Example 31 with Role
use of org.glassfish.security.common.Role in project Payara by payara.
the class CSIV2TaggedComponentInfo method getIORConfigurationDescriptors.
private Set<EjbIORConfigurationDescriptor> getIORConfigurationDescriptors(EjbDescriptor ejbDescriptor) {
if (ejbDescriptor == null) {
return null;
}
Set<EjbIORConfigurationDescriptor> iorDescriptors = ejbDescriptor.getIORConfigurationDescriptors();
int size = iorDescriptors.size();
if (size == 0) {
// No IOR config descriptors:
// Either none were configured or 1.2.x app.
// Create an IOR config desc with SSL supported
EjbIORConfigurationDescriptor iorDescriptor = new EjbIORConfigurationDescriptor();
iorDescriptor.setIntegrity(SUPPORTED);
iorDescriptor.setConfidentiality(SUPPORTED);
iorDescriptor.setEstablishTrustInClient(SUPPORTED);
iorDescriptors.add(iorDescriptor);
size = 1;
// Check if method permissions are set on the descriptor.
// If they are then enable username_password mechanism in as_context
Set<Role> permissions = ejbDescriptor.getPermissionedRoles();
if (permissions.size() > 0) {
if (logger.isLoggable(FINE)) {
logger.log(FINE, "IIOP:Application has protected methods");
}
iorDescriptor.setAuthMethodRequired(true);
String realmName = DEFAULT_REALM;
if (ejbDescriptor.getApplication() != null) {
realmName = ejbDescriptor.getApplication().getRealm();
}
if (realmName == null) {
realmName = DEFAULT_REALM;
}
iorDescriptor.setRealmName(realmName);
}
}
return iorDescriptors;
}
Also used :
Role(org.glassfish.security.common.Role)
EjbIORConfigurationDescriptor(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)
Example 32 with Role
use of org.glassfish.security.common.Role in project Payara by payara.
the class MapValue method createWebRoleRefPermission.
public static void createWebRoleRefPermission(WebBundleDescriptor wbd, PolicyConfiguration pc) throws javax.security.jacc.PolicyContextException {
if (logger.isLoggable(Level.FINE)) {
logger.entering("WebPermissionUtil", "createWebRoleRefPermission");
logger.log(Level.FINE, "JACC: role-reference translation: Processing WebRoleRefPermission : CODEBASE = " + pc.getContextID());
}
List role = new ArrayList();
Set roleset = wbd.getRoles();
Role anyAuthUserRole = new Role("**");
boolean rolesetContainsAnyAuthUserRole = roleset.contains(anyAuthUserRole);
Set<WebComponentDescriptor> descs = wbd.getWebComponentDescriptors();
// V3 Commented for(Enumeration e = wbd.getWebComponentDescriptors(); e.hasMoreElements();){
for (WebComponentDescriptor comp : descs) {
// V3 Commented WebComponentDescriptor comp = (WebComponentDescriptor) e.nextElement();
String name = comp.getCanonicalName();
Enumeration esrr = comp.getSecurityRoleReferences();
for (; esrr.hasMoreElements(); ) {
SecurityRoleReference srr = (SecurityRoleReference) esrr.nextElement();
if (srr != null) {
String action = srr.getRoleName();
WebRoleRefPermission wrrp = new WebRoleRefPermission(name, action);
role.add(new Role(action));
pc.addToRole(srr.getSecurityRoleLink().getName(), wrrp);
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "JACC: role-reference translation: RoleRefPermission created with name(servlet-name) = " + name + " and action(Role-name tag) = " + action + " added to role(role-link tag) = " + srr.getSecurityRoleLink().getName());
}
}
}
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "JACC: role-reference translation: Going through the list of roles not present in RoleRef elements and creating WebRoleRefPermissions ");
}
for (Iterator it = roleset.iterator(); it.hasNext(); ) {
Role r = (Role) it.next();
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "JACC: role-reference translation: Looking at Role = " + r.getName());
}
if (!role.contains(r)) {
String action = r.getName();
WebRoleRefPermission wrrp = new WebRoleRefPermission(name, action);
pc.addToRole(action, wrrp);
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "JACC: role-reference translation: RoleRef = " + action + " is added for servlet-resource = " + name);
logger.log(Level.FINE, "JACC: role-reference translation: Permission added for above role-ref =" + wrrp.getName() + " " + wrrp.getActions());
}
}
}
/**
* JACC MR8 add WebRoleRefPermission for the any authenticated user role '**'
*/
if ((!role.contains(anyAuthUserRole)) && !rolesetContainsAnyAuthUserRole) {
addAnyAuthenticatedUserRoleRef(pc, name);
}
}
if (logger.isLoggable(Level.FINE)) {
logger.exiting("WebPermissionUtil", "createWebRoleRefPermission");
}
/**
* For every security role in the web application add a WebRoleRefPermission to the corresponding role. The name of all
* such permissions shall be the empty string, and the actions of each permission shall be the corresponding role name.
* When checking a WebRoleRefPermission from a JSP not mapped to a servlet, use a permission with the empty string as
* its name and with the argument to isUserInRole as its actions
*/
for (Iterator it = roleset.iterator(); it.hasNext(); ) {
Role r = (Role) it.next();
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "JACC: role-reference translation: Looking at Role = " + r.getName());
}
String action = r.getName();
WebRoleRefPermission wrrp = new WebRoleRefPermission("", action);
pc.addToRole(action, wrrp);
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "JACC: role-reference translation: RoleRef = " + action + " is added for jsp's that can't be mapped to servlets");
logger.log(Level.FINE, "JACC: role-reference translation: Permission added for above role-ref =" + wrrp.getName() + " " + wrrp.getActions());
}
}
/**
* JACC MR8 add WebRoleRefPermission for the any authenticated user role '**'
*/
if (!rolesetContainsAnyAuthUserRole) {
addAnyAuthenticatedUserRoleRef(pc, "");
}
}
Also used :
Role(org.glassfish.security.common.Role)
WebRoleRefPermission(javax.security.jacc.WebRoleRefPermission)
Example 33 with Role
use of org.glassfish.security.common.Role in project Payara by payara.
the class EJBSecurityManager method convertEJBRoleReferences.
/**
* This method converts ejb role references to jacc permission objects
* and adds them to the policy configuration object
* It gets the list of role references from the ejb descriptor. For each
* such role reference, create a EJBRoleRefPermission and add it to the
* PolicyConfiguration object.
*
* @param eDescriptor the ejb descriptor
* @param pcid, the policy context identifier
*/
private static void convertEJBRoleReferences(EjbDescriptor eDescriptor, String pcid) throws PolicyContextException {
PolicyConfiguration pc = getPolicyFactory().getPolicyConfiguration(pcid, false);
// of PolicyConfigurationFactory
assert pc != null;
// Get the set of roles declared
Set<Role> roleset = eDescriptor.getEjbBundleDescriptor().getRoles();
Role anyAuthUserRole = new Role("**");
boolean rolesetContainsAnyAuthUserRole = roleset.contains(anyAuthUserRole);
List<Role> role = new ArrayList<Role>();
String eName = eDescriptor.getName();
for (RoleReference roleRef : eDescriptor.getRoleReferences()) {
String rolename = roleRef.getRoleName();
EJBRoleRefPermission ejbrr = new EJBRoleRefPermission(eName, rolename);
String rolelink = roleRef.getSecurityRoleLink().getName();
role.add(new Role(rolename));
pc.addToRole(rolelink, ejbrr);
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("JACC: Converting role-ref -> " + roleRef.toString() + " to permission with name(" + ejbrr.getName() + ") and actions (" + ejbrr.getActions() + ")" + "mapped to role (" + rolelink + ")");
}
}
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "JACC: Converting role-ref: Going through the list of roles not present in RoleRef elements and creating EJBRoleRefPermissions ");
}
for (Role r : roleset) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "JACC: Converting role-ref: Looking at Role = " + r.getName());
}
if (!role.contains(r)) {
String action = r.getName();
EJBRoleRefPermission ejbrr = new EJBRoleRefPermission(eName, action);
pc.addToRole(action, ejbrr);
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("JACC: Converting role-ref: Role = " + r.getName() + " is added as a permission with name(" + ejbrr.getName() + ") and actions (" + ejbrr.getActions() + ")" + "mapped to role (" + action + ")");
}
}
}
/**
* JACC MR8 add EJBRoleRefPermission for the any authenticated user role '**'
*/
if ((!role.contains(anyAuthUserRole)) && !rolesetContainsAnyAuthUserRole) {
String rolename = anyAuthUserRole.getName();
EJBRoleRefPermission ejbrr = new EJBRoleRefPermission(eName, rolename);
pc.addToRole(rolename, ejbrr);
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("JACC: Converting role-ref: Adding any authenticated user role-ref " + " to permission with name(" + ejbrr.getName() + ") and actions (" + ejbrr.getActions() + ")" + "mapped to role (" + rolename + ")");
}
}
}
Also used :
Role(org.glassfish.security.common.Role)
RoleReference(com.sun.enterprise.deployment.RoleReference)
EJBRoleRefPermission(javax.security.jacc.EJBRoleRefPermission)
ArrayList(java.util.ArrayList)
PolicyConfiguration(javax.security.jacc.PolicyConfiguration)
Example 34 with Role
use of org.glassfish.security.common.Role in project Payara by payara.
the class DeclareRolesHandler method processAnnotation.
private HandlerProcessingResult processAnnotation(AnnotationInfo ainfo, WebBundleDescriptor webBundleDesc) {
DeclareRoles rolesRefAn = (DeclareRoles) ainfo.getAnnotation();
for (String roleName : rolesRefAn.value()) {
Role role = new Role(roleName);
webBundleDesc.addRole(role);
}
return getDefaultProcessedResult();
}
Also used :
Role(org.glassfish.security.common.Role)
DeclareRoles(javax.annotation.security.DeclareRoles)
Example 35 with Role
use of org.glassfish.security.common.Role in project Payara by payara.
the class RunAsHandler method processAnnotation.
protected HandlerProcessingResult processAnnotation(AnnotationInfo ainfo, WebComponentContext[] webCompContexts) throws AnnotationProcessorException {
RunAs runAsAn = (RunAs) ainfo.getAnnotation();
for (WebComponentContext webCompContext : webCompContexts) {
WebComponentDescriptor webDesc = webCompContext.getDescriptor();
// override by xml
if (webDesc.getRunAsIdentity() != null) {
continue;
}
String roleName = runAsAn.value();
Role role = new Role(roleName);
// add Role if not exists
webDesc.getWebBundleDescriptor().addRole(role);
RunAsIdentityDescriptor runAsDesc = new RunAsIdentityDescriptor();
runAsDesc.setRoleName(roleName);
webDesc.setRunAsIdentity(runAsDesc);
}
return getDefaultProcessedResult();
}
Also used :
Role(org.glassfish.security.common.Role)
WebComponentDescriptor(com.sun.enterprise.deployment.WebComponentDescriptor)
WebComponentContext(com.sun.enterprise.deployment.annotation.context.WebComponentContext)
RunAsIdentityDescriptor(com.sun.enterprise.deployment.RunAsIdentityDescriptor)
RunAs(javax.annotation.security.RunAs)
Aggregations
Role (org.glassfish.security.common.Role)38
RunAsIdentityDescriptor (com.sun.enterprise.deployment.RunAsIdentityDescriptor)7
Iterator (java.util.Iterator)5
DeclareRoles (javax.annotation.security.DeclareRoles)5
RunAs (javax.annotation.security.RunAs)5
Group (org.glassfish.security.common.Group)5
MethodPermission (com.sun.enterprise.deployment.MethodPermission)4
RoleReference (com.sun.enterprise.deployment.RoleReference)4
WebComponentDescriptor (com.sun.enterprise.deployment.WebComponentDescriptor)4
EjbContext (com.sun.enterprise.deployment.annotation.context.EjbContext)4
Result (com.sun.enterprise.tools.verifier.Result)4
ComponentNameConstructor (com.sun.enterprise.tools.verifier.tests.ComponentNameConstructor)4
SecurityRoleMapper (org.glassfish.deployment.common.SecurityRoleMapper)4
EjbDescriptor (com.sun.enterprise.deployment.EjbDescriptor)3
PrincipalNameDescriptor (com.sun.enterprise.deployment.runtime.common.PrincipalNameDescriptor)3
SecurityRoleMapping (com.sun.enterprise.deployment.runtime.common.SecurityRoleMapping)3
SecurityConstraint (com.sun.enterprise.deployment.web.SecurityConstraint)3
SecurityRole (com.sun.enterprise.deployment.web.SecurityRole)3
UserDataConstraint (com.sun.enterprise.deployment.web.UserDataConstraint)3
Set (java.util.Set)3
