geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ga...@apache.org
Subject svn commit: r797635 - /geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java
Date Fri, 24 Jul 2009 20:20:21 GMT
Author: gawor
Date: Fri Jul 24 20:20:21 2009
New Revision: 797635

URL: http://svn.apache.org/viewvc?rev=797635&view=rev
Log:
configure security for jaxrpc ejb web services

Modified:
    geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java

Modified: geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java?rev=797635&r1=797634&r2=797635&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java
(original)
+++ geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java
Fri Jul 24 20:20:21 2009
@@ -17,6 +17,8 @@
 package org.apache.geronimo.axis.builder;
 
 import java.net.URL;
+import java.security.PermissionCollection;
+import java.security.Permissions;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
@@ -25,6 +27,9 @@
 import java.util.Properties;
 import java.util.jar.JarFile;
 
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebUserDataPermission;
+
 import org.apache.geronimo.axis.server.EjbWebServiceGBean;
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.deployment.ModuleIDBuilder;
@@ -46,7 +51,9 @@
 import org.apache.geronimo.kernel.repository.Environment;
 import org.apache.geronimo.openejb.deployment.EjbModule;
 import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.openejb.assembler.classic.EnterpriseBeanInfo;
+import org.apache.openejb.jee.oejb2.AuthMethodType;
 import org.apache.openejb.jee.oejb2.EnterpriseBean;
 import org.apache.openejb.jee.oejb2.GeronimoEjbJarType;
 import org.apache.openejb.jee.oejb2.OpenejbJarType;
@@ -107,6 +114,59 @@
     }
 
     public void initContext(EARContext earContext, Module module, ClassLoader cl) throws
DeploymentException {
+        if (module.getType() != ConfigurationModuleType.EJB) {
+            return;
+        }
+
+        EjbModule ejbModule = (EjbModule) module;
+
+        Map<String, WebServiceBinding> wsBindingMap = createWebServiceBindingMap(ejbModule);
+
+        for (EnterpriseBeanInfo bean : ejbModule.getEjbJarInfo().enterpriseBeans) {
+            if (bean.type != EnterpriseBeanInfo.STATELESS) {
+                continue;
+            }
+
+            String ejbName = bean.ejbName;
+
+            AbstractName sessionName = earContext.getNaming().createChildName(module.getModuleName(),
ejbName, NameFactory.STATELESS_SESSION_BEAN);
+
+            assert sessionName != null: "StatelesSessionBean object name is null";
+
+            WebServiceBinding wsBinding = wsBindingMap.get(ejbName);
+            if (wsBinding != null) {
+                WebServiceSecurityType wsSecurity = wsBinding.getWebServiceSecurity();
+                if (wsSecurity != null) {
+                    earContext.setHasSecurity(true);
+                    String policyContextID = sessionName.toString();
+                    Properties properties = wsSecurity.getProperties();
+                    PermissionCollection uncheckedPermissions = new Permissions();
+                    String transportGuarantee = wsSecurity.getTransportGuarantee().toString().trim();
+                    boolean getProtected = properties.get("getProtected") == null? true:
Boolean.valueOf((String) properties.get("getProtected"));
+                    if (getProtected) {
+                        WebUserDataPermission webUserDataPermission = new WebUserDataPermission("/*",
null, transportGuarantee);
+                        uncheckedPermissions.add(webUserDataPermission);
+                    } else {
+                        uncheckedPermissions.add(new WebUserDataPermission("/*", new String[]
{"GET"}, "NONE"));
+                        uncheckedPermissions.add(new WebUserDataPermission("/*", "!GET:"
+ transportGuarantee));
+                    }
+                    Map<String, PermissionCollection> rolePermissions = new HashMap<String,
PermissionCollection>();
+                    //TODO allow jaspi authentication
+                    boolean secured = wsSecurity.getAuthMethod() != null && AuthMethodType.NONE
!= (wsSecurity.getAuthMethod());// || wsSecurity.isSetAuthentication();
+                    if (secured) {
+                        boolean getSecured = properties.get("getSecured") == null? true:
Boolean.valueOf((String) properties.get("getSecured"));
+                        if (!getSecured) {
+                            uncheckedPermissions.add(new WebResourcePermission("/*", "GET"));
+                        }
+                    } else {
+                        uncheckedPermissions.add(new WebResourcePermission("/*", (String[])
null));
+                    }
+                    ComponentPermissions permissions = new ComponentPermissions(new Permissions(),
uncheckedPermissions, rolePermissions);
+                    earContext.addSecurityContext(policyContextID, permissions);
+                }
+            }
+
+        }
     }
 
     public void addGBeans(EARContext earContext, Module module, ClassLoader cl, Collection
repository) throws DeploymentException {
@@ -164,6 +224,8 @@
                     }
                     Properties properties = wsSecurity.getProperties();
                     ejbWebServiceGBean.setAttribute("properties", properties);
+                    String policyContextID = sessionName.toString();
+                    ejbWebServiceGBean.setAttribute("policyContextID", policyContextID);
                 }
             }
             



Mime
View raw message