tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dblev...@apache.org
Subject svn commit: r762564 - in /openejb/trunk/openejb3: assembly/openejb-tomcat/openejb-tomcat-catalina/src/main/java/org/apache/openejb/tomcat/catalina/ container/openejb-core/src/main/java/org/apache/openejb/core/security/ container/openejb-core/src/main/j...
Date Mon, 06 Apr 2009 23:29:55 GMT
Author: dblevins
Date: Mon Apr  6 23:29:54 2009
New Revision: 762564

URL: http://svn.apache.org/viewvc?rev=762564&view=rev
Log:
OPENEJB-1015: javax.ejb.EJBContext.getCallerPrincipal() not predictable

The result of getCallerPrincipal can be random depending on list order.  Code has been reworked
so that JAAS Implementations may annotate the principal implementations with @CallerPrincipal
to tell the org.apache.openejb.spi.SecurityService which principal to return from getCallerPrincipal.

Annotation used instead of an interface so that JAAS LoginModules can avoid a mandatory runtime
dependency on any OpenEJB libraries.


Added:
    openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/spi/CallerPrincipal.java
Modified:
    openejb/trunk/openejb3/assembly/openejb-tomcat/openejb-tomcat-catalina/src/main/java/org/apache/openejb/tomcat/catalina/TomcatSecurityService.java
    openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
    openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/jaas/UserPrincipal.java
    openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/spi/SecurityService.java

Modified: openejb/trunk/openejb3/assembly/openejb-tomcat/openejb-tomcat-catalina/src/main/java/org/apache/openejb/tomcat/catalina/TomcatSecurityService.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/assembly/openejb-tomcat/openejb-tomcat-catalina/src/main/java/org/apache/openejb/tomcat/catalina/TomcatSecurityService.java?rev=762564&r1=762563&r2=762564&view=diff
==============================================================================
--- openejb/trunk/openejb3/assembly/openejb-tomcat/openejb-tomcat-catalina/src/main/java/org/apache/openejb/tomcat/catalina/TomcatSecurityService.java
(original)
+++ openejb/trunk/openejb3/assembly/openejb-tomcat/openejb-tomcat-catalina/src/main/java/org/apache/openejb/tomcat/catalina/TomcatSecurityService.java
Mon Apr  6 23:29:54 2009
@@ -24,6 +24,7 @@
 import org.apache.catalina.Server;
 import org.apache.openejb.core.security.AbstractSecurityService;
 import org.apache.openejb.core.CoreDeploymentInfo;
+import org.apache.openejb.spi.CallerPrincipal;
 
 import javax.security.auth.Subject;
 import javax.security.auth.login.LoginException;
@@ -151,6 +152,7 @@
         return new Subject(true, principals, new HashSet(), new HashSet());
     }
 
+    @CallerPrincipal
     protected static class TomcatUser implements Principal {
         private final Realm realm;
         private final Principal tomcatPrincipal;

Modified: openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java?rev=762564&r1=762563&r2=762564&view=diff
==============================================================================
--- openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
(original)
+++ openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
Mon Apr  6 23:29:54 2009
@@ -18,6 +18,7 @@
 package org.apache.openejb.core.security;
 
 import org.apache.openejb.spi.SecurityService;
+import org.apache.openejb.spi.CallerPrincipal;
 import org.apache.openejb.core.ThreadContextListener;
 import org.apache.openejb.core.ThreadContext;
 import org.apache.openejb.core.CoreDeploymentInfo;
@@ -210,7 +211,13 @@
         ThreadContext threadContext = ThreadContext.getThreadContext();
         SecurityContext securityContext = threadContext.get(SecurityContext.class);
         Set<Principal> principals = securityContext.subject.getPrincipals();
+
         if (!principals.isEmpty()) {
+            for (Principal principal : principals) {
+                if (principal.getClass().isAnnotationPresent(CallerPrincipal.class)) {
+                    return principal;
+                }
+            }
             return principals.iterator().next();
         }
         return null;

Modified: openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/jaas/UserPrincipal.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/jaas/UserPrincipal.java?rev=762564&r1=762563&r2=762564&view=diff
==============================================================================
--- openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/jaas/UserPrincipal.java
(original)
+++ openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/jaas/UserPrincipal.java
Mon Apr  6 23:29:54 2009
@@ -16,11 +16,14 @@
  */
 package org.apache.openejb.core.security.jaas;
 
+import org.apache.openejb.spi.CallerPrincipal;
+
 import java.security.Principal;
 
 /**
  * @version $Rev$ $Date$
  */
+@CallerPrincipal
 public class UserPrincipal implements Principal {
 
     private final String name;

Added: openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/spi/CallerPrincipal.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/spi/CallerPrincipal.java?rev=762564&view=auto
==============================================================================
--- openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/spi/CallerPrincipal.java
(added)
+++ openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/spi/CallerPrincipal.java
Mon Apr  6 23:29:54 2009
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.openejb.spi;
+
+import static java.lang.annotation.ElementType.TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * Annotation intented to represent the principal that should be returned
+ * from calls to javax.ejb.EJBContext.getCallerPrincipal()
+ * <p/>
+ * Implementations of org.apache.openejb.spi.SecurityService are encouraged
+ * to return a java.security.Principal object that implements CallerPrinciple
+ *
+ * @version $Rev$ $Date$
+ */
+@java.lang.annotation.Target(value = {TYPE})
+@java.lang.annotation.Retention(value = RUNTIME)
+public @interface CallerPrincipal {
+}

Modified: openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/spi/SecurityService.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/spi/SecurityService.java?rev=762564&r1=762563&r2=762564&view=diff
==============================================================================
--- openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/spi/SecurityService.java
(original)
+++ openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/spi/SecurityService.java
Mon Apr  6 23:29:54 2009
@@ -60,7 +60,11 @@
     public boolean isCallerInRole(String role);
 
     /**
-     * Active
+     * Implementors are encouraged to return a java.security.Principal
+     * object that implements org.apache.openejb.spi.CallerPrincipal
+     *
+     * JAAS LoginModule implementors are encouraged to use the CallerPrincipal
+     * interface to denote the best fitting Principal for getCallerPrincipal.
      */
     public Principal getCallerPrincipal();
 



Mime
View raw message