You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwebbeans.apache.org by st...@apache.org on 2011/03/14 23:42:33 UTC
svn commit: r1081597 - in /openwebbeans/trunk:
webbeans-ejb/src/main/java/org/apache/webbeans/ejb/common/interceptor/
webbeans-impl/src/main/java/org/apache/webbeans/component/
webbeans-impl/src/main/java/org/apache/webbeans/config/
webbeans-impl/src/m...
Author: struberg
Date: Mon Mar 14 22:42:32 2011
New Revision: 1081597
URL: http://svn.apache.org/viewvc?rev=1081597&view=rev
Log:
OWB-545 extend SecurityService and initial simple implementation
Added:
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/SimpleSecurityService.java
Modified:
openwebbeans/trunk/webbeans-ejb/src/main/java/org/apache/webbeans/ejb/common/interceptor/OpenWebBeansEjbInterceptor.java
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/component/AbstractInjectionTargetBean.java
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/component/ProducerFieldBean.java
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/config/WebBeansContext.java
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/inject/InjectableConstructor.java
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/inject/InjectableField.java
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/inject/InjectableMethods.java
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/DependentScopedBeanInterceptorHandler.java
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/InterceptorHandler.java
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/InterceptorUtil.java
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/InvocationContextImpl.java
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/NormalScopedBeanInterceptorHandler.java
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/util/SecurityUtil.java
openwebbeans/trunk/webbeans-impl/src/main/resources/META-INF/openwebbeans/openwebbeans.properties
openwebbeans/trunk/webbeans-openejb/src/main/java/org/apache/webbeans/ejb/service/OpenEJBSecurityService.java
openwebbeans/trunk/webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java
openwebbeans/trunk/webbeans-tomcat6/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityService.java
openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityService.java
Modified: openwebbeans/trunk/webbeans-ejb/src/main/java/org/apache/webbeans/ejb/common/interceptor/OpenWebBeansEjbInterceptor.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-ejb/src/main/java/org/apache/webbeans/ejb/common/interceptor/OpenWebBeansEjbInterceptor.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-ejb/src/main/java/org/apache/webbeans/ejb/common/interceptor/OpenWebBeansEjbInterceptor.java (original)
+++ openwebbeans/trunk/webbeans-ejb/src/main/java/org/apache/webbeans/ejb/common/interceptor/OpenWebBeansEjbInterceptor.java Mon Mar 14 22:42:32 2011
@@ -219,7 +219,7 @@ public class OpenWebBeansEjbInterceptor
{
if ((this.contextual != null) && WebBeansUtil.isContainsInterceptorMethod(this.contextual.getInterceptorStack(), interceptorType))
{
- InvocationContextImpl impl = new InvocationContextImpl(this.contextual, context.getTarget(), null, null,
+ InvocationContextImpl impl = new InvocationContextImpl(webBeansContext, this.contextual, context.getTarget(), null, null,
InterceptorUtil.getInterceptorMethods(this.contextual.getInterceptorStack(), interceptorType), interceptorType);
impl.setCreationalContext(this.cc);
impl.setEJBInvocationContext(context); // If the final 299 interceptor calls ic.proceed, the InvocationContext calls the ejbContext.proceed()
@@ -498,7 +498,7 @@ public class OpenWebBeansEjbInterceptor
{
logger.debug("Obtaining a delegate");
}
- Class<?> proxyClass = WebBeansContext.getInstance().getJavassistProxyFactory().getInterceptorProxyClasses().get(injectionTarget);
+ Class<?> proxyClass = webBeansContext.getJavassistProxyFactory().getInterceptorProxyClasses().get(injectionTarget);
if (proxyClass == null)
{
JavassistProxyFactory proxyFactory = webBeansContext.getJavassistProxyFactory();
@@ -560,7 +560,7 @@ public class OpenWebBeansEjbInterceptor
// Call Around Invokes,
// If there were decorators, the DelegatHandler will handle the ejbcontext.proceed at the top of the stack.
// If there were no decorators, we will fall off the end of our own InvocationContext and take care of ejbcontext.proceed.
- rv = InterceptorUtil.callAroundInvokes(this.contextual, instance, (CreationalContextImpl<?>) this.cc, method,
+ rv = InterceptorUtil.callAroundInvokes(webBeansContext, this.contextual, instance, (CreationalContextImpl<?>) this.cc, method,
arguments, InterceptorUtil.getInterceptorMethods(filteredInterceptorStack, InterceptorType.AROUND_INVOKE), ejbContext, this.ccKey);
}
@@ -584,7 +584,7 @@ public class OpenWebBeansEjbInterceptor
{
try
{
- InvocationContextImpl impl = new InvocationContextImpl(null, context.getTarget(), null, null,
+ InvocationContextImpl impl = new InvocationContextImpl(webBeansContext, null, context.getTarget(), null, null,
InterceptorUtil.getInterceptorMethods(this.contextual.getInterceptorStack(), InterceptorType.AROUND_TIMEOUT), InterceptorType.AROUND_TIMEOUT);
impl.setCreationalContext(this.cc);
impl.setEJBInvocationContext(context);
Modified: openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/component/AbstractInjectionTargetBean.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/component/AbstractInjectionTargetBean.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/component/AbstractInjectionTargetBean.java (original)
+++ openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/component/AbstractInjectionTargetBean.java Mon Mar 14 22:42:32 2011
@@ -249,7 +249,7 @@ public abstract class AbstractInjectionT
// Call Post Construct
if (WebBeansUtil.isContainsInterceptorMethod(getInterceptorStack(), InterceptorType.POST_CONSTRUCT))
{
- InvocationContextImpl impl = new InvocationContextImpl(null, instance, null, null,
+ InvocationContextImpl impl = new InvocationContextImpl(getWebBeansContext(), null, instance, null, null,
InterceptorUtil.getInterceptorMethods(getInterceptorStack(),
InterceptorType.POST_CONSTRUCT),
InterceptorType.POST_CONSTRUCT);
@@ -288,7 +288,7 @@ public abstract class AbstractInjectionT
{
if (WebBeansUtil.isContainsInterceptorMethod(getInterceptorStack(), InterceptorType.PRE_DESTROY))
{
- InvocationContextImpl impl = new InvocationContextImpl(null, instance, null, null,
+ InvocationContextImpl impl = new InvocationContextImpl(getWebBeansContext(), null, instance, null, null,
InterceptorUtil.getInterceptorMethods(getInterceptorStack(),
InterceptorType.PRE_DESTROY),
InterceptorType.PRE_DESTROY);
Modified: openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/component/ProducerFieldBean.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/component/ProducerFieldBean.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/component/ProducerFieldBean.java (original)
+++ openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/component/ProducerFieldBean.java Mon Mar 14 22:42:32 2011
@@ -27,7 +27,6 @@ import javax.enterprise.context.Dependen
import javax.enterprise.context.spi.CreationalContext;
import org.apache.webbeans.exception.WebBeansException;
-import org.apache.webbeans.util.SecurityUtil;
import org.apache.webbeans.util.WebBeansUtil;
/**
@@ -84,7 +83,7 @@ public class ProducerFieldBean<T> extend
if (!producerField.isAccessible())
{
- SecurityUtil.doPrivilegedSetAccessible(producerField, true);
+ getWebBeansContext().getSecurityService().doPrivilegedSetAccessible(producerField, true);
}
if (Modifier.isStatic(producerField.getModifiers()))
Modified: openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/config/WebBeansContext.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/config/WebBeansContext.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/config/WebBeansContext.java (original)
+++ openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/config/WebBeansContext.java Mon Mar 14 22:42:32 2011
@@ -48,6 +48,7 @@ import org.apache.webbeans.portable.even
import org.apache.webbeans.proxy.JavassistProxyFactory;
import org.apache.webbeans.spi.ContextsService;
import org.apache.webbeans.spi.ScannerService;
+import org.apache.webbeans.spi.SecurityService;
import org.apache.webbeans.spi.plugins.OpenWebBeansPlugin;
import org.apache.webbeans.util.ClassUtil;
import org.apache.webbeans.util.WebBeansUtil;
@@ -58,6 +59,9 @@ import org.apache.webbeans.xml.XMLAnnota
*/
public class WebBeansContext
{
+ private final Map<Class<?>, Object> managerMap = new HashMap<Class<?>, Object>();
+
+ private final Map<Class<?>, Object> serviceMap = new HashMap<Class<?>, Object>();
private WebBeansUtil webBeansUtil = new WebBeansUtil(this);
private ContextFactory contextFactory = new ContextFactory(this);
@@ -81,10 +85,7 @@ public class WebBeansContext
private InjectionPointFactory injectionPointFactory = new InjectionPointFactory(this);
private InterceptorUtil interceptorUtil = new InterceptorUtil(this);
private ManagedBeanConfigurator managedBeanConfigurator = new ManagedBeanConfigurator(this);
-
- private final Map<Class<?>, Object> managerMap = new HashMap<Class<?>, Object>();
-
- private final Map<Class<?>, Object> serviceMap = new HashMap<Class<?>, Object>();
+ private SecurityService securityService = getService(SecurityService.class);
public WebBeansContext()
{
@@ -169,10 +170,6 @@ public class WebBeansContext
}
}
-// if (logger.wblWillLogWarn())
-// {
-// logger.warn(OWBLogConst.WARN_0009, serviceInterface.getName());
-// }
return null;
}
return serviceInterface.cast(get(implName));
@@ -299,6 +296,11 @@ public class WebBeansContext
return getService(ContextsService.class);
}
+ public SecurityService getSecurityService()
+ {
+ return securityService;
+ }
+
private Object get(String singletonName)
{
//Load class
Added: openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/SimpleSecurityService.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/SimpleSecurityService.java?rev=1081597&view=auto
==============================================================================
--- openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/SimpleSecurityService.java (added)
+++ openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/SimpleSecurityService.java Mon Mar 14 22:42:32 2011
@@ -0,0 +1,114 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.webbeans.corespi;
+
+import org.apache.webbeans.spi.SecurityService;
+
+import java.lang.reflect.AccessibleObject;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.security.Principal;
+import java.security.PrivilegedActionException;
+import java.util.Properties;
+
+/**
+ * A version of the {@link SecurityService} which directly invokes
+ * the underlying Class methods instead of using a SecurityManager.
+ * This version is activated by default and intended for JavaSE and
+ * non EE-Server use.
+ */
+public class SimpleSecurityService implements SecurityService
+{
+ /**
+ * @return always <code>null</code> in the default implementation
+ */
+ @Override
+ public Principal getCurrentPrincipal()
+ {
+ return null;
+ }
+
+ @Override
+ public <T> Constructor<?>[] doPrivilegedGetDeclaredConstructors(Class<T> clazz)
+ {
+ return clazz.getDeclaredConstructors();
+ }
+
+ @Override
+ public <T> Method doPrivilegedGetDeclaredMethod(Class<T> clazz, String name, Class<?>... parameterTypes) throws NoSuchMethodException
+ {
+ return clazz.getDeclaredMethod(name, parameterTypes);
+ }
+
+ @Override
+ public <T> Method[] doPrivilegedGetDeclaredMethods(Class<T> clazz)
+ {
+ return clazz.getDeclaredMethods();
+ }
+
+ @Override
+ public <T> Field doPrivilegedGetDeclaredField(Class<T> clazz, String name) throws NoSuchFieldException
+ {
+ return clazz.getDeclaredField(name);
+ }
+
+ @Override
+ public <T> Field[] doPrivilegedGetDeclaredFields(Class<T> clazz)
+ {
+ return clazz.getDeclaredFields();
+ }
+
+ @Override
+ public void doPrivilegedSetAccessible(AccessibleObject obj, boolean flag)
+ {
+ obj.setAccessible(flag);
+ }
+
+ @Override
+ public boolean doPrivilegedIsAccessible(AccessibleObject obj)
+ {
+ return obj.isAccessible();
+ }
+
+ @Override
+ public <T> T doPrivilegedObjectCreate(Class<T> clazz)
+ throws PrivilegedActionException, IllegalAccessException, InstantiationException
+ {
+ return clazz.newInstance();
+ }
+
+ @Override
+ public void doPrivilegedSetSystemProperty(String propertyName, String value)
+ {
+ System.setProperty(propertyName, value);
+ }
+
+ @Override
+ public String doPrivilegedGetSystemProperty(String propertyName, String defaultValue)
+ {
+ return System.getProperty(propertyName, defaultValue);
+ }
+
+ @Override
+ public Properties doPrivilegedGetSystemProperties()
+ {
+ return System.getProperties();
+ }
+}
Modified: openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/inject/InjectableConstructor.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/inject/InjectableConstructor.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/inject/InjectableConstructor.java (original)
+++ openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/inject/InjectableConstructor.java Mon Mar 14 22:42:32 2011
@@ -28,7 +28,6 @@ import javax.enterprise.inject.spi.Injec
import org.apache.webbeans.component.AbstractOwbBean;
import org.apache.webbeans.exception.WebBeansException;
-import org.apache.webbeans.util.SecurityUtil;
/**
* Injects the parameters of the {@link org.apache.webbeans.component.ManagedBean} constructor and returns
@@ -84,7 +83,7 @@ public class InjectableConstructor<T> ex
{
if(!con.isAccessible())
{
- SecurityUtil.doPrivilegedSetAccessible(con, true);
+ injectionOwnerBean.getWebBeansContext().getSecurityService().doPrivilegedSetAccessible(con, true);
}
instance = con.newInstance(list.toArray());
Modified: openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/inject/InjectableField.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/inject/InjectableField.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/inject/InjectableField.java (original)
+++ openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/inject/InjectableField.java Mon Mar 14 22:42:32 2011
@@ -25,7 +25,6 @@ import javax.enterprise.inject.spi.Injec
import org.apache.webbeans.component.AbstractOwbBean;
import org.apache.webbeans.exception.WebBeansException;
-import org.apache.webbeans.util.SecurityUtil;
/**
* Field type injection.
@@ -54,7 +53,7 @@ public class InjectableField extends Abs
if (!field.isAccessible())
{
- SecurityUtil.doPrivilegedSetAccessible(field, true);
+ injectionOwnerBean.getWebBeansContext().getSecurityService().doPrivilegedSetAccessible(field, true);
}
Object object = inject(injectedField);
Modified: openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/inject/InjectableMethods.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/inject/InjectableMethods.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/inject/InjectableMethods.java (original)
+++ openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/inject/InjectableMethods.java Mon Mar 14 22:42:32 2011
@@ -37,7 +37,6 @@ import org.apache.webbeans.component.Owb
import org.apache.webbeans.component.ProducerMethodBean;
import org.apache.webbeans.container.InjectionResolver;
import org.apache.webbeans.exception.WebBeansException;
-import org.apache.webbeans.util.SecurityUtil;
@SuppressWarnings("unchecked")
public class InjectableMethods<T> extends AbstractInjectable
@@ -134,7 +133,7 @@ public class InjectableMethods<T> extend
{
if (!method.isAccessible())
{
- SecurityUtil.doPrivilegedSetAccessible(method, true);
+ injectionOwnerBean.getWebBeansContext().getSecurityService().doPrivilegedSetAccessible(method, true);
}
return (T) method.invoke(instance, list.toArray(new Object[list.size()]));
Modified: openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/DependentScopedBeanInterceptorHandler.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/DependentScopedBeanInterceptorHandler.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/DependentScopedBeanInterceptorHandler.java (original)
+++ openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/DependentScopedBeanInterceptorHandler.java Mon Mar 14 22:42:32 2011
@@ -80,7 +80,7 @@ public class DependentScopedBeanIntercep
*/
protected Object callAroundInvokes(Method proceed, Object[] arguments, List<InterceptorData> stack) throws Exception
{
- InvocationContextImpl impl = new InvocationContextImpl(this.bean, this.actualInstance ,proceed, arguments, stack, InterceptorType.AROUND_INVOKE);
+ InvocationContextImpl impl = new InvocationContextImpl(webBeansContext, this.bean, this.actualInstance ,proceed, arguments, stack, InterceptorType.AROUND_INVOKE);
impl.setCreationalContext(creationalContext);
return impl.proceed();
Modified: openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/InterceptorHandler.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/InterceptorHandler.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/InterceptorHandler.java (original)
+++ openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/InterceptorHandler.java Mon Mar 14 22:42:32 2011
@@ -152,7 +152,7 @@ public abstract class InterceptorHandler
/**Intercepted methods*/
protected transient volatile Map<Method, List<InterceptorData>> interceptedMethodMap = null;
- private WebBeansContext webBeansContext;
+ protected WebBeansContext webBeansContext;
/**
* Creates a new handler.
@@ -287,7 +287,7 @@ public abstract class InterceptorHandler
boolean access = method.isAccessible();
if (!access)
{
- SecurityUtil.doPrivilegedSetAccessible(method, true);
+ webBeansContext.getSecurityService().doPrivilegedSetAccessible(method, true);
}
try
{
@@ -298,7 +298,7 @@ public abstract class InterceptorHandler
{
if (!access)
{
- SecurityUtil.doPrivilegedSetAccessible(method, access);
+ webBeansContext.getSecurityService().doPrivilegedSetAccessible(method, access);
}
}
Modified: openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/InterceptorUtil.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/InterceptorUtil.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/InterceptorUtil.java (original)
+++ openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/InterceptorUtil.java Mon Mar 14 22:42:32 2011
@@ -566,10 +566,10 @@ public final class InterceptorUtil
}
}
- public static Object callAroundInvokes(InjectionTargetBean<?> bean,Object instance, CreationalContextImpl<?> creationalContext,
+ public static Object callAroundInvokes(WebBeansContext webBeansContext, InjectionTargetBean<?> bean,Object instance, CreationalContextImpl<?> creationalContext,
Method proceed, Object[] arguments, List<InterceptorData> stack, InvocationContext ejbInvocationContext, Object altKey) throws Exception
{
- InvocationContextImpl impl = new InvocationContextImpl(bean, instance,
+ InvocationContextImpl impl = new InvocationContextImpl(webBeansContext, bean, instance,
proceed, arguments, stack, InterceptorType.AROUND_INVOKE);
if (ejbInvocationContext != null)
{
Modified: openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/InvocationContextImpl.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/InvocationContextImpl.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/InvocationContextImpl.java (original)
+++ openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/InvocationContextImpl.java Mon Mar 14 22:42:32 2011
@@ -31,9 +31,9 @@ import javax.interceptor.InvocationConte
import org.apache.webbeans.component.EnterpriseBeanMarker;
import org.apache.webbeans.component.OwbBean;
+import org.apache.webbeans.config.WebBeansContext;
import org.apache.webbeans.context.creational.CreationalContextImpl;
import org.apache.webbeans.util.ClassUtil;
-import org.apache.webbeans.util.SecurityUtil;
/**
* Implementation of the {@link InvocationContext} interface.
@@ -66,6 +66,7 @@ public class InvocationContextImpl imple
private OwbBean<?> owbBean;
private InvocationContext ejbInvocationContext;
+ private WebBeansContext webBeansContext;
/** alternate key to be used for dependent creational contexts */
@@ -81,8 +82,10 @@ public class InvocationContextImpl imple
* @param datas interceptor stack
* @param type interceptor type
*/
- public InvocationContextImpl(OwbBean<?> bean, Object instance, Method method, Object[] parameters, List<InterceptorData> datas, InterceptorType type)
+ public InvocationContextImpl(WebBeansContext webBeansContext, OwbBean<?> bean, Object instance, Method method,
+ Object[] parameters, List<InterceptorData> datas, InterceptorType type)
{
+ this.webBeansContext = webBeansContext;
this.owbBean = bean;
this.method = method;
this.parameters = parameters;
@@ -221,7 +224,7 @@ public class InvocationContextImpl imple
if (!accessible)
{
- SecurityUtil.doPrivilegedSetAccessible(aroundInvokeMethod, true);
+ owbBean.getWebBeansContext().getSecurityService().doPrivilegedSetAccessible(aroundInvokeMethod, true);
}
Object t = intc.createNewInstance(this.ccKey != null ? this.ccKey : this.target,
@@ -238,7 +241,7 @@ public class InvocationContextImpl imple
if(!accessible)
{
- SecurityUtil.doPrivilegedSetAccessible(aroundInvokeMethod, false);
+ owbBean.getWebBeansContext().getSecurityService().doPrivilegedSetAccessible(aroundInvokeMethod, false);
}
}
@@ -249,14 +252,14 @@ public class InvocationContextImpl imple
boolean accessible = this.method.isAccessible();
if(!accessible)
{
- SecurityUtil.doPrivilegedSetAccessible(method, true);
+ owbBean.getWebBeansContext().getSecurityService().doPrivilegedSetAccessible(method, true);
}
result = this.method.invoke(target, parameters);
if(!accessible)
{
- SecurityUtil.doPrivilegedSetAccessible(method, false);
+ owbBean.getWebBeansContext().getSecurityService().doPrivilegedSetAccessible(method, false);
}
}
else
@@ -290,7 +293,7 @@ public class InvocationContextImpl imple
if (!accessible)
{
- SecurityUtil.doPrivilegedSetAccessible(aroundTimeoutMethod, true);
+ owbBean.getWebBeansContext().getSecurityService().doPrivilegedSetAccessible(aroundTimeoutMethod, true);
}
Object t = intc.createNewInstance(this.ccKey != null ? this.ccKey : this.target,
@@ -307,7 +310,7 @@ public class InvocationContextImpl imple
if(!accessible)
{
- SecurityUtil.doPrivilegedSetAccessible(aroundTimeoutMethod, false);
+ owbBean.getWebBeansContext().getSecurityService().doPrivilegedSetAccessible(aroundTimeoutMethod, false);
}
}
@@ -318,14 +321,14 @@ public class InvocationContextImpl imple
boolean accessible = method.isAccessible();
if(!accessible)
{
- SecurityUtil.doPrivilegedSetAccessible(method, true);
+ owbBean.getWebBeansContext().getSecurityService().doPrivilegedSetAccessible(method, true);
}
result = this.method.invoke(target, parameters);
if(!accessible)
{
- SecurityUtil.doPrivilegedSetAccessible(method, false);
+ owbBean.getWebBeansContext().getSecurityService().doPrivilegedSetAccessible(method, false);
}
}
else
@@ -385,7 +388,7 @@ public class InvocationContextImpl imple
if (!commonAnnMethod.isAccessible())
{
- SecurityUtil.doPrivilegedSetAccessible(commonAnnMethod, true);
+ webBeansContext.getSecurityService().doPrivilegedSetAccessible(commonAnnMethod, true);
}
currentMethod++;
Modified: openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/NormalScopedBeanInterceptorHandler.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/NormalScopedBeanInterceptorHandler.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/NormalScopedBeanInterceptorHandler.java (original)
+++ openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/intercept/NormalScopedBeanInterceptorHandler.java Mon Mar 14 22:42:32 2011
@@ -103,7 +103,7 @@ public class NormalScopedBeanInterceptor
*/
protected Object callAroundInvokes(Method proceed, Object[] arguments, List<InterceptorData> stack) throws Exception
{
- InvocationContextImpl impl = new InvocationContextImpl(this.bean, getContextualInstance(),
+ InvocationContextImpl impl = new InvocationContextImpl(webBeansContext, this.bean, getContextualInstance(),
proceed, arguments, stack, InterceptorType.AROUND_INVOKE);
impl.setCreationalContext(getContextualCreationalContext());
Modified: openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/util/SecurityUtil.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/util/SecurityUtil.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/util/SecurityUtil.java (original)
+++ openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/util/SecurityUtil.java Mon Mar 14 22:42:32 2011
@@ -31,6 +31,7 @@ import java.util.Properties;
import javassist.util.proxy.ProxyFactory;
import org.apache.webbeans.exception.WebBeansException;
+/** @deprecated use SecurityService instaed */
public class SecurityUtil
{
@@ -61,6 +62,7 @@ public class SecurityUtil
}
@SuppressWarnings("unchecked")
+ /** @deprecated use SecurityService instaed */
public static <T> Constructor<T>[] doPrivilegedGetDeclaredConstructors(Class<T> clazz)
{
Object obj = AccessController.doPrivileged(
Modified: openwebbeans/trunk/webbeans-impl/src/main/resources/META-INF/openwebbeans/openwebbeans.properties
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/resources/META-INF/openwebbeans/openwebbeans.properties?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-impl/src/main/resources/META-INF/openwebbeans/openwebbeans.properties (original)
+++ openwebbeans/trunk/webbeans-impl/src/main/resources/META-INF/openwebbeans/openwebbeans.properties Mon Mar 14 22:42:32 2011
@@ -55,6 +55,12 @@ org.apache.webbeans.spi.adaptor.ELAdapto
org.apache.webbeans.spi.ContextsService=org.apache.webbeans.corespi.se.DefaultContextsService
################################################################################################
+################################### Default Contexts Service ####################################
+# Default SecurityService implementation which directly invokes underlying classes
+# without using a SecurityManager
+org.apache.webbeans.spi.SecurityService=org.apache.webbeans.corespi.SimpleSecurityService
+################################################################################################
+
################################################################################################
#################################### SEVERAL CONFIGURATION PARAMETERS ##########################
################################################################################################
Modified: openwebbeans/trunk/webbeans-openejb/src/main/java/org/apache/webbeans/ejb/service/OpenEJBSecurityService.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-openejb/src/main/java/org/apache/webbeans/ejb/service/OpenEJBSecurityService.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-openejb/src/main/java/org/apache/webbeans/ejb/service/OpenEJBSecurityService.java (original)
+++ openwebbeans/trunk/webbeans-openejb/src/main/java/org/apache/webbeans/ejb/service/OpenEJBSecurityService.java Mon Mar 14 22:42:32 2011
@@ -21,9 +21,10 @@ package org.apache.webbeans.ejb.service;
import java.security.Principal;
import org.apache.openejb.loader.SystemInstance;
+import org.apache.webbeans.corespi.SimpleSecurityService;
import org.apache.webbeans.spi.SecurityService;
-public class OpenEJBSecurityService implements SecurityService
+public class OpenEJBSecurityService extends SimpleSecurityService implements SecurityService
{
public OpenEJBSecurityService()
{
Modified: openwebbeans/trunk/webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java (original)
+++ openwebbeans/trunk/webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java Mon Mar 14 22:42:32 2011
@@ -18,18 +18,89 @@
*/
package org.apache.webbeans.spi;
+import java.lang.reflect.AccessibleObject;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
import java.security.Principal;
+import java.security.PrivilegedActionException;
+import java.util.Properties;
/**
- * Security service SPI.
- * @version $Rev$ $Date$
- *
+ * <p>The SecurityService SPI provides support for all kinds
+ * of JavaEE related security mechanism.</p>
+ * <p>There are by default 2 basically different implementations
+ * provided by OpenWebBeans. One version performs all underlying
+ * class invocations via {@link java.security.AccessController#doPrivileged}
+ * which is intended for use in Java EE servers. The 2nd version directly
+ * invokes the underlying Class methods without any AccessControler and is
+ * intended for scenarios where no Java security mechanism needs to be used.
+ * Since OpenWebBeans (as any other DI framework) is heavily based on
+ * reflection, using the simple NoSecurityService leads to a way better
+ * application performance.
*/
public interface SecurityService
{
/**
* Gets the current caller identity.
- * @return current caller identity.
+ * @return current caller identity or <code>null</code> if none provided.
*/
public Principal getCurrentPrincipal();
+
+ /**
+ * @see Class#getDeclaredConstructors()
+ */
+ public <T> Constructor<?>[] doPrivilegedGetDeclaredConstructors(Class<T> clazz);
+
+ /**
+ * @see Class#getDeclaredMethod(String, Class[])
+ */
+ public <T> Method doPrivilegedGetDeclaredMethod(Class<T> clazz, String name, Class<?>... parameterTypes) throws NoSuchMethodException;
+
+ /**
+ * @see Class#getDeclaredMethods()
+ */
+ public <T> Method[] doPrivilegedGetDeclaredMethods(Class<T> clazz);
+
+ /**
+ * @see Class#getDeclaredField(String)
+ */
+ public <T> Field doPrivilegedGetDeclaredField(Class<T> clazz, String name) throws NoSuchFieldException;
+
+ /**
+ * @see Class#getDeclaredFields()
+ */
+ public <T> Field[] doPrivilegedGetDeclaredFields(Class<T> clazz);
+
+ /**
+ * @see AccessibleObject#setAccessible(boolean)
+ */
+ public void doPrivilegedSetAccessible(AccessibleObject obj, boolean flag);
+
+ /**
+ * @see AccessibleObject#isAccessible()
+ */
+ public boolean doPrivilegedIsAccessible(AccessibleObject obj);
+
+ /**
+ * @see Class#newInstance()
+ */
+ public <T> T doPrivilegedObjectCreate(Class<T> clazz)
+ throws PrivilegedActionException, IllegalAccessException, InstantiationException;
+
+ /**
+ * @see Class#
+ */
+ public void doPrivilegedSetSystemProperty(String propertyName, String value);
+
+ /**
+ * @see System#getProperty(String, String)
+ */
+ public String doPrivilegedGetSystemProperty(String propertyName, String defaultValue);
+
+ /**
+ * @see System#getProperties()
+ */
+ public Properties doPrivilegedGetSystemProperties();
+
}
Modified: openwebbeans/trunk/webbeans-tomcat6/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityService.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-tomcat6/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityService.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-tomcat6/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityService.java (original)
+++ openwebbeans/trunk/webbeans-tomcat6/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityService.java Mon Mar 14 22:42:32 2011
@@ -20,9 +20,10 @@ package org.apache.webbeans.web.tomcat;
import java.security.Principal;
+import org.apache.webbeans.corespi.SimpleSecurityService;
import org.apache.webbeans.spi.SecurityService;
-public class TomcatSecurityService implements SecurityService
+public class TomcatSecurityService extends SimpleSecurityService implements SecurityService
{
@Override
Modified: openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityService.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityService.java?rev=1081597&r1=1081596&r2=1081597&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityService.java (original)
+++ openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityService.java Mon Mar 14 22:42:32 2011
@@ -20,9 +20,10 @@ package org.apache.webbeans.web.tomcat;
import java.security.Principal;
+import org.apache.webbeans.corespi.SimpleSecurityService;
import org.apache.webbeans.spi.SecurityService;
-public class TomcatSecurityService implements SecurityService
+public class TomcatSecurityService extends SimpleSecurityService implements SecurityService
{
@Override