User: juhalindfors
Date: 01/03/25 02:52:11
Modified: src/main/org/jboss/ejb EnterpriseContext.java
Log:
PATCH: the security role references were never mapped to security roles
in the EnterpriseContextImp.isCallerInRole() method.
For now, all references are passed on to the RealmMapping implementation
regardless of whether the <security-role-ref> element is found in the
deployment descriptor or not. If the security role reference is not
found, a warning is logged by the server. A more strict compliance may
be enforced in future versions.
Revision Changes Path
1.27 +30 -1 jboss/src/main/org/jboss/ejb/EnterpriseContext.java
Index: EnterpriseContext.java
===================================================================
RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/ejb/EnterpriseContext.java,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- EnterpriseContext.java 2001/03/05 10:18:07 1.26
+++ EnterpriseContext.java 2001/03/25 10:52:11 1.27
@@ -12,6 +12,7 @@
import java.security.Principal;
import java.util.Properties;
import java.util.HashSet;
+import java.util.Iterator;
import javax.ejb.EJBHome;
import javax.ejb.EJBContext;
@@ -27,6 +28,7 @@
import javax.transaction.HeuristicRollbackException;
import org.jboss.logging.Logger;
+import org.jboss.metadata.SecurityRoleRefMetaData;
/**
* The EnterpriseContext is used to associate EJB instances with metadata about it.
@@ -37,7 +39,8 @@
* @author Rickard Öberg ([EMAIL PROTECTED])
* @author <a href="mailto:[EMAIL PROTECTED]">Marc Fleury</a>
* @author <a href="mailto:[EMAIL PROTECTED]">Sebastien Alborini</a>
- * @version $Revision: 1.26 $
+ * @author <a href="mailto:[EMAIL PROTECTED]">Juha Lindfors</a>
+ * @version $Revision: 1.27 $
*/
public abstract class EnterpriseContext
{
@@ -267,8 +270,34 @@
{
if (principal == null)
return false;
+
+ // Map the role name used by Bean Provider to the security role
+ // link in the deployment descriptor. The EJB 1.1 spec requires
+ // the security role refs in the descriptor but for backward
+ // compability we're not enforcing this requirement.
+ //
+ // TODO (2.3): add a conditional check using jboss.xml <secure> element
+ // which will throw an exception in case no matching
+ // security ref is found.
+ Iterator it = getContainer().getBeanMetaData().getSecurityRoleReferences();
+ boolean matchFound = false;
+
+ while (it.hasNext()) {
+ SecurityRoleRefMetaData meta = (SecurityRoleRefMetaData)it.next();
+ if (meta.getName().equals(id)) {
+ id = meta.getLink();
+ matchFound = true;
+
+ break;
+ }
+ }
+
+ if (!matchFound)
+ Logger.warning("WARNING: no match found for security role " + id + "
in the deployment descriptor.");
+
HashSet set = new HashSet();
set.add( id );
+
return con.getRealmMapping().doesUserHaveRole( principal, set );
}
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development
