This is an automated email from the ASF dual-hosted git repository. jgallimore pushed a commit to branch tomee-1.7.x in repository https://gitbox.apache.org/repos/asf/tomee.git
commit de55786b5868fe44b0cfe8bb0211d79904c75aa2 Author: Jonathan Gallimore <[email protected]> AuthorDate: Tue Aug 21 22:39:10 2018 +0100 Only check JACC permissions here --- .../src/test/resources/arquillian.xml | 23 ++++++++++++++++++++++ arquillian/arquillian-tomee-tests/pom.xml | 17 ++++++++++++++++ .../core/security/jacc/BasicJaccProvider.java | 18 ++++++++++++++++- 3 files changed, 57 insertions(+), 1 deletion(-) diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/resources/arquillian.xml b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/resources/arquillian.xml index 8cbddb4..0a8e6c6 100644 --- a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/resources/arquillian.xml +++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/resources/arquillian.xml @@ -53,6 +53,29 @@ </property> </configuration> </container> + <container qualifier="tomee-remote-secpol"> + <configuration> + <property name="httpPort">-1</property> + <property name="ajpPort">-1</property> + <property name="stopPort">-1</property> + <property name="dir">target/tomee-remote</property> + <property name="appWorkingDir">target/arquillian-remote-working-dir</property> + <property name="portRange">33001-36000</property> + <property name="cleanOnStartUp">true</property> + <property name="properties"> + My\ DataSource.JdbcUrl = jdbc:hsqldb:mem:hsqldb + My\ Unmanaged\ DataSource.JdbcUrl = jdbc:hsqldb:mem:hsqldb + openejb.classloader.forced-load=org.apache.openejb.arquillian.tests + openejb.ear.use-as-webcontext-base=true + embedded = false + + # try to save some permgen mem + openejb.cdi.activated-on-ejb = false + openejb.descriptors.output = true + javax.security.jacc.policy.provider=sun.security.provider.PolicyFile + </property> + </configuration> + </container> <container qualifier="tomee-webapp"> <configuration> <property name="httpPort">-1</property> diff --git a/arquillian/arquillian-tomee-tests/pom.xml b/arquillian/arquillian-tomee-tests/pom.xml index 2e75421..77538c9 100644 --- a/arquillian/arquillian-tomee-tests/pom.xml +++ b/arquillian/arquillian-tomee-tests/pom.xml @@ -292,6 +292,23 @@ </configuration> </execution> <execution> + <id>test-tomee-remote-secpol</id> + <phase>test</phase> + <goals> + <goal>test</goal> + </goals> + <configuration> + <skip>${skip.remote.webprofile}</skip> + <systemPropertyVariables> + <openejb.arquillian.debug>true</openejb.arquillian.debug> + <tomee.version>${tomee.version}</tomee.version> + <tomee.classifier>webprofile</tomee.classifier> + <arquillian.launch>tomee-remote-secpol</arquillian.launch> + <openejb.arquillian.adapter>tomee-remote</openejb.arquillian.adapter> + </systemPropertyVariables> + </configuration> + </execution> + <execution> <id>test-tomee-remote-jaxrs</id> <phase>test</phase> <goals> diff --git a/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java b/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java index 5faa541..7a60f32 100644 --- a/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java +++ b/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java @@ -19,20 +19,36 @@ package org.apache.openejb.core.security.jacc; import org.apache.openejb.core.security.JaccProvider; +import javax.security.jacc.EJBMethodPermission; +import javax.security.jacc.EJBRoleRefPermission; import javax.security.jacc.PolicyConfiguration; import javax.security.jacc.PolicyContext; import javax.security.jacc.PolicyContextException; +import javax.security.jacc.WebResourcePermission; +import javax.security.jacc.WebRoleRefPermission; +import javax.security.jacc.WebUserDataPermission; import java.security.CodeSource; import java.security.Permission; import java.security.PermissionCollection; import java.security.ProtectionDomain; import java.util.HashMap; +import java.util.HashSet; import java.util.Map; +import java.util.Set; /** * @version $Rev$ $Date$ */ public class BasicJaccProvider extends JaccProvider { + private static final Set<Class> JACC_PERMISSIONS = new HashSet<Class>() { + { + add(EJBMethodPermission.class); + add(EJBRoleRefPermission.class); + add(WebResourcePermission.class); + add(WebRoleRefPermission.class); + add(WebUserDataPermission.class); + } + }; static { // force preloading to avoid to loop under SecurityManager try { @@ -82,7 +98,7 @@ public class BasicJaccProvider extends JaccProvider { public boolean implies(final ProtectionDomain domain, final Permission permission) { final String contextID = PolicyContext.getContextID(); - if (contextID != null) { + if (contextID != null && JACC_PERMISSIONS.contains(permission.getClass())) { try { final BasicPolicyConfiguration configuration = configurations.get(contextID);
