[jboss-cvs] JBossAS SVN: r112507 - in projects/ejb3/branches/jboss-ejb3-core-1.3/src: test/java/org/jboss/ejb3/core/test and 3 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Dec 7 07:40:41 EST 2011
Author: wolfc
Date: 2011-12-07 07:40:41 -0500 (Wed, 07 Dec 2011)
New Revision: 112507
Added:
projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/
projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/FakedTimerBean.java
projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/FakedTimerBean2.java
projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/SecuredBean.java
projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/SecuredLocal.java
projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/unit/
projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/unit/RunAsTimeoutMethodTestCase.java
Modified:
projects/ejb3/branches/jboss-ejb3-core-1.3/src/main/resources/ejb3-interceptors-aop.xml
projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/common/AbstractEJB3TestCase.java
projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/common/SimpleSecurityService.java
Log:
JBPAPP-7685: add RunAs interceptor to timeout callback stack
Modified: projects/ejb3/branches/jboss-ejb3-core-1.3/src/main/resources/ejb3-interceptors-aop.xml
===================================================================
--- projects/ejb3/branches/jboss-ejb3-core-1.3/src/main/resources/ejb3-interceptors-aop.xml 2011-12-06 16:36:29 UTC (rev 112506)
+++ projects/ejb3/branches/jboss-ejb3-core-1.3/src/main/resources/ejb3-interceptors-aop.xml 2011-12-07 12:40:41 UTC (rev 112507)
@@ -202,6 +202,7 @@
<!-- The additional SLSB specific ones -->
<interceptor-ref name="org.jboss.ejb3.ENCPropagationInterceptor"/>
+ <interceptor-ref name="org.jboss.ejb3.security.RunAsSecurityInterceptorFactory"/>
<interceptor-ref name="org.jboss.aspects.tx.TxPropagationInterceptor"/>
<interceptor-ref name="org.jboss.ejb3.tx.CMTTxInterceptorFactory"/>
<interceptor-ref name="org.jboss.ejb3.stateless.StatelessInstanceInterceptor"/>
@@ -424,6 +425,7 @@
<!-- The additional MDB specific ones -->
<interceptor-ref name="org.jboss.ejb3.ENCPropagationInterceptor"/>
+ <interceptor-ref name="org.jboss.ejb3.security.RunAsSecurityInterceptorFactory"/>
<interceptor-ref name="org.jboss.ejb3.tx.CMTTxInterceptorFactory"/>
<interceptor-ref name="org.jboss.ejb3.stateless.StatelessInstanceInterceptor"/>
<interceptor-ref name="org.jboss.ejb3.tx.BMTTxInterceptorFactory"/>
Modified: projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/common/AbstractEJB3TestCase.java
===================================================================
--- projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/common/AbstractEJB3TestCase.java 2011-12-06 16:36:29 UTC (rev 112506)
+++ projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/common/AbstractEJB3TestCase.java 2011-12-07 12:40:41 UTC (rev 112507)
@@ -182,6 +182,16 @@
initialContext = new InitialContext();
}
+ protected static SessionContainer container(final String containerName)
+ {
+ for (SessionContainer container : allDeployedContainers)
+ {
+ if (container.getName().equals(containerName))
+ return container;
+ }
+ throw new IllegalArgumentException("Can't find container " + containerName);
+ }
+
protected static void deploy(String resourceName)
{
URL url = Thread.currentThread().getContextClassLoader().getResource(resourceName);
Modified: projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/common/SimpleSecurityService.java
===================================================================
--- projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/common/SimpleSecurityService.java 2011-12-06 16:36:29 UTC (rev 112506)
+++ projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/common/SimpleSecurityService.java 2011-12-07 12:40:41 UTC (rev 112507)
@@ -37,6 +37,7 @@
import org.jboss.security.AuthorizationManager;
import org.jboss.security.ISecurityManagement;
import org.jboss.security.RealmMapping;
+import org.jboss.security.RunAsIdentity;
import org.jboss.security.audit.AuditEvent;
import org.jboss.security.audit.AuditManager;
import org.jboss.security.authorization.AuthorizationContext;
@@ -237,11 +238,19 @@
return AuthorizationContext.PERMIT;
if(methodRoles.containsRole(SimpleRole.ANYBODY_ROLE))
return AuthorizationContext.PERMIT;
- for(Principal p : subject.getPrincipals())
+ if (subject != null)
{
- // TODO: not really true, but for the moment lets assume that the principal is also the role
- Role myRole = new SimpleRole(p.getName());
- if(methodRoles.containsRole(myRole))
+ for(Principal p : subject.getPrincipals())
+ {
+ // TODO: not really true, but for the moment lets assume that the principal is also the role
+ Role myRole = new SimpleRole(p.getName());
+ if(methodRoles.containsRole(myRole))
+ return AuthorizationContext.PERMIT;
+ }
+ }
+ if (ejbResource.getCallerRunAsIdentity() != null)
+ {
+ if (((RunAsIdentity) ejbResource.getCallerRunAsIdentity()).getRunAsRolesAsRoleGroup().containsAtleastOneRole(methodRoles))
return AuthorizationContext.PERMIT;
}
return AuthorizationContext.DENY;
Added: projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/FakedTimerBean.java
===================================================================
--- projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/FakedTimerBean.java (rev 0)
+++ projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/FakedTimerBean.java 2011-12-07 12:40:41 UTC (rev 112507)
@@ -0,0 +1,46 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright (c) 2011, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.core.test.jbpapp7685;
+
+import javax.annotation.security.RunAs;
+import javax.ejb.EJB;
+import javax.ejb.Stateless;
+import javax.ejb.Timeout;
+import javax.ejb.Timer;
+
+import org.jboss.ejb3.annotation.SecurityDomain;
+
+/**
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ */
+ at Stateless
+ at RunAs("admin")
+ at SecurityDomain(value="test", unauthenticatedPrincipal="nobody")
+public class FakedTimerBean {
+ @EJB
+ private SecuredLocal secured;
+
+ @Timeout
+ public void timeout(final Timer timer) {
+ secured.callMe();
+ }
+}
Added: projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/FakedTimerBean2.java
===================================================================
--- projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/FakedTimerBean2.java (rev 0)
+++ projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/FakedTimerBean2.java 2011-12-07 12:40:41 UTC (rev 112507)
@@ -0,0 +1,44 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright (c) 2011, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.core.test.jbpapp7685;
+
+import javax.ejb.EJB;
+import javax.ejb.Stateless;
+import javax.ejb.Timeout;
+import javax.ejb.Timer;
+
+import org.jboss.ejb3.annotation.SecurityDomain;
+
+/**
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ */
+ at Stateless
+ at SecurityDomain(value="test", unauthenticatedPrincipal="nobody")
+public class FakedTimerBean2 {
+ @EJB
+ private SecuredLocal secured;
+
+ @Timeout
+ public void timeout(final Timer timer) {
+ secured.callMe();
+ }
+}
Added: projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/SecuredBean.java
===================================================================
--- projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/SecuredBean.java (rev 0)
+++ projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/SecuredBean.java 2011-12-07 12:40:41 UTC (rev 112507)
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright (c) 2011, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.core.test.jbpapp7685;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Stateless;
+
+import org.jboss.ejb3.annotation.SecurityDomain;
+
+/**
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ */
+ at Stateless
+ at RolesAllowed("admin")
+ at SecurityDomain(value="test", unauthenticatedPrincipal="nobody")
+public class SecuredBean implements SecuredLocal {
+ public void callMe() {
+ // done
+ }
+}
Added: projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/SecuredLocal.java
===================================================================
--- projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/SecuredLocal.java (rev 0)
+++ projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/SecuredLocal.java 2011-12-07 12:40:41 UTC (rev 112507)
@@ -0,0 +1,32 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright (c) 2011, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.core.test.jbpapp7685;
+
+import javax.ejb.Local;
+
+/**
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ */
+ at Local
+public interface SecuredLocal {
+ void callMe();
+}
Added: projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/unit/RunAsTimeoutMethodTestCase.java
===================================================================
--- projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/unit/RunAsTimeoutMethodTestCase.java (rev 0)
+++ projects/ejb3/branches/jboss-ejb3-core-1.3/src/test/java/org/jboss/ejb3/core/test/jbpapp7685/unit/RunAsTimeoutMethodTestCase.java 2011-12-07 12:40:41 UTC (rev 112507)
@@ -0,0 +1,73 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright (c) 2011, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.core.test.jbpapp7685.unit;
+
+import static org.junit.Assert.fail;
+import static org.mockito.Mockito.mock;
+
+import java.util.Collection;
+
+import javax.ejb.EJBAccessException;
+import javax.ejb.Timer;
+
+import org.jboss.ejb3.core.test.common.AbstractEJB3TestCase;
+import org.jboss.ejb3.core.test.jbpapp7685.FakedTimerBean;
+import org.jboss.ejb3.core.test.jbpapp7685.FakedTimerBean2;
+import org.jboss.ejb3.core.test.jbpapp7685.SecuredBean;
+import org.jboss.ejb3.session.SessionContainer;
+import org.jboss.ejb3.stateless.StatelessContainer;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ */
+public class RunAsTimeoutMethodTestCase extends AbstractEJB3TestCase {
+ @BeforeClass
+ public static void beforeClass() throws Exception {
+ AbstractEJB3TestCase.beforeClass();
+
+ deploy("securitymanager-beans.xml");
+
+ final Collection<SessionContainer> containers = deploySessionEjbs(SecuredBean.class, FakedTimerBean.class, FakedTimerBean2.class);
+ for (SessionContainer container : containers) {
+ container.setJaccContextId("test");
+ }
+ }
+
+ @Test
+ public void testNotAllowed() throws Exception {
+ final Timer timer = mock(Timer.class);
+ try {
+ ((StatelessContainer) container("jboss.j2ee:service=EJB3,name=FakedTimerBean2")).callTimeout(timer);
+ fail("Should not have been allowed");
+ } catch (EJBAccessException e) {
+ // good
+ }
+ }
+
+ @Test
+ public void testTimeout() throws Exception {
+ final Timer timer = mock(Timer.class);
+ ((StatelessContainer) container("jboss.j2ee:service=EJB3,name=FakedTimerBean")).callTimeout(timer);
+ }
+}
More information about the jboss-cvs-commits
mailing list