maguro 2004/07/26 22:28:51
Modified: modules/core/src/java/org/openejb
AbstractContainerBuilder.java
AbstractInterceptorBuilder.java
GenericEJBContainer.java
Log:
Intermediate check-in of security deployment code, before I loose the work.
Revision Changes Path
1.15 +63 -12
openejb/modules/core/src/java/org/openejb/AbstractContainerBuilder.java
Index: AbstractContainerBuilder.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/core/src/java/org/openejb/AbstractContainerBuilder.java,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- AbstractContainerBuilder.java 18 Jul 2004 22:32:18 -0000 1.14
+++ AbstractContainerBuilder.java 27 Jul 2004 02:28:51 -0000 1.15
@@ -67,6 +67,7 @@
import org.openejb.dispatch.VirtualOperation;
import org.openejb.proxy.ProxyInfo;
import org.openejb.security.PermissionManager;
+import org.openejb.security.SecurityConfiguration;
import org.openejb.transaction.TransactionPolicyManager;
import org.openejb.transaction.TransactionPolicy;
import org.openejb.transaction.ContainerPolicy;
@@ -86,8 +87,13 @@
private String remoteInterfaceName;
private String localHomeInterfaceName;
private String localInterfaceName;
+ private String serviceEndpointName;
private String primaryKeyClassName;
private Subject runAs;
+ private boolean doAsCurrentCaller = false;
+ private boolean securityEnabled = false;
+ private boolean useContextHandler = false;
+ private SecurityConfiguration securityConfiguration;
private ReadOnlyContext componentContext;
private Set unshareableResources;
private Set applicationManagedSecurityResources;
@@ -166,6 +172,14 @@
this.localInterfaceName = localInterfaceName;
}
+ public String getServiceEndpointName() {
+ return serviceEndpointName;
+ }
+
+ public void setServiceEndpointName(String serviceEndpointName) {
+ this.serviceEndpointName = serviceEndpointName;
+ }
+
public String getPrimaryKeyClassName() {
return primaryKeyClassName;
}
@@ -182,6 +196,38 @@
this.runAs = runAs;
}
+ public boolean isDoAsCurrentCaller() {
+ return doAsCurrentCaller;
+ }
+
+ public void setDoAsCurrentCaller(boolean doAsCurrentCaller) {
+ this.doAsCurrentCaller = doAsCurrentCaller;
+ }
+
+ public boolean isSecurityEnabled() {
+ return securityEnabled;
+ }
+
+ public void setSecurityEnabled(boolean securityEnabled) {
+ this.securityEnabled = securityEnabled;
+ }
+
+ public boolean isUseContextHandler() {
+ return useContextHandler;
+ }
+
+ public void setUseContextHandler(boolean useContextHandler) {
+ this.useContextHandler = useContextHandler;
+ }
+
+ public SecurityConfiguration getSecurityConfiguration() {
+ return securityConfiguration;
+ }
+
+ public void setSecurityConfiguration(SecurityConfiguration
securityConfiguration) {
+ this.securityConfiguration = securityConfiguration;
+ }
+
public ReadOnlyContext getComponentContext() {
return componentContext;
}
@@ -287,6 +333,9 @@
interceptorBuilder.setEJBName(ejbName);
interceptorBuilder.setVtable(vtable);
interceptorBuilder.setRunAs(runAs);
+ interceptorBuilder.setDoAsCurrentCaller(doAsCurrentCaller);
+ interceptorBuilder.setSecurityEnabled(securityEnabled);
+ interceptorBuilder.setUseContextHandler(useContextHandler);
interceptorBuilder.setComponentContext(componentContext);
interceptorBuilder.setTransactionPolicyManager(new
TransactionPolicyManager(transactionPolicySource, signatures));
interceptorBuilder.setPermissionManager(new PermissionManager(ejbName,
signatures));
@@ -343,7 +392,8 @@
getTrackedConnectionAssociator(),
null, //timer
null, //objectname
- null);//kernel
+ null, //kernel
+ getSecurityConfiguration());
}
protected GBeanMBean createConfiguration(
@@ -354,17 +404,18 @@
ObjectName timerName) throws Exception {
GBeanMBean gbean = new GBeanMBean(GenericEJBContainer.GBEAN_INFO, cl);
- gbean.setAttribute("containerID", getContainerId());
- gbean.setAttribute("ejbName", getEJBName());
- gbean.setAttribute("proxyInfo", createProxyInfo());
- gbean.setAttribute("signatures", signatures);
- gbean.setAttribute("contextFactory", contextFactory);
- gbean.setAttribute("interceptorBuilder", interceptorBuilder);
- gbean.setAttribute("pool", pool);
- gbean.setAttribute("userTransaction", getUserTransaction());
- gbean.setAttribute("jndiNames", getJndiNames());
- gbean.setAttribute("localJndiNames", getLocalJndiNames());
+ gbean.setAttribute("ContainerID", getContainerId());
+ gbean.setAttribute("EJBName", getEJBName());
+ gbean.setAttribute("ProxyInfo", createProxyInfo());
+ gbean.setAttribute("Signatures", signatures);
+ gbean.setAttribute("ContextFactory", contextFactory);
+ gbean.setAttribute("InterceptorBuilder", interceptorBuilder);
+ gbean.setAttribute("Pool", pool);
+ gbean.setAttribute("UserTransaction", getUserTransaction());
+ gbean.setAttribute("JndiNames", getJndiNames());
+ gbean.setAttribute("LocalJndiNames", getLocalJndiNames());
gbean.setReferencePattern("Timer", timerName);
+ gbean.setAttribute("SecurityConfiguration", getSecurityConfiguration());
return gbean;
}
1.9 +9 -4
openejb/modules/core/src/java/org/openejb/AbstractInterceptorBuilder.java
Index: AbstractInterceptorBuilder.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/core/src/java/org/openejb/AbstractInterceptorBuilder.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- AbstractInterceptorBuilder.java 18 Jul 2004 22:32:18 -0000 1.8
+++ AbstractInterceptorBuilder.java 27 Jul 2004 02:28:51 -0000 1.9
@@ -72,8 +72,9 @@
protected ReadOnlyContext componentContext;
protected TransactionPolicyManager transactionPolicyManager;
protected PermissionManager permissionManager;
- protected boolean setIdentityEnabled = false;
+ protected boolean doAsCurrentCaller = false;
protected boolean securityEnabled = false;
+ protected boolean useContextHandler = false;
protected transient TransactionContextManager transactionContextManager;
protected transient TrackedConnectionAssociator trackedConnectionAssociator;
protected transient InstancePool instancePool;
@@ -115,12 +116,16 @@
this.permissionManager = permissionManager;
}
- public void setSetIdentityEnabled(boolean setIdentityEnabled) {
- this.setIdentityEnabled = setIdentityEnabled;
+ public void setDoAsCurrentCaller(boolean doAsCurrentCaller) {
+ this.doAsCurrentCaller = doAsCurrentCaller;
}
public void setSecurityEnabled(boolean securityEnabled) {
this.securityEnabled = securityEnabled;
+ }
+
+ public void setUseContextHandler(boolean useContextHandler) {
+ this.useContextHandler = useContextHandler;
}
public void setTransactionContextManager(TransactionContextManager
transactionContextManager) {
1.16 +146 -71
openejb/modules/core/src/java/org/openejb/GenericEJBContainer.java
Index: GenericEJBContainer.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/core/src/java/org/openejb/GenericEJBContainer.java,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- GenericEJBContainer.java 20 Jul 2004 23:40:01 -0000 1.15
+++ GenericEJBContainer.java 27 Jul 2004 02:28:51 -0000 1.16
@@ -47,15 +47,31 @@
*/
package org.openejb;
-import java.lang.reflect.Method;
-import java.rmi.RemoteException;
-
import javax.ejb.EJBHome;
import javax.ejb.EJBLocalHome;
import javax.ejb.EJBLocalObject;
import javax.ejb.EJBObject;
import javax.ejb.Handle;
import javax.management.ObjectName;
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyConfigurationFactory;
+import javax.security.jacc.PolicyContextException;
+import java.lang.reflect.Method;
+import java.rmi.RemoteException;
+import java.security.Permissions;
+import java.util.Iterator;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.openejb.cache.InstancePool;
+import org.openejb.client.EJBObjectHandler;
+import org.openejb.client.EJBObjectProxy;
+import org.openejb.dispatch.InterfaceMethodSignature;
+import org.openejb.dispatch.SystemMethodIndices;
+import org.openejb.proxy.EJBProxyFactory;
+import org.openejb.proxy.ProxyInfo;
+import org.openejb.security.SecurityConfiguration;
+import org.openejb.timer.BasicTimerService;
import org.apache.geronimo.core.service.Interceptor;
import org.apache.geronimo.core.service.Invocation;
@@ -64,25 +80,20 @@
import org.apache.geronimo.gbean.GBeanInfoFactory;
import org.apache.geronimo.gbean.GBeanLifecycle;
import org.apache.geronimo.gbean.WaitingException;
+import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.security.GeronimoSecurityException;
+import org.apache.geronimo.timer.ThreadPooledTimer;
import org.apache.geronimo.transaction.TrackedConnectionAssociator;
import org.apache.geronimo.transaction.UserTransactionImpl;
import org.apache.geronimo.transaction.context.TransactionContextManager;
-import org.apache.geronimo.timer.ThreadPooledTimer;
-import org.apache.geronimo.timer.PersistenceException;
-import org.apache.geronimo.kernel.Kernel;
-import org.openejb.cache.InstancePool;
-import org.openejb.client.EJBObjectHandler;
-import org.openejb.client.EJBObjectProxy;
-import org.openejb.dispatch.InterfaceMethodSignature;
-import org.openejb.dispatch.SystemMethodIndices;
-import org.openejb.proxy.EJBProxyFactory;
-import org.openejb.proxy.ProxyInfo;
-import org.openejb.timer.BasicTimerService;
+
/**
* @version $Revision$ $Date$
*/
public class GenericEJBContainer implements EJBContainer, GBeanLifecycle {
+ private static Log log = LogFactory.getLog(GenericEJBContainer.class);
+
private final ClassLoader classLoader;
private final Object containerId;
private final String ejbName;
@@ -94,25 +105,28 @@
private final String[] jndiNames;
private final String[] localJndiNames;
+
+ private final SecurityConfiguration securityConfiguration;
+ private transient PolicyConfiguration policyConfiguration;
private final BasicTimerService timerService;
- public GenericEJBContainer(
- Object containerId,
- String ejbName,
- ProxyInfo proxyInfo,
- InterfaceMethodSignature[] signatures,
- InstanceContextFactory contextFactory,
- InterceptorBuilder interceptorBuilder,
- InstancePool pool,
- UserTransactionImpl userTransaction,
- String[] jndiNames,
- String[] localJndiNames,
- TransactionContextManager transactionContextManager,
- TrackedConnectionAssociator trackedConnectionAssociator,
- ThreadPooledTimer timer,
- String objectName,
- Kernel kernel) throws Exception {
+ public GenericEJBContainer(Object containerId,
+ String ejbName,
+ ProxyInfo proxyInfo,
+ InterfaceMethodSignature[] signatures,
+ InstanceContextFactory contextFactory,
+ InterceptorBuilder interceptorBuilder,
+ InstancePool pool,
+ UserTransactionImpl userTransaction,
+ String[] jndiNames,
+ String[] localJndiNames,
+ TransactionContextManager transactionContextManager,
+ TrackedConnectionAssociator
trackedConnectionAssociator,
+ ThreadPooledTimer timer,
+ String objectName,
+ Kernel kernel,
+ SecurityConfiguration securityConfiguration) throws
Exception {
assert (containerId != null);
assert (ejbName != null && ejbName.length() > 0);
@@ -160,6 +174,8 @@
userTransaction.setUp(transactionContextManager,
trackedConnectionAssociator);
}
+ this.securityConfiguration = securityConfiguration;
+
// TODO maybe there is a more suitable place to do this. Maybe not.
setupJndi();
@@ -271,45 +287,101 @@
return this;
}
+ private static String[] copyNames(String[] names) {
+ if (names == null) {
+ return null;
+ }
+ int length = names.length;
+ String[] copy = new String[length];
+ System.arraycopy(names, 0, copy, 0, length);
+ return copy;
+ }
+
+ public SecurityConfiguration getSecurityConfiguration() {
+ return securityConfiguration;
+ }
+
+ private void setupJndi() {
+ /* Add Geronimo JNDI service ///////////////////// */
+ String str = System.getProperty(javax.naming.Context.URL_PKG_PREFIXES);
+ if (str == null)
+ str = ":org.apache.geronimo.naming";
+ else
+ str = str + ":org.apache.geronimo.naming";
+ System.setProperty(javax.naming.Context.URL_PKG_PREFIXES, str);
+ }
+
public void doStart() throws WaitingException, Exception {
+
if (timerService != null) {
timerService.doStart();
}
+
+ if (this.securityConfiguration != null) {
+ /**
+ * Get the JACC policy configuration that's associated with this
+ * EJB container and configure it with the geronimo security
+ * configuration. The work for this is done by the class
+ * JettyXMLConfiguration.
+ */
+ try {
+ PolicyConfigurationFactory factory =
PolicyConfigurationFactory.getPolicyConfigurationFactory();
+
+ policyConfiguration =
factory.getPolicyConfiguration(securityConfiguration.getPolicyContextId(), true);
+
+
policyConfiguration.addToExcludedPolicy(securityConfiguration.getExcludedPolicy());
+
policyConfiguration.addToUncheckedPolicy(securityConfiguration.getUncheckedPolicy());
+ Iterator roles =
securityConfiguration.getRolePolicies().keySet().iterator();
+ while (roles.hasNext()) {
+ String role = (String) roles.next();
+
+ policyConfiguration.addToRole(role, (Permissions)
securityConfiguration.getRolePolicies().get(role));
+ }
+
+ // ((JettyXMLConfiguration)
this.getConfiguration()).configure(policyConfiguration, securityConfig);
+ policyConfiguration.commit();
+ } catch (ClassNotFoundException e) {
+ // do nothing
+ } catch (PolicyContextException e) {
+ // do nothing
+ } catch (GeronimoSecurityException e) {
+ // do nothing
+ }
+ log.debug("Using JACC policy '" +
securityConfiguration.getPolicyContextId() + "'");
+ }
+ log.info("GenericEJBContainer '" + containerId + "'started");
}
- public void doStop() throws PersistenceException {
+ public void doStop() throws WaitingException, Exception {
if (timerService != null) {
timerService.doStop();
}
+
+ if (this.securityConfiguration != null) {
+ /**
+ * Delete the policy configuration for this web application
+ */
+ if (policyConfiguration != null) policyConfiguration.delete();
+
+ }
+ log.info("GenericEJBContainer '" + containerId + "' stopped");
}
public void doFail() {
try {
doStop();
- } catch (PersistenceException e) {
+ } catch (Exception e) {
//todo fix this
throw new RuntimeException(e);
}
- }
- private static String[] copyNames(String[] names) {
- if (names == null) {
- return null;
+ try {
+ if (policyConfiguration != null) policyConfiguration.delete();
+ } catch (PolicyContextException e) {
+ // do nothing
}
- int length = names.length;
- String[] copy = new String[length];
- System.arraycopy(names, 0, copy, 0, length);
- return copy;
- }
- private void setupJndi() {
- /* Add Geronimo JNDI service ///////////////////// */
- String str = System.getProperty(javax.naming.Context.URL_PKG_PREFIXES);
- if (str == null)
- str = ":org.apache.geronimo.naming";
- else
- str = str + ":org.apache.geronimo.naming";
- System.setProperty(javax.naming.Context.URL_PKG_PREFIXES, str);
+ log.info("GenericEJBContainer '" + containerId + "'failed");
}
public static final GBeanInfo GBEAN_INFO;
@@ -317,16 +389,16 @@
static {
GBeanInfoFactory infoFactory = new
GBeanInfoFactory(GenericEJBContainer.class);
- infoFactory.addAttribute("containerID", Object.class, true);
- infoFactory.addAttribute("ejbName", String.class, true);
- infoFactory.addAttribute("proxyInfo", ProxyInfo.class, true);
- infoFactory.addAttribute("signatures", InterfaceMethodSignature[].class,
true);
- infoFactory.addAttribute("contextFactory", InstanceContextFactory.class,
true);
- infoFactory.addAttribute("interceptorBuilder", InterceptorBuilder.class,
true);
- infoFactory.addAttribute("pool", InstancePool.class, true);
- infoFactory.addAttribute("userTransaction", UserTransactionImpl.class,
true);
- infoFactory.addAttribute("jndiNames", String[].class, true);
- infoFactory.addAttribute("localJndiNames", String[].class, true);
+ infoFactory.addAttribute("ContainerID", Object.class, true);
+ infoFactory.addAttribute("EJBName", String.class, true);
+ infoFactory.addAttribute("ProxyInfo", ProxyInfo.class, true);
+ infoFactory.addAttribute("Signatures", InterfaceMethodSignature[].class,
true);
+ infoFactory.addAttribute("ContextFactory", InstanceContextFactory.class,
true);
+ infoFactory.addAttribute("InterceptorBuilder", InterceptorBuilder.class,
true);
+ infoFactory.addAttribute("Pool", InstancePool.class, true);
+ infoFactory.addAttribute("UserTransaction", UserTransactionImpl.class,
true);
+ infoFactory.addAttribute("JndiNames", String[].class, true);
+ infoFactory.addAttribute("LocalJndiNames", String[].class, true);
infoFactory.addReference("TransactionContextManager",
TransactionContextManager.class);
infoFactory.addReference("TrackedConnectionAssociator",
TrackedConnectionAssociator.class);
@@ -341,22 +413,25 @@
infoFactory.addAttribute("ejbLocalHome", EJBLocalHome.class, false);
infoFactory.addAttribute("unmanagedReference", EJBContainer.class, false);
+ infoFactory.addAttribute("SecurityConfiguration",
SecurityConfiguration.class, true);
+
infoFactory.setConstructor(new String[]{
- "containerID",
- "ejbName",
- "proxyInfo",
- "signatures",
- "contextFactory",
- "interceptorBuilder",
- "pool",
- "userTransaction",
- "jndiNames",
- "localJndiNames",
+ "ContainerID",
+ "EJBName",
+ "ProxyInfo",
+ "Signatures",
+ "ContextFactory",
+ "InterceptorBuilder",
+ "Pool",
+ "UserTransaction",
+ "JndiNames",
+ "LocalJndiNames",
"TransactionContextManager",
"TrackedConnectionAssociator",
"Timer",
"objectName",
- "kernel"});
+ "kernel",
+ "SecurityConfiguration"});
GBEAN_INFO = infoFactory.getBeanInfo();
}
