You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by db...@apache.org on 2008/03/24 02:09:40 UTC
svn commit: r640283 - in /openejb/trunk/openejb3/container:
openejb-core/src/main/java/org/apache/openejb/assembler/classic/
openejb-core/src/main/java/org/apache/openejb/core/security/
openejb-core/src/main/java/org/apache/openejb/core/security/jacc/ ...
Author: dblevins
Date: Sun Mar 23 18:09:39 2008
New Revision: 640283
URL: http://svn.apache.org/viewvc?rev=640283&view=rev
Log:
Security annotation inheritance
Added:
openejb/trunk/openejb3/container/openejb-core/src/test/java/org/apache/openejb/core/stateful/StatefulSecurityPermissionsTest.java
Modified:
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/JaccPermissionsBuilder.java
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodInfoUtil.java
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodPermissionInfo.java
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodTransactionBuilder.java
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicPolicyConfiguration.java
openejb/trunk/openejb3/container/openejb-jee/src/main/java/org/apache/openejb/jee/ContainerTransaction.java
openejb/trunk/openejb3/container/openejb-jee/src/main/java/org/apache/openejb/jee/MethodPermission.java
Modified: openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/JaccPermissionsBuilder.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/JaccPermissionsBuilder.java?rev=640283&r1=640282&r2=640283&view=diff
==============================================================================
--- openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/JaccPermissionsBuilder.java (original)
+++ openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/JaccPermissionsBuilder.java Sun Mar 23 18:09:39 2008
@@ -19,6 +19,9 @@
import org.apache.openejb.DeploymentInfo;
import org.apache.openejb.InterfaceType;
import org.apache.openejb.OpenEJBException;
+import org.apache.openejb.util.Logger;
+import org.apache.openejb.util.LogCategory;
+import static org.apache.openejb.assembler.classic.MethodInfoUtil.resolveAttributes;
import org.apache.openejb.core.CoreDeploymentInfo;
import javax.security.jacc.EJBMethodPermission;
@@ -33,6 +36,8 @@
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.ArrayList;
+import java.lang.reflect.Method;
/**
* @version $Rev$ $Date$
@@ -65,9 +70,66 @@
}
}
+ private static Logger log = Logger.getInstance(LogCategory.OPENEJB_STARTUP.createChild("attributes"), JaccPermissionsBuilder.class);
public PolicyContext build(EjbJarInfo ejbJar, HashMap<String, DeploymentInfo> deployments) throws OpenEJBException {
+ List<MethodPermissionInfo> normalized = new ArrayList<MethodPermissionInfo>();
+
+ List<MethodPermissionInfo> perms = ejbJar.methodPermissions;
+
+ for (MethodInfo info : ejbJar.excludeList) {
+ MethodPermissionInfo perm = new MethodPermissionInfo();
+ perm.excluded = true;
+ perm.methods.add(info);
+ perms.add(perm);
+ }
+
+ perms = MethodInfoUtil.normalizeMethodPermissionInfos(perms);
+
+ for (DeploymentInfo deploymentInfo : deployments.values()) {
+ Map<Method, MethodAttributeInfo> attributes = resolveAttributes(perms, deploymentInfo);
+
+ if (log.isDebugEnabled()) {
+ for (Map.Entry<Method, MethodAttributeInfo> entry : attributes.entrySet()) {
+ Method method = entry.getKey();
+ MethodPermissionInfo value = (MethodPermissionInfo) entry.getValue();
+ log.debug("Security Attribute: " + method + " -- " + MethodInfoUtil.toString(value));
+ }
+ }
+
+ for (Map.Entry<Method, MethodAttributeInfo> entry : attributes.entrySet()) {
+ Method method = entry.getKey();
+
+ MethodPermissionInfo a = (MethodPermissionInfo) entry.getValue();
+ MethodPermissionInfo b = new MethodPermissionInfo();
+ b.excluded = a.excluded;
+ b.unchecked = a.unchecked;
+ b.roleNames.addAll(a.roleNames);
+
+ MethodInfo am = a.methods.get(0);
+ MethodInfo bm = new MethodInfo();
+
+ bm.ejbName = deploymentInfo.getEjbName();
+ bm.ejbDeploymentId = deploymentInfo.getDeploymentID() + "";
+ bm.methodIntf = am.methodIntf;
+
+ bm.className = method.getDeclaringClass().getName();
+ bm.methodName = method.getName();
+ bm.methodParams = new ArrayList<String>();
+ for (Class<?> type : method.getParameterTypes()) {
+ bm.methodParams.add(type.getName());
+ }
+ b.methods.add(bm);
+
+ normalized.add(b);
+ }
+ }
+
+ ejbJar.methodPermissions.clear();
+ ejbJar.methodPermissions.addAll(normalized);
+ ejbJar.excludeList.clear();
+
PolicyContext policyContext = new PolicyContext(ejbJar.moduleId);
for (EnterpriseBeanInfo enterpriseBean : ejbJar.enterpriseBeans) {
@@ -109,6 +171,7 @@
for (MethodPermissionInfo methodPermission : ejbJar.methodPermissions) {
List<String> roleNames = methodPermission.roleNames;
boolean unchecked = methodPermission.unchecked;
+ boolean excluded = methodPermission.excluded;
for (MethodInfo method : methodPermission.methods) {
@@ -142,6 +205,11 @@
// if this is unchecked, mark it as unchecked; otherwise assign the roles
if (unchecked) {
uncheckedPermissions.add(permission);
+ } else if (excluded) {
+ /**
+ * JACC v1.0 section 3.1.5.2
+ */
+ excludedPermissions.add(permission);
} else {
for (String roleName : roleNames) {
Permissions permissions = (Permissions) rolePermissions.get(roleName);
@@ -154,35 +222,6 @@
}
}
- }
-
- /**
- * JACC v1.0 section 3.1.5.2
- */
- for (MethodInfo method : ejbJar.excludeList) {
- if (!ejbName.equals(method.ejbName)) {
- continue;
- }
-
- // method name
- String methodName = method.methodName;
- // method interface
- String methodIntf = method.methodIntf;
-
- // method parameters
- String[] methodParams;
- if (method.methodParams != null) {
- List<String> paramList = method.methodParams;
- methodParams = paramList.toArray(new String[paramList.size()]);
- } else {
- methodParams = null;
- }
-
- // create the permission object
- EJBMethodPermission permission = new EJBMethodPermission(ejbName, methodName, methodIntf, methodParams);
-
- excludedPermissions.add(permission);
- notAssigned = cullPermissions(notAssigned, permission);
}
/**
Modified: openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodInfoUtil.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodInfoUtil.java?rev=640283&r1=640282&r2=640283&view=diff
==============================================================================
--- openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodInfoUtil.java (original)
+++ openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodInfoUtil.java Sun Mar 23 18:09:39 2008
@@ -17,6 +17,8 @@
package org.apache.openejb.assembler.classic;
import org.apache.openejb.core.CoreDeploymentInfo;
+import org.apache.openejb.DeploymentInfo;
+import org.apache.openejb.util.Join;
import static java.util.Arrays.asList;
import java.util.Comparator;
@@ -171,6 +173,7 @@
newInfo.methods.add(methodInfo);
newInfo.roleNames.addAll(oldInfo.roleNames);
newInfo.unchecked = oldInfo.unchecked;
+ newInfo.excluded = oldInfo.excluded;
normalized.add(newInfo);
}
@@ -204,7 +207,7 @@
}
- public static Map<Method, MethodAttributeInfo> resolveAttributes(List<? extends MethodAttributeInfo> infos, CoreDeploymentInfo deploymentInfo) {
+ public static Map<Method, MethodAttributeInfo> resolveAttributes(List<? extends MethodAttributeInfo> infos, DeploymentInfo deploymentInfo) {
Map<Method, MethodAttributeInfo> attributes = new LinkedHashMap<Method, MethodAttributeInfo>();
Method[] wildCardView = getWildCardView(deploymentInfo).toArray(new Method[]{});
@@ -251,7 +254,7 @@
return attributes;
}
- private static List<Method> getWildCardView(CoreDeploymentInfo info) {
+ private static List<Method> getWildCardView(DeploymentInfo info) {
List<Method> methods = new ArrayList<Method>();
List<Method> beanMethods = asList(info.getBeanClass().getMethods());
@@ -400,6 +403,43 @@
// Secondary sort
return view(am).ordinal() - view(bm).ordinal();
}
+ }
+
+
+ public static String toString(MethodInfo i) {
+ String s = i.ejbName;
+ s += " : ";
+ s += (i.methodIntf == null) ? "*" : i.methodIntf;
+ s += " : ";
+ s += i.className;
+ s += " : ";
+ s += i.methodName;
+ s += "(";
+ if (i.methodParams != null) {
+ s += Join.join(", ", i.methodParams);
+ } else {
+ s += "*";
+ }
+ s += ")";
+ return s;
+ }
+
+ public static String toString(MethodPermissionInfo i) {
+ String s = toString(i.methods.get(0));
+ if (i.unchecked){
+ s += " Unchecked";
+ } else if (i.excluded){
+ s += " Excluded";
+ } else {
+ s += " " + Join.join(", ", i.roleNames);
+ }
+ return s;
+ }
+
+ public static String toString(MethodTransactionInfo i) {
+ String s = toString(i.methods.get(0));
+ s += " " + i.transAttribute;
+ return s;
}
}
Modified: openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodPermissionInfo.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodPermissionInfo.java?rev=640283&r1=640282&r2=640283&view=diff
==============================================================================
--- openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodPermissionInfo.java (original)
+++ openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodPermissionInfo.java Sun Mar 23 18:09:39 2008
@@ -16,6 +16,8 @@
*/
package org.apache.openejb.assembler.classic;
+import org.apache.openejb.util.Join;
+
import java.util.List;
import java.util.ArrayList;
@@ -23,6 +25,7 @@
public String description;
public final List<String> roleNames = new ArrayList<String>();
+ public boolean excluded;
public boolean unchecked;
}
Modified: openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodTransactionBuilder.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodTransactionBuilder.java?rev=640283&r1=640282&r2=640283&view=diff
==============================================================================
--- openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodTransactionBuilder.java (original)
+++ openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodTransactionBuilder.java Sun Mar 23 18:09:39 2008
@@ -51,6 +51,15 @@
Map<Method, MethodAttributeInfo> attributes = resolveAttributes(methodTransactionInfos, deploymentInfo);
+ Logger log = Logger.getInstance(LogCategory.OPENEJB_STARTUP.createChild("attributes"), MethodTransactionBuilder.class);
+ if (log.isDebugEnabled()) {
+ for (Map.Entry<Method, MethodAttributeInfo> entry : attributes.entrySet()) {
+ Method method = entry.getKey();
+ MethodPermissionInfo value = (MethodPermissionInfo) entry.getValue();
+ log.debug("Transaction Attribute: " + method + " -- " + MethodInfoUtil.toString(value));
+ }
+ }
+
for (Map.Entry<Method, MethodAttributeInfo> entry : attributes.entrySet()) {
MethodTransactionInfo value = (MethodTransactionInfo) entry.getValue();
Modified: openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java?rev=640283&r1=640282&r2=640283&view=diff
==============================================================================
--- openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java (original)
+++ openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java Sun Mar 23 18:09:39 2008
@@ -66,7 +66,11 @@
private String realmName = "PropertiesLogin";
public AbstractSecurityService() {
- System.setProperty(JaccProvider.class.getName(), BasicJaccProvider.class.getName());
+ this(BasicJaccProvider.class.getName());
+ }
+
+ public AbstractSecurityService(String jaccProvider) {
+ System.setProperty(JaccProvider.class.getName(), jaccProvider);
installJacc();
@@ -77,7 +81,6 @@
SystemInstance.get().setComponent(BasicPolicyConfiguration.RoleResolver.class, this);
}
-
public String getRealmName() {
return realmName;
Modified: openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java?rev=640283&r1=640282&r2=640283&view=diff
==============================================================================
--- openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java (original)
+++ openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java Sun Mar 23 18:09:39 2008
@@ -17,8 +17,8 @@
package org.apache.openejb.core.security;
import org.apache.openejb.core.security.jaas.UsernamePasswordCallbackHandler;
+import org.apache.openejb.core.security.jacc.BasicJaccProvider;
import org.apache.openejb.util.ConfUtils;
-import org.apache.openejb.util.URLs;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
@@ -31,7 +31,13 @@
* @version $Rev$ $Date$
*/
public class SecurityServiceImpl extends AbstractSecurityService {
+
public SecurityServiceImpl() {
+ this(BasicJaccProvider.class.getName());
+ }
+
+ public SecurityServiceImpl(String jaccProviderClass) {
+ super(jaccProviderClass);
installJaas();
try {
Modified: openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java?rev=640283&r1=640282&r2=640283&view=diff
==============================================================================
--- openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java (original)
+++ openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java Sun Mar 23 18:09:39 2008
@@ -46,13 +46,17 @@
BasicPolicyConfiguration configuration = (BasicPolicyConfiguration) configurations.get(contextID);
if (configuration == null) {
- configuration = new BasicPolicyConfiguration(contextID);
+ configuration = createPolicyConfiguration(contextID);
configurations.put(contextID, configuration);
} else {
configuration.open(remove);
}
return configuration;
+ }
+
+ protected BasicPolicyConfiguration createPolicyConfiguration(String contextID) {
+ return new BasicPolicyConfiguration(contextID);
}
public boolean inService(String contextID) throws PolicyContextException {
Modified: openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicPolicyConfiguration.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicPolicyConfiguration.java?rev=640283&r1=640282&r2=640283&view=diff
==============================================================================
--- openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicPolicyConfiguration.java (original)
+++ openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicPolicyConfiguration.java Sun Mar 23 18:09:39 2008
@@ -41,11 +41,11 @@
private final String contextID;
private int state;
- private final Map<String, Permissions> rolePermissionsMap = new LinkedHashMap<String, Permissions>();
- private Permissions unchecked = null;
- private Permissions excluded = null;
+ protected final Map<String, Permissions> rolePermissionsMap = new LinkedHashMap<String, Permissions>();
+ protected Permissions unchecked = null;
+ protected Permissions excluded = null;
- BasicPolicyConfiguration(String contextID) {
+ protected BasicPolicyConfiguration(String contextID) {
this.contextID = contextID;
this.state = OPEN;
}
Added: openejb/trunk/openejb3/container/openejb-core/src/test/java/org/apache/openejb/core/stateful/StatefulSecurityPermissionsTest.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/test/java/org/apache/openejb/core/stateful/StatefulSecurityPermissionsTest.java?rev=640283&view=auto
==============================================================================
--- openejb/trunk/openejb3/container/openejb-core/src/test/java/org/apache/openejb/core/stateful/StatefulSecurityPermissionsTest.java (added)
+++ openejb/trunk/openejb3/container/openejb-core/src/test/java/org/apache/openejb/core/stateful/StatefulSecurityPermissionsTest.java Sun Mar 23 18:09:39 2008
@@ -0,0 +1,304 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.core.stateful;
+
+import junit.framework.TestCase;
+import org.apache.openejb.core.ivm.naming.InitContextFactory;
+import org.apache.openejb.core.ThreadContext;
+import org.apache.openejb.core.security.jacc.BasicJaccProvider;
+import org.apache.openejb.core.security.jacc.BasicPolicyConfiguration;
+import org.apache.openejb.core.security.AbstractSecurityService;
+import org.apache.openejb.core.security.jaas.UserPrincipal;
+import org.apache.openejb.core.security.jaas.GroupPrincipal;
+import org.apache.openejb.core.transaction.TransactionPolicy;
+import org.apache.openejb.assembler.classic.Assembler;
+import org.apache.openejb.assembler.classic.ProxyFactoryInfo;
+import org.apache.openejb.assembler.classic.TransactionServiceInfo;
+import org.apache.openejb.assembler.classic.SecurityServiceInfo;
+import org.apache.openejb.assembler.classic.EjbJarInfo;
+import org.apache.openejb.config.ConfigurationFactory;
+import org.apache.openejb.jee.EjbJar;
+import org.apache.openejb.jee.StatefulBean;
+import org.apache.openejb.jee.ContainerTransaction;
+import org.apache.openejb.jee.TransAttribute;
+import org.apache.openejb.jee.MethodIntf;
+import org.apache.openejb.jee.MethodPermission;
+import org.apache.openejb.loader.SystemInstance;
+import org.apache.openejb.spi.SecurityService;
+
+import javax.naming.InitialContext;
+import javax.ejb.LocalHome;
+import javax.ejb.RemoteHome;
+import javax.ejb.TransactionAttribute;
+import javax.ejb.TransactionAttributeType;
+import javax.ejb.Init;
+import javax.ejb.Remove;
+import javax.ejb.Local;
+import javax.ejb.Remote;
+import javax.ejb.EJBHome;
+import javax.ejb.CreateException;
+import javax.ejb.EJBObject;
+import javax.ejb.EJBLocalHome;
+import javax.ejb.EJBLocalObject;
+import javax.ejb.EJBAccessException;
+import javax.annotation.security.RolesAllowed;
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.DenyAll;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContextException;
+import java.util.List;
+import java.util.Set;
+import java.util.UUID;
+import java.util.HashSet;
+import java.util.Collections;
+import java.rmi.RemoteException;
+import java.security.ProtectionDomain;
+import java.security.Permission;
+import java.security.Principal;
+import java.security.Permissions;
+import java.security.PermissionCollection;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class StatefulSecurityPermissionsTest extends TestCase {
+
+ public void test() throws Exception {
+ System.setProperty(javax.naming.Context.INITIAL_CONTEXT_FACTORY, InitContextFactory.class.getName());
+
+ Assembler assembler = new Assembler();
+ ConfigurationFactory config = new ConfigurationFactory();
+
+ assembler.createProxyFactory(config.configureService(ProxyFactoryInfo.class));
+ assembler.createTransactionManager(config.configureService(TransactionServiceInfo.class));
+ SecurityServiceInfo securityServiceInfo = config.configureService(SecurityServiceInfo.class);
+ securityServiceInfo.className = TestSecurityService.class.getName();
+ assembler.createSecurityService(securityServiceInfo);
+
+ TestSecurityService securityService = (TestSecurityService) SystemInstance.get().getComponent(SecurityService.class);
+
+ securityService.login("foo", "Jazz", "Rock", "Reggae", "HipHop");
+
+ EjbJar ejbJar = new EjbJar();
+ ejbJar.addEnterpriseBean(new StatefulBean(Color.class));
+ List<MethodPermission> permissions = ejbJar.getAssemblyDescriptor().getMethodPermission();
+ permissions.add(new MethodPermission("*", "Color", "*", "Foo"));
+ permissions.add(new MethodPermission("*", "Color", "create").setUnchecked());
+ permissions.add(new MethodPermission("*", "Color", "ejbCreate").setUnchecked());
+
+ EjbJarInfo ejbJarInfo = config.configureApplication(ejbJar);
+ assembler.createApplication(ejbJarInfo);
+
+ InitialContext context = new InitialContext();
+
+ {
+ ColorLocal color = (ColorLocal) context.lookup("ColorLocal");
+
+ assertEquals("Jazz", color.color());
+ try {
+ color.color((Object) null);
+ } catch (EJBAccessException e) {
+ assertEquals("Excluded", actual.get());
+ }
+ assertEquals("Rock", color.color((String)null));
+ assertEquals("Unchecked", color.color((Boolean)null));
+ assertEquals("Reggae", color.color((Integer)null));
+ }
+
+ }
+
+ public static ThreadLocal<String> expected = new ThreadLocal<String>();
+
+ @LocalHome(ColorEjbLocalHome.class)
+ @RemoteHome(ColorEjbHome.class)
+ public static class Color implements ColorLocal, ColorRemote {
+
+ protected String attribute() {
+ return actual.get();
+ }
+
+ @Init
+ public void ejbCreate(String s){
+ assertEquals(s, attribute());
+ }
+
+ @Remove
+ public void ejbRemove(){
+ assertEquals(expected.get(), attribute());
+ }
+
+
+ @RolesAllowed({"Jazz"})
+ public String color() {
+ return attribute();
+ }
+
+ @DenyAll
+ public String color(Object o) {
+ return attribute();
+ }
+
+ @RolesAllowed({"Rock"})
+ public String color(String s) {
+ return attribute();
+ }
+
+ @PermitAll
+ public String color(Boolean b) {
+ return attribute();
+ }
+
+ @RolesAllowed({"Reggae"})
+ public String color(Integer i) {
+ return attribute();
+ }
+
+
+ }
+
+ @Local
+ public static interface ColorLocal {
+ public String color();
+
+ public String color(Object o);
+
+ public String color(String s);
+
+ public String color(Boolean b);
+
+ public String color(Integer i);
+ }
+
+ @Remote
+ public static interface ColorRemote {
+ public String color();
+
+ public String color(Object o);
+
+ public String color(String s);
+
+ public String color(Boolean b);
+
+ public String color(Integer i);
+ }
+
+ public static interface ColorEjbHome extends EJBHome {
+ ColorEjbObject create(String s) throws CreateException, RemoteException;
+ }
+
+ public static interface ColorEjbObject extends EJBObject {
+ public String color() throws RemoteException;
+
+ public String color(Object o) throws RemoteException;
+
+ public String color(String s) throws RemoteException;
+
+ public String color(Boolean b) throws RemoteException;
+
+ public String color(Integer i) throws RemoteException;
+ }
+
+ public static interface ColorEjbLocalHome extends EJBLocalHome {
+ ColorEjbLocalObject create(String s) throws CreateException;
+ }
+
+ public static interface ColorEjbLocalObject extends EJBLocalObject {
+ public String color();
+
+ public String color(Object o);
+
+ public String color(String s);
+
+ public String color(Boolean b);
+
+ public String color(Integer i);
+ }
+
+
+ private static ThreadLocal<String> actual = new ThreadLocal<String>();
+
+ public static class TestSecurityService extends AbstractSecurityService {
+
+ public TestSecurityService() {
+ super(TestJaccProvider.class.getName());
+ }
+
+ public UUID login(String securityRealm, String user, String pass) throws LoginException {
+ return null;
+ }
+
+ public void login(String user, String... roles) throws LoginException {
+ Set<Principal> set = new HashSet<Principal>();
+ set.add(new UserPrincipal(user));
+ for (String role : roles) {
+ set.add(new GroupPrincipal(role));
+ }
+ Subject subject = new Subject(true, set, Collections.EMPTY_SET, Collections.EMPTY_SET);
+ UUID uuid = registerSubject(subject);
+ associate(uuid);
+ }
+
+ public void logout(){
+ this.disassociate();
+ }
+
+ public static class TestJaccProvider extends BasicJaccProvider {
+ protected BasicPolicyConfiguration createPolicyConfiguration(String contextID) {
+ return new TestPolicy(contextID);
+ }
+
+ public static class TestPolicy extends BasicPolicyConfiguration {
+
+ TestPolicy(String contextID) {
+ super(contextID);
+ }
+
+ public boolean implies(ProtectionDomain domain, Permission permission) {
+
+ if (excluded != null && excluded.implies(permission)) {
+ actual.set("Excluded");
+ return false;
+ }
+
+ if (unchecked != null && unchecked.implies(permission)) {
+ actual.set("Unchecked");
+ return true;
+ }
+
+ Principal[] principals = domain.getPrincipals();
+ if (principals.length == 0) return false;
+
+ RoleResolver roleResolver = SystemInstance.get().getComponent(RoleResolver.class);
+ Set<String> roles = roleResolver.getLogicalRoles(principals, rolePermissionsMap.keySet());
+
+ for (String role : roles) {
+ Permissions permissions = rolePermissionsMap.get(role);
+
+ if (permissions != null && permissions.implies(permission)) {
+ actual.set(role);
+ return true;
+ }
+ }
+
+ actual.set("Denied");
+ return false;
+ }
+ }
+ }
+ }
+}
Modified: openejb/trunk/openejb3/container/openejb-jee/src/main/java/org/apache/openejb/jee/ContainerTransaction.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-jee/src/main/java/org/apache/openejb/jee/ContainerTransaction.java?rev=640283&r1=640282&r2=640283&view=diff
==============================================================================
--- openejb/trunk/openejb3/container/openejb-jee/src/main/java/org/apache/openejb/jee/ContainerTransaction.java (original)
+++ openejb/trunk/openejb3/container/openejb-jee/src/main/java/org/apache/openejb/jee/ContainerTransaction.java Sun Mar 23 18:09:39 2008
@@ -67,10 +67,10 @@
public ContainerTransaction() {
}
-
public ContainerTransaction(TransAttribute transAttribute, String className, String ejbName, String methodName) {
this(transAttribute, new Method(ejbName, className, methodName));
}
+
public ContainerTransaction(TransAttribute transAttribute, String ejbName, java.lang.reflect.Method method) {
this(transAttribute, new Method(ejbName, method));
}
Modified: openejb/trunk/openejb3/container/openejb-jee/src/main/java/org/apache/openejb/jee/MethodPermission.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-jee/src/main/java/org/apache/openejb/jee/MethodPermission.java?rev=640283&r1=640282&r2=640283&view=diff
==============================================================================
--- openejb/trunk/openejb3/container/openejb-jee/src/main/java/org/apache/openejb/jee/MethodPermission.java (original)
+++ openejb/trunk/openejb3/container/openejb-jee/src/main/java/org/apache/openejb/jee/MethodPermission.java Sun Mar 23 18:09:39 2008
@@ -67,6 +67,30 @@
@XmlTransient
protected TextMap description = new TextMap();
+ public MethodPermission() {
+ }
+
+ public MethodPermission(String className, String ejbName, String methodName, String... roles) {
+ this(new Method(ejbName, className, methodName), roles);
+ }
+
+ public MethodPermission(String ejbName, java.lang.reflect.Method method, String... roles) {
+ this(new Method(ejbName, method), roles);
+ }
+
+ public MethodPermission(Method method, String... roles) {
+ getMethod().add(method);
+ for (String role : roles) {
+ getRoleName().add(role);
+ }
+ }
+
+ public MethodPermission setUnchecked() {
+ this.unchecked = new EmptyType();
+ return this;
+ }
+
+
@XmlElement(name = "description", required = true)
public Text[] getDescriptions() {
return description.toArray();