You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by jg...@apache.org on 2019/05/29 10:35:35 UTC
[tomee] branch tomee-1.7.x updated (c6ea7f7 -> 527f842)
This is an automated email from the ASF dual-hosted git repository.
jgallimore pushed a change to branch tomee-1.7.x
in repository https://gitbox.apache.org/repos/asf/tomee.git.
from c6ea7f7 Fix Tomcat version on CDI event realm
new ec686be For review; We shouldn't use javax.security.jacc.policy.provider here, because the System policy will already be set. We need to ensure that our policy provider is used, which will delegate to the system policy as appropriate
new de55786 Only check JACC permissions here
new 4fc8aaa Check for case where policy is specified but not loaded, e.g. system.properties. Include the remote-secpol profile for all arquillian tests.
new 943555f Adding test
new 8975493 Adding test
new 06e4d6e Fix test
new 527f842 Fix test after backport
The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../src/test/resources/arquillian.xml | 15 ++++++
.../src/test/resources/arquillian.xml | 17 ++++++
.../src/test/resources/arquillian.xml | 15 ++++++
.../src/test/resources/arquillian.xml | 15 ++++++
.../src/test/resources/arquillian.xml | 24 +++++++++
.../src/test/resources/arquillian.xml | 23 +++++++++
arquillian/arquillian-tomee-tests/pom.xml | 17 ++++++
.../core/security/AbstractSecurityService.java | 15 +++++-
.../core/security/jacc/BasicJaccProvider.java | 18 ++++++-
.../security/BasicJaccProviderTest.java} | 60 ++++++++++++----------
10 files changed, 191 insertions(+), 28 deletions(-)
copy container/openejb-core/src/test/java/org/apache/openejb/{resource/URLAsResourceTest.java => core/security/BasicJaccProviderTest.java} (55%)
[tomee] 07/07: Fix test after backport
Posted by jg...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jgallimore pushed a commit to branch tomee-1.7.x
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 527f842bb418376b5ea5ae51679ed89576d4e8f0
Author: Jonathan Gallimore <jo...@jrg.me.uk>
AuthorDate: Wed May 29 11:26:51 2019 +0100
Fix test after backport
---
.../core/security/BasicJaccProviderTest.java | 23 +++++++++++++++-------
1 file changed, 16 insertions(+), 7 deletions(-)
diff --git a/container/openejb-core/src/test/java/org/apache/openejb/core/security/BasicJaccProviderTest.java b/container/openejb-core/src/test/java/org/apache/openejb/core/security/BasicJaccProviderTest.java
index 451c105..bf9e491 100644
--- a/container/openejb-core/src/test/java/org/apache/openejb/core/security/BasicJaccProviderTest.java
+++ b/container/openejb-core/src/test/java/org/apache/openejb/core/security/BasicJaccProviderTest.java
@@ -17,8 +17,9 @@
package org.apache.openejb.core.security;
import org.apache.openejb.junit.ApplicationComposer;
-import org.apache.openejb.testing.Classes;
-import org.apache.openejb.testing.ContainerProperties;
+import org.apache.openejb.testing.Configuration;
+import org.apache.openejb.testing.Module;
+import org.apache.openejb.testng.PropertiesBuilder;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -26,19 +27,27 @@ import org.junit.runner.RunWith;
import javax.ejb.EJB;
import javax.ejb.Singleton;
import java.security.Policy;
+import java.util.Properties;
-@Classes(innerClassesAsBean = true)
@RunWith(ApplicationComposer.class)
-@ContainerProperties(
- @ContainerProperties.Property(
- name = "javax.security.jacc.policy.provider",
- value = "org.apache.openejb.core.security.BasicJaccProviderTest$MyPolicy"))
public class BasicJaccProviderTest {
@EJB
private SimpleSingleton myBean;
+ @Module
+ public Class<?>[] beans() {
+ return new Class<?>[]{SimpleSingleton.class};
+ }
+
+ @Configuration
+ public Properties config() {
+ return new PropertiesBuilder()
+ .p("javax.security.jacc.policy.provider", "org.apache.openejb.core.security.BasicJaccProviderTest$MyPolicy")
+ .build();
+ }
+
@Test
public void run() throws Exception {
Assert.assertNotNull("Singleton bean could not be created", myBean);
[tomee] 05/07: Adding test
Posted by jg...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jgallimore pushed a commit to branch tomee-1.7.x
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 8975493097dba5cdc2fc4d9e9630d5d75f8d8549
Author: Jonathan Gallimore <jo...@jrg.me.uk>
AuthorDate: Tue May 28 13:02:09 2019 +0100
Adding test
---
.../core/security/BasicJaccProviderTest.java | 44 ++++++++++++++++++----
1 file changed, 36 insertions(+), 8 deletions(-)
diff --git a/container/openejb-core/src/test/java/org/apache/openejb/core/security/BasicJaccProviderTest.java b/container/openejb-core/src/test/java/org/apache/openejb/core/security/BasicJaccProviderTest.java
index c9d3ce6..2d9b387 100644
--- a/container/openejb-core/src/test/java/org/apache/openejb/core/security/BasicJaccProviderTest.java
+++ b/container/openejb-core/src/test/java/org/apache/openejb/core/security/BasicJaccProviderTest.java
@@ -16,27 +16,55 @@
*/
package org.apache.openejb.core.security;
-import org.apache.openejb.core.security.jacc.BasicJaccProvider;
import org.apache.openejb.junit.ApplicationComposer;
import org.apache.openejb.testing.Classes;
import org.apache.openejb.testing.ContainerProperties;
+import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
-import static org.junit.Assert.assertTrue;
+import javax.ejb.EJB;
+import javax.ejb.Singleton;
+import java.security.Policy;
-@Classes
+
+@Classes(innerClassesAsBean = true)
@RunWith(ApplicationComposer.class)
@ContainerProperties(
@ContainerProperties.Property(
- name = "org.apache.openejb.core.security.JaccProvider",
- value = "org.apache.openejb.core.security.AbstractSecurityServiceTest$MyJaacProv"))
+ name = "javax.security.jacc.policy.provider",
+ value = "org.apache.openejb.core.security.BasicJaccProviderTest.MyPolicy"))
public class BasicJaccProviderTest {
+
+ @EJB
+ private SimpleSingleton myBean;
+
@Test
- public void run() {
- assertTrue(MyJaacProv.class.isInstance(JaccProvider.get()));
+ public void run() throws Exception {
+ Assert.assertEquals("tset", myBean.reverse("test"));
}
- public static class MyJaacProv extends BasicJaccProvider {
+ public static class MyPolicy extends Policy {
+ }
+
+ @Singleton
+ public static class SimpleSingleton {
+ public String reverse(final String input) {
+ if (input == null) {
+ return null;
+ }
+
+ if (input.length() == 0) {
+ return "";
+ }
+
+ char[] chars = new char[input.length()];
+ for (int i = 0; i < input.length(); i++) {
+ chars[i] = input.charAt((input.length() - 1) - i);
+ }
+
+ return new String(chars);
+ }
}
}
+
[tomee] 06/07: Fix test
Posted by jg...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jgallimore pushed a commit to branch tomee-1.7.x
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 06e4d6ebfdf277b70434c380f735673cfa45d252
Author: Jonathan Gallimore <jo...@jrg.me.uk>
AuthorDate: Tue May 28 14:09:05 2019 +0100
Fix test
---
.../java/org/apache/openejb/core/security/BasicJaccProviderTest.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/container/openejb-core/src/test/java/org/apache/openejb/core/security/BasicJaccProviderTest.java b/container/openejb-core/src/test/java/org/apache/openejb/core/security/BasicJaccProviderTest.java
index 2d9b387..451c105 100644
--- a/container/openejb-core/src/test/java/org/apache/openejb/core/security/BasicJaccProviderTest.java
+++ b/container/openejb-core/src/test/java/org/apache/openejb/core/security/BasicJaccProviderTest.java
@@ -33,7 +33,7 @@ import java.security.Policy;
@ContainerProperties(
@ContainerProperties.Property(
name = "javax.security.jacc.policy.provider",
- value = "org.apache.openejb.core.security.BasicJaccProviderTest.MyPolicy"))
+ value = "org.apache.openejb.core.security.BasicJaccProviderTest$MyPolicy"))
public class BasicJaccProviderTest {
@EJB
@@ -41,6 +41,7 @@ public class BasicJaccProviderTest {
@Test
public void run() throws Exception {
+ Assert.assertNotNull("Singleton bean could not be created", myBean);
Assert.assertEquals("tset", myBean.reverse("test"));
}
@@ -67,4 +68,3 @@ public class BasicJaccProviderTest {
}
}
}
-
[tomee] 04/07: Adding test
Posted by jg...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jgallimore pushed a commit to branch tomee-1.7.x
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 943555f4905ebcf73c2f88d90a549f794a6b0962
Author: Jonathan Gallimore <jo...@jrg.me.uk>
AuthorDate: Tue May 28 09:30:50 2019 +0100
Adding test
---
.../core/security/BasicJaccProviderTest.java | 42 ++++++++++++++++++++++
1 file changed, 42 insertions(+)
diff --git a/container/openejb-core/src/test/java/org/apache/openejb/core/security/BasicJaccProviderTest.java b/container/openejb-core/src/test/java/org/apache/openejb/core/security/BasicJaccProviderTest.java
new file mode 100644
index 0000000..c9d3ce6
--- /dev/null
+++ b/container/openejb-core/src/test/java/org/apache/openejb/core/security/BasicJaccProviderTest.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.core.security;
+
+import org.apache.openejb.core.security.jacc.BasicJaccProvider;
+import org.apache.openejb.junit.ApplicationComposer;
+import org.apache.openejb.testing.Classes;
+import org.apache.openejb.testing.ContainerProperties;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import static org.junit.Assert.assertTrue;
+
+@Classes
+@RunWith(ApplicationComposer.class)
+@ContainerProperties(
+ @ContainerProperties.Property(
+ name = "org.apache.openejb.core.security.JaccProvider",
+ value = "org.apache.openejb.core.security.AbstractSecurityServiceTest$MyJaacProv"))
+public class BasicJaccProviderTest {
+ @Test
+ public void run() {
+ assertTrue(MyJaacProv.class.isInstance(JaccProvider.get()));
+ }
+
+ public static class MyJaacProv extends BasicJaccProvider {
+ }
+}
[tomee] 03/07: Check for case where policy is specified but not
loaded,
e.g. system.properties. Include the remote-secpol profile for all arquillian
tests.
Posted by jg...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jgallimore pushed a commit to branch tomee-1.7.x
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 4fc8aaa4517e49d7192fd5e781c6f9eb05230f60
Author: Jonathan Gallimore <jo...@jrg.me.uk>
AuthorDate: Thu May 23 21:43:02 2019 +0100
Check for case where policy is specified but not loaded, e.g. system.properties. Include the remote-secpol profile for all arquillian tests.
---
.../src/test/resources/arquillian.xml | 15 ++++++++++++++
.../src/test/resources/arquillian.xml | 17 +++++++++++++++
.../src/test/resources/arquillian.xml | 15 ++++++++++++++
.../src/test/resources/arquillian.xml | 15 ++++++++++++++
.../src/test/resources/arquillian.xml | 24 ++++++++++++++++++++++
.../core/security/AbstractSecurityService.java | 15 +++++++++++++-
6 files changed, 100 insertions(+), 1 deletion(-)
diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-codi-tests/src/test/resources/arquillian.xml b/arquillian/arquillian-tomee-tests/arquillian-tomee-codi-tests/src/test/resources/arquillian.xml
index 7116ee4..7e08f12 100644
--- a/arquillian/arquillian-tomee-tests/arquillian-tomee-codi-tests/src/test/resources/arquillian.xml
+++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-codi-tests/src/test/resources/arquillian.xml
@@ -46,6 +46,21 @@
</property>
</configuration>
</container>
+ <container qualifier="tomee-remote-secpol">
+ <configuration>
+ <property name="httpPort">-1</property>
+ <property name="ajpPort">-1</property>
+ <property name="stopPort">-1</property>
+ <property name="dir">target/apache-tomee-remote</property>
+ <property name="appWorkingDir">target/arquillian-test-working-dir</property>
+ <property name="properties">
+ My\ DataSource.JdbcUrl = jdbc:hsqldb:mem:hsqldb
+ My\ Unmanaged\ DataSource.JdbcUrl = jdbc:hsqldb:mem:hsqldb
+ openejb.classloader.forced-load=org.apache.openejb.arquillian.tests.
+ javax.security.jacc.policy.provider=sun.security.provider.PolicyFile
+ </property>
+ </configuration>
+ </container>
<container qualifier="tomee-webapp">
<configuration>
<property name="httpPort">-1</property>
diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-config-tests/src/test/resources/arquillian.xml b/arquillian/arquillian-tomee-tests/arquillian-tomee-config-tests/src/test/resources/arquillian.xml
index 71cdd3b..29949c6 100644
--- a/arquillian/arquillian-tomee-tests/arquillian-tomee-config-tests/src/test/resources/arquillian.xml
+++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-config-tests/src/test/resources/arquillian.xml
@@ -49,6 +49,23 @@
</property>
</configuration>
</container>
+ <container qualifier="tomee-remote-secpol">
+ <configuration>
+ <property name="httpPort">-1</property>
+ <property name="ajpPort">-1</property>
+ <property name="stopPort">-1</property>
+ <property name="dir">target/tomee-remote</property>
+ <property name="appWorkingDir">target/arquillian-remote-working-dir</property>
+ <property name="portRange">20001-30000</property>
+ <property name="cleanOnStartUp">true</property>
+ <property name="properties">
+ My\ DataSource.JdbcUrl = jdbc:hsqldb:mem:hsqldb
+ My\ Unmanaged\ DataSource.JdbcUrl = jdbc:hsqldb:mem:hsqldb
+ openejb.classloader.forced-load=org.apache.openejb.arquillian.tests
+ javax.security.jacc.policy.provider=sun.security.provider.PolicyFile
+ </property>
+ </configuration>
+ </container>
<container qualifier="tomee-webapp">
<configuration>
<property name="httpPort">-1</property>
diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-jaxrs-tests/src/test/resources/arquillian.xml b/arquillian/arquillian-tomee-tests/arquillian-tomee-jaxrs-tests/src/test/resources/arquillian.xml
index f73dc6b..71e9ba0 100644
--- a/arquillian/arquillian-tomee-tests/arquillian-tomee-jaxrs-tests/src/test/resources/arquillian.xml
+++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-jaxrs-tests/src/test/resources/arquillian.xml
@@ -46,6 +46,21 @@
</property>
</configuration>
</container>
+ <container qualifier="tomee-remote-secpol">
+ <configuration>
+ <property name="httpPort">-1</property>
+ <property name="ajpPort">-1</property>
+ <property name="stopPort">-1</property>
+ <property name="dir">target/apache-tomee-remote</property>
+ <property name="appWorkingDir">target/arquillian-test-working-dir</property>
+ <property name="properties">
+ My\ DataSource.JdbcUrl = jdbc:hsqldb:mem:hsqldb
+ My\ Unmanaged\ DataSource.JdbcUrl = jdbc:hsqldb:mem:hsqldb
+ openejb.classloader.forced-load=org.apache.openejb.arquillian.tests.
+ javax.security.jacc.policy.provider=sun.security.provider.PolicyFile
+ </property>
+ </configuration>
+ </container>
<container qualifier="tomee-webapp">
<configuration>
<property name="httpPort">-1</property>
diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-jaxws-tests/src/test/resources/arquillian.xml b/arquillian/arquillian-tomee-tests/arquillian-tomee-jaxws-tests/src/test/resources/arquillian.xml
index d67d8f0..ec35d23 100644
--- a/arquillian/arquillian-tomee-tests/arquillian-tomee-jaxws-tests/src/test/resources/arquillian.xml
+++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-jaxws-tests/src/test/resources/arquillian.xml
@@ -47,6 +47,21 @@
</property>
</configuration>
</container>
+ <container qualifier="tomee-remote-secpol">
+ <configuration>
+ <property name="httpPort">-1</property>
+ <property name="ajpPort">-1</property>
+ <property name="stopPort">-1</property>
+ <property name="dir">target/apache-tomee-remote</property>
+ <property name="appWorkingDir">target/arquillian-test-working-dir</property>
+ <property name="properties">
+ My\ DataSource.JdbcUrl = jdbc:hsqldb:mem:hsqldb
+ My\ Unmanaged\ DataSource.JdbcUrl = jdbc:hsqldb:mem:hsqldb
+ openejb.classloader.forced-load=org.apache.openejb.arquillian.tests
+ javax.security.jacc.policy.provider=sun.security.provider.PolicyFile
+ </property>
+ </configuration>
+ </container>
<container qualifier="tomee-webapp">
<configuration>
<property name="httpPort">-1</property>
diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-jms-tests/src/test/resources/arquillian.xml b/arquillian/arquillian-tomee-tests/arquillian-tomee-jms-tests/src/test/resources/arquillian.xml
index e46822e..4743854 100644
--- a/arquillian/arquillian-tomee-tests/arquillian-tomee-jms-tests/src/test/resources/arquillian.xml
+++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-jms-tests/src/test/resources/arquillian.xml
@@ -51,6 +51,30 @@
</property>
</configuration>
</container>
+ <container qualifier="tomee-remote-secpol">
+ <configuration>
+ <property name="httpPort">-1</property>
+ <property name="ajpPort">-1</property>
+ <property name="stopPort">-1</property>
+ <property name="dir">target/apache-tomee-remote</property>
+ <property name="appWorkingDir">target/arquillian-test-working-dir</property>
+ <property name="properties">
+ My\ DataSource.JdbcUrl = jdbc:hsqldb:mem:hsqldb
+ My\ Unmanaged\ DataSource.JdbcUrl = jdbc:hsqldb:mem:hsqldb
+
+ openejb.classloader.forced-load=org.apache.openejb.arquillian.tests.jms
+
+ AMQResourceAdapter = new://Resource?type=ActiveMQResourceAdapter
+ AMQResourceAdapter.BrokerXmlConfig = broker:(tcp://localhost:61616)?useJmx=false&persistent=false
+ AMQResourceAdapter.ServerUrl = vm://jvm_broker
+ AMQMessageContainer = new://Container?type=MESSAGE
+ AMQMessageContainer.ResourceAdapter = AMQResourceAdapter
+ AMQConnectionFactory = new://Resource?type=javax.jms.ConnectionFactory
+ AMQConnectionFactory.ResourceAdapter = AMQResourceAdapter
+ javax.security.jacc.policy.provider=sun.security.provider.PolicyFile
+ </property>
+ </configuration>
+ </container>
<container qualifier="tomee-webapp">
<configuration>
<property name="httpPort">-1</property>
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java b/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
index 42150c9..0eb187f 100644
--- a/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
+++ b/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
@@ -380,7 +380,19 @@ public abstract class AbstractSecurityService implements SecurityService<UUID>,
Thread.currentThread().setContextClassLoader(contextClassLoader);
}
- final String policyProvider = JaccProvider.Policy.class.getName();
+ // check the system provided provider first - if for some reason it isn't loaded, load it
+ final String systemPolicyProvider = SystemInstance.get().getOptions().getProperties().getProperty("javax.security.jacc.policy.provider");
+ if (systemPolicyProvider != null && Policy.getPolicy() == null) {
+ installPolicy(systemPolicyProvider);
+ }
+
+ if (! JaccProvider.Policy.class.getName().equals(Policy.getPolicy().getClass().getName())) {
+ // this should delegate to the policy installed above
+ installPolicy(JaccProvider.Policy.class.getName());
+ }
+ }
+
+ private static void installPolicy(String policyProvider) {
try {
final ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
final Class policyClass = Class.forName(policyProvider, true, classLoader);
@@ -392,6 +404,7 @@ public abstract class AbstractSecurityService implements SecurityService<UUID>,
}
}
+
protected Subject createSubject(final String name, final String groupName) {
if (name == null) {
return null;
[tomee] 02/07: Only check JACC permissions here
Posted by jg...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jgallimore pushed a commit to branch tomee-1.7.x
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit de55786b5868fe44b0cfe8bb0211d79904c75aa2
Author: Jonathan Gallimore <jo...@jrg.me.uk>
AuthorDate: Tue Aug 21 22:39:10 2018 +0100
Only check JACC permissions here
---
.../src/test/resources/arquillian.xml | 23 ++++++++++++++++++++++
arquillian/arquillian-tomee-tests/pom.xml | 17 ++++++++++++++++
.../core/security/jacc/BasicJaccProvider.java | 18 ++++++++++++++++-
3 files changed, 57 insertions(+), 1 deletion(-)
diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/resources/arquillian.xml b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/resources/arquillian.xml
index 8cbddb4..0a8e6c6 100644
--- a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/resources/arquillian.xml
+++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/resources/arquillian.xml
@@ -53,6 +53,29 @@
</property>
</configuration>
</container>
+ <container qualifier="tomee-remote-secpol">
+ <configuration>
+ <property name="httpPort">-1</property>
+ <property name="ajpPort">-1</property>
+ <property name="stopPort">-1</property>
+ <property name="dir">target/tomee-remote</property>
+ <property name="appWorkingDir">target/arquillian-remote-working-dir</property>
+ <property name="portRange">33001-36000</property>
+ <property name="cleanOnStartUp">true</property>
+ <property name="properties">
+ My\ DataSource.JdbcUrl = jdbc:hsqldb:mem:hsqldb
+ My\ Unmanaged\ DataSource.JdbcUrl = jdbc:hsqldb:mem:hsqldb
+ openejb.classloader.forced-load=org.apache.openejb.arquillian.tests
+ openejb.ear.use-as-webcontext-base=true
+ embedded = false
+
+ # try to save some permgen mem
+ openejb.cdi.activated-on-ejb = false
+ openejb.descriptors.output = true
+ javax.security.jacc.policy.provider=sun.security.provider.PolicyFile
+ </property>
+ </configuration>
+ </container>
<container qualifier="tomee-webapp">
<configuration>
<property name="httpPort">-1</property>
diff --git a/arquillian/arquillian-tomee-tests/pom.xml b/arquillian/arquillian-tomee-tests/pom.xml
index 2e75421..77538c9 100644
--- a/arquillian/arquillian-tomee-tests/pom.xml
+++ b/arquillian/arquillian-tomee-tests/pom.xml
@@ -292,6 +292,23 @@
</configuration>
</execution>
<execution>
+ <id>test-tomee-remote-secpol</id>
+ <phase>test</phase>
+ <goals>
+ <goal>test</goal>
+ </goals>
+ <configuration>
+ <skip>${skip.remote.webprofile}</skip>
+ <systemPropertyVariables>
+ <openejb.arquillian.debug>true</openejb.arquillian.debug>
+ <tomee.version>${tomee.version}</tomee.version>
+ <tomee.classifier>webprofile</tomee.classifier>
+ <arquillian.launch>tomee-remote-secpol</arquillian.launch>
+ <openejb.arquillian.adapter>tomee-remote</openejb.arquillian.adapter>
+ </systemPropertyVariables>
+ </configuration>
+ </execution>
+ <execution>
<id>test-tomee-remote-jaxrs</id>
<phase>test</phase>
<goals>
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java b/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java
index 5faa541..7a60f32 100644
--- a/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java
+++ b/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java
@@ -19,20 +19,36 @@ package org.apache.openejb.core.security.jacc;
import org.apache.openejb.core.security.JaccProvider;
+import javax.security.jacc.EJBMethodPermission;
+import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebRoleRefPermission;
+import javax.security.jacc.WebUserDataPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.ProtectionDomain;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Map;
+import java.util.Set;
/**
* @version $Rev$ $Date$
*/
public class BasicJaccProvider extends JaccProvider {
+ private static final Set<Class> JACC_PERMISSIONS = new HashSet<Class>() {
+ {
+ add(EJBMethodPermission.class);
+ add(EJBRoleRefPermission.class);
+ add(WebResourcePermission.class);
+ add(WebRoleRefPermission.class);
+ add(WebUserDataPermission.class);
+ }
+ };
static {
// force preloading to avoid to loop under SecurityManager
try {
@@ -82,7 +98,7 @@ public class BasicJaccProvider extends JaccProvider {
public boolean implies(final ProtectionDomain domain, final Permission permission) {
final String contextID = PolicyContext.getContextID();
- if (contextID != null) {
+ if (contextID != null && JACC_PERMISSIONS.contains(permission.getClass())) {
try {
final BasicPolicyConfiguration configuration = configurations.get(contextID);
[tomee] 01/07: For review;
We shouldn't use javax.security.jacc.policy.provider here, because
the System policy will already be set. We need to ensure that our policy
provider is used, which will delegate to the system policy as appropriate
Posted by jg...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jgallimore pushed a commit to branch tomee-1.7.x
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit ec686be5c8dc950851a0969907ca8ba38f9be456
Author: Jonathan Gallimore <jo...@jrg.me.uk>
AuthorDate: Wed May 22 11:15:59 2019 +0100
For review; We shouldn't use javax.security.jacc.policy.provider here, because the System policy will already be set. We need to ensure that our policy provider is used, which will delegate to the system policy as appropriate
---
.../java/org/apache/openejb/core/security/AbstractSecurityService.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java b/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
index f40bf09..42150c9 100644
--- a/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
+++ b/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
@@ -380,7 +380,7 @@ public abstract class AbstractSecurityService implements SecurityService<UUID>,
Thread.currentThread().setContextClassLoader(contextClassLoader);
}
- final String policyProvider = SystemInstance.get().getOptions().get("javax.security.jacc.policy.provider", JaccProvider.Policy.class.getName());
+ final String policyProvider = JaccProvider.Policy.class.getName();
try {
final ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
final Class policyClass = Class.forName(policyProvider, true, classLoader);