Example 21 with EJBAccessException
use of javax.ejb.EJBAccessException in project tomee by apache.
the class MovieTest method testAsEmployee.
@Test
public void testAsEmployee() throws Exception {
final Context context = getContext("eddie", "jump");
try {
movies.addMovie(new Movie("Quentin Tarantino", "Reservoir Dogs", 1992));
movies.addMovie(new Movie("Joel Coen", "Fargo", 1996));
movies.addMovie(new Movie("Joel Coen", "The Big Lebowski", 1998));
List<Movie> list = movies.getMovies();
Assert.assertEquals("List.size()", 3, list.size());
for (Movie movie : list) {
try {
movies.deleteMovie(movie);
Assert.fail("Employees should not be allowed to delete");
} catch (EJBAccessException e) {
// Good, Employees cannot delete things
}
}
// The list should still be three movies long
Assert.assertEquals("Movies.getMovies()", 3, movies.getMovies().size());
} finally {
context.close();
}
}
Also used :
InitialContext(javax.naming.InitialContext)
Context(javax.naming.Context)
EJBAccessException(javax.ejb.EJBAccessException)
Test(org.junit.Test)
Example 22 with EJBAccessException
use of javax.ejb.EJBAccessException in project tomee by apache.
the class ContractTest method missingCredentials.
@Test
public void missingCredentials() throws NamingException {
try {
hi(new Properties() {
{
setProperty(Context.INITIAL_CONTEXT_FACTORY, RemoteInitialContextFactory.class.getName());
setProperty(Context.PROVIDER_URL, String.format("http://localhost:%s/tomee/ejb", base.getPort()));
}
});
fail();
} catch (final EJBAccessException eae) {
// no-op
}
}
Also used :
Properties(java.util.Properties)
EJBAccessException(javax.ejb.EJBAccessException)
Test(org.junit.Test)
Example 23 with EJBAccessException
use of javax.ejb.EJBAccessException in project wildfly by wildfly.
the class ServerSecurityInterceptor method aroundInvoke.
@AroundInvoke
public Object aroundInvoke(final InvocationContext invocationContext) throws Exception {
Principal desiredUser = null;
RealmUser connectionUser = null;
Map<String, Object> contextData = invocationContext.getContextData();
if (contextData.containsKey(DELEGATED_USER_KEY)) {
desiredUser = new SimplePrincipal((String) contextData.get(DELEGATED_USER_KEY));
Connection con = RemotingContext.getConnection();
if (con != null) {
SecurityIdentity localIdentity = con.getLocalIdentity();
if (localIdentity != null) {
connectionUser = new RealmUser(localIdentity.getPrincipal().getName());
}
} else {
throw new IllegalStateException("Delegation user requested but no user on connection found.");
}
}
SecurityContext cachedSecurityContext = null;
boolean contextSet = false;
try {
if (desiredUser != null && connectionUser != null && (desiredUser.getName().equals(connectionUser.getName()) == false)) {
try {
// The final part of this check is to verify that the change does actually indicate a change in user.
// We have been requested to switch user and have successfully identified the user from the connection
// so now we attempt the switch.
cachedSecurityContext = SecurityContextAssociation.getSecurityContext();
final SecurityContext nextContext = SecurityContextFactory.createSecurityContext(desiredUser, new CurrentUserCredential(connectionUser.getName()), new Subject(), "fooSecurityDomain");
SecurityContextAssociation.setSecurityContext(nextContext);
// keep track that we switched the security context
contextSet = true;
RemotingContext.clear();
} catch (Exception e) {
LOGGER.error("Failed to switch security context for user", e);
// Don't propagate the exception stacktrace back to the client for security reasons
throw new EJBAccessException("Unable to attempt switching of user.");
}
}
return invocationContext.proceed();
} finally {
// switch back to original security context
if (contextSet) {
SecurityContextAssociation.setSecurityContext(cachedSecurityContext);
}
}
}
Also used :
IllegalStateException(javax.resource.spi.IllegalStateException)
RealmUser(org.jboss.as.core.security.RealmUser)
Connection(org.jboss.remoting3.Connection)
Subject(javax.security.auth.Subject)
EJBAccessException(javax.ejb.EJBAccessException)
IllegalStateException(javax.resource.spi.IllegalStateException)
EJBAccessException(javax.ejb.EJBAccessException)
SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity)
SecurityContext(org.jboss.security.SecurityContext)
Principal(java.security.Principal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
AroundInvoke(javax.interceptor.AroundInvoke)
Example 24 with EJBAccessException
use of javax.ejb.EJBAccessException in project wildfly by wildfly.
the class WhoAmIServlet method doGet.
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Writer writer = resp.getWriter();
String method = req.getParameter("method");
String username = req.getParameter("username");
String password = req.getParameter("password");
String role = req.getParameter("role");
if ("whoAmI".equals(method)) {
LoginContext lc = null;
try {
if (username != null && password != null) {
lc = getCLMLoginContext(username, password);
lc.login();
}
try {
writer.write(bean.whoAmI());
} finally {
if (lc != null) {
lc.logout();
}
}
} catch (LoginException le) {
throw new IOException("Unexpected failure", le);
}
} else if ("doubleWhoAmI".equals(method)) {
String[] response;
try {
if (username != null && password != null) {
response = bean.doubleWhoAmI(username, password);
} else {
response = bean.doubleWhoAmI();
}
} catch (EJBAccessException e) {
resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.toString());
return;
} catch (LoginException e) {
throw new ServletException("Unexpected failure", e);
}
writer.write(response[0] + "," + response[1]);
} else if ("doIHaveRole".equals(method)) {
LoginContext lc = null;
try {
if (username != null && password != null) {
lc = getCLMLoginContext(username, password);
lc.login();
}
try {
writer.write(String.valueOf(bean.doIHaveRole(role)));
} finally {
if (lc != null) {
lc.logout();
}
}
} catch (LoginException le) {
throw new IOException("Unexpected failure", le);
}
} else if ("doubleDoIHaveRole".equals(method)) {
try {
boolean[] response = null;
if (username != null && password != null) {
response = bean.doubleDoIHaveRole(role, username, password);
} else {
response = bean.doubleDoIHaveRole(role);
}
writer.write(String.valueOf(response[0]) + "," + String.valueOf(response[1]));
} catch (Exception e) {
throw new ServletException("Unexpected Failure", e);
}
} else {
throw new IllegalArgumentException("Parameter 'method' either missing or invalid method='" + method + "'");
}
}
Also used :
ServletException(javax.servlet.ServletException)
LoginContext(javax.security.auth.login.LoginContext)
Util.getCLMLoginContext(org.jboss.as.test.shared.integration.ejb.security.Util.getCLMLoginContext)
LoginException(javax.security.auth.login.LoginException)
IOException(java.io.IOException)
Writer(java.io.Writer)
EJBAccessException(javax.ejb.EJBAccessException)
LoginException(javax.security.auth.login.LoginException)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
EJBAccessException(javax.ejb.EJBAccessException)
Example 25 with EJBAccessException
use of javax.ejb.EJBAccessException in project wildfly by wildfly.
the class EJBSecurityTestCase method testSecurityOnBeanInAbsenceOfExplicitSecurityDomain.
/**
* Tests that a bean which doesn't explicitly have a security domain configured, but still has EJB security related
* annotations on it, is still considered secured and the security annotations are honoured
*
* @throws Exception
*/
@Test
public void testSecurityOnBeanInAbsenceOfExplicitSecurityDomain() throws Exception {
final Context ctx = new InitialContext();
// lookup the bean which doesn't explicitly have any security domain configured
final Restriction restrictedBean = (Restriction) ctx.lookup("java:module/" + BeanWithoutExplicitSecurityDomain.class.getSimpleName() + "!" + Restriction.class.getName());
try {
// try invoking a method annotated @DenyAll (expected to fail)
restrictedBean.restrictedMethod();
Assert.fail("Call to restrictedMethod() method was expected to fail");
} catch (EJBAccessException ejbae) {
// expected
}
// lookup the bean which doesn't explicitly have any security domain configured
final FullAccess fullAccessBean = (FullAccess) ctx.lookup("java:module/" + BeanWithoutExplicitSecurityDomain.class.getSimpleName() + "!" + FullAccess.class.getName());
// invoke a @PermitAll method
fullAccessBean.doAnything();
// lookup the bean which doesn't explicitly have any security domain configured
final BeanWithoutExplicitSecurityDomain specificRoleAccessBean = (BeanWithoutExplicitSecurityDomain) ctx.lookup("java:module/" + BeanWithoutExplicitSecurityDomain.class.getSimpleName() + "!" + BeanWithoutExplicitSecurityDomain.class.getName());
try {
// invoke a method which only a specific role can access.
// this is expected to fail since we haven't logged in as any user
specificRoleAccessBean.allowOnlyRoleTwoToAccess();
Assert.fail("Invocation was expected to fail since only a specific role was expected to be allowed to access the bean method");
} catch (EJBAccessException ejbae) {
// expected
}
}
Also used :
InitialContext(javax.naming.InitialContext)
Context(javax.naming.Context)
InitialContext(javax.naming.InitialContext)
EJBAccessException(javax.ejb.EJBAccessException)
Test(org.junit.Test)
Aggregations
EJBAccessException (javax.ejb.EJBAccessException)42
Test (org.junit.Test)26
LoginContext (javax.security.auth.login.LoginContext)16
Context (javax.naming.Context)11
InitialContext (javax.naming.InitialContext)11
OpenEJBException (org.apache.openejb.OpenEJBException)5
Principal (java.security.Principal)4
NamingException (javax.naming.NamingException)4
ApplicationException (org.apache.openejb.ApplicationException)4
IOException (java.io.IOException)3
Method (java.lang.reflect.Method)3
Properties (java.util.Properties)3
EJBHome (javax.ejb.EJBHome)3
EJBLocalHome (javax.ejb.EJBLocalHome)3
EJBLocalObject (javax.ejb.EJBLocalObject)3
EJBObject (javax.ejb.EJBObject)3
LoginException (javax.security.auth.login.LoginException)3
ServletException (javax.servlet.ServletException)3
BeanContext (org.apache.openejb.BeanContext)3
ThreadContext (org.apache.openejb.core.ThreadContext)3
