Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 26407 invoked from network); 3 Feb 2009 23:49:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 3 Feb 2009 23:49:48 -0000 Received: (qmail 24527 invoked by uid 500); 3 Feb 2009 23:49:47 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 24472 invoked by uid 500); 3 Feb 2009 23:49:47 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 24463 invoked by uid 99); 3 Feb 2009 23:49:47 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Feb 2009 15:49:47 -0800 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Feb 2009 23:49:44 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 975AE238898E; Tue, 3 Feb 2009 23:49:24 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r740521 - in /geronimo/server/branches/2.1/plugins/openejb/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment: EjbDeploymentBuilder.java SecurityBuilder.java Date: Tue, 03 Feb 2009 23:49:24 -0000 To: scm@geronimo.apache.org From: djencks@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090203234924.975AE238898E@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: djencks Date: Tue Feb 3 23:49:24 2009 New Revision: 740521 URL: http://svn.apache.org/viewvc?rev=740521&view=rev Log: GERONIMO-4526 make ejbTimeout accessible when security is enabled Modified: geronimo/server/branches/2.1/plugins/openejb/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/EjbDeploymentBuilder.java geronimo/server/branches/2.1/plugins/openejb/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/SecurityBuilder.java Modified: geronimo/server/branches/2.1/plugins/openejb/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/EjbDeploymentBuilder.java URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/plugins/openejb/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/EjbDeploymentBuilder.java?rev=740521&r1=740520&r2=740521&view=diff ============================================================================== --- geronimo/server/branches/2.1/plugins/openejb/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/EjbDeploymentBuilder.java (original) +++ geronimo/server/branches/2.1/plugins/openejb/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/EjbDeploymentBuilder.java Tue Feb 3 23:49:24 2009 @@ -58,12 +58,11 @@ import org.apache.openejb.jee.EnterpriseBean; import org.apache.openejb.jee.EntityBean; import org.apache.openejb.jee.MessageDrivenBean; +import org.apache.openejb.jee.MethodPermission; import org.apache.openejb.jee.RemoteBean; import org.apache.openejb.jee.SecurityIdentity; import org.apache.openejb.jee.SessionBean; import org.apache.openejb.jee.SessionType; -import org.apache.openejb.jee.AssemblyDescriptor; -import org.apache.openejb.jee.MethodPermission; import org.apache.openejb.jee.oejb3.EjbDeployment; import org.apache.xbean.finder.ClassFinder; import org.apache.xmlbeans.XmlObject; @@ -189,30 +188,30 @@ RemoteBean remoteBean = (RemoteBean) enterpriseBean; SecurityBuilder securityBuilder = new SecurityBuilder(); - PermissionCollection permissions = new Permissions(); + PermissionCollection allPermissions = new Permissions(); - securityBuilder.addToPermissions(permissions, + securityBuilder.addToPermissions(allPermissions, remoteBean.getEjbName(), EjbInterface.HOME.getJaccInterfaceName(), remoteBean.getHome(), ejbModule.getClassLoader()); - securityBuilder.addToPermissions(permissions, + securityBuilder.addToPermissions(allPermissions, remoteBean.getEjbName(), EjbInterface.REMOTE.getJaccInterfaceName(), remoteBean.getRemote(), ejbModule.getClassLoader()); - securityBuilder.addToPermissions(permissions, + securityBuilder.addToPermissions(allPermissions, remoteBean.getEjbName(), EjbInterface.LOCAL.getJaccInterfaceName(), remoteBean.getLocal(), ejbModule.getClassLoader()); - securityBuilder.addToPermissions(permissions, + securityBuilder.addToPermissions(allPermissions, remoteBean.getEjbName(), EjbInterface.LOCAL_HOME.getJaccInterfaceName(), remoteBean.getLocalHome(), ejbModule.getClassLoader()); if (remoteBean instanceof SessionBean) { - securityBuilder.addToPermissions(permissions, + securityBuilder.addToPermissions(allPermissions, remoteBean.getEjbName(), EjbInterface.SERVICE_ENDPOINT.getJaccInterfaceName(), ((SessionBean) remoteBean).getServiceEndpoint(), @@ -220,7 +219,7 @@ } if (remoteBean.getBusinessRemote() != null && !remoteBean.getBusinessRemote().isEmpty()) { for (String businessRemote : remoteBean.getBusinessRemote()) { - securityBuilder.addToPermissions(permissions, + securityBuilder.addToPermissions(allPermissions, remoteBean.getEjbName(), EjbInterface.REMOTE.getJaccInterfaceName(), businessRemote, @@ -234,7 +233,7 @@ } if (remoteBean.getBusinessLocal() != null && !remoteBean.getBusinessLocal().isEmpty()) { for (String businessLocal : remoteBean.getBusinessLocal()) { - securityBuilder.addToPermissions(permissions, + securityBuilder.addToPermissions(allPermissions, remoteBean.getEjbName(), EjbInterface.LOCAL.getJaccInterfaceName(), businessLocal, @@ -247,9 +246,11 @@ ejbModule.getClassLoader()); } + securityBuilder.addEjbTimeout(remoteBean, ejbModule, allPermissions); + String defaultRole = securityConfiguration.getDefaultRole(); securityBuilder.addComponentPermissions(defaultRole, - permissions, + allPermissions, ejbModule.getEjbJar().getAssemblyDescriptor(), enterpriseBean.getEjbName(), remoteBean.getSecurityRoleRef(), @@ -270,6 +271,7 @@ } } + public void buildEnc() throws DeploymentException { // // XMLBeans types must be use because Geronimo naming building is coupled via XMLBeans objects Modified: geronimo/server/branches/2.1/plugins/openejb/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/SecurityBuilder.java URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/plugins/openejb/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/SecurityBuilder.java?rev=740521&r1=740520&r2=740521&view=diff ============================================================================== --- geronimo/server/branches/2.1/plugins/openejb/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/SecurityBuilder.java (original) +++ geronimo/server/branches/2.1/plugins/openejb/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/SecurityBuilder.java Tue Feb 3 23:49:24 2009 @@ -24,6 +24,8 @@ import java.util.List; import java.util.Map; +import javax.ejb.TimedObject; +import javax.ejb.Timer; import javax.security.jacc.EJBMethodPermission; import javax.security.jacc.EJBRoleRefPermission; @@ -31,9 +33,13 @@ import org.apache.geronimo.security.jacc.ComponentPermissions; import org.apache.openejb.jee.AssemblyDescriptor; import org.apache.openejb.jee.ExcludeList; +import org.apache.openejb.jee.MessageDrivenBean; import org.apache.openejb.jee.Method; import org.apache.openejb.jee.MethodPermission; +import org.apache.openejb.jee.NamedMethod; +import org.apache.openejb.jee.RemoteBean; import org.apache.openejb.jee.SecurityRoleRef; +import org.apache.openejb.jee.SessionBean; public class SecurityBuilder { /** @@ -42,22 +48,22 @@ * is also filled with permissions that need to be used to fill the JACC * policy configuration. * - * @param defaultRole default role for otherwise unassigned permissions - * @param notAssigned the set of all possible permissions. These will be - * culled so that all that are left are those that have - * not been assigned roles. - * @param assemblyDescriptor the assembly descriptor - * @param ejbName the name of the EJB - * @param securityRoleRefs the EJB's role references + * @param defaultRole default role for otherwise unassigned permissions + * @param notAssigned the set of all possible permissions. These will be + * culled so that all that are left are those that have + * not been assigned roles. + * @param assemblyDescriptor the assembly descriptor + * @param ejbName the name of the EJB + * @param securityRoleRefs the EJB's role references * @param componentPermissions the holder for the ejb's permissions * @throws DeploymentException if any constraints are violated */ public void addComponentPermissions(String defaultRole, - PermissionCollection notAssigned, - AssemblyDescriptor assemblyDescriptor, - String ejbName, - List securityRoleRefs, - ComponentPermissions componentPermissions) throws DeploymentException { + PermissionCollection notAssigned, + AssemblyDescriptor assemblyDescriptor, + String ejbName, + List securityRoleRefs, + ComponentPermissions componentPermissions) throws DeploymentException { PermissionCollection uncheckedPermissions = componentPermissions.getUncheckedPermissions(); PermissionCollection excludedPermissions = componentPermissions.getExcludedPermissions(); @@ -85,7 +91,7 @@ methodName = null; } // method interface - String methodIntf = method.getMethodIntf() == null? null: method.getMethodIntf().toString(); + String methodIntf = method.getMethodIntf() == null ? null : method.getMethodIntf().toString(); // method parameters String[] methodParams; @@ -130,7 +136,7 @@ // method name String methodName = method.getMethodName(); // method interface - String methodIntf = method.getMethodIntf() == null? null: method.getMethodIntf().toString(); + String methodIntf = method.getMethodIntf() == null ? null : method.getMethodIntf().toString(); // method parameters String[] methodParams; @@ -154,7 +160,7 @@ */ for (SecurityRoleRef securityRoleRef : securityRoleRefs) { - String roleLink = securityRoleRef.getRoleLink() == null? securityRoleRef.getRoleName(): securityRoleRef.getRoleLink(); + String roleLink = securityRoleRef.getRoleLink() == null ? securityRoleRef.getRoleName() : securityRoleRef.getRoleLink(); PermissionCollection roleLinks = rolePermissions.get(roleLink); if (roleLinks == null) { @@ -204,18 +210,19 @@ * of the EJBHome and EJBObject interfaces and/or * EJBLocalHome and EJBLocalObject interfaces). * - * @param permissions the permission set to be extended - * @param ejbName the name of the EJB + * @param permissions the permission set to be extended + * @param ejbName the name of the EJB * @param methodInterface the EJB method interface - * @param interfaceClass the class name of the interface to be used to generate the permissions - * @param classLoader the class loader to be used in obtaining the interface class - * @throws org.apache.geronimo.common.DeploymentException in case a class could not be found + * @param interfaceClass the class name of the interface to be used to generate the permissions + * @param classLoader the class loader to be used in obtaining the interface class + * @throws org.apache.geronimo.common.DeploymentException + * in case a class could not be found */ public void addToPermissions(PermissionCollection permissions, - String ejbName, - String methodInterface, - String interfaceClass, - ClassLoader classLoader) throws DeploymentException { + String ejbName, + String methodInterface, + String interfaceClass, + ClassLoader classLoader) throws DeploymentException { if (interfaceClass == null) { return; @@ -237,7 +244,7 @@ * permission. * * @param toBeChecked the permissions that are to be checked and possibly culled - * @param permission the permission that is to be used for culling + * @param permission the permission that is to be used for culling * @return the culled set of permissions that are not implied by permission */ private Permissions cullPermissions(PermissionCollection toBeChecked, Permission permission) { @@ -252,4 +259,26 @@ return result; } + + public void addEjbTimeout(RemoteBean remoteBean, EjbModule ejbModule, PermissionCollection permissions) throws DeploymentException { + NamedMethod timeout = null; + if (remoteBean instanceof SessionBean) { + timeout = ((SessionBean) remoteBean).getTimeoutMethod(); + } else if (remoteBean instanceof MessageDrivenBean) { + timeout = ((MessageDrivenBean) remoteBean).getTimeoutMethod(); + } + if (timeout != null) { + permissions.add(new EJBMethodPermission(remoteBean.getEjbName(), timeout.getMethodName(), null, new String[]{Timer.class.getName()})); + } else { + try { + Class ejbClass = ejbModule.getClassLoader().loadClass(remoteBean.getEjbClass()); + if (TimedObject.class.isAssignableFrom(ejbClass)) { + permissions.add(new EJBMethodPermission(remoteBean.getEjbName(), "ejbTimeout", null, new String[]{Timer.class.getName()})); + } + } catch (ClassNotFoundException e) { + throw new DeploymentException("Could not figure out timer method", e); + } + } + } + }