You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ga...@apache.org on 2009/07/24 22:20:21 UTC
svn commit: r797635 -
/geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java
Author: gawor
Date: Fri Jul 24 20:20:21 2009
New Revision: 797635
URL: http://svn.apache.org/viewvc?rev=797635&view=rev
Log:
configure security for jaxrpc ejb web services
Modified:
geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java
Modified: geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java?rev=797635&r1=797634&r2=797635&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java (original)
+++ geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java Fri Jul 24 20:20:21 2009
@@ -17,6 +17,8 @@
package org.apache.geronimo.axis.builder;
import java.net.URL;
+import java.security.PermissionCollection;
+import java.security.Permissions;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
@@ -25,6 +27,9 @@
import java.util.Properties;
import java.util.jar.JarFile;
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebUserDataPermission;
+
import org.apache.geronimo.axis.server.EjbWebServiceGBean;
import org.apache.geronimo.common.DeploymentException;
import org.apache.geronimo.deployment.ModuleIDBuilder;
@@ -46,7 +51,9 @@
import org.apache.geronimo.kernel.repository.Environment;
import org.apache.geronimo.openejb.deployment.EjbModule;
import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.security.jacc.ComponentPermissions;
import org.apache.openejb.assembler.classic.EnterpriseBeanInfo;
+import org.apache.openejb.jee.oejb2.AuthMethodType;
import org.apache.openejb.jee.oejb2.EnterpriseBean;
import org.apache.openejb.jee.oejb2.GeronimoEjbJarType;
import org.apache.openejb.jee.oejb2.OpenejbJarType;
@@ -107,6 +114,59 @@
}
public void initContext(EARContext earContext, Module module, ClassLoader cl) throws DeploymentException {
+ if (module.getType() != ConfigurationModuleType.EJB) {
+ return;
+ }
+
+ EjbModule ejbModule = (EjbModule) module;
+
+ Map<String, WebServiceBinding> wsBindingMap = createWebServiceBindingMap(ejbModule);
+
+ for (EnterpriseBeanInfo bean : ejbModule.getEjbJarInfo().enterpriseBeans) {
+ if (bean.type != EnterpriseBeanInfo.STATELESS) {
+ continue;
+ }
+
+ String ejbName = bean.ejbName;
+
+ AbstractName sessionName = earContext.getNaming().createChildName(module.getModuleName(), ejbName, NameFactory.STATELESS_SESSION_BEAN);
+
+ assert sessionName != null: "StatelesSessionBean object name is null";
+
+ WebServiceBinding wsBinding = wsBindingMap.get(ejbName);
+ if (wsBinding != null) {
+ WebServiceSecurityType wsSecurity = wsBinding.getWebServiceSecurity();
+ if (wsSecurity != null) {
+ earContext.setHasSecurity(true);
+ String policyContextID = sessionName.toString();
+ Properties properties = wsSecurity.getProperties();
+ PermissionCollection uncheckedPermissions = new Permissions();
+ String transportGuarantee = wsSecurity.getTransportGuarantee().toString().trim();
+ boolean getProtected = properties.get("getProtected") == null? true: Boolean.valueOf((String) properties.get("getProtected"));
+ if (getProtected) {
+ WebUserDataPermission webUserDataPermission = new WebUserDataPermission("/*", null, transportGuarantee);
+ uncheckedPermissions.add(webUserDataPermission);
+ } else {
+ uncheckedPermissions.add(new WebUserDataPermission("/*", new String[] {"GET"}, "NONE"));
+ uncheckedPermissions.add(new WebUserDataPermission("/*", "!GET:" + transportGuarantee));
+ }
+ Map<String, PermissionCollection> rolePermissions = new HashMap<String, PermissionCollection>();
+ //TODO allow jaspi authentication
+ boolean secured = wsSecurity.getAuthMethod() != null && AuthMethodType.NONE != (wsSecurity.getAuthMethod());// || wsSecurity.isSetAuthentication();
+ if (secured) {
+ boolean getSecured = properties.get("getSecured") == null? true: Boolean.valueOf((String) properties.get("getSecured"));
+ if (!getSecured) {
+ uncheckedPermissions.add(new WebResourcePermission("/*", "GET"));
+ }
+ } else {
+ uncheckedPermissions.add(new WebResourcePermission("/*", (String[]) null));
+ }
+ ComponentPermissions permissions = new ComponentPermissions(new Permissions(), uncheckedPermissions, rolePermissions);
+ earContext.addSecurityContext(policyContextID, permissions);
+ }
+ }
+
+ }
}
public void addGBeans(EARContext earContext, Module module, ClassLoader cl, Collection repository) throws DeploymentException {
@@ -164,6 +224,8 @@
}
Properties properties = wsSecurity.getProperties();
ejbWebServiceGBean.setAttribute("properties", properties);
+ String policyContextID = sessionName.toString();
+ ejbWebServiceGBean.setAttribute("policyContextID", policyContextID);
}
}