You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2009/07/10 09:36:59 UTC
svn commit: r792824 - in /geronimo/server/trunk:
plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/
plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/
plugins/cxf/geronimo-cxf-ejb/src/main/java/org...
Author: djencks
Date: Fri Jul 10 07:36:58 2009
New Revision: 792824
URL: http://svn.apache.org/viewvc?rev=792824&view=rev
Log:
GERONIMO-4645 Make ejb ws security more jacc friendly, implement transport guarantees for jetty7 using jacc. See jira for more comments
Modified:
geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java
geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java
geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java
geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java
geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java
geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/WebAppContextWrapper.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/EJBWebServiceSecurityHandler.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/AuthConfigProviderHandlerFactory.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/JettySecurityHandlerFactory.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ContainerTest.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/security/ServerAuthenticationGBean.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java
geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java
geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/ejb-jar.xml
geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/openejb-jar.xml
Modified: geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java (original)
+++ geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java Fri Jul 10 07:36:58 2009
@@ -83,7 +83,7 @@
EjbModule ejbModule = (EjbModule) module;
//overridden web service locations
- Map correctedPortLocations = new HashMap();
+ Map<String, String> correctedPortLocations = new HashMap<String, String>();
Map<String, WebServiceBinding> wsBindingMap = createWebServiceBindingMap(ejbModule);
for (Map.Entry<String, WebServiceBinding> entry : wsBindingMap.entrySet()) {
String location = entry.getValue().getWebServiceAddress();
@@ -130,7 +130,7 @@
AbstractName ejbWebServiceName = earContext.getNaming().createChildName(sessionName, ejbName, NameFactory.WEB_SERVICE_LINK);
- GBeanData ejbWebServiceGBean = new GBeanData(ejbWebServiceName, EjbWebServiceGBean.GBEAN_INFO);
+ GBeanData ejbWebServiceGBean = new GBeanData(ejbWebServiceName, EjbWebServiceGBean.class);
ejbWebServiceGBean.setAttribute("ejbName", ejbName);
ejbWebServiceGBean.setAttribute("ejbClass", bean.ejbClass);
Modified: geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java (original)
+++ geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java Fri Jul 10 07:36:58 2009
@@ -16,77 +16,77 @@
*/
package org.apache.geronimo.axis.server;
+import java.net.URI;
+import java.util.Collection;
+import java.util.Properties;
+
import org.apache.axis.description.JavaServiceDesc;
import org.apache.axis.handlers.soap.SOAPService;
import org.apache.axis.providers.java.RPCProvider;
-import org.apache.geronimo.gbean.GBeanInfo;
-import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.gbean.annotation.GBean;
+import org.apache.geronimo.gbean.annotation.ParamAttribute;
+import org.apache.geronimo.gbean.annotation.ParamReference;
import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
import org.apache.geronimo.openejb.EjbDeployment;
-import org.apache.geronimo.webservices.SoapHandler;
import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.webservices.SoapHandler;
import org.apache.openejb.server.axis.EjbContainerProvider;
-import java.net.URI;
-import java.util.Properties;
-
+@GBean(j2eeType = NameFactory.WEB_SERVICE_LINK)
public class EjbWebServiceGBean implements GBeanLifecycle {
private final SoapHandler soapHandler;
private final URI location;
- protected EjbWebServiceGBean() {
- soapHandler = null;
- location = null;
- }
-
- public EjbWebServiceGBean(EjbDeployment ejbDeploymentContext,
- URI location,
- URI wsdlURI,
- SoapHandler soapHandler,
- ServiceInfo serviceInfo,
- ConfigurationFactory configurationFactory,
- String realmName,
- String transportGuarantee,
- String authMethod,
- String[] protectedMethods,
- String[] virtualHosts,
- Properties properties) throws Exception {
-
- this.soapHandler = soapHandler;
+ public EjbWebServiceGBean(@ParamReference(name = "EjbDeployment") EjbDeployment ejbDeploymentContext,
+ @ParamAttribute(name = "location") URI location,
+ @ParamAttribute(name = "wsdlURI") URI wsdlURI,
+ @ParamAttribute(name = "serviceInfo") ServiceInfo serviceInfo,
+ @ParamReference(name = "WebServiceContainer") Collection<SoapHandler> webContainers,
+ @ParamAttribute(name = "policyContextID") String policyContextID,
+ @ParamReference(name = "ConfigurationFactory") ConfigurationFactory configurationFactory,
+ @ParamAttribute(name = "realmName") String realmName,
+ @ParamAttribute(name = "transportGuarantee") String transportGuarantee,
+ @ParamAttribute(name = "authMethod") String authMethod,
+ @ParamAttribute(name = "protectedMethods") String[] protectedMethods,
+ @ParamAttribute(name = "virtualHosts") String[] virtualHosts,
+ @ParamAttribute(name = "properties") Properties properties) throws Exception {
this.location = location;
-
//for use as a template
- if (ejbDeploymentContext == null) {
+ if (webContainers == null || webContainers.isEmpty()) {
+ soapHandler = null;
return;
}
+ this.soapHandler = webContainers.iterator().next();
+
RPCProvider provider = new EjbContainerProvider(ejbDeploymentContext.getDeploymentInfo(), serviceInfo.getHandlerInfos());
SOAPService service = new SOAPService(null, provider, null);
JavaServiceDesc serviceDesc = serviceInfo.getServiceDesc();
service.setServiceDescription(serviceDesc);
-
+
ClassLoader classLoader = ejbDeploymentContext.getClassLoader();
-
- Class serviceEndpointInterface =
- classLoader.loadClass(ejbDeploymentContext.getServiceEndpointInterfaceName());
-
+
+ Class serviceEndpointInterface =
+ classLoader.loadClass(ejbDeploymentContext.getServiceEndpointInterfaceName());
+
service.setOption("className", serviceEndpointInterface.getName());
serviceDesc.setImplClass(serviceEndpointInterface);
-
+
AxisWebServiceContainer axisContainer = new AxisWebServiceContainer(location, wsdlURI, service, serviceInfo.getWsdlMap(), classLoader);
if (soapHandler != null) {
- soapHandler.addWebService(location.getPath(),
- virtualHosts,
- axisContainer,
- configurationFactory,
- realmName,
- transportGuarantee,
- authMethod,
- protectedMethods,
- properties,
- classLoader);
+ soapHandler.addWebService(location.getPath(),
+ virtualHosts,
+ axisContainer,
+ policyContextID,
+ configurationFactory,
+ realmName,
+ transportGuarantee,
+ authMethod,
+ protectedMethods,
+ properties,
+ classLoader);
}
}
@@ -104,47 +104,4 @@
}
- public static final GBeanInfo GBEAN_INFO;
-
- static {
- GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(EjbWebServiceGBean.class, EjbWebServiceGBean.class, NameFactory.WEB_SERVICE_LINK);
-
-// infoFactory.addOperation("invoke", new Class[]{WebServiceContainer.Request.class, WebServiceContainer.Response.class});
-
- infoFactory.addReference("EjbDeployment", EjbDeployment.class);
- infoFactory.addAttribute("location", URI.class, true);
- infoFactory.addAttribute("wsdlURI", URI.class, true);
- infoFactory.addReference("ConfigurationFactory", ConfigurationFactory.class);
- infoFactory.addAttribute("realmName", String.class, true);
- infoFactory.addAttribute("transportGuarantee", String.class, true);
- infoFactory.addAttribute("authMethod", String.class, true);
- infoFactory.addAttribute("serviceInfo", ServiceInfo.class, true);
- infoFactory.addAttribute("protectedMethods", String[].class, true);
- infoFactory.addAttribute("virtualHosts", String[].class, true);
- infoFactory.addReference("WebServiceContainer", SoapHandler.class);
- infoFactory.addAttribute("properties", Properties.class, true);
-
- infoFactory.setConstructor(new String[]{
- "EjbDeployment",
- "location",
- "wsdlURI",
- "WebServiceContainer",
- "serviceInfo",
- "ConfigurationFactory",
- "realmName",
- "transportGuarantee",
- "authMethod",
- "protectedMethods",
- "virtualHosts",
- "properties"
- });
-
- GBEAN_INFO = infoFactory.getBeanInfo();
- }
-
- public static GBeanInfo getGBeanInfo() {
- return GBEAN_INFO;
- }
-
-
}
Modified: geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java (original)
+++ geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java Fri Jul 10 07:36:58 2009
@@ -28,6 +28,11 @@
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.gbean.annotation.GBean;
+import org.apache.geronimo.gbean.annotation.ParamReference;
+import org.apache.geronimo.gbean.annotation.ParamAttribute;
+import org.apache.geronimo.gbean.annotation.ParamSpecial;
+import org.apache.geronimo.gbean.annotation.SpecialAttributeType;
import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
import org.apache.geronimo.jaxws.JAXWSUtils;
import org.apache.geronimo.jaxws.JNDIResolver;
@@ -39,24 +44,26 @@
import org.apache.geronimo.security.jaas.ConfigurationFactory;
import org.apache.openejb.DeploymentInfo;
+@GBean(j2eeType = NameFactory.WEB_SERVICE_LINK)
public class EJBWebServiceGBean implements GBeanLifecycle {
private SoapHandler soapHandler;
private String location;
private EJBWebServiceContainer container;
- public EJBWebServiceGBean(EjbDeployment ejbDeploymentContext,
- PortInfo portInfo,
- Kernel kernel,
- URL configurationBaseUrl,
- Collection<SoapHandler> webContainers,
- ConfigurationFactory configurationFactory,
- String realmName,
- String transportGuarantee,
- String authMethod,
- String[] protectedMethods,
- String[] virtualHosts,
- Properties properties) throws Exception {
+ public EJBWebServiceGBean(@ParamReference(name="EjbDeployment")EjbDeployment ejbDeploymentContext,
+ @ParamAttribute(name="portInfo")PortInfo portInfo,
+ @ParamSpecial(type = SpecialAttributeType.kernel)Kernel kernel,
+ @ParamAttribute(name="configurationBaseUrl")URL configurationBaseUrl,
+ @ParamReference(name="WebServiceContainer")Collection<SoapHandler> webContainers,
+ @ParamAttribute(name="policyContextID")String policyContextID,
+ @ParamReference(name="ConfigurationFactory")ConfigurationFactory configurationFactory,
+ @ParamAttribute(name="realmName")String realmName,
+ @ParamAttribute(name="transportGuarantee")String transportGuarantee,
+ @ParamAttribute(name="authMethod")String authMethod,
+ @ParamAttribute(name="protectedMethods")String[] protectedMethods,
+ @ParamAttribute(name="virtualHosts")String[] virtualHosts,
+ @ParamAttribute(name="properties")Properties properties) throws Exception {
if (ejbDeploymentContext == null || webContainers == null || webContainers.isEmpty() || portInfo == null) {
return;
}
@@ -88,6 +95,7 @@
soapHandler.addWebService(this.location,
virtualHosts,
this.container,
+ policyContextID,
configurationFactory,
realmName,
transportGuarantee,
@@ -112,45 +120,5 @@
public void doFail() {
}
- public static final GBeanInfo GBEAN_INFO;
-
- static {
- GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(EJBWebServiceGBean.class, EJBWebServiceGBean.class, NameFactory.WEB_SERVICE_LINK);
-
- infoFactory.addReference("EjbDeployment", EjbDeployment.class);
- infoFactory.addAttribute("portInfo", PortInfo.class, true);
- infoFactory.addAttribute("kernel", Kernel.class, false);
- infoFactory.addAttribute("configurationBaseUrl", URL.class, true);
- infoFactory.addReference("ConfigurationFactory", ConfigurationFactory.class);
- infoFactory.addAttribute("realmName", String.class, true);
- infoFactory.addAttribute("transportGuarantee", String.class, true);
- infoFactory.addAttribute("authMethod", String.class, true);
- infoFactory.addAttribute("protectedMethods", String[].class, true);
- infoFactory.addAttribute("virtualHosts", String[].class, true);
- infoFactory.addReference("WebServiceContainer", SoapHandler.class);
- infoFactory.addAttribute("properties", Properties.class, true);
-
- infoFactory.setConstructor(new String[]{
- "EjbDeployment",
- "portInfo",
- "kernel",
- "configurationBaseUrl",
- "WebServiceContainer",
- "ConfigurationFactory",
- "realmName",
- "transportGuarantee",
- "authMethod",
- "protectedMethods",
- "virtualHosts",
- "properties"
- });
-
-
- GBEAN_INFO = infoFactory.getBeanInfo();
- }
-
- public static GBeanInfo getGBeanInfo() {
- return GBEAN_INFO;
- }
}
Modified: geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java (original)
+++ geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java Fri Jul 10 07:36:58 2009
@@ -17,6 +17,8 @@
package org.apache.geronimo.jaxws.builder;
import java.net.URL;
+import java.security.PermissionCollection;
+import java.security.Permissions;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
@@ -25,6 +27,9 @@
import java.util.Properties;
import java.util.jar.JarFile;
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebUserDataPermission;
+
import org.apache.geronimo.common.DeploymentException;
import org.apache.geronimo.deployment.ModuleIDBuilder;
import org.apache.geronimo.deployment.service.EnvironmentBuilder;
@@ -47,7 +52,9 @@
import org.apache.geronimo.kernel.repository.Environment;
import org.apache.geronimo.openejb.deployment.EjbModule;
import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.security.jacc.ComponentPermissions;
import org.apache.openejb.assembler.classic.EnterpriseBeanInfo;
+import org.apache.openejb.jee.oejb2.AuthMethodType;
import org.apache.openejb.jee.oejb2.EnterpriseBean;
import org.apache.openejb.jee.oejb2.GeronimoEjbJarType;
import org.apache.openejb.jee.oejb2.OpenejbJarType;
@@ -101,7 +108,7 @@
Environment environment = module.getEnvironment();
//overridden web service locations
- Map correctedPortLocations = new HashMap();
+ Map<String, String> correctedPortLocations = new HashMap<String, String>();
Map<String, WebServiceBinding> wsBindingMap = createWebServiceBindingMap(ejbModule);
for (Map.Entry<String, WebServiceBinding> entry : wsBindingMap.entrySet()) {
String location = entry.getValue().getWebServiceAddress();
@@ -115,6 +122,55 @@
}
jaxwsBuilder.findWebServices(module, true, correctedPortLocations, environment, ejbModule.getSharedContext());
+
+ for (EnterpriseBeanInfo bean : ejbModule.getEjbJarInfo().enterpriseBeans) {
+ if (bean.type != EnterpriseBeanInfo.STATELESS) {
+ continue;
+ }
+
+ String ejbName = bean.ejbName;
+
+ AbstractName sessionName = earContext.getNaming().createChildName(module.getModuleName(), ejbName, NameFactory.STATELESS_SESSION_BEAN);
+
+ assert sessionName != null: "StatelesSessionBean object name is null";
+
+ WebServiceBinding wsBinding = wsBindingMap.get(ejbName);
+ if (wsBinding != null) {
+
+ WebServiceSecurityType wsSecurity = wsBinding.getWebServiceSecurity();
+ if (wsSecurity != null) {
+ earContext.setHasSecurity(true);
+ String policyContextID = sessionName.toString();
+ Properties properties = wsSecurity.getProperties();
+ PermissionCollection uncheckedPermissions = new Permissions();
+ String transportGuarantee = wsSecurity.getTransportGuarantee().toString().trim();
+ boolean getProtected = properties.get("getProtected") == null? true: Boolean.valueOf((String) properties.get("getProtected"));
+ if (getProtected) {
+ WebUserDataPermission webUserDataPermission = new WebUserDataPermission("/*", null, transportGuarantee);
+ uncheckedPermissions.add(webUserDataPermission);
+ } else {
+ uncheckedPermissions.add(new WebUserDataPermission("/*", new String[] {"GET"}, "NONE"));
+ uncheckedPermissions.add(new WebUserDataPermission("/*", "!GET:" + transportGuarantee));
+ }
+ Map<String, PermissionCollection> rolePermissions = new HashMap<String, PermissionCollection>();
+ //TODO allow jaspi authentication
+ boolean secured = wsSecurity.getAuthMethod() != null && AuthMethodType.NONE != (wsSecurity.getAuthMethod());// || wsSecurity.isSetAuthentication();
+ if (secured) {
+ boolean getSecured = properties.get("getSecured") == null? true: Boolean.valueOf((String) properties.get("getSecured"));
+ if (!getSecured) {
+ uncheckedPermissions.add(new WebResourcePermission("/*", "GET"));
+ }
+ } else {
+ uncheckedPermissions.add(new WebResourcePermission("/*", (String[]) null));
+ }
+ ComponentPermissions permissions = new ComponentPermissions(new Permissions(), uncheckedPermissions, rolePermissions);
+ earContext.addSecurityContext(policyContextID, permissions);
+
+ }
+ }
+
+ }
+
}
public void addGBeans(EARContext earContext, Module module, ClassLoader cl, Collection repository) throws DeploymentException {
@@ -157,11 +213,14 @@
WebServiceSecurityType wsSecurity = wsBinding.getWebServiceSecurity();
if (wsSecurity != null) {
+ Properties properties = wsSecurity.getProperties();
+
ejbWebServiceGBean.setReferencePattern("ConfigurationFactory",
new AbstractNameQuery(null, Collections.singletonMap("name", wsSecurity.getSecurityRealmName().trim()),
ConfigurationFactory.class.getName()));
ejbWebServiceGBean.setAttribute("transportGuarantee", wsSecurity.getTransportGuarantee().toString());
- ejbWebServiceGBean.setAttribute("authMethod", wsSecurity.getAuthMethod().value());
+ String authMethod = wsSecurity.getAuthMethod().value();
+ ejbWebServiceGBean.setAttribute("authMethod", authMethod);
if (wsSecurity.getRealmName() != null) {
ejbWebServiceGBean.setAttribute("realmName", wsSecurity.getRealmName().trim());
}
@@ -171,7 +230,8 @@
protectedMethods = methods.toArray(protectedMethods);
ejbWebServiceGBean.setAttribute("protectedMethods", protectedMethods);
}
- Properties properties = wsSecurity.getProperties();
+ String policyContextID = sessionName.toString();
+ ejbWebServiceGBean.setAttribute("policyContextID", policyContextID);
ejbWebServiceGBean.setAttribute("properties", properties);
}
}
Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java Fri Jul 10 07:36:58 2009
@@ -212,7 +212,8 @@
public void addWebService(String contextPath,
String[] virtualHosts,
- WebServiceContainer webServiceContainer,
+ WebServiceContainer webServiceContainer,
+ String policyContextID,
ConfigurationFactory configurationFactory,
String realmName,
String transportGuarantee,
Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java Fri Jul 10 07:36:58 2009
@@ -46,7 +46,7 @@
String contextPath = "/foo/webservice.ws";
MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
- container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, cl);
+ container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, null, cl);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678" + contextPath).openConnection();
try {
@@ -71,11 +71,11 @@
String contextPath = "/foo/webservice.ws";
MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
- container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, cl);
+ container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, null, cl);
String contextPath2 = "/bar/webservice.ws";
MockWebServiceContainer webServiceInvoker2 = new MockWebServiceContainer();
- container.addWebService(contextPath2, null, webServiceInvoker2, null, null, null, null, null, null, cl);
+ container.addWebService(contextPath2, null, webServiceInvoker2, null, null, null, null, null, null, null, cl);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678" + contextPath).openConnection();
try {
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java Fri Jul 10 07:36:58 2009
@@ -22,6 +22,8 @@
import java.util.Map;
import java.util.Properties;
import java.security.Permission;
+import java.security.Permissions;
+import java.security.PermissionCollection;
import javax.management.j2ee.statistics.Stats;
import javax.security.jacc.WebUserDataPermission;
@@ -223,6 +225,7 @@
public void addWebService(String contextPath,
String[] virtualHosts,
WebServiceContainer webServiceContainer,
+ String contextID,
ConfigurationFactory configurationFactory,
String realmName,
String transportGuarantee,
@@ -234,9 +237,7 @@
if (configurationFactory != null) {
BuiltInAuthMethod builtInAuthMethod = BuiltInAuthMethod.getValueOf(authMethod);
JettySecurityHandlerFactory factory = new JettySecurityHandlerFactory(builtInAuthMethod, null, null, realmName, configurationFactory);
- Permission permission = new WebUserDataPermission("/*", protectedMethods, transportGuarantee);
- boolean authMandatory = builtInAuthMethod != BuiltInAuthMethod.NONE;
- securityHandler = factory.buildEJBSecurityHandler(permission, authMandatory);
+ securityHandler = factory.buildSecurityHandler(contextID, null, null, false);
}
ServletHandler servletHandler = new EJBServletHandler(webServiceContainer);
EJBWebServiceContext webServiceContext = new EJBWebServiceContext(contextPath, securityHandler, servletHandler, classLoader);
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/WebAppContextWrapper.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/WebAppContextWrapper.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/WebAppContextWrapper.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/WebAppContextWrapper.java Fri Jul 10 07:36:58 2009
@@ -175,7 +175,7 @@
// JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
if (securityHandlerFactory != null) {
Subject defaultSubject = this.runAsSource.getDefaultSubject();
- securityHandler = securityHandlerFactory.buildSecurityHandler(policyContextID, defaultSubject, runAsSource);
+ securityHandler = securityHandlerFactory.buildSecurityHandler(policyContextID, defaultSubject, runAsSource, true);
} else {
//TODO may need to turn off security with Context._options.
// securityHandler = new NoSecurityHandler();
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/EJBWebServiceSecurityHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/EJBWebServiceSecurityHandler.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/EJBWebServiceSecurityHandler.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/EJBWebServiceSecurityHandler.java Fri Jul 10 07:36:58 2009
@@ -21,15 +21,15 @@
package org.apache.geronimo.jetty7.handler;
import java.io.IOException;
+import java.security.Permissions;
import java.security.AccessControlContext;
-import java.security.Permission;
import javax.security.jacc.WebUserDataPermission;
-import org.eclipse.jetty.security.SecurityHandler;
import org.eclipse.jetty.security.Authenticator;
-import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.IdentityService;
+import org.eclipse.jetty.security.LoginService;
+import org.eclipse.jetty.security.SecurityHandler;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Response;
import org.eclipse.jetty.server.UserIdentity;
@@ -37,35 +37,10 @@
/**
* @version $Rev$ $Date$
*/
-public class EJBWebServiceSecurityHandler extends SecurityHandler {
-
- private final Permission permission;
- private final boolean authMandatory;
-
- public EJBWebServiceSecurityHandler(
- Authenticator authenticator,
- final LoginService loginService,
- IdentityService identityService,
- Permission permission, boolean authMandatory) {
- setAuthenticator(authenticator);
-
- loginService.setIdentityService(identityService);
- setLoginService(loginService);
- setIdentityService(identityService);
- this.permission = permission;
- this.authMandatory = authMandatory;
- }
-
- protected Object prepareConstraintInfo(String pathInContext, Request request) {
- return null;
- }
-
- protected boolean checkUserDataPermissions(String pathInContext, Request request, Response response, Object constraintInfo) throws IOException {
- return permission.implies(new WebUserDataPermission(request));
- }
+public class EJBWebServiceSecurityHandler extends JaccSecurityHandler {
- protected boolean isAuthMandatory(Request baseRequest, Response base_response, Object constraintInfo) {
- return authMandatory;
+ public EJBWebServiceSecurityHandler(String policyContextID, Authenticator authenticator, LoginService loginService, IdentityService identityService, AccessControlContext defaultAcc) {
+ super(policyContextID, authenticator, loginService, identityService, defaultAcc);
}
protected boolean checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity) throws IOException {
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/AuthConfigProviderHandlerFactory.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/AuthConfigProviderHandlerFactory.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/AuthConfigProviderHandlerFactory.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/AuthConfigProviderHandlerFactory.java Fri Jul 10 07:36:58 2009
@@ -88,7 +88,7 @@
}
- public SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource) {
+ public SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource, boolean checkRolePermissions) {
if (defaultSubject == null) {
defaultSubject = ContextManager.EMPTY;
}
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/JettySecurityHandlerFactory.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/JettySecurityHandlerFactory.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/JettySecurityHandlerFactory.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/JettySecurityHandlerFactory.java Fri Jul 10 07:36:58 2009
@@ -21,7 +21,7 @@
package org.apache.geronimo.jetty7.security;
import java.security.AccessControlContext;
-import java.security.Permission;
+import java.security.Permissions;
import javax.security.auth.Subject;
@@ -75,7 +75,7 @@
this.configurationFactory = configurationFactory;
}
- public SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource) {
+ public SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource, boolean checkRolePermissions) {
final LoginService loginService = new JAASLoginService(configurationFactory, realmName);
Authenticator authenticator = buildAuthenticator();
if (defaultSubject == null) {
@@ -83,15 +83,11 @@
}
AccessControlContext defaultAcc = ContextManager.registerSubjectShort(defaultSubject, null, null);
IdentityService identityService = new JettyIdentityService(defaultAcc, runAsSource);
- return new JaccSecurityHandler(policyContextID, authenticator, loginService, identityService, defaultAcc);
- }
-
- public SecurityHandler buildEJBSecurityHandler(Permission permission, boolean authMandatory) {
- final LoginService loginService = new JAASLoginService(configurationFactory, realmName);
- Authenticator authenticator = buildAuthenticator();
- AccessControlContext defaultAcc = ContextManager.registerSubjectShort(ContextManager.EMPTY, null, null);
- IdentityService identityService = new JettyIdentityService(defaultAcc, null);
- return new EJBWebServiceSecurityHandler(authenticator, loginService, identityService, permission, authMandatory);
+ if (checkRolePermissions) {
+ return new JaccSecurityHandler(policyContextID, authenticator, loginService, identityService, defaultAcc);
+ } else {
+ return new EJBWebServiceSecurityHandler(policyContextID, authenticator, loginService, identityService, defaultAcc);
+ }
}
private Authenticator buildAuthenticator() {
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java Fri Jul 10 07:36:58 2009
@@ -30,6 +30,6 @@
*/
public interface SecurityHandlerFactory {
- SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource);
+ SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource, boolean checkRolePermissions);
}
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ContainerTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ContainerTest.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ContainerTest.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ContainerTest.java Fri Jul 10 07:36:58 2009
@@ -46,7 +46,7 @@
String contextPath = "/foo/webservice.ws";
MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
- container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, cl);
+ container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, null, cl);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678" + contextPath).openConnection();
try {
@@ -71,11 +71,11 @@
String contextPath = "/foo/webservice.ws";
MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
- container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, cl);
+ container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, null, cl);
String contextPath2 = "/bar/webservice.ws";
MockWebServiceContainer webServiceInvoker2 = new MockWebServiceContainer();
- container.addWebService(contextPath2, null, webServiceInvoker2, null, null, null, null, null, null, cl);
+ container.addWebService(contextPath2, null, webServiceInvoker2, null, null, null, null, null, null, null, cl);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678" + contextPath).openConnection();
try {
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/security/ServerAuthenticationGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/security/ServerAuthenticationGBean.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/security/ServerAuthenticationGBean.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/security/ServerAuthenticationGBean.java Fri Jul 10 07:36:58 2009
@@ -56,7 +56,7 @@
this.loginService = loginService;
}
- public SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource) {
+ public SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource, boolean checkRolePermissions) {
if (defaultSubject == null) {
defaultSubject = ContextManager.EMPTY;
}
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java Fri Jul 10 07:36:58 2009
@@ -376,7 +376,8 @@
public void addWebService(String contextPath,
String[] virtualHosts,
- WebServiceContainer webServiceContainer,
+ WebServiceContainer webServiceContainer,
+ String policyContextId,
ConfigurationFactory configurationFactory,
String realmName,
String transportGuarantee,
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java Fri Jul 10 07:36:58 2009
@@ -35,7 +35,7 @@
String contextPath = "/foo/webservice.ws";
MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
- container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, cl);
+ container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, null, cl);
HttpURLConnection connection = (HttpURLConnection) new URL(connector.getConnectUrl() + contextPath).openConnection();
try {
BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
@@ -62,7 +62,7 @@
String contextPath = "/foo/webservice.ws";
MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
- container.addWebService(contextPath, null, webServiceInvoker, realm, securityRealmName, "NONE", "BASIC", null, null, cl);
+ container.addWebService(contextPath, null, webServiceInvoker, "ContextID", realm, securityRealmName, "NONE", "BASIC", null, null, cl);
//Veryify its secured
HttpURLConnection connection = (HttpURLConnection) new URL(connector.getConnectUrl() + contextPath).openConnection();
Modified: geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java (original)
+++ geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java Fri Jul 10 07:36:58 2009
@@ -25,15 +25,16 @@
*/
public interface SoapHandler {
- void addWebService(String contextPath,
- String[] virtualHosts,
- WebServiceContainer webServiceContainer,
- ConfigurationFactory configurationFactory,
- String realmName,
- String transportGuarantee,
- String authMethod,
- String[] protectedMethods,
- Properties properties,
+ void addWebService(String contextPath,
+ String[] virtualHosts,
+ WebServiceContainer webServiceContainer,
+ String contextID,
+ ConfigurationFactory configurationFactory,
+ String realmName,
+ String transportGuarantee,
+ String authMethod,
+ String[] protectedMethods,
+ Properties properties,
ClassLoader classLoader) throws Exception;
void removeWebService(String contextPath);
Modified: geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/ejb-jar.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/ejb-jar.xml?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/ejb-jar.xml (original)
+++ geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/ejb-jar.xml Fri Jul 10 07:36:58 2009
@@ -54,4 +54,32 @@
</session>
</enterprise-beans>
+ <assembly-descriptor>
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <method-permission>
+ <role-name>admin</role-name>
+ <method>
+ <ejb-name>BeanBasic</ejb-name>
+ <method-name>greetMe</method-name>
+ </method>
+ <method>
+ <ejb-name>BeanBasicAllowGet</ejb-name>
+ <method-name>greetMe</method-name>
+ </method>
+ </method-permission>
+ <method-permission>
+ <unchecked/>
+ <method>
+ <ejb-name>BeanHttps</ejb-name>
+ <method-name>greetMe</method-name>
+ </method>
+ <method>
+ <ejb-name>BeanHttpsAllowGet</ejb-name>
+ <method-name>greetMe</method-name>
+ </method>
+ </method-permission>
+ </assembly-descriptor>
+
</ejb-jar>
Modified: geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/openejb-jar.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/openejb-jar.xml?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/openejb-jar.xml (original)
+++ geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/openejb-jar.xml Fri Jul 10 07:36:58 2009
@@ -20,7 +20,8 @@
<openejb-jar xmlns="http://openejb.apache.org/xml/ns/openejb-jar-2.2"
xmlns:pkgen="http://openejb.apache.org/xml/ns/pkgen-2.1"
xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.2"
- xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2">
+ xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2"
+ xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0">
<environment>
<moduleId>
@@ -50,6 +51,8 @@
<transport-guarantee>NONE</transport-guarantee>
<auth-method>BASIC</auth-method>
<http-method>POST</http-method>
+ <properties>getProtected=false
+ getSecured=false</properties>
</web-service-security>
</session>
@@ -60,6 +63,7 @@
<security-realm-name>geronimo-admin</security-realm-name>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
<auth-method>NONE</auth-method>
+ <!--<properties>getSecured=false</properties>-->
</web-service-security>
</session>
@@ -71,8 +75,17 @@
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
<auth-method>NONE</auth-method>
<http-method>POST</http-method>
+ <properties>getProtected=false</properties>
</web-service-security>
</session>
</enterprise-beans>
+ <sec:security>
+ <sec:role-mappings>
+ <sec:role role-name="admin">
+ <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
+ name="admin"/>
+ </sec:role>
+ </sec:role-mappings>
+ </sec:security>
</openejb-jar>