[jboss-cvs] JBossAS SVN: r96943 - in projects/ejb3/trunk: testsuite/src/test/java/org/jboss/ejb3/test and 2 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Wed Nov 25 05:55:59 EST 2009


Author: jaikiran
Date: 2009-11-25 05:55:59 -0500 (Wed, 25 Nov 2009)
New Revision: 96943

Added:
   projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/
   projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/CallerPrincipalNotAvailableException.java
   projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/SessionBeanWithoutSecurityDomain.java
   projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/UserManagerRemote.java
   projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/unit/
   projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/unit/CallerPrincipalTestCase.java
Modified:
   projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/EJBContextHelper.java
Log:
EJBTHREE-1962 Fixed the NPE in EJBContextHelper when a call to SessionContext.getCallerPrincipal was made in the absence of a security domain

Modified: projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/EJBContextHelper.java
===================================================================
--- projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/EJBContextHelper.java	2009-11-25 10:36:03 UTC (rev 96942)
+++ projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/EJBContextHelper.java	2009-11-25 10:55:59 UTC (rev 96943)
@@ -64,42 +64,44 @@
       
       Principal callerPrincipal = null;
       
-      if(sc == null)
+      // if we have the security context, then try to
+      // get the caller principal out of that
+      if (sc != null)
       {
-         String unauth = domain.unauthenticatedPrincipal();
-         if(unauth != null && unauth.length() > 0)
-         if(domain.unauthenticatedPrincipal() != null)
-           callerPrincipal = new SimplePrincipal(unauth);             
-      }
-      else
-      {
          AbstractEJBAuthorizationHelper helper;
          try
          {
-            helper = SecurityHelperFactory.getEJBAuthorizationHelper(sc); 
+            helper = SecurityHelperFactory.getEJBAuthorizationHelper(sc);
             helper.setPolicyRegistration(getPolicyRegistration());
          }
          catch (Exception e)
          {
             throw new RuntimeException(e);
          }
-         callerPrincipal = helper.getCallerPrincipal(); 
+         callerPrincipal = helper.getCallerPrincipal();
+
+         if (callerPrincipal == null)
+         {
+            //try the incoming principal
+            callerPrincipal = sc.getUtil().getUserPrincipal();
+            if (rm != null)
+               callerPrincipal = rm.getPrincipal(callerPrincipal);
+         }
       }
-      
-      if(callerPrincipal == null)
+      // either security context was absent or
+      // could not get the caller principal from security context.
+      // So let's try the unauthenticated principal, if the domain
+      // is present
+      if (callerPrincipal == null)
       {
-         //try the incoming principal
-         callerPrincipal = sc.getUtil().getUserPrincipal();
-         if(rm != null)
-            callerPrincipal = rm.getPrincipal(callerPrincipal);
-      } 
-      
-      if(callerPrincipal == null)
-      {
-         String unauth = domain.unauthenticatedPrincipal();
-         if(unauth != null && unauth.length() > 0)
-         if(domain.unauthenticatedPrincipal() != null)
-           callerPrincipal = new SimplePrincipal(unauth);
+         if (domain != null)
+         {
+            String unauth = domain.unauthenticatedPrincipal();
+            if (unauth != null && unauth.length() > 0)
+            {
+               callerPrincipal = new SimplePrincipal(unauth);
+            }
+         }
       }
       return callerPrincipal; 
    } 

Added: projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/CallerPrincipalNotAvailableException.java
===================================================================
--- projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/CallerPrincipalNotAvailableException.java	                        (rev 0)
+++ projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/CallerPrincipalNotAvailableException.java	2009-11-25 10:55:59 UTC (rev 96943)
@@ -0,0 +1,40 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ejb3.test.ejbthree1962;
+
+import javax.ejb.ApplicationException;
+
+/**
+ * CallerPrincipalNotAvailableException
+ *
+ * @author Jaikiran Pai
+ * @version $Revision: $
+ */
+ at ApplicationException
+public class CallerPrincipalNotAvailableException extends Exception
+{
+
+   public CallerPrincipalNotAvailableException()
+   {
+      super ("Caller principal not associated in the current invocation");
+   }
+}

Added: projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/SessionBeanWithoutSecurityDomain.java
===================================================================
--- projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/SessionBeanWithoutSecurityDomain.java	                        (rev 0)
+++ projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/SessionBeanWithoutSecurityDomain.java	2009-11-25 10:55:59 UTC (rev 96943)
@@ -0,0 +1,70 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ejb3.test.ejbthree1962;
+
+import java.security.Principal;
+
+import javax.annotation.Resource;
+import javax.ejb.ApplicationException;
+import javax.ejb.Remote;
+import javax.ejb.SessionContext;
+import javax.ejb.Stateless;
+
+import org.jboss.ejb3.annotation.RemoteBinding;
+
+/**
+ * SessionBeanWithoutSecurityDomain
+ *
+ * @author Jaikiran Pai
+ * @version $Revision: $
+ */
+ at Stateless
+ at Remote (UserManagerRemote.class)
+ at RemoteBinding (jndiBinding = SessionBeanWithoutSecurityDomain.JNDI_NAME)
+public class SessionBeanWithoutSecurityDomain implements UserManagerRemote
+{
+
+   public static final String JNDI_NAME = "ejbthree1962-slsb-without-security-domain";
+   
+   
+   @Resource
+   private SessionContext sessContext;
+   
+   /**
+    * {@inheritDoc}
+    */
+   public Principal getCallerPrincipal() throws CallerPrincipalNotAvailableException
+   {
+      // as per the API, the getCallerPrincipal never returns null.
+      // if there is no principal associated then an IllegalStateException is thrown
+      try
+      {
+         return this.sessContext.getCallerPrincipal();
+      }
+      catch (IllegalStateException ise)
+      {
+         throw new CallerPrincipalNotAvailableException();
+      }
+      
+   }
+
+}

Added: projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/UserManagerRemote.java
===================================================================
--- projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/UserManagerRemote.java	                        (rev 0)
+++ projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/UserManagerRemote.java	2009-11-25 10:55:59 UTC (rev 96943)
@@ -0,0 +1,43 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ejb3.test.ejbthree1962;
+
+import java.security.Principal;
+
+import javax.ejb.SessionContext;
+
+/**
+ * UserManagerRemote
+ *
+ * @author Jaikiran Pai
+ * @version $Revision: $
+ */
+public interface UserManagerRemote
+{
+
+   /**
+    * Returns the principal name through a call to {@link SessionContext#getCallerPrincipal()}
+    * @return Returns the caller principal name
+    * @throws CallerPrincipalNotAvailableException If there is no caller principal associated
+    */
+   Principal getCallerPrincipal() throws CallerPrincipalNotAvailableException;
+}

Added: projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/unit/CallerPrincipalTestCase.java
===================================================================
--- projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/unit/CallerPrincipalTestCase.java	                        (rev 0)
+++ projects/ejb3/trunk/testsuite/src/test/java/org/jboss/ejb3/test/ejbthree1962/unit/CallerPrincipalTestCase.java	2009-11-25 10:55:59 UTC (rev 96943)
@@ -0,0 +1,90 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ejb3.test.ejbthree1962.unit;
+
+import java.security.Principal;
+
+import javax.ejb.SessionContext;
+
+import junit.framework.Test;
+
+import org.jboss.ejb3.security.helpers.EJBContextHelper;
+import org.jboss.ejb3.test.ejbthree1962.CallerPrincipalNotAvailableException;
+import org.jboss.ejb3.test.ejbthree1962.SessionBeanWithoutSecurityDomain;
+import org.jboss.ejb3.test.ejbthree1962.UserManagerRemote;
+import org.jboss.test.JBossTestCase;
+
+/**
+ * CallerPrincipalTestCase
+ * 
+ * Tests the fix for https://jira.jboss.org/jira/browse/EJBTHREE-1962
+ * 
+ * A NullPointerException was being thrown from {@link EJBContextHelper}, on a call to {@link SessionContext#getCallerPrincipal()}
+ * when the bean was not configured with @SecurityDomain (or security-domain xml equivalent). 
+ *
+ * @author Jaikiran Pai
+ * @version $Revision: $
+ */
+public class CallerPrincipalTestCase extends JBossTestCase
+{
+
+   /**
+    * @param name
+    */
+   public CallerPrincipalTestCase(String name)
+   {
+      super(name);
+   }
+
+   /**
+    * 
+    * @return
+    * @throws Exception
+    */
+   public static Test suite() throws Exception
+   {
+      return getDeploySetup(CallerPrincipalTestCase.class, "ejbthree1962.jar");
+   }
+
+   /**
+    * Tests that in the absence of a @SecurityDomain (or security-domain xml equivalent)
+    * on a bean, the call to {@link SessionContext#getCallerPrincipal()} doesn't fail
+    * with a NullPointerException.
+    * @see https://jira.jboss.org/jira/browse/EJBTHREE-1962
+    * @throws Exception
+    */
+   public void testCallerPrincipalInAbsenceOfSecurityDomain() throws Exception
+   {
+      UserManagerRemote bean = (UserManagerRemote) this.getInitialContext().lookup(
+            SessionBeanWithoutSecurityDomain.JNDI_NAME);
+      try
+      {
+         Principal callerPrincipal = bean.getCallerPrincipal();
+         fail("Caller principal was *not* associated, but no CallerPrincipalNotAvailableException was thrown");
+      }
+      catch (CallerPrincipalNotAvailableException cpnae)
+      {
+         // expected, since when no caller principal is associated an IllegalStateException is thrown
+      }
+
+   }
+}




More information about the jboss-cvs-commits mailing list