Author: jgallimore Date: Mon May 19 11:14:12 2014 New Revision: 1595830 URL: http://svn.apache.org/r1595830 Log: TOMEE-1213 propagate security-role-ref from EnterpriseBeanInfo to BeanContext. Use this when checking callerInRole()
Added: tomee/tomee/trunk/container/openejb-core/src/test/java/org/apache/openejb/assembler/classic/EjbSecurityRoleRefTest.java Modified: tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/BeanContext.java tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/BaseContext.java Modified: tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/BeanContext.java URL: http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/BeanContext.java?rev=1595830&r1=1595829&r2=1595830&view=diff ============================================================================== --- tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/BeanContext.java (original) +++ tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/BeanContext.java Mon May 19 11:14:12 2014 @@ -246,6 +246,8 @@ public class BeanContext extends Deploym private Stateful stateful; private Cmp cmp; private LegacyView legacyView; + + private final Map<String, String> securityRoleReferences = new HashMap<String, String>(); /** * TODO: Move to MethodContext @@ -1773,6 +1775,15 @@ public class BeanContext extends Deploym ((EjbTimerServiceImpl) ejbTimerService).stop(); } } + + public void addSecurityRoleReference(final String roleName, final String roleLink) { + securityRoleReferences.put(roleName, roleLink); + } + + public String getSecurityRoleReference(final String roleName) { + final String roleLink = securityRoleReferences.get(roleName); + return roleLink != null ? roleLink : roleName; + } private static class Cmp { Modified: tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java URL: http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java?rev=1595830&r1=1595829&r2=1595830&view=diff ============================================================================== --- tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java (original) +++ tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java Mon May 19 11:14:12 2014 @@ -319,6 +319,10 @@ class EnterpriseBeanBuilder { deployment.createAsynchronousMethodSet(); } + for (final SecurityRoleReferenceInfo securityRoleReference : bean.securityRoleReferences) { + deployment.addSecurityRoleReference(securityRoleReference.roleName, securityRoleReference.roleLink); + } + return deployment; } Modified: tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/BaseContext.java URL: http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/BaseContext.java?rev=1595830&r1=1595829&r2=1595830&view=diff ============================================================================== --- tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/BaseContext.java (original) +++ tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/BaseContext.java Mon May 19 11:14:12 2014 @@ -116,7 +116,12 @@ public abstract class BaseContext implem protected boolean isCallerInRole(final SecurityService securityService, final String roleName) { check(Call.isCallerInRole); - return securityService.isCallerInRole(roleName); + + final ThreadContext threadContext = ThreadContext.getThreadContext(); + final BeanContext di = threadContext.getBeanContext(); + final String roleLink = di.getSecurityRoleReference(roleName); + + return securityService.isCallerInRole(roleLink); } @Override Added: tomee/tomee/trunk/container/openejb-core/src/test/java/org/apache/openejb/assembler/classic/EjbSecurityRoleRefTest.java URL: http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-core/src/test/java/org/apache/openejb/assembler/classic/EjbSecurityRoleRefTest.java?rev=1595830&view=auto ============================================================================== --- tomee/tomee/trunk/container/openejb-core/src/test/java/org/apache/openejb/assembler/classic/EjbSecurityRoleRefTest.java (added) +++ tomee/tomee/trunk/container/openejb-core/src/test/java/org/apache/openejb/assembler/classic/EjbSecurityRoleRefTest.java Mon May 19 11:14:12 2014 @@ -0,0 +1,102 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.openejb.assembler.classic; + +import java.util.Properties; + +import javax.annotation.Resource; +import javax.ejb.SessionContext; +import javax.naming.Context; +import javax.naming.InitialContext; + +import junit.framework.TestCase; + +import org.apache.openejb.config.AppModule; +import org.apache.openejb.config.ConfigurationFactory; +import org.apache.openejb.config.EjbModule; +import org.apache.openejb.core.LocalInitialContextFactory; +import org.apache.openejb.jee.EjbJar; +import org.apache.openejb.jee.SecurityRoleRef; +import org.apache.openejb.jee.StatelessBean; +import org.apache.openejb.loader.SystemInstance; +import org.apache.openejb.spi.ContainerSystem; + +/** + * Test to ensure that the role-name/role-link elements in security-role-ref work correctly + */ +public class EjbSecurityRoleRefTest extends TestCase { + private InitialContext context; + private Assembler assembler; + private ConfigurationFactory config; + + protected void setUp() throws Exception { + config = new ConfigurationFactory(); + assembler = new Assembler(); + + assembler.createProxyFactory(config.configureService(ProxyFactoryInfo.class)); + assembler.createTransactionManager(config.configureService(TransactionServiceInfo.class)); + assembler.createSecurityService(config.configureService(SecurityServiceInfo.class)); + assembler.createContainer(config.configureService(StatelessSessionContainerInfo.class)); + + final Properties props = new Properties(); + props.setProperty(Context.SECURITY_PRINCIPAL, "jonathan"); + props.setProperty(Context.SECURITY_CREDENTIALS, "secret"); + props.setProperty(Context.INITIAL_CONTEXT_FACTORY, LocalInitialContextFactory.class.getName()); + context = new InitialContext(props); + } + + protected void tearDown() throws Exception { + for (AppInfo appInfo : assembler.getDeployedApplications()) { + assembler.destroyApplication(appInfo.path); + } + SystemInstance.get().setComponent(Assembler.class, null); + SystemInstance.get().setComponent(ContainerSystem.class, null); + super.tearDown(); + } + + public void testShouldCheckUserRole() throws Exception { + EjbJar ejbJar = new EjbJar(); + StatelessBean statelessBean = new StatelessBean(UserBean.class); + SecurityRoleRef securityRoleRef = new SecurityRoleRef(); + securityRoleRef.setRoleName("TEST"); + securityRoleRef.setRoleLink("committer"); + statelessBean.getSecurityRoleRef().add(securityRoleRef); + ejbJar.addEnterpriseBean(statelessBean); + + AppModule app = new AppModule(this.getClass().getClassLoader(), "classpath-" + ejbJar.hashCode()); + app.getEjbModules().add(new EjbModule(ejbJar)); + assembler.createApplication(config.configureApplication(app)); + + User user = (User) context.lookup("UserBeanLocal"); + assertTrue(user.isUserInRole()); + } + + public static interface User { + public boolean isUserInRole(); + } + + public static class UserBean implements User { + + @Resource + private SessionContext context; + + @Override + public boolean isUserInRole() { + return context.isCallerInRole("TEST"); + } + } +}