tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rmannibu...@apache.org
Subject svn commit: r1491251 - in /tomee/tomee/trunk/container: openejb-core/src/main/java/org/apache/openejb/ openejb-core/src/main/java/org/apache/openejb/assembler/classic/ openejb-core/src/main/java/org/apache/openejb/config/ openejb-core/src/main/java/org...
Date Sun, 09 Jun 2013 17:44:31 GMT
Author: rmannibucau
Date: Sun Jun  9 17:44:31 2013
New Revision: 1491251

URL: http://svn.apache.org/r1491251
Log:
TOMEE-968 adding role mapping in openejb-jar.xml to be able to map a principal to a runas
role

Added:
    tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java
Modified:
    tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/BeanContext.java
    tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java
    tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanInfo.java
    tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/config/EjbJarInfoBuilder.java
    tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
    tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/RunAs.java
    tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/EjbDeployment.java

Modified: tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/BeanContext.java
URL: http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/BeanContext.java?rev=1491251&r1=1491250&r2=1491251&view=diff
==============================================================================
--- tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/BeanContext.java
(original)
+++ tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/BeanContext.java
Sun Jun  9 17:44:31 2013
@@ -206,6 +206,7 @@ public class BeanContext extends Deploym
 
     private String ejbName;
     private String runAs;
+    private String runAsUser;
 
     private final BeanType componentType;
 
@@ -1335,12 +1336,23 @@ public class BeanContext extends Deploym
         return runAs;
     }
 
+    public String getRunAsUser() {
+        return runAsUser;
+    }
+
     public void setEjbName(final String ejbName) {
         this.ejbName = ejbName;
     }
 
     public void setRunAs(final String runAs) {
         this.runAs = runAs;
+        if (runAsUser == null) { // default user
+            runAsUser = runAs;
+        }
+    }
+
+    public void setRunAsUser(final String runAsUser) { // principal
+        this.runAsUser = runAsUser;
     }
 
     public String toString() {

Modified: tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java
URL: http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java?rev=1491251&r1=1491250&r2=1491251&view=diff
==============================================================================
--- tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java
(original)
+++ tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanBuilder.java
Sun Jun  9 17:44:31 2013
@@ -163,6 +163,7 @@ class EnterpriseBeanBuilder {
         deployment.setEjbName(bean.ejbName);
 
         deployment.setRunAs(bean.runAs);
+        deployment.setRunAsUser(bean.runAsUser);
 
         deployment.getInjections().addAll(injections);
 

Modified: tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanInfo.java
URL: http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanInfo.java?rev=1491251&r1=1491250&r2=1491251&view=diff
==============================================================================
--- tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanInfo.java
(original)
+++ tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/EnterpriseBeanInfo.java
Sun Jun  9 17:44:31 2013
@@ -65,6 +65,7 @@ public abstract class EnterpriseBeanInfo
     public NamedMethodInfo timeoutMethod;
 
     public String runAs;
+    public String runAsUser;
 
     public final List<SecurityRoleReferenceInfo> securityRoleReferences = new ArrayList<SecurityRoleReferenceInfo>();
 
@@ -91,5 +92,4 @@ public abstract class EnterpriseBeanInfo
     public List<MethodScheduleInfo> methodScheduleInfos = new ArrayList<MethodScheduleInfo>();
 
     public boolean restService;
-
 }

Modified: tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/config/EjbJarInfoBuilder.java
URL: http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/config/EjbJarInfoBuilder.java?rev=1491251&r1=1491250&r2=1491251&view=diff
==============================================================================
--- tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/config/EjbJarInfoBuilder.java
(original)
+++ tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/config/EjbJarInfoBuilder.java
Sun Jun  9 17:44:31 2013
@@ -91,6 +91,7 @@ import org.apache.openejb.jee.Transactio
 import org.apache.openejb.jee.oejb3.EjbDeployment;
 import org.apache.openejb.jee.oejb3.Jndi;
 import org.apache.openejb.jee.oejb3.ResourceLink;
+import org.apache.openejb.jee.oejb3.RoleMapping;
 import org.apache.openejb.util.LogCategory;
 import org.apache.openejb.util.Logger;
 import org.apache.openejb.util.Messages;
@@ -181,6 +182,16 @@ public class EjbJarInfoBuilder {
 
             if (bean.getSecurityIdentity() != null) {
                 beanInfo.runAs = bean.getSecurityIdentity().getRunAs();
+
+                final EjbDeployment deployment = ejbds.get(beanInfo.ejbName);
+                if (deployment != null) {
+                    for (final RoleMapping mapping : deployment.getRoleMapping()) {
+                        if (mapping.getRoleName().equals(beanInfo.runAs)) {
+                            beanInfo.runAsUser = mapping.getPrincipalName();
+                            break;
+                        }
+                    }
+                }
             }
 
             initJndiNames(ejbds, bean, beanInfo);

Modified: tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
URL: http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java?rev=1491251&r1=1491250&r2=1491251&view=diff
==============================================================================
--- tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
(original)
+++ tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
Sun Jun  9 17:44:31 2013
@@ -110,7 +110,7 @@ public abstract class AbstractSecuritySe
 
     // update the current subject and security context
     private void updateSecurityContext() {
-        defaultSubject = createSubject(defaultUser);
+        defaultSubject = createSubject(defaultUser, defaultUser);
         defaultContext = new SecurityContext(defaultSubject);
     }
 
@@ -165,13 +165,11 @@ public abstract class AbstractSecuritySe
         if (callingBeanContext == null) {
             return null;
         }
-
-        final String runAsRole = callingBeanContext.getRunAs();
-        return createRunAsSubject(runAsRole);
+        return createRunAsSubject(callingBeanContext.getRunAsUser(), callingBeanContext.getRunAs());
     }
 
-    protected Subject createRunAsSubject(final String runAsRole) {
-        return createSubject(runAsRole);
+    protected Subject createRunAsSubject(final String runAsUser, final String runAsRole)
{
+        return createSubject(runAsUser, runAsRole);
     }
 
     @Override
@@ -329,13 +327,13 @@ public abstract class AbstractSecuritySe
         }
     }
 
-    protected Subject createSubject(final String name) {
+    protected Subject createSubject(final String name, final String groupName) {
         if (name == null) {
             return null;
         }
 
         final User user = new User(name);
-        final Group group = new Group(name);
+        final Group group = new Group(groupName);
         group.addMember(user);
 
         final HashSet<Principal> principals = new HashSet<Principal>();
@@ -433,6 +431,7 @@ public abstract class AbstractSecuritySe
         }
     }
 
+    @CallerPrincipal // to force it to be before group in getCallerPrincipal, otherwise we
aren't deterministic
     public static class User implements Principal {
 
         private final String name;

Modified: tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/RunAs.java
URL: http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/RunAs.java?rev=1491251&r1=1491250&r2=1491251&view=diff
==============================================================================
--- tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/RunAs.java
(original)
+++ tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/RunAs.java
Sun Jun  9 17:44:31 2013
@@ -63,8 +63,10 @@ public class RunAs {
 
     @XmlTransient
     protected TextMap description = new TextMap();
+
     @XmlElement(name = "role-name", required = true)
     protected String roleName;
+
     @XmlAttribute
     @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
     @XmlID

Modified: tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/EjbDeployment.java
URL: http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/EjbDeployment.java?rev=1491251&r1=1491250&r2=1491251&view=diff
==============================================================================
--- tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/EjbDeployment.java
(original)
+++ tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/EjbDeployment.java
Sun Jun  9 17:44:31 2013
@@ -35,7 +35,7 @@ import java.util.Iterator;
 import java.util.Properties;
 
 @XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(propOrder = {"jndi","ejbLink", "resourceLink", "query", "properties"})
+@XmlType(propOrder = {"jndi","ejbLink", "resourceLink", "query", "roleMapping", "properties"})
 @XmlRootElement(name = "ejb-deployment")
 public class EjbDeployment {
 
@@ -51,6 +51,9 @@ public class EjbDeployment {
     @XmlElement(required = true)
     protected List<Query> query;
 
+    @XmlElement(name = "role-mapping")
+    protected List<RoleMapping> roleMapping;
+
     @XmlAttribute(name = "container-id")
     protected String containerId;
 
@@ -188,4 +191,11 @@ public class EjbDeployment {
     public void addProperty(String key, String value) {
         getProperties().setProperty(key, value);
     }
+
+    public List<RoleMapping> getRoleMapping() {
+        if (roleMapping == null) {
+            roleMapping = new ArrayList<RoleMapping>();
+        }
+        return roleMapping;
+    }
 }

Added: tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java
URL: http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java?rev=1491251&view=auto
==============================================================================
--- tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java
(added)
+++ tomee/tomee/trunk/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java
Sun Jun  9 17:44:31 2013
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.jee.oejb3;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "", propOrder = {
+        "roleName",
+        "principalName"
+})
+public class RoleMapping {
+    @XmlElement(name = "role-name", required = true)
+    protected String roleName;
+
+    @XmlElement(name = "principal-name", required = true)
+    protected String principalName;
+
+    public String getRoleName() {
+        return roleName;
+    }
+
+    public void setRoleName(final String roleName) {
+        this.roleName = roleName;
+    }
+
+    public String getPrincipalName() {
+        return principalName;
+    }
+
+    public void setPrincipalName(final String principalName) {
+        this.principalName = principalName;
+    }
+}



Mime
View raw message