Example 1 with Role
use of org.glassfish.security.common.Role in project Payara by payara.
the class SecurityIdentityRefs method check.
/**
* Security role references test.
* The Bean provider must declare all of the enterprise's bean references
* to security roles as specified in section 15.2.1.3 of the Moscone spec.
* Role names must be mapped to names within the jar.
*
* @param descriptor the Enterprise Java Bean deployment descriptor
*
* @return <code>Result</code> the results for this assertion
*/
public Result check(EjbDescriptor descriptor) {
Result result = getInitializedResult();
ComponentNameConstructor compName = getVerifierContext().getComponentNameConstructor();
if (descriptor.getUsesCallerIdentity()) {
result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.notApplicable(smh.getLocalString("com.sun.enterprise.tools.verifier.tests.ejb.SecurityIdentityRefs.notApplicable3", "Bean [ {0} ] does not specify a run-as identity", new Object[] { descriptor.getName() }));
return result;
}
RunAsIdentityDescriptor identity = descriptor.getRunAsIdentity();
if (identity == null) {
result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.notApplicable(smh.getLocalString("com.sun.enterprise.tools.verifier.tests.ejb.SecurityIdentityRefs.notApplicable2", "Bean [ {0} ] does not specify a security identity", new Object[] { descriptor.getName() }));
return result;
}
EjbBundleDescriptorImpl bundleDescriptor = descriptor.getEjbBundleDescriptor();
Set roles = bundleDescriptor.getRoles();
Iterator roleIterator = roles.iterator();
while (roleIterator.hasNext()) {
Role role = (Role) roleIterator.next();
if (role.getName().equals(identity.getRoleName())) {
result.addGoodDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.passed(smh.getLocalString("com.sun.enterprise.tools.verifier.tests.ejb.SecurityIdentityRefs.passed", "Security identity run-as specified identity [ {0} ] role is found in the list of roles", new Object[] { role.getName() }));
return result;
}
}
result.addErrorDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.failed(smh.getLocalString("com.sun.enterprise.tools.verifier.tests.ejb.SecurityIdentityRefs.failed", "Security identity run-as specified identity [ {0} ] role is not valid", new Object[] { identity.getRoleName() }));
return result;
}
Also used :
Role(org.glassfish.security.common.Role)
Set(java.util.Set)
RunAsIdentityDescriptor(com.sun.enterprise.deployment.RunAsIdentityDescriptor)
Iterator(java.util.Iterator)
ComponentNameConstructor(com.sun.enterprise.tools.verifier.tests.ComponentNameConstructor)
Result(com.sun.enterprise.tools.verifier.Result)
EjbBundleDescriptorImpl(org.glassfish.ejb.deployment.descriptor.EjbBundleDescriptorImpl)
Example 2 with Role
use of org.glassfish.security.common.Role in project Payara by payara.
the class SecurityRolesRefs method check.
/**
* Security role references test.
* The Bean provider must declare all of the enterprise's bean references
* to security roles as specified in section 15.2.1.3 of the Moscone spec.
* Role names must be mapped to names within the jar.
*
* @param descriptor the Enterprise Java Bean deployment descriptor
*
* @return <code>Result</code> the results for this assertion
*/
public Result check(EjbDescriptor descriptor) {
Result result = getInitializedResult();
ComponentNameConstructor compName = getVerifierContext().getComponentNameConstructor();
if ((descriptor instanceof EjbEntityDescriptor) || (descriptor instanceof EjbSessionDescriptor)) {
// RULE: Role names must be mapped to names within the ejb-jar
Set roleReferences = descriptor.getRoleReferences();
Iterator roleRefsIterator = roleReferences.iterator();
EjbBundleDescriptorImpl bundleDescriptor = descriptor.getEjbBundleDescriptor();
Set roles = bundleDescriptor.getRoles();
Iterator roleIterator = roles.iterator();
Role role = null;
RoleReference roleReference = null;
boolean found = false;
boolean oneFailed = false;
if (roleRefsIterator.hasNext()) {
while (roleRefsIterator.hasNext()) {
found = false;
roleReference = (RoleReference) roleRefsIterator.next();
while (roleIterator.hasNext()) {
role = (Role) roleIterator.next();
if (role.getName().equals(roleReference.getValue())) {
found = true;
// reset this so next time it drop back into here
roleIterator = roles.iterator();
break;
}
}
if (!found) {
// print the roleReference with no corresponding env-prop
result.addErrorDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.addErrorDetails(smh.getLocalString(getClass().getName() + ".failed", "Erro: The security role reference [ {0} ] has no corresponding linked security role name [ {1} ]", new Object[] { roleReference.getName(), roleReference.getValue() }));
if (!oneFailed) {
oneFailed = true;
}
} else {
result.addGoodDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.addGoodDetails(smh.getLocalString(getClass().getName() + ".passed", "The security role reference [ {0} ] has corresponding linked security role name [ {1} ]", new Object[] { roleReference.getName(), roleReference.getValue() }));
}
}
} else {
result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.notApplicable(smh.getLocalString(getClass().getName() + ".notApplicable1", "There are no role references within this bean [ {0} ]", new Object[] { descriptor.getName() }));
return result;
}
// status got stomped on within the while loop by the next env-prop
if (oneFailed) {
result.setStatus(Result.FAILED);
} else {
result.setStatus(Result.PASSED);
}
return result;
} else {
result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.notApplicable(smh.getLocalString(getClass().getName() + ".notApplicable", "[ {0} ] not called \n with a Session or Entity bean.", new Object[] { getClass() }));
return result;
}
}
Also used :
Role(org.glassfish.security.common.Role)
EjbEntityDescriptor(org.glassfish.ejb.deployment.descriptor.EjbEntityDescriptor)
Set(java.util.Set)
RoleReference(com.sun.enterprise.deployment.RoleReference)
Iterator(java.util.Iterator)
EjbSessionDescriptor(org.glassfish.ejb.deployment.descriptor.EjbSessionDescriptor)
ComponentNameConstructor(com.sun.enterprise.tools.verifier.tests.ComponentNameConstructor)
Result(com.sun.enterprise.tools.verifier.Result)
EjbBundleDescriptorImpl(org.glassfish.ejb.deployment.descriptor.EjbBundleDescriptorImpl)
Example 3 with Role
use of org.glassfish.security.common.Role in project Payara by payara.
the class RoleNameNMTOKEN method check.
/**
* The role-name element must conform to the lexical rules for an NMTOKEN
*
* @param descriptor the Enterprise Java Bean deployment descriptor
*
* @return <code>Result</code> the results for this assertion
*/
public Result check(EjbDescriptor descriptor) {
Result result = getInitializedResult();
ComponentNameConstructor compName = getVerifierContext().getComponentNameConstructor();
if (!descriptor.getPermissionedRoles().isEmpty()) {
for (Iterator itr = descriptor.getPermissionedRoles().iterator(); itr.hasNext(); ) {
Role nextRole = (Role) itr.next();
if (NameToken.isNMTOKEN(nextRole.getName())) {
result.addGoodDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.addGoodDetails(smh.getLocalString(getClass().getName() + ".passed", "Role name [ {0} ] conforms to the lexical rules of NMTOKEN within bean [ {1} ]", new Object[] { nextRole.getName(), descriptor.getName() }));
if (result.getStatus() != Result.FAILED)
result.setStatus(Result.PASSED);
} else {
result.addErrorDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.failed(smh.getLocalString(getClass().getName() + ".failed", "Role name [ {0} ] does not conform to the lexical rules of NMTOKEN within bean [ {1} ]", new Object[] { nextRole.getName(), descriptor.getName() }));
}
}
} else {
result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.notApplicable(smh.getLocalString(getClass().getName() + ".notApplicable", "No permissioned roles defined for this bean [ {0} ]", new Object[] { descriptor.getName() }));
}
return result;
}
Also used :
Role(org.glassfish.security.common.Role)
Iterator(java.util.Iterator)
ComponentNameConstructor(com.sun.enterprise.tools.verifier.tests.ComponentNameConstructor)
Result(com.sun.enterprise.tools.verifier.Result)
Example 4 with Role
use of org.glassfish.security.common.Role in project Payara by payara.
the class SecurityRolesBind method check.
/**
* If the Application assembler defines security roles in the deployment
* descriptor, the Application Assembler must bind security role references
* declared by the Bean Provider to the security roles.
*
* @param descriptor the Enterprise Java Bean deployment descriptor
*
* @return <code>Result</code> the results for this assertion
*/
public Result check(EjbDescriptor descriptor) {
Result result = getInitializedResult();
ComponentNameConstructor compName = getVerifierContext().getComponentNameConstructor();
EjbBundleDescriptorImpl bundleDescriptor = descriptor.getEjbBundleDescriptor();
Set ejbs = bundleDescriptor.getEjbs();
Iterator ejbIterator = ejbs.iterator();
EjbDescriptor ejb = null;
Set roleReferences = null;
Iterator roleRefsIterator = null;
Set roles = bundleDescriptor.getRoles();
Iterator rolesIterator = roles.iterator();
RoleReference roleReference = null;
Role role = null;
boolean oneFailed = false;
// check to see if there are any undefined roles being referenced
while (ejbIterator.hasNext()) {
ejb = (EjbDescriptor) ejbIterator.next();
roleReferences = ejb.getRoleReferences();
roleRefsIterator = roleReferences.iterator();
if (roleRefsIterator.hasNext()) {
while (roleRefsIterator.hasNext()) {
roleReference = (RoleReference) roleRefsIterator.next();
role = roleReference.getRole();
if (!role.getName().equals("") && !bundleDescriptor.getRoles().contains(role)) {
// print the undefine role
result.addErrorDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.addErrorDetails(smh.getLocalString(getClass().getName() + ".failed", "Error: The role [ {0} ] for bean [ {1} ] is undefined.", new Object[] { role.getName(), ejb.getName() }));
if (!oneFailed) {
oneFailed = true;
}
} else {
result.addGoodDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.passed(smh.getLocalString(getClass().getName() + ".passed", "The role [ {0} ] for bean [ {1} ] is defined.", new Object[] { role.getName(), ejb.getName() }));
}
}
} else {
result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.notApplicable(smh.getLocalString(getClass().getName() + ".notApplicable", "There are no role references which need to be bound to other security roles within this bean [ {0} ]", new Object[] { ejb.getName() }));
}
}
if (oneFailed) {
result.setStatus(Result.FAILED);
}
return result;
}
Also used :
Role(org.glassfish.security.common.Role)
Set(java.util.Set)
RoleReference(com.sun.enterprise.deployment.RoleReference)
Iterator(java.util.Iterator)
ComponentNameConstructor(com.sun.enterprise.tools.verifier.tests.ComponentNameConstructor)
EjbDescriptor(org.glassfish.ejb.deployment.descriptor.EjbDescriptor)
Result(com.sun.enterprise.tools.verifier.Result)
EjbBundleDescriptorImpl(org.glassfish.ejb.deployment.descriptor.EjbBundleDescriptorImpl)
Example 5 with Role
use of org.glassfish.security.common.Role in project Payara by payara.
the class MethodPermissionNode method setElementValue.
/**
* receives notification of the value for a particular tag
*
* @param element the xml element
* @param value it's associated value
*/
@Override
public void setElementValue(XMLElement element, String value) {
if (TagNames.ROLE_NAME.equals(element.getQName())) {
Role role = new Role(value);
descriptor.addMethodPermission(new MethodPermission(role));
} else {
super.setElementValue(element, value);
}
}
Also used :
Role(org.glassfish.security.common.Role)
MethodPermission(com.sun.enterprise.deployment.MethodPermission)
Aggregations
Role (org.glassfish.security.common.Role)38
RunAsIdentityDescriptor (com.sun.enterprise.deployment.RunAsIdentityDescriptor)7
Iterator (java.util.Iterator)5
DeclareRoles (javax.annotation.security.DeclareRoles)5
RunAs (javax.annotation.security.RunAs)5
Group (org.glassfish.security.common.Group)5
MethodPermission (com.sun.enterprise.deployment.MethodPermission)4
RoleReference (com.sun.enterprise.deployment.RoleReference)4
WebComponentDescriptor (com.sun.enterprise.deployment.WebComponentDescriptor)4
EjbContext (com.sun.enterprise.deployment.annotation.context.EjbContext)4
Result (com.sun.enterprise.tools.verifier.Result)4
ComponentNameConstructor (com.sun.enterprise.tools.verifier.tests.ComponentNameConstructor)4
SecurityRoleMapper (org.glassfish.deployment.common.SecurityRoleMapper)4
EjbDescriptor (com.sun.enterprise.deployment.EjbDescriptor)3
PrincipalNameDescriptor (com.sun.enterprise.deployment.runtime.common.PrincipalNameDescriptor)3
SecurityRoleMapping (com.sun.enterprise.deployment.runtime.common.SecurityRoleMapping)3
SecurityConstraint (com.sun.enterprise.deployment.web.SecurityConstraint)3
SecurityRole (com.sun.enterprise.deployment.web.SecurityRole)3
UserDataConstraint (com.sun.enterprise.deployment.web.UserDataConstraint)3
Set (java.util.Set)3
