tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rmannibu...@apache.org
Subject svn commit: r1356446 - in /openejb/trunk/openejb: container/openejb-core/src/main/java/org/apache/openejb/config/ container/openejb-core/src/main/java/org/apache/openejb/security/ container/openejb-core/src/main/java/org/apache/openejb/security/interna...
Date Mon, 02 Jul 2012 19:59:32 GMT
Author: rmannibucau
Date: Mon Jul  2 19:59:31 2012
New Revision: 1356446

URL: http://svn.apache.org/viewvc?rev=1356446&view=rev
Log:
TOMEE-266 internal ejbs can be secured with JAAS + system property openejb.internal.beans.security.enabled=true

Added:
    openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/security/
    openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/security/internal/
    openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/security/internal/InternalSecurityInterceptor.java
Modified:
    openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/config/SystemApps.java
    openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractAddressMojo.java
    openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractCommandMojo.java
    openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java

Modified: openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/config/SystemApps.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/config/SystemApps.java?rev=1356446&r1=1356445&r2=1356446&view=diff
==============================================================================
--- openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/config/SystemApps.java
(original)
+++ openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/config/SystemApps.java
Mon Jul  2 19:59:31 2012
@@ -20,11 +20,15 @@ import org.apache.openejb.assembler.Depl
 import org.apache.openejb.assembler.classic.cmd.ConfigurationInfoEjb;
 import org.apache.openejb.assembler.monitoring.JMXDeployer;
 import org.apache.openejb.jee.EjbJar;
+import org.apache.openejb.jee.EnterpriseBean;
+import org.apache.openejb.jee.Interceptor;
+import org.apache.openejb.jee.InterceptorBinding;
 import org.apache.openejb.jee.SingletonBean;
 import org.apache.openejb.jee.StatelessBean;
 import org.apache.openejb.jee.oejb3.EjbDeployment;
 import org.apache.openejb.jee.oejb3.OpenejbJar;
 import org.apache.openejb.mgmt.MEJBBean;
+import org.apache.openejb.security.internal.InternalSecurityInterceptor;
 
 /**
  * Avoids the needs to scan the classpath to load system applications that are used
@@ -41,6 +45,8 @@ public class SystemApps {
         ejbJar.addEnterpriseBean(new StatelessBean(null, DeployerEjb.class));
         ejbJar.addEnterpriseBean(new StatelessBean(null, ConfigurationInfoEjb.class));
         ejbJar.addEnterpriseBean(new StatelessBean(null, MEJBBean.class));
+        ejbJar.addInterceptor(new Interceptor(InternalSecurityInterceptor.class));
+        ejbJar.getAssemblyDescriptor().addInterceptorBinding(new InterceptorBinding("*",
InternalSecurityInterceptor.class.getName()));
         module.getMbeans().add(JMXDeployer.class.getName());
 
         final String className = "org.apache.tomee.catalina.deployer.WebappDeployer";

Added: openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/security/internal/InternalSecurityInterceptor.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/security/internal/InternalSecurityInterceptor.java?rev=1356446&view=auto
==============================================================================
--- openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/security/internal/InternalSecurityInterceptor.java
(added)
+++ openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/security/internal/InternalSecurityInterceptor.java
Mon Jul  2 19:59:31 2012
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ */
+package org.apache.openejb.security.internal;
+
+import org.apache.openejb.loader.SystemInstance;
+import org.apache.openejb.spi.Assembler;
+import org.apache.openejb.spi.SecurityService;
+
+import javax.interceptor.AroundInvoke;
+import javax.interceptor.InvocationContext;
+
+public class InternalSecurityInterceptor {
+    public static final String OPENEJB_INTERNAL_BEANS_SECURITY_ENABLED = "openejb.internal.beans.security.enabled";
+
+    private static String[] ROLES = new String[] { "openejb-admin", "tomee-admin" };
+
+    @AroundInvoke
+    public Object invoke(final InvocationContext ic) throws Exception {
+        if (!SystemInstance.get().getOptions().get(OPENEJB_INTERNAL_BEANS_SECURITY_ENABLED,
false)) {
+            return ic.proceed();
+        }
+
+        final SecurityService<?> ss = SystemInstance.get().getComponent(Assembler.class).getSecurityService();
+        for (String role : ROLES) {
+            if (ss.isCallerInRole(role)) {
+                return ic.proceed();
+            }
+        }
+
+        throw new SecurityException("to invoke this EJB you need to get the right permission");
+    }
+}

Modified: openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractAddressMojo.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractAddressMojo.java?rev=1356446&r1=1356445&r2=1356446&view=diff
==============================================================================
--- openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractAddressMojo.java
(original)
+++ openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractAddressMojo.java
Mon Jul  2 19:59:31 2012
@@ -29,4 +29,19 @@ public abstract class AbstractAddressMoj
      * @parameter expression="${tomee-plugin.host}" default-value="localhost"
      */
     protected String tomeeHost;
+
+    /**
+     * @parameter expression="${tomee-plugin.user}"
+     */
+    protected String user;
+
+    /**
+     * @parameter expression="${tomee-plugin.pwd}"
+     */
+    protected String password;
+
+    /**
+     * @parameter expression="${tomee-plugin.realm}"
+     */
+    protected String realm;
 }

Modified: openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractCommandMojo.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractCommandMojo.java?rev=1356446&r1=1356445&r2=1356446&view=diff
==============================================================================
--- openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractCommandMojo.java
(original)
+++ openejb/trunk/openejb/maven/tomee-maven-plugin/src/main/java/org/apache/openejb/maven/plugin/AbstractCommandMojo.java
Mon Jul  2 19:59:31 2012
@@ -26,6 +26,16 @@ public abstract class AbstractCommandMoj
         final Properties props = new Properties();
         props.put(Context.INITIAL_CONTEXT_FACTORY, "org.apache.openejb.client.RemoteInitialContextFactory");
         props.put(Context.PROVIDER_URL, "http://" + tomeeHost + ":" + tomeeHttpPort + "/tomee/ejb");
+        if (user != null) {
+            props.put(Context.SECURITY_PRINCIPAL, user);
+        }
+        if (password != null) {
+            props.put(Context.SECURITY_PRINCIPAL, password);
+        }
+        if (realm != null) {
+            props.put("openejb.authentication.realmName", realm);
+        }
+
         try {
             return new InitialContext(props).lookup(name);
         } catch (Exception e) {

Modified: openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java?rev=1356446&r1=1356445&r2=1356446&view=diff
==============================================================================
--- openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java
(original)
+++ openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java
Mon Jul  2 19:59:31 2012
@@ -241,4 +241,5 @@ public class TomcatSecurityService exten
             this.hadRunAs = hadRunAs;
         }
     }
+
 }



Mime
View raw message