Author: jlmonteiro
Date: Wed Dec 23 15:25:31 2009
New Revision: 893545
URL: http://svn.apache.org/viewvc?rev=893545&view=rev
Log:
OPENEJB-1123: provide a way to change the default user of the
AbstractSecurityService.
Modified:
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
openejb/trunk/openejb3/container/openejb-core/src/main/resources/META-INF/org.apache.openejb.embedded/service-jar.xml
openejb/trunk/openejb3/container/openejb-core/src/main/resources/META-INF/org.apache.openejb/service-jar.xml
openejb/trunk/openejb3/container/openejb-core/src/test/java/org/apache/openejb/core/security/SecurityTest.java
Modified:
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java?rev=893545&r1=893544&r2=893545&view=diff
==============================================================================
---
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
(original)
+++
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
Wed Dec 23 15:25:31 2009
@@ -61,10 +61,10 @@
public abstract class AbstractSecurityService implements
SecurityService<UUID>, ThreadContextListener,
BasicPolicyConfiguration.RoleResolver {
static private final Map<Object, Identity> identities = new
ConcurrentHashMap<Object, Identity>();
static protected final ThreadLocal<Identity> clientIdentity = new
ThreadLocal<Identity>();
- protected final String defaultUser = "guest";
- protected final Subject defaultSubject;
- protected final SecurityContext defaultContext;
+ protected String defaultUser = "guest";
private String realmName = "PropertiesLogin";
+ protected Subject defaultSubject;
+ protected SecurityContext defaultContext;
public AbstractSecurityService() {
this(BasicJaccProvider.class.getName());
@@ -77,12 +77,13 @@
ThreadContext.addThreadContextListener(this);
- defaultSubject = createSubject(defaultUser);
- defaultContext = new SecurityContext(defaultSubject);
+ // set the default subject and the default context
+ updateSecurityContext();
SystemInstance.get().setComponent(BasicPolicyConfiguration.RoleResolver.class,
this);
}
+
public String getRealmName() {
return realmName;
}
@@ -90,7 +91,30 @@
public void setRealmName(String realmName) {
this.realmName = realmName;
}
+
+ /**
+ * @return the defaultUser
+ */
+ public String getDefaultUser() {
+ return defaultUser;
+ }
+
+ /**
+ * @param defaultUser the defaultUser to set
+ */
+ public void setDefaultUser(String defaultUser) {
+ this.defaultUser = defaultUser;
+
+ // set the default subject and the default context for the new default
user
+ updateSecurityContext();
+ }
+ // update the current subject and security context
+ private void updateSecurityContext() {
+ defaultSubject = createSubject(defaultUser);
+ defaultContext = new SecurityContext(defaultSubject);
+ }
+
public void init(Properties props) throws Exception {
}
Modified:
openejb/trunk/openejb3/container/openejb-core/src/main/resources/META-INF/org.apache.openejb.embedded/service-jar.xml
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/resources/META-INF/org.apache.openejb.embedded/service-jar.xml?rev=893545&r1=893544&r2=893545&view=diff
==============================================================================
---
openejb/trunk/openejb3/container/openejb-core/src/main/resources/META-INF/org.apache.openejb.embedded/service-jar.xml
(original)
+++
openejb/trunk/openejb3/container/openejb-core/src/main/resources/META-INF/org.apache.openejb.embedded/service-jar.xml
Wed Dec 23 15:25:31 2009
@@ -247,7 +247,10 @@
id="Default Security Service"
service="SecurityService"
types="SecurityService"
- class-name="org.apache.openejb.core.security.SecurityServiceImpl"/>
+ class-name="org.apache.openejb.core.security.SecurityServiceImpl">
+
+ DefaultUser "guest"
+ </ServiceProvider>
<ServiceProvider
id="PseudoSecurityService"
Modified:
openejb/trunk/openejb3/container/openejb-core/src/main/resources/META-INF/org.apache.openejb/service-jar.xml
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/resources/META-INF/org.apache.openejb/service-jar.xml?rev=893545&r1=893544&r2=893545&view=diff
==============================================================================
---
openejb/trunk/openejb3/container/openejb-core/src/main/resources/META-INF/org.apache.openejb/service-jar.xml
(original)
+++
openejb/trunk/openejb3/container/openejb-core/src/main/resources/META-INF/org.apache.openejb/service-jar.xml
Wed Dec 23 15:25:31 2009
@@ -250,7 +250,10 @@
id="Default Security Service"
service="SecurityService"
types="SecurityService"
- class-name="org.apache.openejb.core.security.SecurityServiceImpl"/>
+ class-name="org.apache.openejb.core.security.SecurityServiceImpl">
+
+ DefaultUser "guest"
+ </ServiceProvider>
<ServiceProvider
id="PseudoSecurityService"
Modified:
openejb/trunk/openejb3/container/openejb-core/src/test/java/org/apache/openejb/core/security/SecurityTest.java
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/test/java/org/apache/openejb/core/security/SecurityTest.java?rev=893545&r1=893544&r2=893545&view=diff
==============================================================================
---
openejb/trunk/openejb3/container/openejb-core/src/test/java/org/apache/openejb/core/security/SecurityTest.java
(original)
+++
openejb/trunk/openejb3/container/openejb-core/src/test/java/org/apache/openejb/core/security/SecurityTest.java
Wed Dec 23 15:25:31 2009
@@ -17,7 +17,8 @@
package org.apache.openejb.core.security;
import junit.framework.TestCase;
-import org.apache.openejb.core.ivm.naming.InitContextFactory;
+
+import org.apache.openejb.client.LocalInitialContextFactory;
import org.apache.openejb.config.ConfigurationFactory;
import org.apache.openejb.assembler.classic.Assembler;
import org.apache.openejb.assembler.classic.ProxyFactoryInfo;
@@ -45,13 +46,10 @@
*/
public class SecurityTest extends TestCase {
+ private Assembler configureAssembler(String defaultUser) throws Exception {
+ System.setProperty(javax.naming.Context.INITIAL_CONTEXT_FACTORY,
LocalInitialContextFactory.class.getName());
- public void _test() throws Exception {
- }
-
- public void test() throws Exception {
- System.setProperty(javax.naming.Context.INITIAL_CONTEXT_FACTORY,
InitContextFactory.class.getName());
-
+
ConfigurationFactory config = new ConfigurationFactory();
Assembler assembler = new Assembler();
@@ -63,6 +61,11 @@
serviceInfo.className = SecurityServiceImpl.class.getName();
serviceInfo.id = "New Security Service";
serviceInfo.properties = new Properties();
+ if (defaultUser != null) {
+ // override the default user
+ serviceInfo.properties.setProperty("DefaultUser", defaultUser);
+
+ }
assembler.createSecurityService(serviceInfo);
@@ -78,17 +81,21 @@
assembler.createApplication(ejbJarInfo);
+ return assembler;
+ }
+
+ public void test() throws Exception {
+ Assembler assembler = configureAssembler(null);
+
Properties props = new Properties();
props.setProperty(Context.SECURITY_PRINCIPAL, "jonathan");
props.setProperty(Context.SECURITY_CREDENTIALS, "secret");
InitialContext ctx = new InitialContext(props);
-
Project foo = (Project) ctx.lookup("FooBeanLocal");
foo.svnCheckout("");
-
foo.svnCommit("");
try {
@@ -101,7 +108,10 @@
assertTrue("not in role committer", foo.isCallerInRole("committer"));
assertTrue("not in role community", foo.isCallerInRole("community"));
assertFalse("in role contributor", foo.isCallerInRole("contributor"));
-
+
+ ctx.close();
+ assembler.destroy();
+
// Project bar = (Project) ctx.lookup("BarBeanLocal");
//
// bar.svnCheckout("");
@@ -123,11 +133,67 @@
// assertFalse("in role committer", bar.isCallerInRole("committer"));
// assertFalse("in role community", bar.isCallerInRole("community"));
// assertTrue("not in role contributor",
bar.isCallerInRole("contributor"));
+ }
+
+ // When no credentials are provided, the default user/role should be
"guest"
+ public void testUnauthenticatedUser() throws Exception {
+ Assembler assembler = configureAssembler(null);
+
+ // no credentials provided, the default user should be "guest"
+ Properties props = new Properties();
+
+ InitialContext ctx = new InitialContext(props);
+ Project foo = (Project) ctx.lookup("FooBeanLocal");
+
+ foo.svnCheckout("");
+ try {
+ foo.svnCommit("");
+ fail("Should not be allowed");
+ } catch (Exception e) {
+ // good.
+ }
+
+ assertFalse("in role committer", foo.isCallerInRole("committer"));
+ assertFalse("in role community", foo.isCallerInRole("community"));
+ assertFalse("in role contributor", foo.isCallerInRole("contributor"));
+ assertTrue("not in role guest", foo.isCallerInRole("guest"));
+
+ ctx.close();
+ assembler.destroy();
+ }
+
+ // Just to be sure we can override the default user (ie. guest)
+ public void testDefaultUser() throws Exception {
+ Assembler assembler = configureAssembler("public");
+
+ // no credentials provided, the default user should be "guest"
+ Properties props = new Properties();
+
+ InitialContext ctx = new InitialContext(props);
+
+ Project foo = (Project) ctx.lookup("FooBeanLocal");
+
+ foo.svnCheckout("");
+ try {
+ foo.svnCommit("");
+ fail("Should not be allowed");
+ } catch (Exception e) {
+ // good.
+ }
+
+ assertFalse("in role committer", foo.isCallerInRole("committer"));
+ assertFalse("in role community", foo.isCallerInRole("community"));
+ assertFalse("in role contributor", foo.isCallerInRole("contributor"));
+ assertFalse("in role guest", foo.isCallerInRole("guest"));
+ assertTrue("not in role public", foo.isCallerInRole("public"));
+
+ ctx.close();
+ assembler.destroy();
}
@Stateless
- @DeclareRoles({"committer", "contributor","community"})
+ @DeclareRoles({"committer", "contributor","community","guest","public"})
public static class FooBean implements Project {
@Resource
