:24 UTC (rev 88424)
@@ -21,6 +21,9 @@
  */
 package org.jboss.ejb3.test.common;
 
+import javax.jms.QueueConnectionFactory;
+import javax.naming.NamingException;
+
 import org.jboss.test.JBossTestCase;
 
 /**
@@ -34,6 +37,18 @@
       super(name);
    }
 
+   protected QueueConnectionFactory getQueueConnectionFactory() throws Exception
+   {
+      try
+      {
+         return (QueueConnectionFactory) getInitialContext().lookup("ConnectionFactory");
+      }
+      catch (NamingException e)
+      {
+         return (QueueConnectionFactory) getInitialContext().lookup("java:/ConnectionFactory");
+      }
+   }
+
    protected <T> T lookup(String name, Class<T> expectedType) throws Exception
    {
       return expectedType.cast(getInitialContext().lookup(name));

Added: branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/AnonymousMDB.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/AnonymousMDB.java	                        (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/AnonymousMDB.java	2009-05-08 12:00:24 UTC (rev 88424)
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.test.jbpapp1951;
+
+import javax.ejb.ActivationConfigProperty;
+import javax.ejb.MessageDriven;
+
+/**
+ * Case #287560
+ * 
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ * @version $Revision: $
+ */
+ at MessageDriven(activationConfig = {
+      @ActivationConfigProperty(propertyName = "destination", propertyValue = "queue/Anonymous"),
+      @ActivationConfigProperty(propertyName = "destinationType", propertyValue = "javax.jms.Queue")
+   })
+public class AnonymousMDB extends ReplierMDB
+{
+}

Added: branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/ReplierMDB.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/ReplierMDB.java	                        (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/ReplierMDB.java	2009-05-08 12:00:24 UTC (rev 88424)
@@ -0,0 +1,136 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.test.jbpapp1951;
+
+import java.io.Serializable;
+
+import javax.annotation.PostConstruct;
+import javax.annotation.PreDestroy;
+import javax.annotation.Resource;
+import javax.ejb.EJB;
+import javax.ejb.EJBAccessException;
+import javax.ejb.MessageDrivenContext;
+import javax.jms.Destination;
+import javax.jms.JMSException;
+import javax.jms.Message;
+import javax.jms.MessageListener;
+import javax.jms.QueueConnection;
+import javax.jms.QueueConnectionFactory;
+import javax.jms.QueueSender;
+import javax.jms.QueueSession;
+import javax.jms.TextMessage;
+
+import org.jboss.logging.Logger;
+
+/**
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ * @version $Revision: $
+ */
+public class ReplierMDB implements MessageListener
+{
+   private static final Logger log = Logger.getLogger(ReplierMDB.class);
+   
+   @Resource
+   private MessageDrivenContext ctx;
+   
+   @Resource(mappedName="java:/ConnectionFactory")
+   private QueueConnectionFactory factory;
+   
+   private QueueConnection connection;
+   private QueueSession session;
+   private QueueSender sender;
+   
+   @EJB
+   private WhoAmI bean;
+   
+   public void onMessage(Message message)
+   {
+      log.info("callerPrincipal = " + ctx.getCallerPrincipal());
+      boolean isCallerInRoleRoot;
+      try
+      {
+         isCallerInRoleRoot = bean.isCallerInRoleRoot();
+      }
+      catch(EJBAccessException e)
+      {
+         log.info("not allowed " + e.getMessage());
+         isCallerInRoleRoot = false;
+      }
+      log.info("isCallerInRoleRoot = " + isCallerInRoleRoot);
+      try
+      {
+         String text = ((TextMessage) message).getText();
+         
+         try
+         {
+            sendReply(message.getJMSReplyTo(), bean.getCallerPrincipal().getName() + ": " + text + ": " + bean.isCallerInRole("root"));
+         }
+         catch(Exception e)
+         {
+            sendReply(message.getJMSReplyTo(), e);
+         }
+      }
+      catch(JMSException e)
+      {
+         throw new RuntimeException(e);
+      }
+   }
+   
+   protected void sendReply(Destination destination, Serializable obj) throws JMSException
+   {
+      Message message = session.createObjectMessage(obj);
+      sender.send(destination, message);
+   }
+   
+   @PostConstruct
+   public void postConstruct()
+   {
+      try
+      {
+         connection = factory.createQueueConnection();
+         session = connection.createQueueSession(false, QueueSession.AUTO_ACKNOWLEDGE);
+         sender = session.createSender(null);
+      }
+      catch(JMSException e)
+      {
+         throw new RuntimeException(e);
+      }
+   }
+   
+   @PreDestroy
+   public void preDestroy()
+   {
+      try
+      {
+         if(sender != null)
+            sender.close();
+         if(session != null)
+            session.close();
+         if(connection != null)
+            connection.close();
+      }
+      catch(JMSException e)
+      {
+         throw new RuntimeException(e);
+      }
+   }
+}

Added: branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/RunAsRootMDB.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/RunAsRootMDB.java	                        (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/RunAsRootMDB.java	2009-05-08 12:00:24 UTC (rev 88424)
@@ -0,0 +1,51 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.test.jbpapp1951;
+
+import javax.annotation.security.RunAs;
+import javax.ejb.ActivationConfigProperty;
+import javax.ejb.MessageDriven;
+import javax.jms.Message;
+
+import org.jboss.annotation.security.RunAsPrincipal;
+
+/**
+ * Case #287560
+ * 
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ * @version $Revision: $
+ */
+ at MessageDriven(activationConfig = {
+      @ActivationConfigProperty(propertyName = "destination", propertyValue = "queue/RunAsRoot"),
+      @ActivationConfigProperty(propertyName = "destinationType", propertyValue = "javax.jms.Queue")
+   })
+ at RunAsPrincipal("root-principal")
+ at RunAs("root")
+public class RunAsRootMDB extends ReplierMDB
+{
+   @Override
+   public void onMessage(Message message)
+   {
+      // TODO Auto-generated method stub
+      super.onMessage(message);
+   }
+}

Added: branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/WhoAmI.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/WhoAmI.java	                        (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/WhoAmI.java	2009-05-08 12:00:24 UTC (rev 88424)
@@ -0,0 +1,38 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.test.jbpapp1951;
+
+import java.security.Principal;
+
+/**
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ * @version $Revision: $
+ */
+public interface WhoAmI
+{
+   Principal getCallerPrincipal();
+   
+   boolean isCallerInRole(String roleName);
+   
+   boolean isCallerInRoleRoot();
+}
+

Added: branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/WhoAmIBean.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/WhoAmIBean.java	                        (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/WhoAmIBean.java	2009-05-08 12:00:24 UTC (rev 88424)
@@ -0,0 +1,64 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.test.jbpapp1951;
+
+import java.security.Principal;
+
+import javax.annotation.Resource;
+import javax.annotation.security.RolesAllowed;
+import javax.annotation.security.RunAs;
+import javax.ejb.SessionContext;
+import javax.ejb.Stateless;
+
+import org.jboss.logging.Logger;
+
+/**
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ * @version $Revision: $
+ */
+ at Stateless
+// FIXME: this should not be needed
+ at RunAs("broken")
+public class WhoAmIBean implements WhoAmI
+{
+   private static Logger log = Logger.getLogger(WhoAmIBean.class);
+   
+   @Resource
+   private SessionContext ctx;
+   
+   public Principal getCallerPrincipal()
+   {
+      log.info("callerPrincipal = " + ctx.getCallerPrincipal());
+      return ctx.getCallerPrincipal();
+   }
+
+   public boolean isCallerInRole(String roleName)
+   {
+      return ctx.isCallerInRole(roleName);
+   }
+
+   @RolesAllowed("root")
+   public boolean isCallerInRoleRoot()
+   {
+      return ctx.isCallerInRole("root");
+   }
+}

Added: branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/unit/CallerPrincipalTestCase.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/unit/CallerPrincipalTestCase.java	                        (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/ejb3/src/test/org/jboss/ejb3/test/jbpapp1951/unit/CallerPrincipalTestCase.java	2009-05-08 12:00:24 UTC (rev 88424)
@@ -0,0 +1,120 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.test.jbpapp1951.unit;
+
+import java.io.Serializable;
+
+import javax.jms.DeliveryMode;
+import javax.jms.Message;
+import javax.jms.ObjectMessage;
+import javax.jms.Queue;
+import javax.jms.QueueConnection;
+import javax.jms.QueueConnectionFactory;
+import javax.jms.QueueReceiver;
+import javax.jms.QueueSender;
+import javax.jms.QueueSession;
+import javax.jms.TemporaryQueue;
+import javax.jms.TextMessage;
+
+import junit.framework.Test;
+
+import org.jboss.ejb3.test.common.EJB3TestCase;
+
+/**
+ * Case #287560
+ * 
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ * @version $Revision: $
+ */
+public class CallerPrincipalTestCase extends EJB3TestCase
+{
+   public CallerPrincipalTestCase(String name)
+   {
+      super(name);
+   }
+   
+   public String sendMessage(String queueName, String text) throws Exception
+   {
+      Queue queue = lookup("queue/" + queueName, Queue.class);
+      QueueConnectionFactory factory = getQueueConnectionFactory();
+      QueueConnection conn = factory.createQueueConnection();
+      try
+      {
+         QueueSession session = conn.createQueueSession(false, QueueSession.AUTO_ACKNOWLEDGE);
+         TemporaryQueue replyQueue = session.createTemporaryQueue();
+         QueueReceiver receiver = session.createReceiver(replyQueue);
+         QueueSender sender = session.createSender(queue);
+         conn.start();
+         try
+         {
+            TextMessage msg = session.createTextMessage(text);
+            msg.setJMSReplyTo(replyQueue);
+            msg.setJMSDeliveryMode(DeliveryMode.NON_PERSISTENT);
+            msg.setIntProperty("JMS_JBOSS_REDELIVERY_LIMIT", 1);
+      
+            sender.send(msg);
+            
+            Message reply = receiver.receive(5000);
+            assertNotNull(reply);
+            
+            Serializable obj = ((ObjectMessage) reply).getObject();
+            if(obj instanceof String)
+            {
+               String result = (String) obj;
+               return result;
+            }
+            else if(obj instanceof Exception)
+               throw (Exception) obj;
+            else
+               throw new IllegalArgumentException(obj.toString());
+         }
+         finally
+         {
+            conn.stop();
+            sender.close();
+            receiver.close();
+            session.close();
+         }
+      }
+      finally
+      {
+         conn.close();
+      }
+   }
+   
+   public void testAnonymous() throws Exception
+   {
+      String result = sendMessage("Anonymous", "Knock knock");
+      assertEquals("anonymous: Knock knock: false", result);
+   }
+   
+   public void testRunAsRoot() throws Exception
+   {
+      String result = sendMessage("RunAsRoot", "Who's there?");
+      assertEquals("root-principal: Who's there?: true", result);
+   }
+   
+   public static Test suite() throws Exception
+   {
+      return getDeploySetup(CallerPrincipalTestCase.class, "jbpapp1951.jar");
+   }
+}




More information about the jboss-cvs-commits mailing list