Example 11 with SecurityService
use of org.apache.openejb.spi.SecurityService in project tomee by apache.
the class StatefulSecurityPermissionsTest method test.
public void test() throws Exception {
System.setProperty(javax.naming.Context.INITIAL_CONTEXT_FACTORY, InitContextFactory.class.getName());
final Assembler assembler = new Assembler();
final ConfigurationFactory config = new ConfigurationFactory();
assembler.createProxyFactory(config.configureService(ProxyFactoryInfo.class));
assembler.createTransactionManager(config.configureService(TransactionServiceInfo.class));
final SecurityServiceInfo securityServiceInfo = config.configureService(SecurityServiceInfo.class);
securityServiceInfo.className = TestSecurityService.class.getName();
assembler.createSecurityService(securityServiceInfo);
final TestSecurityService securityService = (TestSecurityService) SystemInstance.get().getComponent(SecurityService.class);
securityService.login("foo", "Jazz", "Rock", "Reggae", "HipHop");
final EjbJar ejbJar = new EjbJar();
ejbJar.addEnterpriseBean(new StatefulBean(Color.class));
final List<MethodPermission> permissions = ejbJar.getAssemblyDescriptor().getMethodPermission();
permissions.add(new MethodPermission("*", "Color", "*", "Foo"));
permissions.add(new MethodPermission("*", "Color", "create").setUnchecked());
permissions.add(new MethodPermission("*", "Color", "ejbCreate").setUnchecked());
final EjbJarInfo ejbJarInfo = config.configureApplication(ejbJar);
assembler.createApplication(ejbJarInfo);
final InitialContext context = new InitialContext();
{
final ColorLocal color = (ColorLocal) context.lookup("ColorLocal");
assertEquals("Jazz", color.color());
try {
color.color((Object) null);
} catch (final EJBAccessException e) {
assertEquals("Excluded", actual.get());
}
assertEquals("Rock", color.color((String) null));
assertEquals("Unchecked", color.color((Boolean) null));
assertEquals("Reggae", color.color((Integer) null));
}
}
Also used :
StatefulBean(org.apache.openejb.jee.StatefulBean)
InitContextFactory(org.apache.openejb.core.ivm.naming.InitContextFactory)
MethodPermission(org.apache.openejb.jee.MethodPermission)
InitialContext(javax.naming.InitialContext)
EJBAccessException(javax.ejb.EJBAccessException)
ProxyFactoryInfo(org.apache.openejb.assembler.classic.ProxyFactoryInfo)
TransactionServiceInfo(org.apache.openejb.assembler.classic.TransactionServiceInfo)
SecurityService(org.apache.openejb.spi.SecurityService)
AbstractSecurityService(org.apache.openejb.core.security.AbstractSecurityService)
ConfigurationFactory(org.apache.openejb.config.ConfigurationFactory)
EJBObject(javax.ejb.EJBObject)
EJBLocalObject(javax.ejb.EJBLocalObject)
Assembler(org.apache.openejb.assembler.classic.Assembler)
SecurityServiceInfo(org.apache.openejb.assembler.classic.SecurityServiceInfo)
EjbJarInfo(org.apache.openejb.assembler.classic.EjbJarInfo)
EjbJar(org.apache.openejb.jee.EjbJar)
Example 12 with SecurityService
use of org.apache.openejb.spi.SecurityService in project tomee by apache.
the class IsLoggedTest method isLogged.
@Test
public void isLogged() throws LoginException {
final ThreadContext testContext = ThreadContext.getThreadContext();
testContext.set(AbstractSecurityService.SecurityContext.class, null);
final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
final Object id = securityService.login("jonathan", "secret");
securityService.associate(id);
assertTrue(bean.isinRole("**"));
assertFalse(bean.isinRole("whatever"));
securityService.disassociate();
securityService.logout(id);
ThreadContext.enter(testContext);
}
Also used :
SecurityService(org.apache.openejb.spi.SecurityService)
ThreadContext(org.apache.openejb.core.ThreadContext)
Test(org.junit.Test)
Example 13 with SecurityService
use of org.apache.openejb.spi.SecurityService in project tomee by apache.
the class RoleAllowedAndRunAsTest method run.
@Test
public void run() throws LoginException {
final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
final Object id = securityService.login("jonathan", "secret");
securityService.associate(id);
try {
assertEquals("jonathan > role1", bean.stack());
} finally {
securityService.disassociate();
securityService.logout(id);
}
}
Also used :
SecurityService(org.apache.openejb.spi.SecurityService)
Test(org.junit.Test)
Example 14 with SecurityService
use of org.apache.openejb.spi.SecurityService in project tomee by apache.
the class AuthRequestHandler method processRequest.
@Override
public Response processRequest(final ObjectInputStream in, final ProtocolMetaData metaData) throws Exception {
final AuthenticationRequest req = new AuthenticationRequest();
req.setMetaData(metaData);
final AuthenticationResponse res = new AuthenticationResponse();
res.setMetaData(metaData);
try {
req.readExternal(in);
final String securityRealm = req.getRealm();
final String username = req.getUsername();
final String password = req.getCredentials();
final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
final Object token = securityService.login(securityRealm, username, password);
final ClientMetaData client = new ClientMetaData();
client.setMetaData(metaData);
client.setClientIdentity(token);
res.setIdentity(client);
res.setResponseCode(ResponseCodes.AUTH_GRANTED);
} catch (Throwable t) {
res.setResponseCode(ResponseCodes.AUTH_DENIED);
res.setDeniedCause(t);
} finally {
if (debug) {
try {
logger.debug("AUTH REQUEST: " + req + " -- RESPONSE: " + res);
} catch (Exception e) {
//Ignore
}
}
}
return res;
}
Also used :
SecurityService(org.apache.openejb.spi.SecurityService)
AuthenticationRequest(org.apache.openejb.client.AuthenticationRequest)
AuthenticationResponse(org.apache.openejb.client.AuthenticationResponse)
ClientMetaData(org.apache.openejb.client.ClientMetaData)
Example 15 with SecurityService
use of org.apache.openejb.spi.SecurityService in project tomee by apache.
the class EjbRequestHandler method processRequest.
@Override
public Response processRequest(final ObjectInputStream in, final ProtocolMetaData metaData) throws Exception {
// Setup the client proxy replacement to replace
// the proxies with the IntraVM proxy implementations
EJBHomeProxyHandle.resolver.set(SERVER_SIDE_RESOLVER);
EJBObjectProxyHandle.resolver.set(SERVER_SIDE_RESOLVER);
final EJBRequest req = new EJBRequest();
req.setMetaData(metaData);
byte version = req.getVersion();
final EJBResponse res = new EJBResponse();
res.setMetaData(metaData);
res.start(EJBResponse.Time.TOTAL);
res.setRequest(req);
try {
req.readExternal(in);
} catch (Throwable t) {
return setResponseError(res, version, t, "Bad request");
}
final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
boolean failed = false;
final CallContext call;
Object clientIdentity = null;
try {
try {
clientIdentity = req.getClientIdentity();
if (clientIdentity != null) {
//noinspection unchecked
securityService.associate(clientIdentity);
}
} catch (LoginException t) {
failed = true;
return setResponseError(res, version, t, "Client identity is not valid - " + req);
}
final BeanContext di;
try {
di = this.daemon.getDeployment(req);
} catch (RemoteException e) {
failed = true;
return setResponseError(res, version, e, "No such deployment");
} catch (Throwable t) {
failed = true;
return setResponseError(res, version, t, "Unkown error occured while retrieving deployment: " + req);
}
try {
//Need to set this for deserialization of the body - Will always be reset by EjbDaemon
final ClassLoader classLoader = di.getBeanClass().getClassLoader();
Thread.currentThread().setContextClassLoader(classLoader);
res.start(EJBResponse.Time.DESERIALIZATION);
req.getBody().readExternal(in);
//Client version retrieved from body
version = req.getVersion();
res.stop(EJBResponse.Time.DESERIALIZATION);
} catch (Throwable t) {
failed = true;
return setResponseError(res, version, t, "Error caught during request body deserialization: " + req);
}
try {
call = CallContext.getCallContext();
call.setEJBRequest(req);
call.setBeanContext(di);
} catch (Throwable t) {
failed = true;
return setResponseError(res, version, t, "Unable to set the thread call context for this request: " + req);
}
} finally {
if (clientIdentity != null && failed) {
securityService.disassociate();
}
}
res.start(EJBResponse.Time.CONTAINER);
Object securityToken = null;
try {
final JNDIContext.AuthenticationInfo authentication = req.getBody().getAuthentication();
if (authentication != null) {
try {
securityToken = securityService.login(authentication.getRealm(), authentication.getUser(), new String(authentication.getPassword()));
} catch (final Throwable t) {
res.setResponse(req.getVersion(), ResponseCodes.AUTH_DENIED, t);
}
}
if (res.getResponseCode() != ResponseCodes.AUTH_DENIED) {
switch(req.getRequestMethod()) {
// Remote interface methods
case EJB_OBJECT_BUSINESS_METHOD:
doEjbObject_BUSINESS_METHOD(req, res);
updateServer(req, res);
break;
// Home interface methods
case EJB_HOME_CREATE:
doEjbHome_CREATE(req, res);
updateServer(req, res);
break;
// Home interface methods
case EJB_HOME_METHOD:
doEjbHome_METHOD(req, res);
updateServer(req, res);
break;
case EJB_HOME_FIND:
doEjbHome_FIND(req, res);
updateServer(req, res);
break;
// javax.ejb.EJBObject methods
case EJB_OBJECT_GET_EJB_HOME:
doEjbObject_GET_EJB_HOME(req, res);
updateServer(req, res);
break;
case EJB_OBJECT_GET_HANDLE:
doEjbObject_GET_HANDLE(req, res);
updateServer(req, res);
break;
case EJB_OBJECT_GET_PRIMARY_KEY:
doEjbObject_GET_PRIMARY_KEY(req, res);
updateServer(req, res);
break;
case EJB_OBJECT_IS_IDENTICAL:
doEjbObject_IS_IDENTICAL(req, res);
updateServer(req, res);
break;
case EJB_OBJECT_REMOVE:
doEjbObject_REMOVE(req, res);
break;
// javax.ejb.EJBHome methods
case EJB_HOME_GET_EJB_META_DATA:
doEjbHome_GET_EJB_META_DATA(req, res);
updateServer(req, res);
break;
case EJB_HOME_GET_HOME_HANDLE:
doEjbHome_GET_HOME_HANDLE(req, res);
updateServer(req, res);
break;
case EJB_HOME_REMOVE_BY_HANDLE:
doEjbHome_REMOVE_BY_HANDLE(req, res);
break;
case EJB_HOME_REMOVE_BY_PKEY:
doEjbHome_REMOVE_BY_PKEY(req, res);
break;
case FUTURE_CANCEL:
doFUTURE_CANCEL_METHOD(req, res);
break;
default:
throw new org.apache.openejb.SystemException("Unexpected request method: " + req.getRequestMethod());
}
}
} catch (org.apache.openejb.InvalidateReferenceException e) {
res.setResponse(version, ResponseCodes.EJB_SYS_EXCEPTION, new ThrowableArtifact(e.getRootCause()));
} catch (org.apache.openejb.ApplicationException e) {
res.setResponse(version, ResponseCodes.EJB_APP_EXCEPTION, new ThrowableArtifact(e.getRootCause()));
} catch (org.apache.openejb.SystemException e) {
res.setResponse(version, ResponseCodes.EJB_ERROR, new ThrowableArtifact(e.getRootCause()));
logger.error("System error in container for request: " + req, e);
} catch (Throwable t) {
return setResponseError(res, version, t, "Unknown error in container");
} finally {
if (securityToken != null) {
try {
//noinspection unchecked
securityService.logout(securityToken);
} catch (final LoginException e) {
// no-op
}
}
try {
res.stop(EJBResponse.Time.CONTAINER);
} catch (Throwable e) {
//Ignore
}
if (logger.isDebugEnabled()) {
//The req and res toString overrides are volatile
try {
logger.debug("EJB REQUEST: " + req + " -- RESPONSE: " + res);
} catch (Throwable t) {
//Ignore
}
}
}
return res;
}
Also used :
ThrowableArtifact(org.apache.openejb.client.ThrowableArtifact)
JNDIContext(org.apache.openejb.client.JNDIContext)
EJBResponse(org.apache.openejb.client.EJBResponse)
BeanContext(org.apache.openejb.BeanContext)
SecurityService(org.apache.openejb.spi.SecurityService)
LoginException(javax.security.auth.login.LoginException)
EJBRequest(org.apache.openejb.client.EJBRequest)
RemoteException(java.rmi.RemoteException)
Aggregations
SecurityService (org.apache.openejb.spi.SecurityService)16
LoginException (javax.security.auth.login.LoginException)9
Test (org.junit.Test)3
RemoteException (java.rmi.RemoteException)2
AuthenticationException (javax.naming.AuthenticationException)2
Context (javax.naming.Context)2
InitialContext (javax.naming.InitialContext)2
BeanContext (org.apache.openejb.BeanContext)2
OpenEJBRuntimeException (org.apache.openejb.OpenEJBRuntimeException)2
ThreadContext (org.apache.openejb.core.ThreadContext)2
AbstractSecurityService (org.apache.openejb.core.security.AbstractSecurityService)2
ContainerSystem (org.apache.openejb.spi.ContainerSystem)2
IOException (java.io.IOException)1
Map (java.util.Map)1
Properties (java.util.Properties)1
EJBAccessException (javax.ejb.EJBAccessException)1
EJBLocalObject (javax.ejb.EJBLocalObject)1
EJBObject (javax.ejb.EJBObject)1
Callback (javax.security.auth.callback.Callback)1
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1
