Author: rmannibucau
Date: Sun Jun 9 17:44:31 2013
New Revision: 1491251
URL: http://svn.apache.org/r1491251
Log:
TOMEE-968 adding role mapping in openejb-jar.xml to be able to map a principal
to a runas role
Added:
tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java
Modified:
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/BeanContext.java
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanInfo.java
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/config/EjbJarInfoBuilder.java
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/RunAs.java
tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/EjbDeployment.java
Modified:
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/BeanContext.java
URL:
http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/BeanContext.java?rev=1491251&r1=1491250&r2=1491251&view=diff
==============================================================================
---
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/BeanContext.java
(original)
+++
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/BeanContext.java
Sun Jun 9 17:44:31 2013
@@ -206,6 +206,7 @@ public class BeanContext extends Deploym
private String ejbName;
private String runAs;
+ private String runAsUser;
private final BeanType componentType;
@@ -1335,12 +1336,23 @@ public class BeanContext extends Deploym
return runAs;
}
+ public String getRunAsUser() {
+ return runAsUser;
+ }
+
public void setEjbName(final String ejbName) {
this.ejbName = ejbName;
}
public void setRunAs(final String runAs) {
this.runAs = runAs;
+ if (runAsUser == null) { // default user
+ runAsUser = runAs;
+ }
+ }
+
+ public void setRunAsUser(final String runAsUser) { // principal
+ this.runAsUser = runAsUser;
}
public String toString() {
Modified:
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java
URL:
http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java?rev=1491251&r1=1491250&r2=1491251&view=diff
==============================================================================
---
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java
(original)
+++
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java
Sun Jun 9 17:44:31 2013
@@ -163,6 +163,7 @@ class EnterpriseBeanBuilder {
deployment.setEjbName(bean.ejbName);
deployment.setRunAs(bean.runAs);
+ deployment.setRunAsUser(bean.runAsUser);
deployment.getInjections().addAll(injections);
Modified:
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanInfo.java
URL:
http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanInfo.java?rev=1491251&r1=1491250&r2=1491251&view=diff
==============================================================================
---
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanInfo.java
(original)
+++
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanInfo.java
Sun Jun 9 17:44:31 2013
@@ -65,6 +65,7 @@ public abstract class EnterpriseBeanInfo
public NamedMethodInfo timeoutMethod;
public String runAs;
+ public String runAsUser;
public final List<SecurityRoleReferenceInfo> securityRoleReferences = new
ArrayList<SecurityRoleReferenceInfo>();
@@ -91,5 +92,4 @@ public abstract class EnterpriseBeanInfo
public List<MethodScheduleInfo> methodScheduleInfos = new
ArrayList<MethodScheduleInfo>();
public boolean restService;
-
}
Modified:
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/config/EjbJarInfoBuilder.java
URL:
http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/config/EjbJarInfoBuilder.java?rev=1491251&r1=1491250&r2=1491251&view=diff
==============================================================================
---
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/config/EjbJarInfoBuilder.java
(original)
+++
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/config/EjbJarInfoBuilder.java
Sun Jun 9 17:44:31 2013
@@ -91,6 +91,7 @@ import org.apache.openejb.jee.Transactio
import org.apache.openejb.jee.oejb3.EjbDeployment;
import org.apache.openejb.jee.oejb3.Jndi;
import org.apache.openejb.jee.oejb3.ResourceLink;
+import org.apache.openejb.jee.oejb3.RoleMapping;
import org.apache.openejb.util.LogCategory;
import org.apache.openejb.util.Logger;
import org.apache.openejb.util.Messages;
@@ -181,6 +182,16 @@ public class EjbJarInfoBuilder {
if (bean.getSecurityIdentity() != null) {
beanInfo.runAs = bean.getSecurityIdentity().getRunAs();
+
+ final EjbDeployment deployment = ejbds.get(beanInfo.ejbName);
+ if (deployment != null) {
+ for (final RoleMapping mapping :
deployment.getRoleMapping()) {
+ if (mapping.getRoleName().equals(beanInfo.runAs)) {
+ beanInfo.runAsUser = mapping.getPrincipalName();
+ break;
+ }
+ }
+ }
}
initJndiNames(ejbds, bean, beanInfo);
Modified:
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
URL:
http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java?rev=1491251&r1=1491250&r2=1491251&view=diff
==============================================================================
---
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
(original)
+++
tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
Sun Jun 9 17:44:31 2013
@@ -110,7 +110,7 @@ public abstract class AbstractSecuritySe
// update the current subject and security context
private void updateSecurityContext() {
- defaultSubject = createSubject(defaultUser);
+ defaultSubject = createSubject(defaultUser, defaultUser);
defaultContext = new SecurityContext(defaultSubject);
}
@@ -165,13 +165,11 @@ public abstract class AbstractSecuritySe
if (callingBeanContext == null) {
return null;
}
-
- final String runAsRole = callingBeanContext.getRunAs();
- return createRunAsSubject(runAsRole);
+ return createRunAsSubject(callingBeanContext.getRunAsUser(),
callingBeanContext.getRunAs());
}
- protected Subject createRunAsSubject(final String runAsRole) {
- return createSubject(runAsRole);
+ protected Subject createRunAsSubject(final String runAsUser, final String
runAsRole) {
+ return createSubject(runAsUser, runAsRole);
}
@Override
@@ -329,13 +327,13 @@ public abstract class AbstractSecuritySe
}
}
- protected Subject createSubject(final String name) {
+ protected Subject createSubject(final String name, final String groupName)
{
if (name == null) {
return null;
}
final User user = new User(name);
- final Group group = new Group(name);
+ final Group group = new Group(groupName);
group.addMember(user);
final HashSet<Principal> principals = new HashSet<Principal>();
@@ -433,6 +431,7 @@ public abstract class AbstractSecuritySe
}
}
+ @CallerPrincipal // to force it to be before group in getCallerPrincipal,
otherwise we aren't deterministic
public static class User implements Principal {
private final String name;
Modified:
tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/RunAs.java
URL:
http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/RunAs.java?rev=1491251&r1=1491250&r2=1491251&view=diff
==============================================================================
---
tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/RunAs.java
(original)
+++
tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/RunAs.java
Sun Jun 9 17:44:31 2013
@@ -63,8 +63,10 @@ public class RunAs {
@XmlTransient
protected TextMap description = new TextMap();
+
@XmlElement(name = "role-name", required = true)
protected String roleName;
+
@XmlAttribute
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@XmlID
Modified:
tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/EjbDeployment.java
URL:
http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/EjbDeployment.java?rev=1491251&r1=1491250&r2=1491251&view=diff
==============================================================================
---
tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/EjbDeployment.java
(original)
+++
tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/EjbDeployment.java
Sun Jun 9 17:44:31 2013
@@ -35,7 +35,7 @@ import java.util.Iterator;
import java.util.Properties;
@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(propOrder = {"jndi","ejbLink", "resourceLink", "query", "properties"})
+@XmlType(propOrder = {"jndi","ejbLink", "resourceLink", "query",
"roleMapping", "properties"})
@XmlRootElement(name = "ejb-deployment")
public class EjbDeployment {
@@ -51,6 +51,9 @@ public class EjbDeployment {
@XmlElement(required = true)
protected List<Query> query;
+ @XmlElement(name = "role-mapping")
+ protected List<RoleMapping> roleMapping;
+
@XmlAttribute(name = "container-id")
protected String containerId;
@@ -188,4 +191,11 @@ public class EjbDeployment {
public void addProperty(String key, String value) {
getProperties().setProperty(key, value);
}
+
+ public List<RoleMapping> getRoleMapping() {
+ if (roleMapping == null) {
+ roleMapping = new ArrayList<RoleMapping>();
+ }
+ return roleMapping;
+ }
}
Added:
tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java
URL:
http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java?rev=1491251&view=auto
==============================================================================
---
tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java
(added)
+++
tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java
Sun Jun 9 17:44:31 2013
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.jee.oejb3;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "", propOrder = {
+ "roleName",
+ "principalName"
+})
+public class RoleMapping {
+ @XmlElement(name = "role-name", required = true)
+ protected String roleName;
+
+ @XmlElement(name = "principal-name", required = true)
+ protected String principalName;
+
+ public String getRoleName() {
+ return roleName;
+ }
+
+ public void setRoleName(final String roleName) {
+ this.roleName = roleName;
+ }
+
+ public String getPrincipalName() {
+ return principalName;
+ }
+
+ public void setPrincipalName(final String principalName) {
+ this.principalName = principalName;
+ }
+}
