[jboss-cvs] JBossAS SVN: r106036 - in projects/jboss-jca/trunk: core and 12 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Jun 14 13:49:17 EDT 2010
Author: jesper.pedersen
Date: 2010-06-14 13:49:16 -0400 (Mon, 14 Jun 2010)
New Revision: 106036
Added:
projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/security/
projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/security/SecurityActions.java
projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/security/UsersRoles.java
projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/security/package.html
projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/spi/
projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/spi/security/
projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/spi/security/Callback.java
projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/spi/security/package.html
projects/jboss-jca/trunk/core/src/main/resources/spi-manifest.mf
projects/jboss-jca/trunk/embedded/src/main/resources/roles.properties
projects/jboss-jca/trunk/embedded/src/main/resources/users.properties
projects/jboss-jca/trunk/sjc/src/main/resources/roles.properties
projects/jboss-jca/trunk/sjc/src/main/resources/users.properties
Modified:
projects/jboss-jca/trunk/build.xml
projects/jboss-jca/trunk/core/build.xml
projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/api/WorkManager.java
projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/workmanager/WorkManagerImpl.java
projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/workmanager/WorkWrapper.java
projects/jboss-jca/trunk/embedded/build.xml
projects/jboss-jca/trunk/embedded/src/main/resources/jca.xml
projects/jboss-jca/trunk/ivy.xml
projects/jboss-jca/trunk/sjc/src/main/resources/bootstrap/jca.xml
projects/jboss-jca/trunk/standalone/src/main/resources/bootstrap/jca.xml
Log:
[JBJCA-358] [JBJCA-359] Initial security integration
Modified: projects/jboss-jca/trunk/build.xml
===================================================================
--- projects/jboss-jca/trunk/build.xml 2010-06-14 17:12:05 UTC (rev 106035)
+++ projects/jboss-jca/trunk/build.xml 2010-06-14 17:49:16 UTC (rev 106036)
@@ -114,6 +114,8 @@
<property name="version.jboss.metadata.rar" value="2.0.0.Alpha7"/>
<property name="version.jboss.naming" value="5.0.3.GA"/>
<property name="version.jboss.papaki" value="1.0.0.Beta3"/>
+ <property name="version.jboss.picketbox" value="3.0.0.Beta6"/>
+ <property name="version.jboss.picketbox.bare" value="3.0.0.Beta5"/>
<property name="version.jboss.reflect" value="2.0.2.GA"/>
<property name="version.jboss.security" value="2.1.0.20090318"/>
<property name="version.jboss.shrinkwrap" value="1.0.0-alpha-10"/>
@@ -409,6 +411,7 @@
<class location="${target.dir}/jboss-jca-common-impl.jar" />
<class location="${target.dir}/jboss-jca-core-api.jar" />
<class location="${target.dir}/jboss-jca-core-impl.jar" />
+ <class location="${target.dir}/jboss-jca-core-spi.jar" />
<class location="${target.dir}/jboss-jca-deployers-fungal.jar" />
<class location="${target.dir}/jboss-jca-deployers-main.jar" />
<class location="${target.dir}/jboss-jca-deployers-rar.jar" />
@@ -439,6 +442,7 @@
<class location="${target.dir}/jboss-jca-common-impl.jar" />
<class location="${target.dir}/jboss-jca-core-api.jar" />
<class location="${target.dir}/jboss-jca-core-impl.jar" />
+ <class location="${target.dir}/jboss-jca-core-spi.jar" />
<class location="${target.dir}/jboss-jca-deployers-fungal.jar" />
<class location="${target.dir}/jboss-jca-deployers-main.jar" />
<class location="${target.dir}/jboss-jca-deployers-rar.jar" />
Modified: projects/jboss-jca/trunk/core/build.xml
===================================================================
--- projects/jboss-jca/trunk/core/build.xml 2010-06-14 17:12:05 UTC (rev 106035)
+++ projects/jboss-jca/trunk/core/build.xml 2010-06-14 17:49:16 UTC (rev 106036)
@@ -54,10 +54,15 @@
basedir="${build.core.dir}/impl"
includes="**/core/api/**"/>
+ <jar destfile="${target.dir}/jboss-jca-core-spi.jar"
+ manifest="src/main/resources/spi-manifest.mf"
+ basedir="${build.core.dir}/impl"
+ includes="**/core/spi/**"/>
+
<jar destfile="${target.dir}/jboss-jca-core-impl.jar"
manifest="src/main/resources/impl-manifest.mf"
basedir="${build.core.dir}/impl"
- excludes="**/*.java, **/core/api/**"/>
+ excludes="**/*.java, **/core/api/**, **/core/spi/**"/>
</target>
<!-- =================================
Modified: projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/api/WorkManager.java
===================================================================
--- projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/api/WorkManager.java 2010-06-14 17:12:05 UTC (rev 106035)
+++ projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/api/WorkManager.java 2010-06-14 17:49:16 UTC (rev 106036)
@@ -22,6 +22,8 @@
package org.jboss.jca.core.api;
+import org.jboss.jca.core.spi.security.Callback;
+
import org.jboss.threads.BlockingExecutor;
import org.jboss.tm.JBossXATerminator;
@@ -79,6 +81,18 @@
public void setSpecCompliant(boolean v);
/**
+ * Get the callback security module
+ * @return The value
+ */
+ public Callback getCallbackSecurity();
+
+ /**
+ * Set callback security module
+ * @param v The value
+ */
+ public void setCallbackSecurity(Callback v);
+
+ /**
* Clone the WorkManager implementation
* @return A copy of the implementation
* @exception CloneNotSupportedException Thrown if the copy operation isn't supported
Added: projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/security/SecurityActions.java
===================================================================
--- projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/security/SecurityActions.java (rev 0)
+++ projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/security/SecurityActions.java 2010-06-14 17:49:16 UTC (rev 106036)
@@ -0,0 +1,60 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.jca.core.security;
+
+import java.io.InputStream;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author <a href="mailto:jesper.pedersen at jboss.org">Jesper Pedersen</a>
+ */
+class SecurityActions
+{
+ /**
+ * Constructor
+ */
+ private SecurityActions()
+ {
+ }
+
+ /**
+ * Get the input stream for a resource in the context class loader
+ * @param name The name of the resource
+ * @return The input stream
+ */
+ static InputStream getResourceAsStream(final String name)
+ {
+ if (System.getSecurityManager() == null)
+ return Thread.currentThread().getContextClassLoader().getResourceAsStream(name);
+
+ return AccessController.doPrivileged(new PrivilegedAction<InputStream>()
+ {
+ public InputStream run()
+ {
+ return Thread.currentThread().getContextClassLoader().getResourceAsStream(name);
+ }
+ });
+ }
+}
Added: projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/security/UsersRoles.java
===================================================================
--- projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/security/UsersRoles.java (rev 0)
+++ projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/security/UsersRoles.java 2010-06-14 17:49:16 UTC (rev 106036)
@@ -0,0 +1,330 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.jca.core.security;
+
+import org.jboss.jca.core.spi.security.Callback;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Serializable;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import java.util.StringTokenizer;
+
+import org.jboss.logging.Logger;
+
+/**
+ * An user / role implementation based on property files
+ *
+ * @author <a href="mailto:jesper.pedersen at jboss.org">Jesper Pedersen</a>
+ * @version $Rev: 97162 $
+ */
+public class UsersRoles implements Callback
+{
+ /** Serial version uid */
+ private static final long serialVersionUID = 1L;
+
+ /** Log instance */
+ private static Logger log = Logger.getLogger(UsersRoles.class);
+
+ /** Trace */
+ private static boolean trace = log.isTraceEnabled();
+
+ /** Default users.properties file name */
+ private static final String DEFAULT_USERS_PROPERTIES = "users.properties";
+
+ /** Default roles.properties file name */
+ private static final String DEFAULT_ROLES_PROPERTIES = "roles.properties";
+
+ /** The users map */
+ private Map<String, String> users;
+
+ /** The roles map */
+ private Map<String, Set<String>> roles;
+
+ /** users.properties name */
+ private String usersProperties;
+
+ /** roles.properties name */
+ private String rolesProperties;
+
+ /**
+ * Constructor
+ */
+ public UsersRoles()
+ {
+ users = new HashMap<String, String>();
+ roles = new HashMap<String, Set<String>>();
+ usersProperties = null;
+ rolesProperties = null;
+ }
+
+ /**
+ * Get the users.properties file name
+ * @return The value
+ */
+ public String getUsersProperties()
+ {
+ return usersProperties;
+ }
+
+ /**
+ * Set the users.properties file name
+ * @param value The value
+ */
+ public void setUsersProperties(String value)
+ {
+ usersProperties = value;
+ }
+
+ /**
+ * Get the roles.properties file name
+ * @return The value
+ */
+ public String getRolesProperties()
+ {
+ return rolesProperties;
+ }
+
+ /**
+ * Set the roles.properties file name
+ * @param value The value
+ */
+ public void setRolesProperties(String value)
+ {
+ rolesProperties = value;
+ }
+
+ /**
+ * Get the users
+ * @return A set of user names
+ */
+ public Set<String> getUsers()
+ {
+ Set<String> s = users.keySet();
+
+ if (s != null)
+ return Collections.unmodifiableSet(s);
+
+ return null;
+ }
+
+ /**
+ * Get the credential for an user
+ * @param user The user name
+ * @return The credential; <code>null</code> if user doesn't exists
+ */
+ public char[] getCredential(String user)
+ {
+ String pwd = users.get(user);
+
+ if (pwd != null)
+ return pwd.toCharArray();
+
+ return null;
+ }
+
+ /**
+ * Get the roles for an user
+ * @param user The user name
+ * @return A set of roles; <code>null</code> if user doesn't exists
+ */
+ public String[] getRoles(String user)
+ {
+ Set<String> s = roles.get(user);
+
+ if (s != null)
+ {
+ String[] result = new String[s.size()];
+ return s.toArray(result);
+ }
+
+ return null;
+ }
+
+ /**
+ * Start
+ * @exception Throwable Thrown if an error occurs
+ */
+ public void start() throws Throwable
+ {
+ InputStream is = null;
+
+ try
+ {
+ if (usersProperties != null)
+ {
+ if (trace)
+ log.trace("users.properties: Using file: " + usersProperties);
+
+ is = new FileInputStream(usersProperties);
+ }
+ else
+ {
+ if (trace)
+ log.trace("users.properties: Using classloader");
+
+ is = SecurityActions.getResourceAsStream(DEFAULT_USERS_PROPERTIES);
+ }
+
+ if (is != null)
+ {
+ Properties p = new Properties();
+ p.load(is);
+
+ Set<?> keys = p.keySet();
+ if (keys != null && keys.size() > 0)
+ {
+ Iterator it = keys.iterator();
+ while (it.hasNext())
+ {
+ String user = (String)it.next();
+
+ if (log.isDebugEnabled())
+ log.debug("Adding user: " + user);
+
+ users.put(user, p.getProperty(user));
+ }
+ }
+ else
+ {
+ if (log.isDebugEnabled())
+ log.debug("Empty users.properties file");
+ }
+ }
+ else
+ {
+ log.warn("No users.properties were found");
+ }
+ }
+ catch (IOException ioe)
+ {
+ log.error("Error while loading users.properties", ioe);
+ }
+ finally
+ {
+ if (is != null)
+ {
+ try
+ {
+ is.close();
+ }
+ catch (IOException ignore)
+ {
+ // Ignore
+ }
+ }
+ }
+
+ try
+ {
+ if (rolesProperties != null)
+ {
+ if (trace)
+ log.trace("roles.properties: Using file: " + rolesProperties);
+
+ is = new FileInputStream(rolesProperties);
+ }
+ else
+ {
+ if (trace)
+ log.trace("roles.properties: Using classloader");
+
+ is = SecurityActions.getResourceAsStream(DEFAULT_ROLES_PROPERTIES);
+ }
+
+ if (is != null)
+ {
+ Properties p = new Properties();
+ p.load(is);
+
+ Set<?> keys = p.keySet();
+ if (keys != null && keys.size() > 0)
+ {
+ Iterator it = keys.iterator();
+ while (it.hasNext())
+ {
+ String user = (String)it.next();
+ String value = p.getProperty(user);
+
+ StringTokenizer st = new StringTokenizer(value, ",");
+ Set<String> s = new HashSet<String>(st.countTokens());
+
+ while (st.hasMoreTokens())
+ {
+ s.add(st.nextToken().trim());
+ }
+
+ if (log.isDebugEnabled())
+ log.debug("Adding roles: " + s + " for user: " + user);
+
+ roles.put(user, s);
+ }
+ }
+ else
+ {
+ if (log.isDebugEnabled())
+ log.debug("Empty roles.properties file");
+ }
+ }
+ else
+ {
+ log.warn("No roles.properties were found");
+ }
+ }
+ catch (IOException ioe)
+ {
+ log.error("Error while loading roles.properties", ioe);
+ }
+ finally
+ {
+ if (is != null)
+ {
+ try
+ {
+ is.close();
+ }
+ catch (IOException ignore)
+ {
+ // Ignore
+ }
+ }
+ }
+ }
+
+ /**
+ * Stop
+ * @exception Throwable Thrown if an error occurs
+ */
+ public void stop() throws Throwable
+ {
+ users.clear();
+ roles.clear();
+ }
+}
Added: projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/security/package.html
===================================================================
--- projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/security/package.html (rev 0)
+++ projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/security/package.html 2010-06-14 17:49:16 UTC (rev 106036)
@@ -0,0 +1,3 @@
+<body>
+This package contains the security integration for the JBoss JCA container.
+</body>
Added: projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/spi/security/Callback.java
===================================================================
--- projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/spi/security/Callback.java (rev 0)
+++ projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/spi/security/Callback.java 2010-06-14 17:49:16 UTC (rev 106036)
@@ -0,0 +1,56 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.jca.core.spi.security;
+
+import java.io.Serializable;
+import java.util.Set;
+
+/**
+ * This SPI interface represents the the users and their passwords and roles in
+ * the container environment
+ *
+ * @author <a href="mailto:jesper.pedersen at jboss.org">Jesper Pedersen</a>
+ * @version $Rev: 97162 $
+ */
+public interface Callback extends Serializable
+{
+ /**
+ * Get the users
+ * @return A set of user names
+ */
+ public Set<String> getUsers();
+
+ /**
+ * Get the credential for an user
+ * @param user The user name
+ * @return The credential; <code>null</code> if user doesn't exists
+ */
+ public char[] getCredential(String user);
+
+ /**
+ * Get the roles for an user
+ * @param user The user name
+ * @return A set of roles; <code>null</code> if user doesn't exists or no roles
+ */
+ public String[] getRoles(String user);
+}
Added: projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/spi/security/package.html
===================================================================
--- projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/spi/security/package.html (rev 0)
+++ projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/spi/security/package.html 2010-06-14 17:49:16 UTC (rev 106036)
@@ -0,0 +1,3 @@
+<body>
+This package contains the security SPI for the JBoss JCA container.
+</body>
Modified: projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/workmanager/WorkManagerImpl.java
===================================================================
--- projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/workmanager/WorkManagerImpl.java 2010-06-14 17:12:05 UTC (rev 106035)
+++ projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/workmanager/WorkManagerImpl.java 2010-06-14 17:49:16 UTC (rev 106036)
@@ -24,6 +24,7 @@
import org.jboss.jca.common.util.ClassUtil;
import org.jboss.jca.core.api.WorkManager;
+import org.jboss.jca.core.spi.security.Callback;
import java.lang.reflect.Method;
import java.util.HashSet;
@@ -92,6 +93,9 @@
/** Validated work instances */
private Set<String> validatedWork;
+ /** Security module for callback */
+ private Callback callbackSecurity;
+
/**Default supported workcontext types*/
static
{
@@ -182,6 +186,24 @@
}
/**
+ * Get the callback security module
+ * @return The value
+ */
+ public Callback getCallbackSecurity()
+ {
+ return callbackSecurity;
+ }
+
+ /**
+ * Set callback security module
+ * @param v The value
+ */
+ public void setCallbackSecurity(Callback v)
+ {
+ callbackSecurity = v;
+ }
+
+ /**
* Clone the WorkManager implementation
* @return A copy of the implementation
* @exception CloneNotSupportedException Thrown if the copy operation isn't supported
@@ -194,6 +216,7 @@
wm.setLongRunningThreadPool(getLongRunningThreadPool());
wm.setXATerminator(getXATerminator());
wm.setSpecCompliant(isSpecCompliant());
+ wm.setCallbackSecurity(getCallbackSecurity());
return wm;
}
Modified: projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/workmanager/WorkWrapper.java
===================================================================
--- projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/workmanager/WorkWrapper.java 2010-06-14 17:12:05 UTC (rev 106035)
+++ projects/jboss-jca/trunk/core/src/main/java/org/jboss/jca/core/workmanager/WorkWrapper.java 2010-06-14 17:49:16 UTC (rev 106036)
@@ -22,8 +22,12 @@
package org.jboss.jca.core.workmanager;
+import java.security.Principal;
+import java.util.ArrayList;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
+import java.util.Set;
import java.util.concurrent.CountDownLatch;
import javax.resource.spi.work.ExecutionContext;
@@ -31,14 +35,26 @@
import javax.resource.spi.work.Work;
import javax.resource.spi.work.WorkCompletedException;
import javax.resource.spi.work.WorkContext;
+import javax.resource.spi.work.WorkContextErrorCodes;
import javax.resource.spi.work.WorkContextLifecycleListener;
import javax.resource.spi.work.WorkEvent;
import javax.resource.spi.work.WorkException;
import javax.resource.spi.work.WorkListener;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.security.auth.message.callback.PasswordValidationCallback;
import javax.transaction.xa.Xid;
import org.jboss.logging.Logger;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.auth.callback.JASPICallbackHandler;
+
/**
* Wraps the resource adapter's work.
*
@@ -172,6 +188,8 @@
if (trace)
log.trace("Starting work " + this);
+ org.jboss.security.SecurityContext oldSC = SecurityContextAssociation.getSecurityContext();
+
try
{
start();
@@ -199,6 +217,8 @@
workListener.workCompleted(event);
}
+ SecurityContextAssociation.setSecurityContext(oldSC);
+
if (startedLatch != null)
{
while (startedLatch.getCount() != 0)
@@ -224,6 +244,7 @@
log.trace("Starting work " + this);
}
+ // Transaction setup
ExecutionContext ctx = getWorkContext(TransactionContext.class);
if (ctx == null)
{
@@ -240,6 +261,73 @@
workManager.getXATerminator().registerWork(work, xid, timeout);
}
}
+
+ // Security setup
+ javax.resource.spi.work.SecurityContext securityContext =
+ getWorkContext(javax.resource.spi.work.SecurityContext.class);
+ if (securityContext != null && workManager.getCallbackSecurity() != null)
+ {
+ try
+ {
+ org.jboss.security.SecurityContext sc = SecurityContextFactory.createSecurityContext("work");
+ SecurityContextAssociation.setSecurityContext(sc);
+
+ // Setup callbacks
+ CallbackHandler cbh = new JASPICallbackHandler();
+ List<Callback> callbacks = new ArrayList<Callback>();
+
+ Set<String> users = workManager.getCallbackSecurity().getUsers();
+
+ if (users != null && users.size() > 0)
+ {
+ for (String user : users)
+ {
+ Subject subject = new Subject();
+ Principal principal = new SimplePrincipal(user);
+ char[] cred = workManager.getCallbackSecurity().getCredential(user);
+ String[] roles = workManager.getCallbackSecurity().getRoles(user);
+
+ GroupPrincipalCallback gpc = new GroupPrincipalCallback(subject, roles);
+ CallerPrincipalCallback cpc = new CallerPrincipalCallback(subject, principal);
+ PasswordValidationCallback pvc = new PasswordValidationCallback(subject, principal.getName(), cred);
+
+ callbacks.add(gpc);
+ callbacks.add(cpc);
+ callbacks.add(pvc);
+ }
+ }
+ else
+ {
+ if (log.isDebugEnabled())
+ log.debug("No users defined");
+ }
+
+ Callback[] cb = new Callback[callbacks.size()];
+ cbh.handle(callbacks.toArray(cb));
+
+ // Subjects for execution environment
+ Subject executionSubject = new Subject();
+ Subject serviceSubject = null;
+
+ // Resource adapter callback
+ securityContext.setupSecurityContext(cbh, executionSubject, serviceSubject);
+
+ // Set the authenticated subject
+ sc.getSubjectInfo().setAuthenticatedSubject(executionSubject);
+ }
+ catch (Throwable t)
+ {
+ log.error("SecurityContext setup failed: " + t.getMessage(), t);
+ fireWorkContextSetupFailed(ctx);
+ throw new WorkException("SecurityContext setup failed: " + t.getMessage(), t);
+ }
+ }
+ else if (securityContext != null && workManager.getCallbackSecurity() == null)
+ {
+ log.error("SecurityContext setup failed since CallbackSecurity was null");
+ fireWorkContextSetupFailed(ctx);
+ throw new WorkException("SecurityContext setup failed since CallbackSecurity was null");
+ }
//Fires Context setup complete
fireWorkContextSetupComplete(ctx);
@@ -382,6 +470,19 @@
}
/**
+ * Calls listener if setup failed
+ * @param listener work context listener
+ */
+ private void fireWorkContextSetupFailed(Object workContext)
+ {
+ if (workContext != null && workContext instanceof WorkContextLifecycleListener)
+ {
+ WorkContextLifecycleListener listener = (WorkContextLifecycleListener)workContext;
+ listener.contextSetupFailed(WorkContextErrorCodes.CONTEXT_SETUP_FAILED);
+ }
+ }
+
+ /**
* String representation
* @return The string
*/
Added: projects/jboss-jca/trunk/core/src/main/resources/spi-manifest.mf
===================================================================
--- projects/jboss-jca/trunk/core/src/main/resources/spi-manifest.mf (rev 0)
+++ projects/jboss-jca/trunk/core/src/main/resources/spi-manifest.mf 2010-06-14 17:49:16 UTC (rev 106036)
@@ -0,0 +1,4 @@
+Implementation-Title: JBoss JCA Core SPI
+Implementation-Vendor: Red Hat Middleware LLC
+Implementation-Vendor-Id: org.jboss
+Implementation-Version: 0.1
Modified: projects/jboss-jca/trunk/embedded/build.xml
===================================================================
--- projects/jboss-jca/trunk/embedded/build.xml 2010-06-14 17:12:05 UTC (rev 106035)
+++ projects/jboss-jca/trunk/embedded/build.xml 2010-06-14 17:49:16 UTC (rev 106036)
@@ -56,7 +56,7 @@
<target name="jars" depends="compile">
<copy todir="${build.embedded.dir}/impl">
<fileset dir="src/main/resources"
- includes="*.xml"/>
+ includes="*.xml,*.properties"/>
</copy>
<jar destfile="${target.dir}/jboss-jca-embedded.jar"
manifest="src/main/resources/embedded-manifest.mf"
Modified: projects/jboss-jca/trunk/embedded/src/main/resources/jca.xml
===================================================================
--- projects/jboss-jca/trunk/embedded/src/main/resources/jca.xml 2010-06-14 17:12:05 UTC (rev 106035)
+++ projects/jboss-jca/trunk/embedded/src/main/resources/jca.xml 2010-06-14 17:49:16 UTC (rev 106036)
@@ -45,6 +45,11 @@
</constructor>
</bean>
+ <!-- Users / roles -->
+ <bean name="UsersRoles"
+ interface="org.jboss.jca.core.spi.security.Callback"
+ class="org.jboss.jca.core.security.UsersRoles"/>
+
<!-- Work Manager -->
<bean name="WorkManager" interface="org.jboss.jca.core.api.WorkManager" class="org.jboss.jca.core.workmanager.WorkManagerImpl">
<!-- The short running thread pool -->
@@ -55,6 +60,9 @@
<!-- The XA terminator -->
<property name="XATerminator"><inject bean="TransactionManager" property="XATerminator"/></property>
+
+ <!-- The callback security module -->
+ <property name="CallbackSecurity"><inject bean="UsersRoles"/></property>
</bean>
<!-- Default Bootstrap context -->
Added: projects/jboss-jca/trunk/embedded/src/main/resources/roles.properties
===================================================================
Added: projects/jboss-jca/trunk/embedded/src/main/resources/users.properties
===================================================================
Modified: projects/jboss-jca/trunk/ivy.xml
===================================================================
--- projects/jboss-jca/trunk/ivy.xml 2010-06-14 17:12:05 UTC (rev 106035)
+++ projects/jboss-jca/trunk/ivy.xml 2010-06-14 17:49:16 UTC (rev 106036)
@@ -118,6 +118,9 @@
<dependency org="org.mockito" name="mockito-all" rev="${version.mockito}" conf="test->default"/>
<dependency org="org.mortbay.jetty" name="jsp-api-2.1-glassfish" rev="${version.jetty.glassfish}" conf="standalone->default;sjc->*"/>
<dependency org="org.mortbay.jetty" name="servlet-api-2.5" rev="${version.jetty.servlet}" conf="standalone->default;sjc->*"/>
+ <dependency org="org.picketbox" name="jboss-security-spi" rev="${version.jboss.picketbox}" conf="standalone->default;sjc->*"/>
+ <dependency org="org.picketbox" name="jbosssx" rev="${version.jboss.picketbox}" conf="standalone->default;sjc->*"/>
+ <dependency org="org.picketbox" name="picketbox-bare" rev="${version.jboss.picketbox.bare}" conf="standalone->default;sjc->*"/>
<dependency org="org.slf4j" name="jcl-over-slf4j" rev="${version.slf4j}" conf="standalone->default;sjc->*"/>
<dependency org="org.slf4j" name="slf4j-api" rev="${version.slf4j}" conf="standalone->default;sjc->*"/>
<dependency org="stax" name="stax-api" rev="${version.stax}" conf="standalone->default;sjc->*"/>
Modified: projects/jboss-jca/trunk/sjc/src/main/resources/bootstrap/jca.xml
===================================================================
--- projects/jboss-jca/trunk/sjc/src/main/resources/bootstrap/jca.xml 2010-06-14 17:12:05 UTC (rev 106035)
+++ projects/jboss-jca/trunk/sjc/src/main/resources/bootstrap/jca.xml 2010-06-14 17:49:16 UTC (rev 106036)
@@ -45,6 +45,14 @@
</constructor>
</bean>
+ <!-- Users / roles -->
+ <bean name="UsersRoles"
+ interface="org.jboss.jca.core.spi.security.Callback"
+ class="org.jboss.jca.core.security.UsersRoles">
+ <property name="UsersProperties">${jboss.jca.home}/config/users.properties</property>
+ <property name="RolesProperties">${jboss.jca.home}/config/roles.properties</property>
+ </bean>
+
<!-- Work Manager -->
<bean name="WorkManager" interface="org.jboss.jca.core.api.WorkManager" class="org.jboss.jca.core.workmanager.WorkManagerImpl">
<!-- The short running thread pool -->
@@ -55,6 +63,9 @@
<!-- The XA terminator -->
<property name="XATerminator"><inject bean="TransactionManager" property="XATerminator"/></property>
+
+ <!-- The callback security module -->
+ <property name="CallbackSecurity"><inject bean="UsersRoles"/></property>
</bean>
<!-- Default Bootstrap context -->
Added: projects/jboss-jca/trunk/sjc/src/main/resources/roles.properties
===================================================================
Added: projects/jboss-jca/trunk/sjc/src/main/resources/users.properties
===================================================================
Modified: projects/jboss-jca/trunk/standalone/src/main/resources/bootstrap/jca.xml
===================================================================
--- projects/jboss-jca/trunk/standalone/src/main/resources/bootstrap/jca.xml 2010-06-14 17:12:05 UTC (rev 106035)
+++ projects/jboss-jca/trunk/standalone/src/main/resources/bootstrap/jca.xml 2010-06-14 17:49:16 UTC (rev 106036)
@@ -43,6 +43,11 @@
</constructor>
</bean>
+ <!-- Users / roles -->
+ <bean name="UsersRoles"
+ interface="org.jboss.jca.core.spi.security.Callback"
+ class="org.jboss.jca.core.security.UsersRoles"/>
+
<!-- Work Manager -->
<bean name="WorkManager" interface="org.jboss.jca.core.api.WorkManager" class="org.jboss.jca.core.workmanager.WorkManagerImpl">
<!-- The short running thread pool -->
@@ -53,6 +58,9 @@
<!-- The XA terminator -->
<property name="XATerminator"><inject bean="TransactionManager" property="XATerminator"/></property>
+
+ <!-- The callback security module -->
+ <property name="CallbackSecurity"><inject bean="UsersRoles"/></property>
</bean>
<!-- Default Bootstrap context -->
More information about the jboss-cvs-commits
mailing list