use of com.sun.enterprise.deployment.MethodPermission in project Payara by payara.
the class EJBSecurityManager method convertEJBMethodPermissions.
/**
* This method converts the dd in two phases.
* Phase 1:
* gets a map representing the methodPermission elements exactly as they
* occured for the ejb in the dd. The map is keyed by method-permission
* element and each method-permission is mapped to a list of method
* elements representing the method elements of the method permision
* element. Each method element is converted to a corresponding
* EJBMethodPermission and added, based on its associated method-permission,
* to the policy configuration object.
* phase 2:
* configures additional EJBMethodPermission policy statements
* for the purpose of optimizing Permissions.implies matching by the
* policy provider. This phase also configures unchecked policy
* statements for any uncovered methods. This method gets the list
* of method descriptors for the ejb from the EjbDescriptor object.
* For each method descriptor, it will get a list of MethodPermission
* objects that signify the method permissions for the Method and
* convert each to a corresponding EJBMethodPermission to be added
* to the policy configuration object.
*
* @param eDescriptor the ejb descriptor for this EJB.
* @param pcid, the policy context identifier.
*/
private static void convertEJBMethodPermissions(EjbDescriptor eDescriptor, String pcid) throws PolicyContextException {
PolicyConfiguration pc = getPolicyFactory().getPolicyConfiguration(pcid, false);
// of PolicyConfigurationFactory
assert pc != null;
String eName = eDescriptor.getName();
Permissions uncheckedPermissions = null;
Permissions excludedPermissions = null;
HashMap rolePermissionsTable = null;
EJBMethodPermission ejbmp = null;
// phase 1
Map mpMap = eDescriptor.getMethodPermissionsFromDD();
if (mpMap != null) {
Iterator mpIt = mpMap.entrySet().iterator();
while (mpIt.hasNext()) {
Map.Entry entry = (Map.Entry) mpIt.next();
MethodPermission mp = (MethodPermission) entry.getKey();
Iterator mdIt = ((ArrayList) entry.getValue()).iterator();
while (mdIt.hasNext()) {
MethodDescriptor md = (MethodDescriptor) mdIt.next();
String mthdName = md.getName();
String mthdIntf = md.getEjbClassSymbol();
String[] mthdParams = md.getStyle() == 3 ? md.getParameterClassNames() : null;
ejbmp = new EJBMethodPermission(eName, mthdName.equals("*") ? null : mthdName, mthdIntf, mthdParams);
rolePermissionsTable = addToRolePermissionsTable(rolePermissionsTable, mp, ejbmp);
uncheckedPermissions = addToUncheckedPermissions(uncheckedPermissions, mp, ejbmp);
excludedPermissions = addToExcludedPermissions(excludedPermissions, mp, ejbmp);
}
}
}
// phase 2 - configures additional perms:
// . to optimize performance of Permissions.implies
// . to cause any uncovered methods to be unchecked
Iterator mdIt = eDescriptor.getMethodDescriptors().iterator();
while (mdIt.hasNext()) {
MethodDescriptor md = (MethodDescriptor) mdIt.next();
Method mthd = md.getMethod(eDescriptor);
String mthdIntf = md.getEjbClassSymbol();
if (mthd == null) {
continue;
}
if (mthdIntf == null || mthdIntf.equals("")) {
_logger.log(Level.SEVERE, "method_descriptor_not_defined", new Object[] { eName, md.getName(), md.getParameterClassNames() });
continue;
}
ejbmp = new EJBMethodPermission(eName, mthdIntf, mthd);
Iterator mpIt = eDescriptor.getMethodPermissionsFor(md).iterator();
while (mpIt.hasNext()) {
MethodPermission mp = (MethodPermission) mpIt.next();
rolePermissionsTable = addToRolePermissionsTable(rolePermissionsTable, mp, ejbmp);
uncheckedPermissions = addToUncheckedPermissions(uncheckedPermissions, mp, ejbmp);
excludedPermissions = addToExcludedPermissions(excludedPermissions, mp, ejbmp);
}
}
if (uncheckedPermissions != null) {
pc.addToUncheckedPolicy(uncheckedPermissions);
}
if (excludedPermissions != null) {
pc.addToExcludedPolicy(excludedPermissions);
}
if (rolePermissionsTable != null) {
Iterator roleIt = rolePermissionsTable.entrySet().iterator();
while (roleIt.hasNext()) {
Map.Entry entry = (Map.Entry) roleIt.next();
pc.addToRole((String) entry.getKey(), (Permissions) entry.getValue());
}
}
}
use of com.sun.enterprise.deployment.MethodPermission in project Payara by payara.
the class RolesAllowedHandler method processEjbMethodSecurity.
/**
* Add roles and permissions to given method in EjbDescriptor.
* @param annotation
* @param ejbDesc
* @param md
*/
@Override
protected void processEjbMethodSecurity(Annotation authAnnotation, MethodDescriptor md, EjbDescriptor ejbDesc) {
RolesAllowed rolesAllowedAn = (RolesAllowed) authAnnotation;
for (String roleName : rolesAllowedAn.value()) {
Role role = new Role(roleName);
// add role if not exists
ejbDesc.getEjbBundleDescriptor().addRole(role);
ejbDesc.addPermissionedMethod(new MethodPermission(role), md);
}
}
use of com.sun.enterprise.deployment.MethodPermission in project Payara by payara.
the class MethodPermissionMethodExists method check.
/**
* Methods used in method permission element of the deployment descriptor
* must be methods defined in the enterprise bean's remote and/or home
* interface.
*
* @param descriptor the Enterprise Java Bean deployment descriptor
* @return <code>Result</code> the results for this assertion
*/
public Result check(EjbDescriptor descriptor) {
result = getInitializedResult();
compName = getVerifierContext().getComponentNameConstructor();
if ((descriptor instanceof EjbSessionDescriptor) || (descriptor instanceof EjbEntityDescriptor)) {
Map<MethodPermission, Collection<MethodDescriptor>> permissionedMethods = descriptor.getMethodPermissionsFromDD();
if (permissionedMethods != null) {
for (MethodPermission methodPermission : permissionedMethods.keySet()) for (MethodDescriptor methodDescriptor : permissionedMethods.get(methodPermission)) checkMethodStyles(methodDescriptor, descriptor);
}
}
if (result.getStatus() != Result.FAILED) {
addGoodDetails(result, compName);
result.passed(smh.getLocalString(getClass().getName() + ".passed", "Valid method permission method(s) found."));
}
return result;
}
use of com.sun.enterprise.deployment.MethodPermission in project Payara by payara.
the class MethodPermissionSecurityRoleExists method check.
/**
* Security role used in method permission element must be defined in the
* roles element of the deployment descriptor.
*
* @param descriptor the Enterprise Java Bean deployment descriptor
*
* @return <code>Result</code> the results for this assertion
*/
public Result check(EjbDescriptor descriptor) {
Result result = getInitializedResult();
ComponentNameConstructor compName = getVerifierContext().getComponentNameConstructor();
Map permissionedMethods = descriptor.getPermissionedMethodsByPermission();
boolean oneFailed = false;
if (permissionedMethods.size() > 0) {
for (Iterator e = permissionedMethods.keySet().iterator(); e.hasNext(); ) {
MethodPermission nextPermission = (MethodPermission) e.next();
if (nextPermission.isRoleBased()) {
if (!descriptor.getEjbBundleDescriptor().getRoles().contains(nextPermission.getRole())) {
oneFailed = true;
result.addErrorDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.addErrorDetails(smh.getLocalString(getClass().getName() + ".failed", "Error: Method permissions role [ {0} ] must be one of the roles defined in bean [ {1} ]", new Object[] { nextPermission.getRole().getName(), descriptor.getName() }));
} else {
result.addGoodDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.addGoodDetails(smh.getLocalString(getClass().getName() + ".passed", "Valid: Method permissions role [ {0} ] is defined as one of the roles defined in bean [ {1} ]", new Object[] { nextPermission.getRole().getName(), descriptor.getName() }));
}
} else {
addNaDetails(result, compName);
result.notApplicable(smh.getLocalString(getClass().getName() + ".notApplicable1", "There are no role based method-permissions within this bean [ {0} ]", new Object[] { descriptor.getName() }));
}
}
if (oneFailed) {
result.setStatus(Result.FAILED);
} else {
if (result.getStatus() != Result.NOT_APPLICABLE)
result.setStatus(Result.PASSED);
}
} else {
result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.notApplicable(smh.getLocalString(getClass().getName() + ".notApplicable", "There are no <method-permission> elements within this bean [ {0} ]", new Object[] { descriptor.getName() }));
}
return result;
}
Aggregations