interna...

rmannibucau Mon, 02 Jul 2012 13:00:00 -0700

Author: rmannibucau
Date: Mon Jul  2 19:59:31 2012
New Revision: 1356446

URL: http://svn.apache.org/viewvc?rev=1356446&view=rev
Log:
TOMEE-266 internal ejbs can be secured with JAAS + system property 
openejb.internal.beans.security.enabled=true


Added:
    
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/security/
    
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/security/internal/
    
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/security/internal/InternalSecurityInterceptor.java
Modified:
    
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/config/SystemApps.java
    
openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractAddressMojo.java
    
openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractCommandMojo.java
    
openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java

Modified: 
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/config/SystemApps.java
URL: 
http://svn.apache.org/viewvc/openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/config/SystemApps.java?rev=1356446&r1=1356445&r2=1356446&view=diff
==============================================================================
--- 
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/config/SystemApps.java
 (original)
+++ 
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/config/SystemApps.java
 Mon Jul  2 19:59:31 2012
@@ -20,11 +20,15 @@ import org.apache.openejb.assembler.Depl
 import org.apache.openejb.assembler.classic.cmd.ConfigurationInfoEjb;
 import org.apache.openejb.assembler.monitoring.JMXDeployer;
 import org.apache.openejb.jee.EjbJar;
+import org.apache.openejb.jee.EnterpriseBean;
+import org.apache.openejb.jee.Interceptor;
+import org.apache.openejb.jee.InterceptorBinding;
 import org.apache.openejb.jee.SingletonBean;
 import org.apache.openejb.jee.StatelessBean;
 import org.apache.openejb.jee.oejb3.EjbDeployment;
 import org.apache.openejb.jee.oejb3.OpenejbJar;
 import org.apache.openejb.mgmt.MEJBBean;
+import org.apache.openejb.security.internal.InternalSecurityInterceptor;
 
 /**
  * Avoids the needs to scan the classpath to load system applications that are 
used
@@ -41,6 +45,8 @@ public class SystemApps {
         ejbJar.addEnterpriseBean(new StatelessBean(null, DeployerEjb.class));
         ejbJar.addEnterpriseBean(new StatelessBean(null, 
ConfigurationInfoEjb.class));
         ejbJar.addEnterpriseBean(new StatelessBean(null, MEJBBean.class));
+        ejbJar.addInterceptor(new 
Interceptor(InternalSecurityInterceptor.class));
+        ejbJar.getAssemblyDescriptor().addInterceptorBinding(new 
InterceptorBinding("*", InternalSecurityInterceptor.class.getName()));
         module.getMbeans().add(JMXDeployer.class.getName());
 
         final String className = 
"org.apache.tomee.catalina.deployer.WebappDeployer";

Added: 
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/security/internal/InternalSecurityInterceptor.java
URL: 
http://svn.apache.org/viewvc/openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/security/internal/InternalSecurityInterceptor.java?rev=1356446&view=auto
==============================================================================
--- 
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/security/internal/InternalSecurityInterceptor.java
 (added)
+++ 
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/security/internal/InternalSecurityInterceptor.java
 Mon Jul  2 19:59:31 2012
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ */
+package org.apache.openejb.security.internal;
+
+import org.apache.openejb.loader.SystemInstance;
+import org.apache.openejb.spi.Assembler;
+import org.apache.openejb.spi.SecurityService;
+
+import javax.interceptor.AroundInvoke;
+import javax.interceptor.InvocationContext;
+
+public class InternalSecurityInterceptor {
+    public static final String OPENEJB_INTERNAL_BEANS_SECURITY_ENABLED = 
"openejb.internal.beans.security.enabled";
+
+    private static String[] ROLES = new String[] { "openejb-admin", 
"tomee-admin" };
+
+    @AroundInvoke
+    public Object invoke(final InvocationContext ic) throws Exception {
+        if 
(!SystemInstance.get().getOptions().get(OPENEJB_INTERNAL_BEANS_SECURITY_ENABLED,
 false)) {
+            return ic.proceed();
+        }
+
+        final SecurityService<?> ss = 
SystemInstance.get().getComponent(Assembler.class).getSecurityService();
+        for (String role : ROLES) {
+            if (ss.isCallerInRole(role)) {
+                return ic.proceed();
+            }
+        }
+
+        throw new SecurityException("to invoke this EJB you need to get the 
right permission");
+    }
+}

Modified: 
openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractAddressMojo.java
URL: 
http://svn.apache.org/viewvc/openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractAddressMojo.java?rev=1356446&r1=1356445&r2=1356446&view=diff
==============================================================================
--- 
openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractAddressMojo.java
 (original)
+++ 
openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractAddressMojo.java
 Mon Jul  2 19:59:31 2012
@@ -29,4 +29,19 @@ public abstract class AbstractAddressMoj
      * @parameter expression="${tomee-plugin.host}" default-value="localhost"
      */
     protected String tomeeHost;
+
+    /**
+     * @parameter expression="${tomee-plugin.user}"
+     */
+    protected String user;
+
+    /**
+     * @parameter expression="${tomee-plugin.pwd}"
+     */
+    protected String password;
+
+    /**
+     * @parameter expression="${tomee-plugin.realm}"
+     */
+    protected String realm;
 }

Modified: 
openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractCommandMojo.java
URL: 
http://svn.apache.org/viewvc/openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractCommandMojo.java?rev=1356446&r1=1356445&r2=1356446&view=diff
==============================================================================
--- 
openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractCommandMojo.java
 (original)
+++ 
openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractCommandMojo.java
 Mon Jul  2 19:59:31 2012
@@ -26,6 +26,16 @@ public abstract class AbstractCommandMoj
         final Properties props = new Properties();
         props.put(Context.INITIAL_CONTEXT_FACTORY, 
"org.apache.openejb.client.RemoteInitialContextFactory");
         props.put(Context.PROVIDER_URL, "http://"; + tomeeHost + ":" + 
tomeeHttpPort + "/tomee/ejb");
+        if (user != null) {
+            props.put(Context.SECURITY_PRINCIPAL, user);
+        }
+        if (password != null) {
+            props.put(Context.SECURITY_PRINCIPAL, password);
+        }
+        if (realm != null) {
+            props.put("openejb.authentication.realmName", realm);
+        }
+
         try {
             return new InitialContext(props).lookup(name);
         } catch (Exception e) {

Modified: 
openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java
URL: 
http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java?rev=1356446&r1=1356445&r2=1356446&view=diff
==============================================================================
--- 
openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java
 (original)
+++ 
openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java
 Mon Jul  2 19:59:31 2012
@@ -241,4 +241,5 @@ public class TomcatSecurityService exten
             this.hadRunAs = hadRunAs;
         }
     }
+
 }

svn commit: r1356446 - in /openejb/trunk/openejb: container/openejb-core/src/main/java/org/apache/openejb/config/ container/openejb-core/src/main/java/org/apache/openejb/security/ container/openejb-core/src/main/java/org/apache/openejb/security/interna...

Reply via email to