Search in sources :

Example 1 with RunAsIdentityDescriptor

use of com.sun.enterprise.deployment.RunAsIdentityDescriptor in project Payara by payara.

the class SecurityIdentityRefs method check.

/**
 * Security role references test.
 * The Bean provider must declare all of the enterprise's bean references
 * to security roles as specified in section 15.2.1.3 of the Moscone spec.
 * Role names must be mapped to names within the jar.
 *
 * @param descriptor the Enterprise Java Bean deployment descriptor
 *
 * @return <code>Result</code> the results for this assertion
 */
public Result check(EjbDescriptor descriptor) {
    Result result = getInitializedResult();
    ComponentNameConstructor compName = getVerifierContext().getComponentNameConstructor();
    if (descriptor.getUsesCallerIdentity()) {
        result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
        result.notApplicable(smh.getLocalString("com.sun.enterprise.tools.verifier.tests.ejb.SecurityIdentityRefs.notApplicable3", "Bean [ {0} ] does not specify a run-as identity", new Object[] { descriptor.getName() }));
        return result;
    }
    RunAsIdentityDescriptor identity = descriptor.getRunAsIdentity();
    if (identity == null) {
        result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
        result.notApplicable(smh.getLocalString("com.sun.enterprise.tools.verifier.tests.ejb.SecurityIdentityRefs.notApplicable2", "Bean [ {0} ] does not specify a security identity", new Object[] { descriptor.getName() }));
        return result;
    }
    EjbBundleDescriptorImpl bundleDescriptor = descriptor.getEjbBundleDescriptor();
    Set roles = bundleDescriptor.getRoles();
    Iterator roleIterator = roles.iterator();
    while (roleIterator.hasNext()) {
        Role role = (Role) roleIterator.next();
        if (role.getName().equals(identity.getRoleName())) {
            result.addGoodDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
            result.passed(smh.getLocalString("com.sun.enterprise.tools.verifier.tests.ejb.SecurityIdentityRefs.passed", "Security identity run-as specified identity [ {0} ] role is found in the list of roles", new Object[] { role.getName() }));
            return result;
        }
    }
    result.addErrorDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
    result.failed(smh.getLocalString("com.sun.enterprise.tools.verifier.tests.ejb.SecurityIdentityRefs.failed", "Security identity run-as specified identity [ {0} ] role is not valid", new Object[] { identity.getRoleName() }));
    return result;
}
Also used : Role(org.glassfish.security.common.Role) Set(java.util.Set) RunAsIdentityDescriptor(com.sun.enterprise.deployment.RunAsIdentityDescriptor) Iterator(java.util.Iterator) ComponentNameConstructor(com.sun.enterprise.tools.verifier.tests.ComponentNameConstructor) Result(com.sun.enterprise.tools.verifier.Result) EjbBundleDescriptorImpl(org.glassfish.ejb.deployment.descriptor.EjbBundleDescriptorImpl)

Example 2 with RunAsIdentityDescriptor

use of com.sun.enterprise.deployment.RunAsIdentityDescriptor in project Payara by payara.

the class EjbNode method addDescriptor.

@Override
public void addDescriptor(Object newDescriptor) {
    if (newDescriptor instanceof EjbReference) {
        if (DOLUtils.getDefaultLogger().isLoggable(Level.FINE)) {
            DOLUtils.getDefaultLogger().fine("Adding ejb ref " + newDescriptor);
        }
        getEjbDescriptor().addEjbReferenceDescriptor((EjbReference) newDescriptor);
    } else if (newDescriptor instanceof RunAsIdentityDescriptor) {
        if (DOLUtils.getDefaultLogger().isLoggable(Level.FINE)) {
            DOLUtils.getDefaultLogger().fine("Adding security-identity" + newDescriptor);
        }
        getEjbDescriptor().setUsesCallerIdentity(false);
        getEjbDescriptor().setRunAsIdentity((RunAsIdentityDescriptor) newDescriptor);
    } else if (newDescriptor instanceof MessageDestinationReferenceDescriptor) {
        MessageDestinationReferenceDescriptor msgDestRef = (MessageDestinationReferenceDescriptor) newDescriptor;
        EjbBundleDescriptorImpl ejbBundle = (EjbBundleDescriptorImpl) getParentNode().getDescriptor();
        // EjbBundle might not be set yet on EjbDescriptor, so set it
        // explicitly here.
        msgDestRef.setReferringBundleDescriptor(ejbBundle);
        getEjbDescriptor().addMessageDestinationReferenceDescriptor(msgDestRef);
    } else {
        super.addDescriptor(newDescriptor);
    }
}
Also used : EjbReference(com.sun.enterprise.deployment.types.EjbReference) MessageDestinationReferenceDescriptor(com.sun.enterprise.deployment.MessageDestinationReferenceDescriptor) RunAsIdentityDescriptor(com.sun.enterprise.deployment.RunAsIdentityDescriptor) EjbBundleDescriptorImpl(org.glassfish.ejb.deployment.descriptor.EjbBundleDescriptorImpl)

Example 3 with RunAsIdentityDescriptor

use of com.sun.enterprise.deployment.RunAsIdentityDescriptor in project Payara by payara.

the class EjbNode method writeDescriptor.

/**
 * write the descriptor class to a DOM tree and return it
 *
 * @param parent node for the DOM tree
 * @param node name for the descriptor
 * @param the descriptor to write
 * @return the DOM tree top node
 */
@Override
public Node writeDescriptor(Node parent, String nodeName, EjbDescriptor ejbDescriptor) {
    Element ejbNode = (Element) super.writeDescriptor(parent, nodeName, ejbDescriptor);
    appendTextChild(ejbNode, RuntimeTagNames.EJB_NAME, ejbDescriptor.getName());
    appendTextChild(ejbNode, RuntimeTagNames.JNDI_NAME, ejbDescriptor.getJndiName());
    RuntimeDescriptorNode.writeCommonComponentInfo(ejbNode, ejbDescriptor);
    appendTextChild(ejbNode, RuntimeTagNames.PASS_BY_REFERENCE, String.valueOf(ejbDescriptor.getIASEjbExtraDescriptors().getPassByReference()));
    if (ejbDescriptor instanceof IASEjbCMPEntityDescriptor) {
        CmpNode cmpNode = new CmpNode();
        cmpNode.writeDescriptor(ejbNode, RuntimeTagNames.CMP, (IASEjbCMPEntityDescriptor) ejbDescriptor);
    }
    // principal
    if (Boolean.FALSE.equals(ejbDescriptor.getUsesCallerIdentity())) {
        RunAsIdentityDescriptor raid = ejbDescriptor.getRunAsIdentity();
        if (raid != null && raid.getPrincipal() != null) {
            Node principalNode = appendChild(ejbNode, RuntimeTagNames.PRINCIPAL);
            appendTextChild(principalNode, RuntimeTagNames.NAME, raid.getPrincipal());
        }
    }
    if (ejbDescriptor instanceof EjbMessageBeanDescriptor) {
        EjbMessageBeanDescriptor msgBeanDesc = (EjbMessageBeanDescriptor) ejbDescriptor;
        // mdb-connection-factory?
        if (ejbDescriptor.getIASEjbExtraDescriptors().getMdbConnectionFactory() != null) {
            MDBConnectionFactoryNode mcfNode = new MDBConnectionFactoryNode();
            mcfNode.writeDescriptor(ejbNode, RuntimeTagNames.MDB_CONNECTION_FACTORY, ejbDescriptor.getIASEjbExtraDescriptors().getMdbConnectionFactory());
        }
        // jms-durable-subscription-name
        if (msgBeanDesc.hasDurableSubscription()) {
            appendTextChild(ejbNode, RuntimeTagNames.DURABLE_SUBSCRIPTION, msgBeanDesc.getDurableSubscriptionName());
        }
        appendTextChild(ejbNode, RuntimeTagNames.JMS_MAX_MESSAGES_LOAD, String.valueOf(ejbDescriptor.getIASEjbExtraDescriptors().getJmsMaxMessagesLoad()));
    }
    // ior-configuration
    IORConfigurationNode iorNode = new IORConfigurationNode();
    for (EjbIORConfigurationDescriptor iorConf : ejbDescriptor.getIORConfigurationDescriptors()) {
        iorNode.writeDescriptor(ejbNode, RuntimeTagNames.IOR_CONFIG, iorConf);
    }
    appendTextChild(ejbNode, RuntimeTagNames.IS_READ_ONLY_BEAN, String.valueOf(ejbDescriptor.getIASEjbExtraDescriptors().isIsReadOnlyBean()));
    appendTextChild(ejbNode, RuntimeTagNames.REFRESH_PERIOD_IN_SECONDS, String.valueOf(ejbDescriptor.getIASEjbExtraDescriptors().getRefreshPeriodInSeconds()));
    appendTextChild(ejbNode, RuntimeTagNames.COMMIT_OPTION, ejbDescriptor.getIASEjbExtraDescriptors().getCommitOption());
    appendTextChild(ejbNode, RuntimeTagNames.CMT_TIMEOUT_IN_SECONDS, String.valueOf(ejbDescriptor.getIASEjbExtraDescriptors().getCmtTimeoutInSeconds()));
    appendTextChild(ejbNode, RuntimeTagNames.USE_THREAD_POOL_ID, ejbDescriptor.getIASEjbExtraDescriptors().getUseThreadPoolId());
    // gen-classes
    writeGenClasses(ejbNode, ejbDescriptor);
    // bean-pool
    BeanPoolDescriptor beanPoolDesc = ejbDescriptor.getIASEjbExtraDescriptors().getBeanPool();
    if (beanPoolDesc != null) {
        BeanPoolNode bpNode = new BeanPoolNode();
        bpNode.writeDescriptor(ejbNode, RuntimeTagNames.BEAN_POOL, beanPoolDesc);
    }
    // bean-cache
    BeanCacheDescriptor beanCacheDesc = ejbDescriptor.getIASEjbExtraDescriptors().getBeanCache();
    if (beanCacheDesc != null) {
        BeanCacheNode bcNode = new BeanCacheNode();
        bcNode.writeDescriptor(ejbNode, RuntimeTagNames.BEAN_CACHE, beanCacheDesc);
    }
    if (ejbDescriptor instanceof EjbMessageBeanDescriptor) {
        EjbMessageBeanDescriptor msgBeanDesc = (EjbMessageBeanDescriptor) ejbDescriptor;
        if (msgBeanDesc.hasResourceAdapterMid()) {
            MDBResourceAdapterNode mdb = new MDBResourceAdapterNode();
            mdb.writeDescriptor(ejbNode, RuntimeTagNames.MDB_RESOURCE_ADAPTER, msgBeanDesc);
        }
    } else if (ejbDescriptor instanceof EjbSessionDescriptor) {
        // web-services
        WebServiceEndpointRuntimeNode wsRuntime = new WebServiceEndpointRuntimeNode();
        wsRuntime.writeWebServiceEndpointInfo(ejbNode, ejbDescriptor);
    }
    // flush-at-end-of-method
    FlushAtEndOfMethodDescriptor flushMethodDesc = ejbDescriptor.getIASEjbExtraDescriptors().getFlushAtEndOfMethodDescriptor();
    if (flushMethodDesc != null) {
        FlushAtEndOfMethodNode flushNode = new FlushAtEndOfMethodNode();
        flushNode.writeDescriptor(ejbNode, RuntimeTagNames.FLUSH_AT_END_OF_METHOD, flushMethodDesc);
    }
    // checkpointed-methods
    // checkpoint-at-end-of-method
    CheckpointAtEndOfMethodDescriptor checkpointMethodDesc = ejbDescriptor.getIASEjbExtraDescriptors().getCheckpointAtEndOfMethodDescriptor();
    if (checkpointMethodDesc != null) {
        CheckpointAtEndOfMethodNode checkpointNode = new CheckpointAtEndOfMethodNode();
        checkpointNode.writeDescriptor(ejbNode, RuntimeTagNames.CHECKPOINT_AT_END_OF_METHOD, checkpointMethodDesc);
    }
    if (ejbDescriptor.getIASEjbExtraDescriptors().getPerRequestLoadBalancing() != null) {
        appendTextChild(ejbNode, RuntimeTagNames.PER_REQUEST_LOAD_BALANCING, String.valueOf(ejbDescriptor.getIASEjbExtraDescriptors().getPerRequestLoadBalancing()));
    }
    // availability-enabled
    setAttribute(ejbNode, RuntimeTagNames.AVAILABILITY_ENABLED, ejbDescriptor.getIASEjbExtraDescriptors().getAttributeValue(IASEjbExtraDescriptors.AVAILABILITY_ENABLED));
    return ejbNode;
}
Also used : BeanCacheDescriptor(org.glassfish.ejb.deployment.descriptor.runtime.BeanCacheDescriptor) WebServiceEndpointRuntimeNode(com.sun.enterprise.deployment.node.runtime.WebServiceEndpointRuntimeNode) RunAsIdentityDescriptor(com.sun.enterprise.deployment.RunAsIdentityDescriptor) XMLElement(com.sun.enterprise.deployment.node.XMLElement) Element(org.w3c.dom.Element) ResourceEnvRefNode(com.sun.enterprise.deployment.node.runtime.ResourceEnvRefNode) WebServiceEndpointRuntimeNode(com.sun.enterprise.deployment.node.runtime.WebServiceEndpointRuntimeNode) EjbRefNode(com.sun.enterprise.deployment.node.runtime.EjbRefNode) ServiceRefNode(com.sun.enterprise.deployment.node.runtime.ServiceRefNode) DeploymentDescriptorNode(com.sun.enterprise.deployment.node.DeploymentDescriptorNode) ResourceRefNode(com.sun.enterprise.deployment.node.runtime.ResourceRefNode) Node(org.w3c.dom.Node) RuntimeDescriptorNode(com.sun.enterprise.deployment.node.runtime.RuntimeDescriptorNode) MessageDestinationRefNode(com.sun.enterprise.deployment.node.runtime.MessageDestinationRefNode) EjbIORConfigurationDescriptor(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor) IASEjbCMPEntityDescriptor(org.glassfish.ejb.deployment.descriptor.IASEjbCMPEntityDescriptor) EjbMessageBeanDescriptor(org.glassfish.ejb.deployment.descriptor.EjbMessageBeanDescriptor) EjbSessionDescriptor(com.sun.enterprise.deployment.EjbSessionDescriptor) FlushAtEndOfMethodDescriptor(org.glassfish.ejb.deployment.descriptor.runtime.FlushAtEndOfMethodDescriptor) BeanPoolDescriptor(com.sun.enterprise.deployment.runtime.BeanPoolDescriptor) CheckpointAtEndOfMethodDescriptor(org.glassfish.ejb.deployment.descriptor.runtime.CheckpointAtEndOfMethodDescriptor)

Example 4 with RunAsIdentityDescriptor

use of com.sun.enterprise.deployment.RunAsIdentityDescriptor in project Payara by payara.

the class DynamicWebServletRegistrationImpl method postProcessAnnotations.

void postProcessAnnotations() {
    Class<? extends Servlet> clazz = wrapper.getServletClass();
    if (clazz == null) {
        return;
    }
    // Process RunAs
    if (wcd.getRunAsIdentity() == null) {
        String roleName = runAsRoleName;
        if (roleName == null && clazz.isAnnotationPresent(RunAs.class)) {
            RunAs runAs = (RunAs) clazz.getAnnotation(RunAs.class);
            roleName = runAs.value();
        }
        if (roleName != null) {
            super.setRunAsRole(roleName);
            wbd.addRole(new Role(roleName));
            RunAsIdentityDescriptor runAsDesc = new RunAsIdentityDescriptor();
            runAsDesc.setRoleName(roleName);
            wcd.setRunAsIdentity(runAsDesc);
        }
    }
    // Process ServletSecurity
    ServletSecurityElement ssElement = servletSecurityElement;
    if (servletSecurityElement == null && clazz.isAnnotationPresent(ServletSecurity.class)) {
        ServletSecurity servletSecurity = (ServletSecurity) clazz.getAnnotation(ServletSecurity.class);
        ssElement = new ServletSecurityElement(servletSecurity);
    }
    if (ssElement != null) {
        webModule.processServletSecurityElement(ssElement, wbd, wcd);
    }
}
Also used : Role(org.glassfish.security.common.Role) RunAsIdentityDescriptor(com.sun.enterprise.deployment.RunAsIdentityDescriptor) ServletSecurity(javax.servlet.annotation.ServletSecurity) RunAs(javax.annotation.security.RunAs) ServletSecurityElement(javax.servlet.ServletSecurityElement)

Example 5 with RunAsIdentityDescriptor

use of com.sun.enterprise.deployment.RunAsIdentityDescriptor in project Payara by payara.

the class Audit method dumpDiagnostics.

/**
 * Do the work for showACL().
 */
private static void dumpDiagnostics(Application app) {
    logger.finest("====[ Role and ACL Summary ]==========");
    if (!app.isVirtual()) {
        logger.finest("Summary for application: " + app.getRegistrationName());
    } else {
        logger.finest("Standalone module.");
    }
    logger.finest("EJB components: " + getEjbComponentCount(app));
    logger.finest("Web components: " + getWebComponentCount(app));
    Iterator i;
    StringBuffer sb;
    // show all roles with associated group & user mappings
    Set allRoles = app.getRoles();
    if (allRoles == null) {
        logger.finest("- No roles present.");
        return;
    }
    SecurityRoleMapper rmap = app.getRoleMapper();
    if (rmap == null) {
        logger.finest("- No role mappings present.");
        return;
    }
    i = allRoles.iterator();
    logger.finest("--[ Configured roles and mappings ]--");
    HashMap allRoleMap = new HashMap();
    while (i.hasNext()) {
        Role r = (Role) i.next();
        logger.finest(" [" + r.getName() + "]");
        allRoleMap.put(r.getName(), new HashSet());
        sb = new StringBuffer();
        sb.append("  is mapped to groups: ");
        Enumeration grps = rmap.getGroupsAssignedTo(r);
        while (grps.hasMoreElements()) {
            sb.append(grps.nextElement());
            sb.append(" ");
        }
        logger.finest(sb.toString());
        sb = new StringBuffer();
        sb.append("  is mapped to principals: ");
        Enumeration users = rmap.getUsersAssignedTo(r);
        while (users.hasMoreElements()) {
            sb.append(users.nextElement());
            sb.append(" ");
        }
        logger.finest(sb.toString());
    }
    // Process all EJB modules
    Set ejbDescriptorSet = app.getBundleDescriptors(EjbBundleDescriptor.class);
    i = ejbDescriptorSet.iterator();
    while (i.hasNext()) {
        EjbBundleDescriptor bundle = (EjbBundleDescriptor) i.next();
        logger.finest("--[ EJB module: " + bundle.getName() + " ]--");
        Set ejbs = bundle.getEjbs();
        Iterator it = ejbs.iterator();
        while (it.hasNext()) {
            EjbDescriptor ejb = (EjbDescriptor) it.next();
            logger.finest("EJB: " + ejb.getEjbClassName());
            // check and show run-as if present
            if (!ejb.getUsesCallerIdentity()) {
                RunAsIdentityDescriptor runas = ejb.getRunAsIdentity();
                if (runas == null) {
                    logger.finest(" (ejb does not use caller " + "identity)");
                } else {
                    String role = runas.getRoleName();
                    String user = runas.getPrincipal();
                    logger.finest(" Will run-as: Role: " + role + "  Principal: " + user);
                    if (role == null || "".equals(role) || user == null || "".equals(user)) {
                        if (logger.isLoggable(Level.FINEST)) {
                            logger.finest("*** Configuration error!");
                        }
                    }
                }
            }
            // iterate through available methods
            logger.finest(" Method to Role restriction list:");
            Set methods = ejb.getMethodDescriptors();
            Iterator si = methods.iterator();
            while (si.hasNext()) {
                MethodDescriptor md = (MethodDescriptor) si.next();
                logger.finest("   " + md.getFormattedString());
                Set perms = ejb.getMethodPermissionsFor(md);
                StringBuffer rbuf = new StringBuffer();
                rbuf.append("     can only be invoked by: ");
                Iterator sip = perms.iterator();
                boolean unchecked = false, excluded = false, roleBased = false;
                while (sip.hasNext()) {
                    MethodPermission p = (MethodPermission) sip.next();
                    if (p.isExcluded()) {
                        excluded = true;
                        logger.finest("     excluded - can not " + "be invoked");
                    } else if (p.isUnchecked()) {
                        unchecked = true;
                        logger.finest("     unchecked - can be " + "invoked by all");
                    } else if (p.isRoleBased()) {
                        roleBased = true;
                        Role r = p.getRole();
                        rbuf.append(r.getName());
                        rbuf.append(" ");
                        // add to role's accessible list
                        HashSet ram = (HashSet) allRoleMap.get(r.getName());
                        ram.add(bundle.getName() + ":" + ejb.getEjbClassName() + "." + md.getFormattedString());
                    }
                }
                if (roleBased) {
                    logger.finest(rbuf.toString());
                    if (excluded || unchecked) {
                        logger.finest("*** Configuration error!");
                    }
                } else if (unchecked) {
                    if (excluded) {
                        logger.finest("*** Configuration error!");
                    }
                    Set rks = allRoleMap.keySet();
                    Iterator rksi = rks.iterator();
                    while (rksi.hasNext()) {
                        HashSet ram = (HashSet) allRoleMap.get(rksi.next());
                        ram.add(bundle.getName() + ":" + ejb.getEjbClassName() + "." + md.getFormattedString());
                    }
                } else if (!excluded) {
                    logger.finest("*** Configuration error!");
                }
            }
            // IOR config for this ejb
            logger.finest(" IOR configuration:");
            Set iors = ejb.getIORConfigurationDescriptors();
            if (iors != null) {
                Iterator iorsi = iors.iterator();
                while (iorsi.hasNext()) {
                    EjbIORConfigurationDescriptor ior = (EjbIORConfigurationDescriptor) iorsi.next();
                    StringBuffer iorsb = new StringBuffer();
                    iorsb.append("realm=");
                    iorsb.append(ior.getRealmName());
                    iorsb.append(", integrity=");
                    iorsb.append(ior.getIntegrity());
                    iorsb.append(", trust-in-target=");
                    iorsb.append(ior.getEstablishTrustInTarget());
                    iorsb.append(", trust-in-client=");
                    iorsb.append(ior.getEstablishTrustInClient());
                    iorsb.append(", propagation=");
                    iorsb.append(ior.getCallerPropagation());
                    iorsb.append(", auth-method=");
                    iorsb.append(ior.getAuthenticationMethod());
                    logger.finest(iorsb.toString());
                }
            }
        }
    }
    // show role->accessible methods list
    logger.finest("--[ EJB methods accessible by role ]--");
    Set rks = allRoleMap.keySet();
    Iterator rksi = rks.iterator();
    while (rksi.hasNext()) {
        String roleName = (String) rksi.next();
        logger.finest(" [" + roleName + "]");
        HashSet ram = (HashSet) allRoleMap.get(roleName);
        Iterator rami = ram.iterator();
        while (rami.hasNext()) {
            String meth = (String) rami.next();
            logger.finest("   " + meth);
        }
    }
    // Process all Web modules
    Set webDescriptorSet = app.getBundleDescriptors(WebBundleDescriptor.class);
    i = webDescriptorSet.iterator();
    while (i.hasNext()) {
        WebBundleDescriptor wbd = (WebBundleDescriptor) i.next();
        logger.finest("--[ Web module: " + wbd.getContextRoot() + " ]--");
        // login config
        LoginConfiguration lconf = wbd.getLoginConfiguration();
        if (lconf != null) {
            logger.finest("  Login config: realm=" + lconf.getRealmName() + ", method=" + lconf.getAuthenticationMethod() + ", form=" + lconf.getFormLoginPage() + ", error=" + lconf.getFormErrorPage());
        }
        // get WebComponentDescriptorsSet() info
        logger.finest("  Contains components:");
        Set webComps = wbd.getWebComponentDescriptors();
        Iterator webCompsIt = webComps.iterator();
        while (webCompsIt.hasNext()) {
            WebComponentDescriptor wcd = (WebComponentDescriptor) webCompsIt.next();
            StringBuffer name = new StringBuffer();
            name.append("   - " + wcd.getCanonicalName());
            name.append(" [ ");
            Enumeration urlPs = wcd.getUrlPatterns();
            while (urlPs.hasMoreElements()) {
                name.append(urlPs.nextElement().toString());
                name.append(" ");
            }
            name.append("]");
            logger.finest(name.toString());
            RunAsIdentityDescriptor runas = wcd.getRunAsIdentity();
            if (runas != null) {
                String role = runas.getRoleName();
                String user = runas.getPrincipal();
                logger.finest("      Will run-as: Role: " + role + "  Principal: " + user);
                if (role == null || "".equals(role) || user == null || "".equals(user)) {
                    logger.finest("*** Configuration error!");
                }
            }
        }
        // security constraints
        logger.finest("  Security constraints:");
        Enumeration scEnum = wbd.getSecurityConstraints();
        while (scEnum.hasMoreElements()) {
            SecurityConstraint sc = (SecurityConstraint) scEnum.nextElement();
            for (WebResourceCollection wrc : sc.getWebResourceCollections()) {
                // show list of methods for this collection
                StringBuffer sbm = new StringBuffer();
                for (String httpMethod : wrc.getHttpMethods()) {
                    sbm.append(httpMethod);
                    sbm.append(" ");
                }
                logger.finest("     Using method: " + sbm.toString());
                // and then list of url patterns
                for (String urlPattern : wrc.getUrlPatterns()) {
                    logger.finest("       " + urlPattern);
                }
            }
            // end res.collection iterator
            // show roles which apply to above set of collections
            AuthorizationConstraint authCons = sc.getAuthorizationConstraint();
            Enumeration rolesEnum = authCons.getSecurityRoles();
            StringBuffer rsb = new StringBuffer();
            rsb.append("     Accessible by roles: ");
            while (rolesEnum.hasMoreElements()) {
                SecurityRole sr = (SecurityRole) rolesEnum.nextElement();
                rsb.append(sr.getName());
                rsb.append(" ");
            }
            logger.finest(rsb.toString());
            // show transport guarantee
            UserDataConstraint udc = sc.getUserDataConstraint();
            if (udc != null) {
                logger.finest("     Transport guarantee: " + udc.getTransportGuarantee());
            }
        }
    // end sec.constraint
    }
    // end webDescriptorSet.iterator
    logger.finest("======================================");
}
Also used : SecurityRole(com.sun.enterprise.deployment.web.SecurityRole) WebResourceCollection(com.sun.enterprise.deployment.web.WebResourceCollection) RunAsIdentityDescriptor(com.sun.enterprise.deployment.RunAsIdentityDescriptor) SecurityRoleMapper(org.glassfish.deployment.common.SecurityRoleMapper) AuthorizationConstraint(com.sun.enterprise.deployment.web.AuthorizationConstraint) LoginConfiguration(com.sun.enterprise.deployment.web.LoginConfiguration) MethodDescriptor(com.sun.enterprise.deployment.MethodDescriptor) EjbDescriptor(com.sun.enterprise.deployment.EjbDescriptor) MethodPermission(com.sun.enterprise.deployment.MethodPermission) EjbIORConfigurationDescriptor(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor) SecurityConstraint(com.sun.enterprise.deployment.web.SecurityConstraint) SecurityRole(com.sun.enterprise.deployment.web.SecurityRole) Role(org.glassfish.security.common.Role) WebComponentDescriptor(com.sun.enterprise.deployment.WebComponentDescriptor) EjbBundleDescriptor(com.sun.enterprise.deployment.EjbBundleDescriptor) WebBundleDescriptor(com.sun.enterprise.deployment.WebBundleDescriptor) UserDataConstraint(com.sun.enterprise.deployment.web.UserDataConstraint)

Aggregations

RunAsIdentityDescriptor (com.sun.enterprise.deployment.RunAsIdentityDescriptor)12 Role (org.glassfish.security.common.Role)7 RunAs (javax.annotation.security.RunAs)5 WebComponentDescriptor (com.sun.enterprise.deployment.WebComponentDescriptor)4 EjbDescriptor (com.sun.enterprise.deployment.EjbDescriptor)3 EjbIORConfigurationDescriptor (com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)2 EjbContext (com.sun.enterprise.deployment.annotation.context.EjbContext)2 WebComponentContext (com.sun.enterprise.deployment.annotation.context.WebComponentContext)2 Result (com.sun.enterprise.tools.verifier.Result)2 ComponentNameConstructor (com.sun.enterprise.tools.verifier.tests.ComponentNameConstructor)2 EjbBundleDescriptorImpl (org.glassfish.ejb.deployment.descriptor.EjbBundleDescriptorImpl)2 EjbBundleDescriptor (com.sun.enterprise.deployment.EjbBundleDescriptor)1 EjbSessionDescriptor (com.sun.enterprise.deployment.EjbSessionDescriptor)1 MessageDestinationReferenceDescriptor (com.sun.enterprise.deployment.MessageDestinationReferenceDescriptor)1 MethodDescriptor (com.sun.enterprise.deployment.MethodDescriptor)1 MethodPermission (com.sun.enterprise.deployment.MethodPermission)1 WebBundleDescriptor (com.sun.enterprise.deployment.WebBundleDescriptor)1 DeploymentDescriptorNode (com.sun.enterprise.deployment.node.DeploymentDescriptorNode)1 XMLElement (com.sun.enterprise.deployment.node.XMLElement)1 EjbRefNode (com.sun.enterprise.deployment.node.runtime.EjbRefNode)1