geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r526376 - in /geronimo/server/trunk/modules: geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/ geronimo-openejb/src/main/java/org/apache/geronimo/openejb/
Date Sat, 07 Apr 2007 06:37:23 GMT
Author: djencks
Date: Fri Apr  6 23:37:22 2007
New Revision: 526376

URL: http://svn.apache.org/viewvc?view=rev&rev=526376
Log:
GERONIMO-3072 fix some ejb security problems

Modified:
    geronimo/server/trunk/modules/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/EjbDeploymentBuilder.java
    geronimo/server/trunk/modules/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/SecurityBuilder.java
    geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoThreadContextListener.java

Modified: geronimo/server/trunk/modules/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/EjbDeploymentBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/EjbDeploymentBuilder.java?view=diff&rev=526376&r1=526375&r2=526376
==============================================================================
--- geronimo/server/trunk/modules/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/EjbDeploymentBuilder.java
(original)
+++ geronimo/server/trunk/modules/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/EjbDeploymentBuilder.java
Fri Apr  6 23:37:22 2007
@@ -19,25 +19,32 @@
 
 import java.security.Permissions;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.TreeMap;
-import java.util.Collections;
+
 import javax.security.auth.Subject;
 
 import org.apache.geronimo.common.DeploymentException;
+import org.apache.geronimo.connector.outbound.connectiontracking.TrackedConnectionAssociator;
 import org.apache.geronimo.gbean.AbstractName;
-import org.apache.geronimo.gbean.GBeanData;
 import org.apache.geronimo.gbean.AbstractNameQuery;
+import org.apache.geronimo.gbean.GBeanData;
 import org.apache.geronimo.j2ee.deployment.EARContext;
 import org.apache.geronimo.j2ee.deployment.NamingBuilder;
 import org.apache.geronimo.j2ee.deployment.annotation.AnnotatedEjbJar;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.kernel.GBeanAlreadyExistsException;
+import org.apache.geronimo.naming.deployment.AbstractNamingBuilder;
 import org.apache.geronimo.naming.deployment.GBeanResourceEnvironmentBuilder;
 import org.apache.geronimo.naming.deployment.ResourceEnvironmentSetter;
-import org.apache.geronimo.naming.deployment.AbstractNamingBuilder;
+import org.apache.geronimo.openejb.EntityDeploymentGBean;
+import org.apache.geronimo.openejb.MessageDrivenDeploymentGBean;
+import org.apache.geronimo.openejb.OpenEjbSystem;
+import org.apache.geronimo.openejb.StatefulDeploymentGBean;
+import org.apache.geronimo.openejb.StatelessDeploymentGBean;
 import org.apache.geronimo.openejb.xbeans.ejbjar.OpenejbGeronimoEjbJarType;
 import org.apache.geronimo.security.deployment.SecurityConfiguration;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
@@ -48,21 +55,16 @@
 import org.apache.geronimo.xbeans.javaee.MessageDrivenBeanType;
 import org.apache.geronimo.xbeans.javaee.ResourceRefType;
 import org.apache.geronimo.xbeans.javaee.SessionBeanType;
+import org.apache.openejb.DeploymentInfo;
 import org.apache.openejb.jee.EnterpriseBean;
+import org.apache.openejb.jee.EntityBean;
+import org.apache.openejb.jee.MessageDrivenBean;
 import org.apache.openejb.jee.RemoteBean;
 import org.apache.openejb.jee.SecurityIdentity;
-import org.apache.openejb.jee.StatelessBean;
-import org.apache.openejb.jee.MessageDrivenBean;
-import org.apache.openejb.jee.EntityBean;
 import org.apache.openejb.jee.SessionBean;
+import org.apache.openejb.jee.StatelessBean;
 import org.apache.openejb.jee.SessionType;
 import org.apache.openejb.jee.oejb3.EjbDeployment;
-import org.apache.geronimo.openejb.StatelessDeploymentGBean;
-import org.apache.geronimo.openejb.StatefulDeploymentGBean;
-import org.apache.geronimo.openejb.EntityDeploymentGBean;
-import org.apache.geronimo.openejb.MessageDrivenDeploymentGBean;
-import org.apache.geronimo.openejb.OpenEjbSystem;
-import org.apache.geronimo.connector.outbound.connectiontracking.TrackedConnectionAssociator;
 import org.apache.xbean.finder.ClassFinder;
 import org.apache.xmlbeans.XmlObject;
 
@@ -74,7 +76,7 @@
     private final EjbModule ejbModule;
     private final NamingBuilder namingBuilder;
     private final ResourceEnvironmentSetter resourceEnvironmentSetter;
-    private final Map<String,GBeanData> gbeans = new TreeMap<String,GBeanData>();
+    private final Map<String, GBeanData> gbeans = new TreeMap<String, GBeanData>();
 
     public EjbDeploymentBuilder(EARContext earContext, EjbModule ejbModule, NamingBuilder
namingBuilder, ResourceEnvironmentSetter resourceEnvironmentSetter) {
         this.earContext = earContext;
@@ -185,12 +187,53 @@
 
             SecurityConfiguration securityConfiguration = (SecurityConfiguration) earContext.getSecurityConfiguration();
             if (securityConfiguration != null) {
-                for (EjbInterface ejbInterface : EjbInterface.values()) {
-                    String interfaceName = (String) gbean.getAttribute(ejbInterface.getAttributeName());
+                securityBuilder.addToPermissions(permissions,
+                        remoteBean.getEjbName(),
+                        EjbInterface.HOME.getJaccInterfaceName(),
+                        remoteBean.getHome(),
+                        ejbModule.getClassLoader());
+                securityBuilder.addToPermissions(permissions,
+                        remoteBean.getEjbName(),
+                        EjbInterface.REMOTE.getJaccInterfaceName(),
+                        remoteBean.getRemote(),
+                        ejbModule.getClassLoader());
+                securityBuilder.addToPermissions(permissions,
+                        remoteBean.getEjbName(),
+                        EjbInterface.LOCAL.getJaccInterfaceName(),
+                        remoteBean.getLocal(),
+                        ejbModule.getClassLoader());
+                securityBuilder.addToPermissions(permissions,
+                        remoteBean.getEjbName(),
+                        EjbInterface.LOCAL_HOME.getJaccInterfaceName(),
+                        remoteBean.getLocalHome(),
+                        ejbModule.getClassLoader());
+                securityBuilder.addToPermissions(permissions,
+                        remoteBean.getEjbName(),
+                        EjbInterface.SERVICE_ENDPOINT.getJaccInterfaceName(),
+                        remoteBean.getLocalHome(),
+                        ejbModule.getClassLoader());
+                if (remoteBean.getBusinessRemote() != null) {
+                    securityBuilder.addToPermissions(permissions,
+                            remoteBean.getEjbName(),
+                            EjbInterface.REMOTE.getJaccInterfaceName(),
+                            remoteBean.getBusinessRemote(),
+                            ejbModule.getClassLoader());
+                    securityBuilder.addToPermissions(permissions,
+                            remoteBean.getEjbName(),
+                            EjbInterface.HOME.getJaccInterfaceName(),
+                            DeploymentInfo.BusinessRemoteHome.class.getName(),
+                            ejbModule.getClassLoader());
+                }
+                if (remoteBean.getBusinessLocal() != null) {
+                    securityBuilder.addToPermissions(permissions,
+                            remoteBean.getEjbName(),
+                            EjbInterface.LOCAL.getJaccInterfaceName(),
+                            remoteBean.getBusinessLocal(),
+                            ejbModule.getClassLoader());
                     securityBuilder.addToPermissions(permissions,
-                            enterpriseBean.getEjbName(),
-                            ejbInterface.getJaccInterfaceName(),
-                            interfaceName,
+                            remoteBean.getEjbName(),
+                            EjbInterface.LOCAL_HOME.getJaccInterfaceName(),
+                            DeploymentInfo.BusinessLocalHome.class.getName(),
                             ejbModule.getClassLoader());
                 }
 
@@ -217,6 +260,7 @@
 
                 // Default principal
                 gbean.setAttribute("defaultPrincipal", securityConfiguration.getDefaultPrincipal());
+                gbean.setAttribute("securityEnabled", true);
             }
         }
     }
@@ -231,7 +275,7 @@
         if (!ejbJarType.getMetadataComplete()) {
             // Create a classfinder and populate it for the naming builder(s). The absence
of a
             // classFinder in the module will convey whether metadata-complete is set (or
not)
-            ejbModule.setClassFinder(createEjbJarClassFinder(ejbJarType, ejbModule));
+            ejbModule.setClassFinder(createEjbJarClassFinder(ejbModule));
         }
 
         EnterpriseBeansType enterpriseBeans = ejbJarType.getEnterpriseBeans();
@@ -271,9 +315,9 @@
         //
 
         // Geronimo uses a map to pass data to the naming build and for the results data
-        Map<Object,Object> buildingContext = new HashMap<Object,Object>();
+        Map<Object, Object> buildingContext = new HashMap<Object, Object>();
         buildingContext.put(NamingBuilder.GBEAN_NAME_KEY, gbean.getAbstractName());
-        ((AnnotatedEjbJar)ejbModule.getAnnotatedApp()).setBean(xmlbeansEjb);
+        ((AnnotatedEjbJar) ejbModule.getAnnotatedApp()).setBean(xmlbeansEjb);
 
         namingBuilder.buildNaming(xmlbeansEjb,
                 geronimoOpenejb,
@@ -297,7 +341,7 @@
         resourceEnvironmentSetter.setResourceEnvironment(refBuilder, resourceRefs, gerResourceRefs);
     }
 
-    private ClassFinder createEjbJarClassFinder( EjbJarType ejbJarType, EjbModule ejbModule)
throws DeploymentException {
+    private ClassFinder createEjbJarClassFinder(EjbModule ejbModule) throws DeploymentException
{
 
         try {
             // Get the classloader from the module's EARContext

Modified: geronimo/server/trunk/modules/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/SecurityBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/SecurityBuilder.java?view=diff&rev=526376&r1=526375&r2=526376
==============================================================================
--- geronimo/server/trunk/modules/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/SecurityBuilder.java
(original)
+++ geronimo/server/trunk/modules/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/SecurityBuilder.java
Fri Apr  6 23:37:22 2007
@@ -85,7 +85,7 @@
                         methodName = null;
                     }
                     // method interface
-                    String methodIntf = method.getMethodIntf().toString();
+                    String methodIntf = method.getMethodIntf() == null? null: method.getMethodIntf().toString();
 
                     // method parameters
                     String[] methodParams;
@@ -130,7 +130,7 @@
                     // method name
                     String methodName = method.getMethodName();
                     // method interface
-                    String methodIntf = method.getMethodIntf().toString();
+                    String methodIntf = method.getMethodIntf() == null? null: method.getMethodIntf().toString();
 
                     // method parameters
                     String[] methodParams;
@@ -153,11 +153,8 @@
              * JACC v1.0 section 3.1.5.3
              */
             for (SecurityRoleRef securityRoleRef : securityRoleRefs) {
-                if (securityRoleRef.getRoleLink() == null) {
-                    throw new DeploymentException("Missing role-link");
-                }
 
-                String roleLink = securityRoleRef.getRoleLink();
+                String roleLink = securityRoleRef.getRoleLink() == null? securityRoleRef.getRoleName():
securityRoleRef.getRoleLink();
 
                 PermissionCollection roleLinks = (PermissionCollection) rolePermissions.get(roleLink);
                 if (roleLinks == null) {

Modified: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoThreadContextListener.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoThreadContextListener.java?view=diff&rev=526376&r1=526375&r2=526376
==============================================================================
--- geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoThreadContextListener.java
(original)
+++ geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoThreadContextListener.java
Fri Apr  6 23:37:22 2007
@@ -28,8 +28,8 @@
 import org.apache.geronimo.connector.outbound.connectiontracking.ConnectorInstanceContextImpl;
 import org.apache.geronimo.connector.outbound.connectiontracking.TrackedConnectionAssociator;
 import org.apache.geronimo.naming.java.RootContext;
-import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.Callers;
+import org.apache.geronimo.security.ContextManager;
 import org.apache.openejb.core.CoreDeploymentInfo;
 import org.apache.openejb.core.ThreadContext;
 import org.apache.openejb.core.ThreadContextListener;
@@ -42,6 +42,7 @@
 
     // A single stateless listener is used for Geronimo
     private static final GeronimoThreadContextListener instance = new GeronimoThreadContextListener();
+
     static {
         ThreadContext.addThreadContextListener(instance);
     }
@@ -102,9 +103,7 @@
 
         // apply run as
         Subject runAsSubject = ejbDeployment.getRunAs();
-        if (runAsSubject != null) {
-            geronimoCallContext.callers = ContextManager.pushNextCaller(runAsSubject);
-        }
+        geronimoCallContext.callers = ContextManager.pushNextCaller(runAsSubject);
 
         newContext.set(GeronimoCallContext.class, geronimoCallContext);
     }
@@ -121,9 +120,7 @@
         if (geronimoCallContext == null) return;
 
         // reset run as
-        if (geronimoCallContext.callers != null) {
-            ContextManager.popCallers(geronimoCallContext.callers);
-        }
+        ContextManager.popCallers(geronimoCallContext.callers);
 
         // reset default subject
         if (geronimoCallContext.clearCallers) {



Mime
View raw message