Example 11 with MethodPermission
use of com.sun.enterprise.deployment.MethodPermission in project Payara by payara.
the class Audit method dumpDiagnostics.
/**
* Do the work for showACL().
*/
private static void dumpDiagnostics(Application app) {
logger.finest("====[ Role and ACL Summary ]==========");
if (!app.isVirtual()) {
logger.finest("Summary for application: " + app.getRegistrationName());
} else {
logger.finest("Standalone module.");
}
logger.finest("EJB components: " + getEjbComponentCount(app));
logger.finest("Web components: " + getWebComponentCount(app));
Iterator i;
StringBuffer sb;
// show all roles with associated group & user mappings
Set allRoles = app.getRoles();
if (allRoles == null) {
logger.finest("- No roles present.");
return;
}
SecurityRoleMapper rmap = app.getRoleMapper();
if (rmap == null) {
logger.finest("- No role mappings present.");
return;
}
i = allRoles.iterator();
logger.finest("--[ Configured roles and mappings ]--");
HashMap allRoleMap = new HashMap();
while (i.hasNext()) {
Role r = (Role) i.next();
logger.finest(" [" + r.getName() + "]");
allRoleMap.put(r.getName(), new HashSet());
sb = new StringBuffer();
sb.append(" is mapped to groups: ");
Enumeration grps = rmap.getGroupsAssignedTo(r);
while (grps.hasMoreElements()) {
sb.append(grps.nextElement());
sb.append(" ");
}
logger.finest(sb.toString());
sb = new StringBuffer();
sb.append(" is mapped to principals: ");
Enumeration users = rmap.getUsersAssignedTo(r);
while (users.hasMoreElements()) {
sb.append(users.nextElement());
sb.append(" ");
}
logger.finest(sb.toString());
}
// Process all EJB modules
Set ejbDescriptorSet = app.getBundleDescriptors(EjbBundleDescriptor.class);
i = ejbDescriptorSet.iterator();
while (i.hasNext()) {
EjbBundleDescriptor bundle = (EjbBundleDescriptor) i.next();
logger.finest("--[ EJB module: " + bundle.getName() + " ]--");
Set ejbs = bundle.getEjbs();
Iterator it = ejbs.iterator();
while (it.hasNext()) {
EjbDescriptor ejb = (EjbDescriptor) it.next();
logger.finest("EJB: " + ejb.getEjbClassName());
// check and show run-as if present
if (!ejb.getUsesCallerIdentity()) {
RunAsIdentityDescriptor runas = ejb.getRunAsIdentity();
if (runas == null) {
logger.finest(" (ejb does not use caller " + "identity)");
} else {
String role = runas.getRoleName();
String user = runas.getPrincipal();
logger.finest(" Will run-as: Role: " + role + " Principal: " + user);
if (role == null || "".equals(role) || user == null || "".equals(user)) {
if (logger.isLoggable(Level.FINEST)) {
logger.finest("*** Configuration error!");
}
}
}
}
// iterate through available methods
logger.finest(" Method to Role restriction list:");
Set methods = ejb.getMethodDescriptors();
Iterator si = methods.iterator();
while (si.hasNext()) {
MethodDescriptor md = (MethodDescriptor) si.next();
logger.finest(" " + md.getFormattedString());
Set perms = ejb.getMethodPermissionsFor(md);
StringBuffer rbuf = new StringBuffer();
rbuf.append(" can only be invoked by: ");
Iterator sip = perms.iterator();
boolean unchecked = false, excluded = false, roleBased = false;
while (sip.hasNext()) {
MethodPermission p = (MethodPermission) sip.next();
if (p.isExcluded()) {
excluded = true;
logger.finest(" excluded - can not " + "be invoked");
} else if (p.isUnchecked()) {
unchecked = true;
logger.finest(" unchecked - can be " + "invoked by all");
} else if (p.isRoleBased()) {
roleBased = true;
Role r = p.getRole();
rbuf.append(r.getName());
rbuf.append(" ");
// add to role's accessible list
HashSet ram = (HashSet) allRoleMap.get(r.getName());
ram.add(bundle.getName() + ":" + ejb.getEjbClassName() + "." + md.getFormattedString());
}
}
if (roleBased) {
logger.finest(rbuf.toString());
if (excluded || unchecked) {
logger.finest("*** Configuration error!");
}
} else if (unchecked) {
if (excluded) {
logger.finest("*** Configuration error!");
}
Set rks = allRoleMap.keySet();
Iterator rksi = rks.iterator();
while (rksi.hasNext()) {
HashSet ram = (HashSet) allRoleMap.get(rksi.next());
ram.add(bundle.getName() + ":" + ejb.getEjbClassName() + "." + md.getFormattedString());
}
} else if (!excluded) {
logger.finest("*** Configuration error!");
}
}
// IOR config for this ejb
logger.finest(" IOR configuration:");
Set iors = ejb.getIORConfigurationDescriptors();
if (iors != null) {
Iterator iorsi = iors.iterator();
while (iorsi.hasNext()) {
EjbIORConfigurationDescriptor ior = (EjbIORConfigurationDescriptor) iorsi.next();
StringBuffer iorsb = new StringBuffer();
iorsb.append("realm=");
iorsb.append(ior.getRealmName());
iorsb.append(", integrity=");
iorsb.append(ior.getIntegrity());
iorsb.append(", trust-in-target=");
iorsb.append(ior.getEstablishTrustInTarget());
iorsb.append(", trust-in-client=");
iorsb.append(ior.getEstablishTrustInClient());
iorsb.append(", propagation=");
iorsb.append(ior.getCallerPropagation());
iorsb.append(", auth-method=");
iorsb.append(ior.getAuthenticationMethod());
logger.finest(iorsb.toString());
}
}
}
}
// show role->accessible methods list
logger.finest("--[ EJB methods accessible by role ]--");
Set rks = allRoleMap.keySet();
Iterator rksi = rks.iterator();
while (rksi.hasNext()) {
String roleName = (String) rksi.next();
logger.finest(" [" + roleName + "]");
HashSet ram = (HashSet) allRoleMap.get(roleName);
Iterator rami = ram.iterator();
while (rami.hasNext()) {
String meth = (String) rami.next();
logger.finest(" " + meth);
}
}
// Process all Web modules
Set webDescriptorSet = app.getBundleDescriptors(WebBundleDescriptor.class);
i = webDescriptorSet.iterator();
while (i.hasNext()) {
WebBundleDescriptor wbd = (WebBundleDescriptor) i.next();
logger.finest("--[ Web module: " + wbd.getContextRoot() + " ]--");
// login config
LoginConfiguration lconf = wbd.getLoginConfiguration();
if (lconf != null) {
logger.finest(" Login config: realm=" + lconf.getRealmName() + ", method=" + lconf.getAuthenticationMethod() + ", form=" + lconf.getFormLoginPage() + ", error=" + lconf.getFormErrorPage());
}
// get WebComponentDescriptorsSet() info
logger.finest(" Contains components:");
Set webComps = wbd.getWebComponentDescriptors();
Iterator webCompsIt = webComps.iterator();
while (webCompsIt.hasNext()) {
WebComponentDescriptor wcd = (WebComponentDescriptor) webCompsIt.next();
StringBuffer name = new StringBuffer();
name.append(" - " + wcd.getCanonicalName());
name.append(" [ ");
Enumeration urlPs = wcd.getUrlPatterns();
while (urlPs.hasMoreElements()) {
name.append(urlPs.nextElement().toString());
name.append(" ");
}
name.append("]");
logger.finest(name.toString());
RunAsIdentityDescriptor runas = wcd.getRunAsIdentity();
if (runas != null) {
String role = runas.getRoleName();
String user = runas.getPrincipal();
logger.finest(" Will run-as: Role: " + role + " Principal: " + user);
if (role == null || "".equals(role) || user == null || "".equals(user)) {
logger.finest("*** Configuration error!");
}
}
}
// security constraints
logger.finest(" Security constraints:");
Enumeration scEnum = wbd.getSecurityConstraints();
while (scEnum.hasMoreElements()) {
SecurityConstraint sc = (SecurityConstraint) scEnum.nextElement();
for (WebResourceCollection wrc : sc.getWebResourceCollections()) {
// show list of methods for this collection
StringBuffer sbm = new StringBuffer();
for (String httpMethod : wrc.getHttpMethods()) {
sbm.append(httpMethod);
sbm.append(" ");
}
logger.finest(" Using method: " + sbm.toString());
// and then list of url patterns
for (String urlPattern : wrc.getUrlPatterns()) {
logger.finest(" " + urlPattern);
}
}
// end res.collection iterator
// show roles which apply to above set of collections
AuthorizationConstraint authCons = sc.getAuthorizationConstraint();
Enumeration rolesEnum = authCons.getSecurityRoles();
StringBuffer rsb = new StringBuffer();
rsb.append(" Accessible by roles: ");
while (rolesEnum.hasMoreElements()) {
SecurityRole sr = (SecurityRole) rolesEnum.nextElement();
rsb.append(sr.getName());
rsb.append(" ");
}
logger.finest(rsb.toString());
// show transport guarantee
UserDataConstraint udc = sc.getUserDataConstraint();
if (udc != null) {
logger.finest(" Transport guarantee: " + udc.getTransportGuarantee());
}
}
// end sec.constraint
}
// end webDescriptorSet.iterator
logger.finest("======================================");
}
Also used :
SecurityRole(com.sun.enterprise.deployment.web.SecurityRole)
WebResourceCollection(com.sun.enterprise.deployment.web.WebResourceCollection)
RunAsIdentityDescriptor(com.sun.enterprise.deployment.RunAsIdentityDescriptor)
SecurityRoleMapper(org.glassfish.deployment.common.SecurityRoleMapper)
AuthorizationConstraint(com.sun.enterprise.deployment.web.AuthorizationConstraint)
LoginConfiguration(com.sun.enterprise.deployment.web.LoginConfiguration)
MethodDescriptor(com.sun.enterprise.deployment.MethodDescriptor)
EjbDescriptor(com.sun.enterprise.deployment.EjbDescriptor)
MethodPermission(com.sun.enterprise.deployment.MethodPermission)
EjbIORConfigurationDescriptor(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)
SecurityConstraint(com.sun.enterprise.deployment.web.SecurityConstraint)
SecurityRole(com.sun.enterprise.deployment.web.SecurityRole)
Role(org.glassfish.security.common.Role)
WebComponentDescriptor(com.sun.enterprise.deployment.WebComponentDescriptor)
EjbBundleDescriptor(com.sun.enterprise.deployment.EjbBundleDescriptor)
WebBundleDescriptor(com.sun.enterprise.deployment.WebBundleDescriptor)
UserDataConstraint(com.sun.enterprise.deployment.web.UserDataConstraint)
Example 12 with MethodPermission
use of com.sun.enterprise.deployment.MethodPermission in project Payara by payara.
the class RolesAllowedHandler method processEjbMethodSecurity.
/**
* Add roles and permissions to given method in EjbDescriptor.
* @param annotation
* @param ejbDesc
* @param md
*/
@Override
protected void processEjbMethodSecurity(Annotation authAnnotation, MethodDescriptor md, EjbDescriptor ejbDesc) {
RolesAllowed rolesAllowedAn = (RolesAllowed) authAnnotation;
for (String roleName : rolesAllowedAn.value()) {
Role role = new Role(roleName);
// add role if not exists
ejbDesc.getEjbBundleDescriptor().addRole(role);
ejbDesc.addPermissionedMethod(new MethodPermission(role), md);
}
}
Also used :
Role(org.glassfish.security.common.Role)
RolesAllowed(javax.annotation.security.RolesAllowed)
MethodPermission(com.sun.enterprise.deployment.MethodPermission)
Example 13 with MethodPermission
use of com.sun.enterprise.deployment.MethodPermission in project Payara by payara.
the class EjbBundleTracerVisitor method accept.
protected void accept(EjbDescriptor ejb) {
logInfo("==================");
logInfo(ejb.getType() + " Bean " + ejb.getName());
logInfo("\thomeClassName " + ejb.getHomeClassName());
logInfo("\tremoteClassName " + ejb.getRemoteClassName());
logInfo("\tlocalhomeClassName " + ejb.getLocalHomeClassName());
logInfo("\tlocalClassName " + ejb.getLocalClassName());
logInfo("\tremoteBusinessIntfs " + ejb.getRemoteBusinessClassNames());
logInfo("\tlocalBusinessIntfs " + ejb.getLocalBusinessClassNames());
logInfo("\tjndiName " + ejb.getJndiName());
logInfo("\tejbClassName " + ejb.getEjbClassName());
logInfo("\ttransactionType " + ejb.getTransactionType());
if (ejb.getUsesCallerIdentity() == false) {
logInfo("\trun-as role " + ejb.getRunAsIdentity());
} else {
logInfo("\tuse-caller-identity " + ejb.getUsesCallerIdentity());
}
for (EjbReference aRef : ejb.getEjbReferenceDescriptors()) {
accept(aRef);
}
for (Iterator e = ejb.getPermissionedMethodsByPermission().keySet().iterator(); e.hasNext(); ) {
MethodPermission mp = (MethodPermission) e.next();
Set methods = (Set) ejb.getPermissionedMethodsByPermission().get(mp);
accept(mp, methods);
}
if (ejb.getStyledPermissionedMethodsByPermission() != null) {
for (Iterator e = ejb.getStyledPermissionedMethodsByPermission().keySet().iterator(); e.hasNext(); ) {
MethodPermission mp = (MethodPermission) e.next();
Set methods = (Set) ejb.getStyledPermissionedMethodsByPermission().get(mp);
accept(mp, methods);
}
}
for (RoleReference roleRef : ejb.getRoleReferences()) {
accept(roleRef);
}
for (Iterator e = ejb.getMethodContainerTransactions().keySet().iterator(); e.hasNext(); ) {
MethodDescriptor md = (MethodDescriptor) e.next();
ContainerTransaction ct = (ContainerTransaction) ejb.getMethodContainerTransactions().get(md);
accept(md, ct);
}
for (EnvironmentProperty envProp : ejb.getEnvironmentProperties()) {
accept(envProp);
}
for (ResourceReferenceDescriptor next : ejb.getResourceReferenceDescriptors()) {
accept(next);
}
for (ResourceEnvReferenceDescriptor next : ejb.getResourceEnvReferenceDescriptors()) {
accept(next);
}
for (MessageDestinationReferencer next : ejb.getMessageDestinationReferenceDescriptors()) {
accept(next);
}
// referencer as well.
if (ejb.getType().equals(EjbMessageBeanDescriptor.TYPE)) {
MessageDestinationReferencer msgDestReferencer = (MessageDestinationReferencer) ejb;
if (msgDestReferencer.getMessageDestinationLinkName() != null) {
accept(msgDestReferencer);
}
}
for (ServiceReferenceDescriptor sref : ejb.getServiceReferenceDescriptors()) {
accept(sref);
}
if (ejb instanceof EjbCMPEntityDescriptor) {
EjbCMPEntityDescriptor cmp = (EjbCMPEntityDescriptor) ejb;
PersistenceDescriptor persistenceDesc = cmp.getPersistenceDescriptor();
for (Object fd : persistenceDesc.getCMPFields()) {
accept((FieldDescriptor) fd);
}
for (Object o : persistenceDesc.getQueriedMethods()) {
if (o instanceof MethodDescriptor) {
QueryDescriptor qd = persistenceDesc.getQueryFor((MethodDescriptor) o);
accept(qd);
}
}
}
}
Also used :
Set(java.util.Set)
ServiceReferenceDescriptor(com.sun.enterprise.deployment.ServiceReferenceDescriptor)
MethodDescriptor(com.sun.enterprise.deployment.MethodDescriptor)
MethodPermission(com.sun.enterprise.deployment.MethodPermission)
EjbReference(com.sun.enterprise.deployment.types.EjbReference)
PersistenceDescriptor(org.glassfish.ejb.deployment.descriptor.PersistenceDescriptor)
MessageDestinationReferencer(com.sun.enterprise.deployment.types.MessageDestinationReferencer)
QueryDescriptor(org.glassfish.ejb.deployment.descriptor.QueryDescriptor)
RoleReference(com.sun.enterprise.deployment.RoleReference)
ContainerTransaction(org.glassfish.ejb.deployment.descriptor.ContainerTransaction)
EnvironmentProperty(com.sun.enterprise.deployment.EnvironmentProperty)
Iterator(java.util.Iterator)
ResourceEnvReferenceDescriptor(com.sun.enterprise.deployment.ResourceEnvReferenceDescriptor)
ResourceReferenceDescriptor(com.sun.enterprise.deployment.ResourceReferenceDescriptor)
EjbCMPEntityDescriptor(org.glassfish.ejb.deployment.descriptor.EjbCMPEntityDescriptor)
Example 14 with MethodPermission
use of com.sun.enterprise.deployment.MethodPermission in project Payara by payara.
the class EjbDescriptor method getStyledPermissionedMethodsByPermission.
/**
* @return a map of permission to style 1 or 2 method descriptors
*/
public Map getStyledPermissionedMethodsByPermission() {
if (styledMethodDescriptors == null) {
return null;
}
// the current info is structured as MethodDescriptors as keys to
// method permission, let's reverse this to make the Map using the
// method permission as a key.
Map styledMethodDescriptorsByPermission = new HashMap();
for (Iterator mdIterator = styledMethodDescriptors.keySet().iterator(); mdIterator.hasNext(); ) {
MethodDescriptor md = (MethodDescriptor) mdIterator.next();
Set methodPermissions = (Set) styledMethodDescriptors.get(md);
for (Iterator mpIterator = methodPermissions.iterator(); mpIterator.hasNext(); ) {
MethodPermission mp = (MethodPermission) mpIterator.next();
Set methodDescriptors = (Set) styledMethodDescriptorsByPermission.get(mp);
if (methodDescriptors == null) {
methodDescriptors = new HashSet();
}
methodDescriptors.add(md);
styledMethodDescriptorsByPermission.put(mp, methodDescriptors);
}
}
return styledMethodDescriptorsByPermission;
}
Also used :
Set(java.util.Set)
OrderedSet(com.sun.enterprise.deployment.OrderedSet)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
Iterator(java.util.Iterator)
Map(java.util.Map)
HashMap(java.util.HashMap)
MethodDescriptor(com.sun.enterprise.deployment.MethodDescriptor)
MethodPermission(com.sun.enterprise.deployment.MethodPermission)
HashSet(java.util.HashSet)
Example 15 with MethodPermission
use of com.sun.enterprise.deployment.MethodPermission in project Payara by payara.
the class EjbDescriptor method convertMethodPermissions.
/**
* convert all style 1 and style 2 method descriptors contained in
* our tables into style 3 method descriptors.
*/
private void convertMethodPermissions() {
if (styledMethodDescriptors == null)
return;
Set allMethods = getMethodDescriptors();
Set unpermissionedMethods = getMethodDescriptors();
Set methodDescriptors = styledMethodDescriptors.keySet();
for (Iterator styledMdItr = methodDescriptors.iterator(); styledMdItr.hasNext(); ) {
MethodDescriptor styledMd = (MethodDescriptor) styledMdItr.next();
// Get the new permissions we are trying to set for this
// method(s)
Set newPermissions = (Set) styledMethodDescriptors.get(styledMd);
// Convert to style 3 method descriptors
Vector mds = styledMd.doStyleConversion(this, allMethods);
for (Iterator mdItr = mds.iterator(); mdItr.hasNext(); ) {
MethodDescriptor md = (MethodDescriptor) mdItr.next();
// remove it from the list of unpermissioned methods.
// it will be used at the end to set all remaining methods
// with the unchecked method permission
unpermissionedMethods.remove(md);
// method descriptor and update the table
for (Iterator newPermissionsItr = newPermissions.iterator(); newPermissionsItr.hasNext(); ) {
MethodPermission newMp = (MethodPermission) newPermissionsItr.next();
updateMethodPermissionForMethod(newMp, md);
}
}
}
// All remaining methods should now be defined as unchecked...
MethodPermission mp = MethodPermission.getUncheckedMethodPermission();
Iterator iterator = unpermissionedMethods.iterator();
while (iterator.hasNext()) {
MethodDescriptor md = (MethodDescriptor) iterator.next();
if (getMethodPermissions(md).isEmpty()) {
addMethodPermissionForMethod(mp, md);
}
}
// finally we reset the list of method descriptors that need style conversion
styledMethodDescriptors = null;
}
Also used :
Set(java.util.Set)
OrderedSet(com.sun.enterprise.deployment.OrderedSet)
HashSet(java.util.HashSet)
Iterator(java.util.Iterator)
MethodDescriptor(com.sun.enterprise.deployment.MethodDescriptor)
Vector(java.util.Vector)
MethodPermission(com.sun.enterprise.deployment.MethodPermission)
Aggregations
MethodPermission (com.sun.enterprise.deployment.MethodPermission)19
Iterator (java.util.Iterator)11
MethodDescriptor (com.sun.enterprise.deployment.MethodDescriptor)10
Set (java.util.Set)8
HashSet (java.util.HashSet)7
OrderedSet (com.sun.enterprise.deployment.OrderedSet)6
Map (java.util.Map)4
Role (org.glassfish.security.common.Role)4
MethodPermissionDescriptor (com.sun.enterprise.deployment.MethodPermissionDescriptor)2
RoleReference (com.sun.enterprise.deployment.RoleReference)2
Result (com.sun.enterprise.tools.verifier.Result)2
ComponentNameConstructor (com.sun.enterprise.tools.verifier.tests.ComponentNameConstructor)2
Enumeration (java.util.Enumeration)2
HashMap (java.util.HashMap)2
RolesAllowed (javax.annotation.security.RolesAllowed)2
EjbBundleDescriptor (com.sun.enterprise.deployment.EjbBundleDescriptor)1
EjbDescriptor (com.sun.enterprise.deployment.EjbDescriptor)1
EjbIORConfigurationDescriptor (com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)1
EnvironmentProperty (com.sun.enterprise.deployment.EnvironmentProperty)1
ResourceEnvReferenceDescriptor (com.sun.enterprise.deployment.ResourceEnvReferenceDescriptor)1
