Search in sources :

Example 1 with CachedPermissionImpl

use of com.sun.enterprise.security.ee.CachedPermissionImpl in project Payara by payara.

the class WebSecurityManager method initialise.

private void initialise(String appName) throws PolicyContextException {
    getPolicyFactory();
    CODEBASE = removeSpaces(CONTEXT_ID);
    // V3:Commented if(VirtualServer.ADMIN_VS.equals(getVirtualServers(appName))){
    if (Constants.ADMIN_VS.equals(getVirtualServers(appName))) {
        LoginConfiguration lgConf = wbd.getLoginConfiguration();
        if (lgConf != null) {
            String realmName = lgConf.getRealmName();
            SunWebApp sunDes = wbd.getSunDescriptor();
            if (sunDes != null) {
                SecurityRoleMapping[] srms = sunDes.getSecurityRoleMapping();
                if (srms != null) {
                    for (SecurityRoleMapping srm : srms) {
                        String[] principals = srm.getPrincipalName();
                        if (principals != null) {
                            for (String principal : principals) {
                                wsmf.ADMIN_PRINCIPAL.put(realmName + principal, new PrincipalImpl(principal));
                            }
                        }
                        for (String group : srm.getGroupNames()) {
                            wsmf.ADMIN_GROUP.put(realmName + group, new Group(group));
                        }
                    }
                }
                SecurityRoleAssignment[] sras = sunDes.getSecurityRoleAssignments();
                if (sras != null) {
                    for (SecurityRoleAssignment sra : sras) {
                        List<String> principals = sra.getPrincipalNames();
                        if (sra.isExternallyDefined()) {
                            wsmf.ADMIN_GROUP.put(realmName + sra.getRoleName(), new Group(sra.getRoleName()));
                            continue;
                        }
                        for (String principal : principals) {
                            wsmf.ADMIN_PRINCIPAL.put(realmName + principal, new PrincipalImpl(principal));
                        }
                    }
                }
            }
        }
    }
    // will require stuff in hash format for reference later on.
    try {
        java.net.URI uri = null;
        try {
            if (logger.isLoggable(Level.FINE))
                logger.log(Level.FINE, "[Web-Security] Creating a Codebase URI with = {0}", CODEBASE);
            uri = new java.net.URI("file:///" + CODEBASE);
            if (uri != null) {
                codesource = new CodeSource(new URL(uri.toString()), (java.security.cert.Certificate[]) null);
            }
        } catch (java.net.URISyntaxException use) {
            // manually create the URL
            logger.log(Level.FINE, "[Web-Security] Error Creating URI ", use);
            throw new RuntimeException(use);
        }
    } catch (java.net.MalformedURLException mue) {
        logger.log(Level.SEVERE, "[Web-Security] Exception while getting the CodeSource", mue);
        throw new RuntimeException(mue);
    }
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, "[Web-Security] Context id (id under which  WEB component in application will be created) = {0}", CONTEXT_ID);
        logger.log(Level.FINE, "[Web-Security] Codebase (module id for web component) {0}", CODEBASE);
    }
    loadPolicyConfiguration();
    if (uncheckedPermissionCache == null) {
        if (register) {
            uncheckedPermissionCache = PermissionCacheFactory.createPermissionCache(this.CONTEXT_ID, codesource, protoPerms, null);
            allResourcesCP = new CachedPermissionImpl(uncheckedPermissionCache, allResources);
            allConnectionsCP = new CachedPermissionImpl(uncheckedPermissionCache, allConnections);
        }
    } else {
        uncheckedPermissionCache.reset();
    }
}
Also used : SunWebApp(com.sun.enterprise.deployment.runtime.web.SunWebApp) Group(org.glassfish.security.common.Group) SecurityRoleMapping(com.sun.enterprise.deployment.runtime.common.SecurityRoleMapping) LoginConfiguration(com.sun.enterprise.deployment.web.LoginConfiguration) URL(java.net.URL) CachedPermissionImpl(com.sun.enterprise.security.ee.CachedPermissionImpl) PrincipalImpl(org.glassfish.security.common.PrincipalImpl) SecurityRoleAssignment(com.sun.enterprise.deployment.runtime.common.wls.SecurityRoleAssignment)

Example 2 with CachedPermissionImpl

use of com.sun.enterprise.security.ee.CachedPermissionImpl in project Payara by payara.

the class EJBSecurityManager method authorize.

/**
 * This method is called by the EJB container to decide whether or not
 * a method specified in the Invocation should be allowed.
 *
 * @param compInv invocation object that contains all the details of the
 *                invocation.
 * @return A boolean value indicating if the client should be allowed
 *         to invoke the EJB.
 */
public boolean authorize(ComponentInvocation compInv) {
    if (!(compInv instanceof EjbInvocation)) {
        return false;
    }
    // FIXME: Param type should be EjbInvocation
    EjbInvocation inv = (EjbInvocation) compInv;
    if (inv.getAuth() != null) {
        return inv.getAuth().booleanValue();
    }
    boolean ret = false;
    CachedPermission cp = null;
    Permission ejbmp = null;
    if (inv.invocationInfo == null || inv.invocationInfo.cachedPermission == null) {
        ejbmp = new EJBMethodPermission(ejbName, inv.getMethodInterface(), inv.method);
        cp = new CachedPermissionImpl(uncheckedMethodPermissionCache, ejbmp);
        if (inv.invocationInfo != null) {
            inv.invocationInfo.cachedPermission = cp;
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("JACC: permission initialized in InvocationInfo: EJBMethodPermission (Name) = " + ejbmp.getName() + " (Action) = " + ejbmp.getActions());
            }
        }
    } else {
        cp = inv.invocationInfo.cachedPermission;
        ejbmp = cp.getPermission();
    }
    String caller = null;
    SecurityContext sc = null;
    pcHandlerImpl.getHandlerData().setInvocation(inv);
    ret = cp.checkPermission();
    if (!ret) {
        sc = SecurityContext.getCurrent();
        Set principalSet = sc.getPrincipalSet();
        ProtectionDomain prdm = getCachedProtectionDomain(principalSet, true);
        try {
            // set the policy context in the TLS.
            String oldContextId = setPolicyContext(this.contextId);
            try {
                ret = policy.implies(prdm, ejbmp);
            } catch (SecurityException se) {
                _logger.log(Level.SEVERE, "jacc_access_exception", se);
                ret = false;
            } catch (Throwable t) {
                _logger.log(Level.SEVERE, "jacc_access_exception", t);
                ret = false;
            } finally {
                resetPolicyContext(oldContextId, this.contextId);
            }
        } catch (Throwable t) {
            _logger.log(Level.SEVERE, "jacc_policy_context_exception", t);
            ret = false;
        }
    }
    inv.setAuth((ret) ? Boolean.TRUE : Boolean.FALSE);
    if (auditManager.isAuditOn()) {
        if (sc == null) {
            sc = SecurityContext.getCurrent();
        }
        caller = sc.getCallerPrincipal().getName();
        auditManager.ejbInvocation(caller, ejbName, inv.method.toString(), ret);
    }
    if (ret && inv.isWebService && !inv.isPreInvokeDone()) {
        preInvoke(inv);
    }
    if (_logger.isLoggable(Level.FINE)) {
        _logger.fine("JACC: Access Control Decision Result: " + ret + " EJBMethodPermission (Name) = " + ejbmp.getName() + " (Action) = " + ejbmp.getActions() + " (Caller) = " + caller);
    }
    return ret;
}
Also used : ProtectionDomain(java.security.ProtectionDomain) EjbInvocation(com.sun.ejb.EjbInvocation) CachedPermission(com.sun.enterprise.security.ee.CachedPermission) CachedPermissionImpl(com.sun.enterprise.security.ee.CachedPermissionImpl) Set(java.util.Set) HashSet(java.util.HashSet) EJBMethodPermission(javax.security.jacc.EJBMethodPermission) EJBRoleRefPermission(javax.security.jacc.EJBRoleRefPermission) Permission(java.security.Permission) MethodPermission(com.sun.enterprise.deployment.MethodPermission) CachedPermission(com.sun.enterprise.security.ee.CachedPermission) SecurityContext(com.sun.enterprise.security.SecurityContext) EJBMethodPermission(javax.security.jacc.EJBMethodPermission)

Example 3 with CachedPermissionImpl

use of com.sun.enterprise.security.ee.CachedPermissionImpl in project Payara by payara.

the class J2EESecurityManager method enablePermissionCache.

public synchronized void enablePermissionCache(PermissionCache c) {
    if (c != null) {
        cache = c;
        connectPerm = new CachedPermissionImpl(cache, new SocketPermission("*", "connect"));
        cacheEnabled = true;
    }
}
Also used : CachedPermissionImpl(com.sun.enterprise.security.ee.CachedPermissionImpl) SocketPermission(java.net.SocketPermission)

Aggregations

CachedPermissionImpl (com.sun.enterprise.security.ee.CachedPermissionImpl)3 EjbInvocation (com.sun.ejb.EjbInvocation)1 MethodPermission (com.sun.enterprise.deployment.MethodPermission)1 SecurityRoleMapping (com.sun.enterprise.deployment.runtime.common.SecurityRoleMapping)1 SecurityRoleAssignment (com.sun.enterprise.deployment.runtime.common.wls.SecurityRoleAssignment)1 SunWebApp (com.sun.enterprise.deployment.runtime.web.SunWebApp)1 LoginConfiguration (com.sun.enterprise.deployment.web.LoginConfiguration)1 SecurityContext (com.sun.enterprise.security.SecurityContext)1 CachedPermission (com.sun.enterprise.security.ee.CachedPermission)1 SocketPermission (java.net.SocketPermission)1 URL (java.net.URL)1 Permission (java.security.Permission)1 ProtectionDomain (java.security.ProtectionDomain)1 HashSet (java.util.HashSet)1 Set (java.util.Set)1 EJBMethodPermission (javax.security.jacc.EJBMethodPermission)1 EJBRoleRefPermission (javax.security.jacc.EJBRoleRefPermission)1 Group (org.glassfish.security.common.Group)1 PrincipalImpl (org.glassfish.security.common.PrincipalImpl)1