You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by db...@apache.org on 2007/03/21 12:07:18 UTC
svn commit: r520838 - in /incubator/openejb/trunk/openejb3:
container/openejb-core/src/main/java/org/apache/openejb/
container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/
container/openejb-core/src/main/java/org/apache/openejb/core...
Author: dblevins
Date: Wed Mar 21 04:07:16 2007
New Revision: 520838
URL: http://svn.apache.org/viewvc?view=rev&rev=520838
Log:
Security code (Work in progress)
Added:
incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/ModulePermissions.java
incubator/openejb/trunk/openejb3/server/openejb-security/
- copied from r520530, incubator/openejb/trunk/openejb3/server/openejb-admin/
incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/
incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/
incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/GroupPrincipal.java
incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/JaccPermissionsBuilder.java
incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/PropertiesLoginModule.java
incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/SecurityServiceImpl.java
incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/UserPrincipal.java
incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/UsernamePasswordCallbackHandler.java
incubator/openejb/trunk/openejb3/server/openejb-security/src/test/java/org/apache/openejb/server/
incubator/openejb/trunk/openejb3/server/openejb-security/src/test/java/org/apache/openejb/server/security/
incubator/openejb/trunk/openejb3/server/openejb-security/src/test/java/org/apache/openejb/server/security/PropertiesLoginModuleTest.java
incubator/openejb/trunk/openejb3/server/openejb-security/src/test/resources/
incubator/openejb/trunk/openejb3/server/openejb-security/src/test/resources/groups.properties
incubator/openejb/trunk/openejb3/server/openejb-security/src/test/resources/login.config
incubator/openejb/trunk/openejb3/server/openejb-security/src/test/resources/users.properties
Removed:
incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/App.java
incubator/openejb/trunk/openejb3/server/openejb-security/src/test/java/org/apache/openejb/AppTest.java
Modified:
incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/DeploymentInfo.java
incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/InterfaceType.java
incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EjbJarInfo.java
incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java
incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanInfo.java
incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodInfo.java
incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodPermissionInfo.java
incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/CoreDeploymentInfo.java
incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/ri/sp/PseudoSecurityService.java
incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/spi/SecurityService.java
incubator/openejb/trunk/openejb3/server/openejb-security/pom.xml
incubator/openejb/trunk/openejb3/server/pom.xml
Modified: incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/DeploymentInfo.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/DeploymentInfo.java?view=diff&rev=520838&r1=520837&r2=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/DeploymentInfo.java (original)
+++ incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/DeploymentInfo.java Wed Mar 21 04:07:16 2007
@@ -23,6 +23,7 @@
import java.util.Map;
import java.util.List;
import javax.naming.Context;
+import javax.security.auth.Subject;
public interface DeploymentInfo {
@@ -53,6 +54,12 @@
public Container getContainer();
public Object getDeploymentID();
+
+ public String getEjbName();
+
+ public String getModuleID();
+
+ public Subject getRunAsSubject();
public boolean isBeanManagedTransaction();
Modified: incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/InterfaceType.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/InterfaceType.java?view=diff&rev=520838&r1=520837&r2=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/InterfaceType.java (original)
+++ incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/InterfaceType.java Wed Mar 21 04:07:16 2007
@@ -20,16 +20,26 @@
* @version $Rev$ $Date$
*/
public enum InterfaceType {
- EJB_HOME,
- EJB_OBJECT,
- EJB_LOCAL_HOME,
- EJB_LOCAL,
- BUSINESS_LOCAL,
- BUSINESS_LOCAL_HOME,
- BUSINESS_REMOTE,
- BUSINESS_REMOTE_HOME,
- SERVICE_ENDPOINT,
- UNKNOWN;
+ EJB_HOME("Home"),
+ EJB_OBJECT("Remote"),
+ EJB_LOCAL_HOME("LocalHome"),
+ EJB_LOCAL("Local"),
+ BUSINESS_LOCAL("BusinessLocal"),
+ BUSINESS_LOCAL_HOME("BusinessLocalHome"),
+ BUSINESS_REMOTE("BusinessRemote"),
+ BUSINESS_REMOTE_HOME("BusinessRemoteHome"),
+ SERVICE_ENDPOINT("ServiceEndpoint"),
+ UNKNOWN("Unknown");
+
+ private final String name;
+
+ InterfaceType(String name) {
+ this.name = name;
+ }
+
+ public String getName() {
+ return name;
+ }
public boolean isHome() {
switch(this){
Modified: incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EjbJarInfo.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EjbJarInfo.java?view=diff&rev=520838&r1=520837&r2=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EjbJarInfo.java (original)
+++ incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EjbJarInfo.java Wed Mar 21 04:07:16 2007
@@ -29,5 +29,7 @@
public final List<MethodTransactionInfo> methodTransactions = new ArrayList<MethodTransactionInfo>();
public final List<InterceptorInfo> interceptors = new ArrayList<InterceptorInfo>();
public final List<InterceptorBindingInfo> interceptorBindings = new ArrayList<InterceptorBindingInfo>();
+ public final List<MethodInfo> excludeList = new ArrayList<MethodInfo>();
+
}
Modified: incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java?view=diff&rev=520838&r1=520837&r2=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java (original)
+++ incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java Wed Mar 21 04:07:16 2007
@@ -19,6 +19,10 @@
import org.apache.openejb.BeanType;
import org.apache.openejb.Injection;
import org.apache.openejb.OpenEJBException;
+import org.apache.openejb.jee.AssemblyDescriptor;
+import org.apache.openejb.jee.SecurityRoleRef;
+import org.apache.openejb.jee.MethodPermission;
+import org.apache.openejb.jee.ExcludeList;
import org.apache.openejb.core.CoreDeploymentInfo;
import org.apache.openejb.core.DeploymentContext;
import org.apache.openejb.core.timer.EjbTimerServiceImpl;
@@ -32,6 +36,8 @@
import javax.persistence.EntityManagerFactory;
import javax.ejb.TimedObject;
import javax.ejb.Timer;
+import javax.security.jacc.EJBMethodPermission;
+import javax.security.jacc.EJBRoleRefPermission;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.HashMap;
@@ -39,6 +45,11 @@
import java.util.Map;
import java.util.Collections;
import java.util.Arrays;
+import java.util.Enumeration;
+import java.io.Serializable;
+import java.security.PermissionCollection;
+import java.security.Permissions;
+import java.security.Permission;
class EnterpriseBeanBuilder {
protected static final Messages messages = new Messages("org.apache.openejb.util.resources");
@@ -374,5 +385,4 @@
throw new OpenEJBException(AssemblerTool.messages.format(messageCode, className, bean.ejbDeploymentId, message));
}
}
-
}
Modified: incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanInfo.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanInfo.java?view=diff&rev=520838&r1=520837&r2=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanInfo.java (original)
+++ incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanInfo.java Wed Mar 21 04:07:16 2007
@@ -49,7 +49,9 @@
public String transactionType;
public JndiEncInfo jndiEnc;
public NamedMethodInfo timeoutMethod;
-
+
+ public String runAs;
+
public final List<SecurityRoleReferenceInfo> securityRoleReferences = new ArrayList<SecurityRoleReferenceInfo>();
public final List<CallbackInfo> aroundInvoke = new ArrayList<CallbackInfo>();
Modified: incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodInfo.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodInfo.java?view=diff&rev=520838&r1=520837&r2=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodInfo.java (original)
+++ incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodInfo.java Wed Mar 21 04:07:16 2007
@@ -21,7 +21,8 @@
public class MethodInfo extends InfoObject {
public String description;
- public String ejbDeploymentId;
+ public String ejbDeploymentId; // TODO: Kill this
+ public String ejbName;
public String methodIntf;
public String methodName;
public List<String> methodParams;
Modified: incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodPermissionInfo.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodPermissionInfo.java?view=diff&rev=520838&r1=520837&r2=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodPermissionInfo.java (original)
+++ incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodPermissionInfo.java Wed Mar 21 04:07:16 2007
@@ -24,5 +24,6 @@
public String description;
public final List<String> roleNames = new ArrayList<String>();
public final List<MethodInfo> methods = new ArrayList<MethodInfo>();
+ public boolean unchecked;
}
Added: incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/ModulePermissions.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/ModulePermissions.java?view=auto&rev=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/ModulePermissions.java (added)
+++ incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/ModulePermissions.java Wed Mar 21 04:07:16 2007
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.assembler.classic;
+
+import java.io.Serializable;
+import java.security.PermissionCollection;
+import java.util.Map;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class ModulePermissions {
+ private final PermissionCollection excludedPermissions ;
+ private final PermissionCollection uncheckedPermissions;
+ private final Map rolePermissions;
+
+ public ModulePermissions(PermissionCollection excludedPermissions, PermissionCollection uncheckedPermissions, Map rolePermissions) {
+ this.excludedPermissions = excludedPermissions;
+ this.uncheckedPermissions = uncheckedPermissions;
+ this.rolePermissions = rolePermissions;
+ }
+
+ public PermissionCollection getExcludedPermissions() {
+ return excludedPermissions;
+ }
+
+ public PermissionCollection getUncheckedPermissions() {
+ return uncheckedPermissions;
+ }
+
+ public Map getRolePermissions() {
+ return rolePermissions;
+ }
+}
Modified: incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/CoreDeploymentInfo.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/CoreDeploymentInfo.java?view=diff&rev=520838&r1=520837&r2=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/CoreDeploymentInfo.java (original)
+++ incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/CoreDeploymentInfo.java Wed Mar 21 04:07:16 2007
@@ -36,6 +36,7 @@
import javax.ejb.Timer;
import javax.persistence.EntityManagerFactory;
import javax.naming.Context;
+import javax.security.auth.Subject;
import org.apache.openejb.Container;
import org.apache.openejb.RpcContainer;
@@ -108,6 +109,9 @@
private BusinessRemoteHome businessRemoteHomeRef;
private final Map<Class, Object> data = new HashMap<Class, Object>();
+ private String ejbName;
+ private String moduleId;
+ private Subject runAsSubject;
private Object containerData;
@@ -942,5 +946,29 @@
public void setEjbTimerService(EjbTimerService ejbTimerService) {
this.ejbTimerService = ejbTimerService;
+ }
+
+ public String getEjbName() {
+ return null;
+ }
+
+ public String getModuleID() {
+ return null;
+ }
+
+ public Subject getRunAsSubject() {
+ return null;
+ }
+
+ public void setEjbName(String ejbName) {
+ this.ejbName = ejbName;
+ }
+
+ public void setModuleId(String moduleId) {
+ this.moduleId = moduleId;
+ }
+
+ public void setRunAsSubject(Subject runAsSubject) {
+ this.runAsSubject = runAsSubject;
}
}
Modified: incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/ri/sp/PseudoSecurityService.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/ri/sp/PseudoSecurityService.java?view=diff&rev=520838&r1=520837&r2=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/ri/sp/PseudoSecurityService.java (original)
+++ incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/ri/sp/PseudoSecurityService.java Wed Mar 21 04:07:16 2007
@@ -41,15 +41,16 @@
return true;
}
- public Object translateTo(Object securityIdentity, Class type) {
+
+ public <T> T translateTo(Object securityIdentity, Class<T> type) {
if (type == java.security.Principal.class) {
- return new java.security.Principal() {
+ return (T)new java.security.Principal() {
public String getName() {
return "TestRole";
}
};
} else if (type == javax.security.auth.Subject.class) {
- return new javax.security.auth.Subject();
+ return (T) new javax.security.auth.Subject();
} else {
return null;
}
Modified: incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/spi/SecurityService.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/spi/SecurityService.java?view=diff&rev=520838&r1=520837&r2=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/spi/SecurityService.java (original)
+++ incubator/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/spi/SecurityService.java Wed Mar 21 04:07:16 2007
@@ -22,7 +22,7 @@
public boolean isCallerAuthorized(Object securityIdentity, Collection<String> roleNames);
- public Object translateTo(Object securityIdentity, Class type);
+ public <T> T translateTo(Object securityIdentity, Class<T> type);
/*
* Associates a security identity object with the current thread. Setting
Modified: incubator/openejb/trunk/openejb3/server/openejb-security/pom.xml
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/server/openejb-security/pom.xml?view=diff&rev=520838&r1=520530&r2=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/server/openejb-security/pom.xml (original)
+++ incubator/openejb/trunk/openejb3/server/openejb-security/pom.xml Wed Mar 21 04:07:16 2007
@@ -24,13 +24,18 @@
<version>3.0-incubating-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
- <artifactId>openejb-admin</artifactId>
+ <artifactId>openejb-security</artifactId>
<packaging>jar</packaging>
- <name>OpenEJB :: Server :: Admin</name>
+ <name>OpenEJB :: Server :: Security</name>
<dependencies>
<dependency>
<groupId>org.apache.openejb</groupId>
<artifactId>openejb-server</artifactId>
+ <version>${version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.openejb</groupId>
+ <artifactId>openejb-client</artifactId>
<version>${version}</version>
</dependency>
<dependency>
Added: incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/GroupPrincipal.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/GroupPrincipal.java?view=auto&rev=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/GroupPrincipal.java (added)
+++ incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/GroupPrincipal.java Wed Mar 21 04:07:16 2007
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.server.security;
+
+import java.security.Principal;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class GroupPrincipal implements Principal {
+
+ private final String name;
+ private transient int hash;
+
+ public GroupPrincipal(String name) {
+ if (name == null) throw new IllegalArgumentException("name cannot be null");
+ this.name = name;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ final GroupPrincipal that = (GroupPrincipal) o;
+
+ if (!name.equals(that.name)) return false;
+
+ return true;
+ }
+
+ public int hashCode() {
+ if (hash == 0) {
+ hash = name.hashCode();
+ }
+ return hash;
+ }
+
+ public String toString() {
+ return name;
+ }
+}
Added: incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/JaccPermissionsBuilder.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/JaccPermissionsBuilder.java?view=auto&rev=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/JaccPermissionsBuilder.java (added)
+++ incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/JaccPermissionsBuilder.java Wed Mar 21 04:07:16 2007
@@ -0,0 +1,278 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.server.security;
+
+import org.apache.openejb.InterfaceType;
+import org.apache.openejb.OpenEJBException;
+import org.apache.openejb.DeploymentInfo;
+import org.apache.openejb.assembler.classic.ModulePermissions;
+import org.apache.openejb.assembler.classic.EjbJarInfo;
+import org.apache.openejb.assembler.classic.EnterpriseBeanInfo;
+import org.apache.openejb.assembler.classic.MethodPermissionInfo;
+import org.apache.openejb.assembler.classic.MethodInfo;
+import org.apache.openejb.assembler.classic.SecurityRoleReferenceInfo;
+
+import javax.security.auth.Subject;
+import javax.security.jacc.EJBMethodPermission;
+import javax.security.jacc.EJBRoleRefPermission;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Permissions;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class JaccPermissionsBuilder {
+
+
+ public ModulePermissions build(EjbJarInfo ejbJar, HashMap<String, DeploymentInfo> deployments) throws OpenEJBException {
+
+ ModulePermissions componentPermissions = new ModulePermissions(new Permissions(), new Permissions(), new HashMap());
+
+ for (EnterpriseBeanInfo enterpriseBean : ejbJar.enterpriseBeans) {
+ DeploymentInfo deployment = deployments.get(enterpriseBean.ejbDeploymentId);
+ Map gbean = null; //
+
+ Permissions permissions = new Permissions();
+
+ String ejbName = enterpriseBean.ejbName;
+ for (InterfaceType type : InterfaceType.values()) {
+ addToPermissions(permissions, ejbName, type.getName(), deployment.getInterface(type));
+ }
+
+ String defaultRole = null;
+ addComponentPermissions(ejbJar, enterpriseBean, defaultRole, permissions, componentPermissions);
+
+ // RunAs subject
+ String runAsName = enterpriseBean.runAs;
+ if (runAsName != null) {
+ Subject runAsSubject = null; // TODO: Turn name into subject
+ if (runAsSubject == null) {
+ throw new OpenEJBException("No role designate found for run-as name: " + runAsName);
+ }
+ gbean.put("runAs", runAsSubject);
+ }
+
+ // Default principal
+ Object defaultPrincipal = null;// TODO
+ gbean.put("defaultPrincipal", defaultPrincipal);
+ }
+ return componentPermissions;
+ }
+
+ /**
+ * Fill the container moduleBuilder with the security information that it needs
+ * to create the proper interceptors. A <code>SecurityConfiguration</code>
+ * is also filled with permissions that need to be used to fill the JACC
+ * policy configuration.
+ *
+ * @param defaultRole default role for otherwise unassigned permissions
+ * @param notAssigned the set of all possible permissions. These will be
+ * culled so that all that are left are those that have
+ * not been assigned roles.
+ * @param modulePermissions the holder for the ejb's permissions
+ * @throws org.apache.openejb.OpenEJBException
+ * if any constraints are violated
+ */
+ private void addComponentPermissions(EjbJarInfo ejbJar, EnterpriseBeanInfo beanInfo, String defaultRole, Permissions notAssigned, ModulePermissions modulePermissions) throws OpenEJBException {
+
+ PermissionCollection uncheckedPermissions = modulePermissions.getUncheckedPermissions();
+ PermissionCollection excludedPermissions = modulePermissions.getExcludedPermissions();
+ Map rolePermissions = modulePermissions.getRolePermissions();
+
+ String ejbName = beanInfo.ejbName;
+
+ //this can occur in an ear when one ejb module has security and one doesn't. In this case we still need
+ //to make the non-secure one completely unchecked.
+ /**
+ * JACC v1.0 section 3.1.5.1
+ */
+ for (MethodPermissionInfo methodPermission : ejbJar.methodPermissions) {
+ List<String> roleNames = methodPermission.roleNames;
+ boolean unchecked = methodPermission.unchecked;
+
+ for (MethodInfo method : methodPermission.methods) {
+
+ if (!ejbName.equals(method.ejbName)) {
+ continue;
+ }
+
+ // method name
+ String methodName = method.methodName;
+ if ("*".equals(methodName)) {
+ // jacc uses null instead of *
+ methodName = null;
+ }
+
+ // method interface
+ String methodIntf = method.methodIntf;
+
+ // method parameters
+ String[] methodParams;
+ if (method.methodParams != null) {
+ List<String> paramList = method.methodParams;
+ methodParams = paramList.toArray(new String[paramList.size()]);
+ } else {
+ methodParams = null;
+ }
+
+ // create the permission object
+ EJBMethodPermission permission = new EJBMethodPermission(ejbName, methodName, methodIntf, methodParams);
+ notAssigned = cullPermissions(notAssigned, permission);
+
+ // if this is unchecked, mark it as unchecked; otherwise assign the roles
+ if (unchecked) {
+ uncheckedPermissions.add(permission);
+ } else {
+ for (String roleName : roleNames) {
+ Permissions permissions = (Permissions) rolePermissions.get(roleName);
+ if (permissions == null) {
+ permissions = new Permissions();
+ rolePermissions.put(roleName, permissions);
+ }
+ permissions.add(permission);
+ }
+ }
+ }
+
+ }
+
+ /**
+ * JACC v1.0 section 3.1.5.2
+ */
+ for (MethodInfo method : ejbJar.excludeList) {
+ if (!ejbName.equals(method.ejbName)) {
+ continue;
+ }
+
+ // method name
+ String methodName = method.methodName;
+ // method interface
+ String methodIntf = method.methodIntf;
+
+ // method parameters
+ String[] methodParams;
+ if (method.methodParams != null) {
+ List<String> paramList = method.methodParams;
+ methodParams = paramList.toArray(new String[paramList.size()]);
+ } else {
+ methodParams = null;
+ }
+
+ // create the permission object
+ EJBMethodPermission permission = new EJBMethodPermission(ejbName, methodName, methodIntf, methodParams);
+
+ excludedPermissions.add(permission);
+ notAssigned = cullPermissions(notAssigned, permission);
+ }
+
+ /**
+ * JACC v1.0 section 3.1.5.3
+ */
+ for (SecurityRoleReferenceInfo securityRoleRef : beanInfo.securityRoleReferences) {
+
+ if (securityRoleRef.roleLink == null) {
+ throw new OpenEJBException("Missing role-link");
+ }
+
+ String roleLink = securityRoleRef.roleLink;
+
+ PermissionCollection roleLinks = (PermissionCollection) rolePermissions.get(roleLink);
+ if (roleLinks == null) {
+ roleLinks = new Permissions();
+ rolePermissions.put(roleLink, roleLinks);
+
+ }
+ roleLinks.add(new EJBRoleRefPermission(ejbName, securityRoleRef.roleName));
+ }
+
+ /**
+ * EJB v2.1 section 21.3.2
+ * <p/>
+ * It is possible that some methods are not assigned to any security
+ * roles nor contained in the <code>exclude-list</code> element. In
+ * this case, it is the responsibility of the Deployer to assign method
+ * permissions for all of the unspecified methods, either by assigning
+ * them to security roles, or by marking them as <code>unchecked</code>.
+ */
+ PermissionCollection permissions;
+ if (defaultRole == null) {
+ permissions = uncheckedPermissions;
+ } else {
+ permissions = (PermissionCollection) rolePermissions.get(defaultRole);
+ if (permissions == null) {
+ permissions = new Permissions();
+ rolePermissions.put(defaultRole, permissions);
+ }
+ }
+
+ Enumeration e = notAssigned.elements();
+ while (e.hasMoreElements()) {
+ Permission p = (Permission) e.nextElement();
+ permissions.add(p);
+ }
+
+ }
+
+ /**
+ * Generate all the possible permissions for a bean's interface.
+ * <p/>
+ * Method permissions are defined in the deployment descriptor as a binary
+ * relation from the set of security roles to the set of methods of the
+ * home, component, and/or web service endpoint interfaces of session and
+ * entity beans, including all their superinterfaces (including the methods
+ * of the <code>EJBHome</code> and <code>EJBObject</code> interfaces and/or
+ * <code>EJBLocalHome</code> and <code>EJBLocalObject</code> interfaces).
+ *
+ * @param permissions the permission set to be extended
+ * @param ejbName the name of the EJB
+ * @param methodInterface the EJB method interface
+ * @throws org.apache.openejb.OpenEJBException
+ * in case a class could not be found
+ */
+ public void addToPermissions(Permissions permissions, String ejbName, String methodInterface, Class clazz) throws OpenEJBException {
+ if (clazz == null) return;
+ for (java.lang.reflect.Method method : clazz.getMethods()) {
+ permissions.add(new EJBMethodPermission(ejbName, methodInterface, method));
+ }
+ }
+
+ /**
+ * Removes permissions from <code>toBeChecked</code> that are implied by
+ * <code>permission</code>.
+ *
+ * @param toBeChecked the permissions that are to be checked and possibly culled
+ * @param permission the permission that is to be used for culling
+ * @return the culled set of permissions that are not implied by <code>permission</code>
+ */
+ private Permissions cullPermissions(Permissions toBeChecked, Permission permission) {
+ Permissions result = new Permissions();
+
+ for (Enumeration e = toBeChecked.elements(); e.hasMoreElements();) {
+ Permission test = (Permission) e.nextElement();
+ if (!permission.implies(test)) {
+ result.add(test);
+ }
+ }
+
+ return result;
+ }
+}
Added: incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/PropertiesLoginModule.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/PropertiesLoginModule.java?view=auto&rev=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/PropertiesLoginModule.java (added)
+++ incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/PropertiesLoginModule.java Wed Mar 21 04:07:16 2007
@@ -0,0 +1,170 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.server.security;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import javax.security.auth.spi.LoginModule;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.util.Properties;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Enumeration;
+import java.io.File;
+import java.io.IOException;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class PropertiesLoginModule implements LoginModule {
+
+ private final String USER_FILE = "org.apache.openejb.jaas.properties.users";
+ private final String GROUP_FILE = "org.apache.openejb.jaas.properties.groups";
+
+ private static final Log log = LogFactory.getLog(PropertiesLoginModule.class);
+
+ private Subject subject;
+ private CallbackHandler callbackHandler;
+
+ private boolean debug;
+ private String usersFile;
+ private String groupsFile;
+ private Properties users = new Properties();
+ private Properties groups = new Properties();
+ private String user;
+ private Set principals = new HashSet();
+ private File baseDir;
+
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
+ this.subject = subject;
+ this.callbackHandler = callbackHandler;
+
+ if( System.getProperty("java.security.auth.login.config")!=null ) {
+ baseDir=new File(System.getProperty("java.security.auth.login.config")).getParentFile();
+ } else {
+ baseDir = new File(".");
+ }
+
+ debug = "true".equalsIgnoreCase((String) options.get("debug"));
+ usersFile = (String) options.get(USER_FILE)+"";
+ groupsFile = (String) options.get(GROUP_FILE)+"";
+
+ if (debug) {
+ log.debug("Initialized debug=" + debug + " usersFile=" + usersFile + " groupsFile=" + groupsFile+" basedir="+baseDir);
+ }
+ }
+
+ public boolean login() throws LoginException {
+ File f = new File(baseDir,usersFile);
+ try {
+ users.load(new java.io.FileInputStream(f));
+ } catch (IOException ioe) {
+ throw new LoginException("Unable to load user properties file " + f);
+ }
+ f = new File(baseDir, groupsFile);
+ try {
+ groups.load(new java.io.FileInputStream(f));
+ } catch (IOException ioe) {
+ throw new LoginException("Unable to load group properties file " + f);
+ }
+
+ Callback[] callbacks = new Callback[2];
+
+ callbacks[0] = new NameCallback("Username: ");
+ callbacks[1] = new PasswordCallback("Password: ", false);
+ try {
+ callbackHandler.handle(callbacks);
+ } catch (IOException ioe) {
+ throw new LoginException(ioe.getMessage());
+ } catch (UnsupportedCallbackException uce) {
+ throw new LoginException(uce.getMessage() + " not available to obtain information from user");
+ }
+ user = ((NameCallback) callbacks[0]).getName();
+ char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
+ if (tmpPassword == null) tmpPassword = new char[0];
+
+ String password = users.getProperty(user);
+
+ if (password == null) throw new FailedLoginException("User does exist");
+ if (!password.equals(new String(tmpPassword))) throw new FailedLoginException("Password does not match");
+
+ users.clear();
+
+ if (debug) {
+ log.debug("login " + user);
+ }
+ return true;
+ }
+
+ public boolean commit() throws LoginException {
+ principals.add(new UserPrincipal(user));
+
+ for (Enumeration enumeration = groups.keys(); enumeration.hasMoreElements();) {
+ String name = (String) enumeration.nextElement();
+ String[] userList = ((String) groups.getProperty(name) + "").split(",");
+ for (int i = 0; i < userList.length; i++) {
+ if (user.equals(userList[i])) {
+ principals.add(new GroupPrincipal(name));
+ break;
+ }
+ }
+ }
+
+ subject.getPrincipals().addAll(principals);
+
+ clear();
+
+ if (debug) {
+ log.debug("commit");
+ }
+ return true;
+ }
+
+ public boolean abort() throws LoginException {
+ clear();
+
+ if (debug) {
+ log.debug("abort");
+ }
+ return true;
+ }
+
+ public boolean logout() throws LoginException {
+ subject.getPrincipals().removeAll(principals);
+ principals.clear();
+
+ if (debug) {
+ log.debug("logout");
+ }
+ return true;
+ }
+
+ private void clear() {
+ groups.clear();
+ user = null;
+ }
+
+}
Added: incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/SecurityServiceImpl.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/SecurityServiceImpl.java?view=auto&rev=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/SecurityServiceImpl.java (added)
+++ incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/SecurityServiceImpl.java Wed Mar 21 04:07:16 2007
@@ -0,0 +1,132 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.server.security;
+
+import org.apache.openejb.spi.SecurityService;
+import org.apache.openejb.DeploymentInfo;
+import org.apache.openejb.InterfaceType;
+import org.apache.openejb.core.ThreadContextListener;
+import org.apache.openejb.core.ThreadContext;
+import org.apache.openejb.core.CoreDeploymentInfo;
+
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.EJBMethodPermission;
+import javax.security.jacc.EJBRoleRefPermission;
+import javax.ejb.AccessLocalException;
+import java.util.Set;
+import java.security.AccessControlContext;
+import java.security.Permission;
+import java.security.AccessControlException;
+import java.security.PrivilegedAction;
+import java.security.AccessController;
+import java.security.Principal;
+import java.lang.reflect.Method;
+import java.rmi.AccessException;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class SecurityServiceImpl implements ThreadContextListener {
+
+ private final static class SecurityContext {
+ private final Subject subject;
+ private final AccessControlContext acc;
+
+ public SecurityContext(Subject subject) {
+ this.subject = subject;
+ this.acc = (AccessControlContext) Subject.doAsPrivileged(subject, new PrivilegedAction() {
+ public Object run() {
+ return AccessController.getContext();
+ }
+ }, null);
+ }
+ }
+
+ public void contextEntered(ThreadContext oldContext, ThreadContext newContext) {
+ PolicyContext.setContextID(newContext.getDeploymentInfo().getModuleID());
+
+ CoreDeploymentInfo deploymentInfo = newContext.getDeploymentInfo();
+
+ SecurityContext securityContext = oldContext.get(SecurityContext.class);
+
+ if (deploymentInfo.getRunAsSubject() != null){
+ securityContext = new SecurityContext(deploymentInfo.getRunAsSubject());
+ } else if (securityContext == null){
+ // TODO: Get the Subject from the JAAS LoginModule
+ Subject subject = null;
+
+ securityContext = new SecurityContext(subject);
+ }
+
+ newContext.set(SecurityContext.class, securityContext);
+
+ }
+
+
+ public void contextExited(ThreadContext exitedContext, ThreadContext reenteredContext) {
+ PolicyContext.setContextID(reenteredContext.getDeploymentInfo().getModuleID());
+ }
+
+
+
+ public boolean isCallerInRole(String role) {
+ if (role == null) throw new IllegalArgumentException("Role must not be null");
+
+ ThreadContext threadContext = ThreadContext.getThreadContext();
+ SecurityContext securityContext = threadContext.get(SecurityContext.class);
+
+ try {
+ CoreDeploymentInfo deployment = threadContext.getDeploymentInfo();
+ securityContext.acc.checkPermission(new EJBRoleRefPermission(deployment.getEjbName(), role));
+ } catch (AccessControlException e) {
+ return false;
+ }
+ return true;
+ }
+
+ public Principal getCallerPrincipal() {
+ ThreadContext threadContext = ThreadContext.getThreadContext();
+ SecurityContext securityContext = threadContext.get(SecurityContext.class);
+ Set<Principal> principals = securityContext.subject.getPrincipals();
+ for (Principal principal : principals) {
+ return principal;
+ }
+ return null;
+ }
+
+ public void checkPermission(Method method, InterfaceType type) throws Throwable {
+ ThreadContext threadContext = ThreadContext.getThreadContext();
+ SecurityContext securityContext = threadContext.get(SecurityContext.class);
+
+ try {
+
+ String ejbName = threadContext.getDeploymentInfo().getEjbName();
+ Permission permission = new EJBMethodPermission(ejbName, type.getName(), method);
+
+ if (permission != null) securityContext.acc.checkPermission(permission);
+
+ } catch (AccessControlException e) {
+ boolean isLocal = false;// TODO: This check should go in the proxy handler
+ if (isLocal) {
+ throw new AccessLocalException(e.getMessage());
+ } else {
+ throw new AccessException(e.getMessage());
+ }
+ }
+ }
+}
Added: incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/UserPrincipal.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/UserPrincipal.java?view=auto&rev=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/UserPrincipal.java (added)
+++ incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/UserPrincipal.java Wed Mar 21 04:07:16 2007
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.server.security;
+
+import java.security.Principal;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class UserPrincipal implements Principal {
+
+ private final String name;
+ private transient int hash;
+
+ public UserPrincipal(String name) {
+ if (name == null) throw new IllegalArgumentException("name cannot be null");
+ this.name = name;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ final UserPrincipal that = (UserPrincipal) o;
+
+ if (!name.equals(that.name)) return false;
+
+ return true;
+ }
+
+ public int hashCode() {
+ if (hash == 0) {
+ hash = name.hashCode();
+ }
+ return hash;
+ }
+
+ public String toString() {
+ return name;
+ }
+}
Added: incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/UsernamePasswordCallbackHandler.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/UsernamePasswordCallbackHandler.java?view=auto&rev=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/UsernamePasswordCallbackHandler.java (added)
+++ incubator/openejb/trunk/openejb3/server/openejb-security/src/main/java/org/apache/openejb/server/security/UsernamePasswordCallbackHandler.java Wed Mar 21 04:07:16 2007
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.server.security;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+
+/**
+ * A JASS username password CallbackHandler.
+ */
+public class UsernamePasswordCallbackHandler implements CallbackHandler {
+
+ private final String username;
+ private final String password;
+
+ public UsernamePasswordCallbackHandler(String username, String password) {
+ this.username = username;
+ this.password = password;
+ }
+
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ Callback callback = callbacks[i];
+ if (callback instanceof PasswordCallback) {
+ PasswordCallback passwordCallback = (PasswordCallback) callback;
+ if (password == null) {
+ passwordCallback.setPassword(null);
+ } else {
+ passwordCallback.setPassword(password.toCharArray());
+ }
+ } else if (callback instanceof NameCallback) {
+ NameCallback nameCallback = (NameCallback) callback;
+ if (username == null) {
+ nameCallback.setName(null);
+ } else {
+ nameCallback.setName(username);
+ }
+ }
+ }
+ }
+
+}
Added: incubator/openejb/trunk/openejb3/server/openejb-security/src/test/java/org/apache/openejb/server/security/PropertiesLoginModuleTest.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/server/openejb-security/src/test/java/org/apache/openejb/server/security/PropertiesLoginModuleTest.java?view=auto&rev=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/server/openejb-security/src/test/java/org/apache/openejb/server/security/PropertiesLoginModuleTest.java (added)
+++ incubator/openejb/trunk/openejb3/server/openejb-security/src/test/java/org/apache/openejb/server/security/PropertiesLoginModuleTest.java Wed Mar 21 04:07:16 2007
@@ -0,0 +1,85 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.core.security;
+
+import junit.framework.TestCase;
+import org.apache.openejb.server.security.GroupPrincipal;
+import org.apache.openejb.server.security.UserPrincipal;
+import org.apache.openejb.server.security.UsernamePasswordCallbackHandler;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import java.net.URL;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class PropertiesLoginModuleTest extends TestCase {
+
+ static {
+ loadJassLoginConfig();
+ }
+
+ private static void loadJassLoginConfig() {
+ String path = System.getProperty("java.security.auth.login.config");
+ if (path == null) {
+ URL resource = PropertiesLoginModuleTest.class.getClassLoader().getResource("login.config");
+ if (resource != null) {
+ path = resource.getFile();
+ System.setProperty("java.security.auth.login.config", path);
+ }
+ }
+ System.out.println("Path to login config: " + path);
+ }
+
+ public void testLogin() throws LoginException {
+ LoginContext context = new LoginContext("PropertiesLogin", new UsernamePasswordCallbackHandler("jonathan", "secret"));
+ context.login();
+
+ Subject subject = context.getSubject();
+
+ assertEquals("Should have three principals", 3, subject.getPrincipals().size());
+ assertEquals("Should have one user principal", 1, subject.getPrincipals(UserPrincipal.class).size());
+ assertEquals("Should have two group principals", 2, subject.getPrincipals(GroupPrincipal.class).size());
+
+ context.logout();
+
+ assertEquals("Should have zero principals", 0, subject.getPrincipals().size());
+ }
+
+ public void testBadUseridLogin() throws Exception {
+ LoginContext context = new LoginContext("PropertiesLogin", new UsernamePasswordCallbackHandler("nobody", "secret"));
+ try {
+ context.login();
+ fail("Should have thrown a FailedLoginException");
+ } catch (FailedLoginException doNothing) {
+ }
+
+ }
+
+ public void testBadPWLogin() throws Exception {
+ LoginContext context = new LoginContext("PropertiesLogin", new UsernamePasswordCallbackHandler("jonathan", "badpass"));
+ try {
+ context.login();
+ fail("Should have thrown a FailedLoginException");
+ } catch (FailedLoginException doNothing) {
+ }
+
+ }
+}
Added: incubator/openejb/trunk/openejb3/server/openejb-security/src/test/resources/groups.properties
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/server/openejb-security/src/test/resources/groups.properties?view=auto&rev=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/server/openejb-security/src/test/resources/groups.properties (added)
+++ incubator/openejb/trunk/openejb3/server/openejb-security/src/test/resources/groups.properties Wed Mar 21 04:07:16 2007
@@ -0,0 +1,20 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+
+programmers=jonathan
+accounting=daniel
+employees=jonathan,daniel
Added: incubator/openejb/trunk/openejb3/server/openejb-security/src/test/resources/login.config
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/server/openejb-security/src/test/resources/login.config?view=auto&rev=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/server/openejb-security/src/test/resources/login.config (added)
+++ incubator/openejb/trunk/openejb3/server/openejb-security/src/test/resources/login.config Wed Mar 21 04:07:16 2007
@@ -0,0 +1,22 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+PropertiesLogin {
+ org.apache.openejb.server.security.PropertiesLoginModule required
+ debug=true
+ org.apache.openejb.jaas.properties.users="users.properties"
+ org.apache.openejb.jaas.properties.groups="groups.properties";
+};
Added: incubator/openejb/trunk/openejb3/server/openejb-security/src/test/resources/users.properties
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/server/openejb-security/src/test/resources/users.properties?view=auto&rev=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/server/openejb-security/src/test/resources/users.properties (added)
+++ incubator/openejb/trunk/openejb3/server/openejb-security/src/test/resources/users.properties Wed Mar 21 04:07:16 2007
@@ -0,0 +1,19 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+
+jonathan=secret
+daniel=password
Modified: incubator/openejb/trunk/openejb3/server/pom.xml
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb3/server/pom.xml?view=diff&rev=520838&r1=520837&r2=520838
==============================================================================
--- incubator/openejb/trunk/openejb3/server/pom.xml (original)
+++ incubator/openejb/trunk/openejb3/server/pom.xml Wed Mar 21 04:07:16 2007
@@ -40,6 +40,7 @@
<module>openejb-corba</module>
<module>openejb-derbynet</module>
<module>openejb-hsql</module>
+ <module>openejb-security</module>
</modules>
<dependencies>
<!--