Examples with DeploymentReflectionIndex org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex used on opensource projects

Example 1 with DeploymentReflectionIndex

use of org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex in project wildfly by wildfly.

the class EJBSecurityViewConfigurator method configure.

@Override
public void configure(DeploymentPhaseContext context, ComponentConfiguration componentConfiguration, ViewDescription viewDescription, ViewConfiguration viewConfiguration) throws DeploymentUnitProcessingException {
    if (componentConfiguration.getComponentDescription() instanceof EJBComponentDescription == false) {
        throw EjbLogger.ROOT_LOGGER.invalidEjbComponent(componentConfiguration.getComponentName(), componentConfiguration.getComponentClass());
    }
    final DeploymentUnit deploymentUnit = context.getDeploymentUnit();
    final EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentConfiguration.getComponentDescription();
    final boolean elytronSecurityDomain = ejbComponentDescription.getSecurityDomainServiceName() != null;
    final String viewClassName = viewDescription.getViewClassName();
    final EJBViewDescription ejbViewDescription = (EJBViewDescription) viewDescription;
    final EJBViewMethodSecurityAttributesService.Builder viewMethodSecurityAttributesServiceBuilder;
    final ServiceName viewMethodSecurityAttributesServiceName;
    // note that we always install this service for SERVICE_ENDPOINT views, even if security is not enabled
    if (MethodIntf.SERVICE_ENDPOINT == ejbViewDescription.getMethodIntf()) {
        viewMethodSecurityAttributesServiceBuilder = new EJBViewMethodSecurityAttributesService.Builder();
        viewMethodSecurityAttributesServiceName = EJBViewMethodSecurityAttributesService.getServiceName(ejbComponentDescription.getApplicationName(), ejbComponentDescription.getModuleName(), ejbComponentDescription.getEJBName(), viewClassName);
    } else {
        viewMethodSecurityAttributesServiceBuilder = null;
        viewMethodSecurityAttributesServiceName = null;
    }
    if (!legacySecurityAvailable(deploymentUnit) && !elytronSecurityDomain) {
        // the security subsystem is not present and Elytron is not being used for security, we don't apply any security settings
        installAttributeServiceIfRequired(context, viewMethodSecurityAttributesServiceBuilder, viewMethodSecurityAttributesServiceName);
        return;
    }
    final DeploymentReflectionIndex deploymentReflectionIndex = deploymentUnit.getAttachment(org.jboss.as.server.deployment.Attachments.REFLECTION_INDEX);
    // The getSecurityDomain() will return a null value if neither an explicit security domain is configured
    // for the bean nor there's any default security domain that's configured at EJB3 subsystem level.
    // In such cases, we do *not* apply any security interceptors
    String resolvedSecurityDomain = ejbComponentDescription.getResolvedSecurityDomain();
    if (elytronSecurityDomain == false && (resolvedSecurityDomain == null || resolvedSecurityDomain.isEmpty())) {
        if (ROOT_LOGGER.isDebugEnabled()) {
            ROOT_LOGGER.debug("Security is *not* enabled on EJB: " + ejbComponentDescription.getEJBName() + ", since no explicit security domain is configured for the bean, nor is there any default security domain configured in the EJB3 subsystem");
        }
        installAttributeServiceIfRequired(context, viewMethodSecurityAttributesServiceBuilder, viewMethodSecurityAttributesServiceName);
        return;
    }
    // setup the JACC contextID.
    String contextID = deploymentUnit.getName();
    if (deploymentUnit.getParent() != null) {
        contextID = deploymentUnit.getParent().getName() + "!" + contextID;
    }
    // setup the method specific security interceptor(s)
    boolean beanHasMethodLevelSecurityMetadata = false;
    final List<Method> viewMethods = viewConfiguration.getProxyFactory().getCachedMethods();
    final List<Method> methodsWithoutExplicitSecurityConfiguration = new ArrayList<Method>();
    for (final Method viewMethod : viewMethods) {
        // TODO: proxy factory exposes non-public methods, is this a bug in the no-interface view?
        if (!Modifier.isPublic(viewMethod.getModifiers())) {
            continue;
        }
        if (viewMethod.getDeclaringClass() == WriteReplaceInterface.class) {
            continue;
        }
        // setup the authorization interceptor
        final ApplicableMethodInformation<EJBMethodSecurityAttribute> permissions = ejbComponentDescription.getDescriptorMethodPermissions();
        boolean methodHasSecurityMetadata = handlePermissions(contextID, componentConfiguration, viewConfiguration, deploymentReflectionIndex, viewClassName, ejbViewDescription, viewMethod, permissions, false, viewMethodSecurityAttributesServiceBuilder, ejbComponentDescription, elytronSecurityDomain, resolvedSecurityDomain);
        if (!methodHasSecurityMetadata) {
            // if it was not handled by the descriptor processor we look for annotation basic info
            methodHasSecurityMetadata = handlePermissions(contextID, componentConfiguration, viewConfiguration, deploymentReflectionIndex, viewClassName, ejbViewDescription, viewMethod, ejbComponentDescription.getAnnotationMethodPermissions(), true, viewMethodSecurityAttributesServiceBuilder, ejbComponentDescription, elytronSecurityDomain, resolvedSecurityDomain);
        }
        // if any method has security metadata then the bean has method level security metadata
        if (methodHasSecurityMetadata) {
            beanHasMethodLevelSecurityMetadata = true;
        } else {
            // make a note that this method didn't have any explicit method permissions configured
            methodsWithoutExplicitSecurityConfiguration.add(viewMethod);
        }
    }
    final boolean securityRequired = beanHasMethodLevelSecurityMetadata || ejbComponentDescription.hasBeanLevelSecurityMetadata();
    if (securityRequired) {
        ejbComponentDescription.setSecurityRequired(securityRequired);
    }
    // setup the security context interceptor
    if (elytronSecurityDomain) {
        final HashMap<Integer, InterceptorFactory> elytronInterceptorFactories = ejbComponentDescription.getElytronInterceptorFactories(contextID, ejbComponentDescription.requiresJacc(), true);
        elytronInterceptorFactories.forEach((priority, elytronInterceptorFactory) -> viewConfiguration.addViewInterceptor(elytronInterceptorFactory, priority));
    } else if (securityRequired) {
        throw ROOT_LOGGER.legacySecurityUnsupported(resolvedSecurityDomain);
    }
    // now add the authorization interceptor if the bean has *any* security metadata applicable
    if (securityRequired) {
        // check the missing-method-permissions-deny-access configuration and add the authorization interceptor
        // to methods which don't have explicit method permissions.
        // (@see http://anil-identity.blogspot.in/2010/02/tip-interpretation-of-missing-ejb.html for details)
        final Boolean denyAccessToMethodsMissingPermissions = ((EJBComponentDescription) componentConfiguration.getComponentDescription()).isMissingMethodPermissionsDeniedAccess();
        // default to "deny access"
        if (denyAccessToMethodsMissingPermissions != Boolean.FALSE) {
            for (final Method viewMethod : methodsWithoutExplicitSecurityConfiguration) {
                if (viewMethodSecurityAttributesServiceBuilder != null) {
                    // build the EJBViewMethodSecurityAttributesService to expose these security attributes to other components like WS (@see https://issues.jboss.org/browse/WFLY-308)
                    viewMethodSecurityAttributesServiceBuilder.addMethodSecurityMetadata(viewMethod, EJBMethodSecurityAttribute.denyAll());
                }
                // "deny access" implies we need the authorization interceptor to be added so that it can nuke the invocation
                if (elytronSecurityDomain) {
                    viewConfiguration.addViewInterceptor(viewMethod, new ImmediateInterceptorFactory(RolesAllowedInterceptor.DENY_ALL), InterceptorOrder.View.EJB_SECURITY_AUTHORIZATION_INTERCEPTOR);
                } else {
                    throw ROOT_LOGGER.legacySecurityUnsupported(resolvedSecurityDomain);
                }
            }
        }
    }
    installAttributeServiceIfRequired(context, viewMethodSecurityAttributesServiceBuilder, viewMethodSecurityAttributesServiceName);
}

Example 2 with DeploymentReflectionIndex

use of org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex in project wildfly by wildfly.

the class ParsedServiceDeploymentProcessor method deploy.

/**
 * Process a deployment for JbossService configuration.  Will install a {@code JBossService} for each configured service.
 *
 * @param phaseContext the deployment unit context
 * @throws DeploymentUnitProcessingException
 */
@Override
public void deploy(final DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
    final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
    final JBossServiceXmlDescriptor serviceXmlDescriptor = deploymentUnit.getAttachment(JBossServiceXmlDescriptor.ATTACHMENT_KEY);
    if (serviceXmlDescriptor == null) {
        // Skip deployments without a service xml descriptor
        return;
    }
    // assert module
    final Module module = deploymentUnit.getAttachment(Attachments.MODULE);
    if (module == null)
        throw SarLogger.ROOT_LOGGER.failedToGetAttachment("module", deploymentUnit);
    // assert reflection index
    final DeploymentReflectionIndex reflectionIndex = deploymentUnit.getAttachment(Attachments.REFLECTION_INDEX);
    if (reflectionIndex == null)
        throw SarLogger.ROOT_LOGGER.failedToGetAttachment("reflection index", deploymentUnit);
    // install services
    final ClassLoader classLoader = module.getClassLoader();
    final List<JBossServiceConfig> serviceConfigs = serviceXmlDescriptor.getServiceConfigs();
    final ServiceTarget target = phaseContext.getServiceTarget();
    final Map<String, ServiceComponentInstantiator> serviceComponents = deploymentUnit.getAttachment(ServiceAttachments.SERVICE_COMPONENT_INSTANTIATORS);
    for (final JBossServiceConfig serviceConfig : serviceConfigs) {
        addServices(target, serviceConfig, classLoader, reflectionIndex, serviceComponents != null ? serviceComponents.get(serviceConfig.getName()) : null, phaseContext);
    }
}

Example 3 with DeploymentReflectionIndex

use of org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex in project wildfly by wildfly.

the class ParsedKernelDeploymentProcessor method deploy.

/**
 * Process a deployment for KernelDeployment configuration.
 * Will install a {@code POJO} for each configured bean.
 *
 * @param phaseContext the deployment unit context
 * @throws DeploymentUnitProcessingException
 */
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
    final DeploymentUnit unit = phaseContext.getDeploymentUnit();
    final List<KernelDeploymentXmlDescriptor> kdXmlDescriptors = unit.getAttachment(KernelDeploymentXmlDescriptor.ATTACHMENT_KEY);
    if (kdXmlDescriptors == null || kdXmlDescriptors.isEmpty())
        return;
    final Module module = unit.getAttachment(Attachments.MODULE);
    if (module == null)
        throw PojoLogger.ROOT_LOGGER.noModuleFound(unit);
    final ServiceTarget serviceTarget = phaseContext.getServiceTarget();
    final DeploymentReflectionIndex index = unit.getAttachment(Attachments.REFLECTION_INDEX);
    if (index == null)
        throw PojoLogger.ROOT_LOGGER.missingReflectionIndex(unit);
    for (KernelDeploymentXmlDescriptor kdXmlDescriptor : kdXmlDescriptors) {
        final List<BeanMetaDataConfig> beanConfigs = kdXmlDescriptor.getBeans();
        for (final BeanMetaDataConfig beanConfig : beanConfigs) {
            describeBean(module, serviceTarget, index, beanConfig);
        }
    // TODO -- KD::classloader, KD::aliases
    }
}

Example 4 with DeploymentReflectionIndex

use of org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex in project wildfly by wildfly.

the class DataSourceDefinitionInjectionSource method getResourceValue.

public void getResourceValue(final ResolutionContext context, final ServiceBuilder<?> serviceBuilder, final DeploymentPhaseContext phaseContext, final Injector<ManagedReferenceFactory> injector) throws DeploymentUnitProcessingException {
    final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
    final Module module = deploymentUnit.getAttachment(org.jboss.as.server.deployment.Attachments.MODULE);
    final EEModuleDescription eeModuleDescription = deploymentUnit.getAttachment(Attachments.EE_MODULE_DESCRIPTION);
    final String poolName = uniqueName(context, jndiName);
    final ContextNames.BindInfo bindInfo = ContextNames.bindInfoForEnvEntry(context.getApplicationName(), context.getModuleName(), context.getComponentName(), !context.isCompUsesModule(), jndiName);
    final DeploymentReflectionIndex reflectionIndex = deploymentUnit.getAttachment(org.jboss.as.server.deployment.Attachments.REFLECTION_INDEX);
    final CapabilityServiceSupport support = deploymentUnit.getAttachment(org.jboss.as.server.deployment.Attachments.CAPABILITY_SERVICE_SUPPORT);
    try {
        final Class<?> clazz = module.getClassLoader().loadClass(className);
        clearUnknownProperties(reflectionIndex, clazz, properties);
        populateProperties(reflectionIndex, clazz, properties);
        DsSecurityImpl dsSecurity = new DsSecurityImpl(user, password, null, false, null, null);
        if (XADataSource.class.isAssignableFrom(clazz) && transactional) {
            final DsXaPoolImpl xaPool = new DsXaPoolImpl(minPoolSize < 0 ? Defaults.MIN_POOL_SIZE : Integer.valueOf(minPoolSize), initialPoolSize < 0 ? Defaults.INITIAL_POOL_SIZE : Integer.valueOf(initialPoolSize), maxPoolSize < 1 ? Defaults.MAX_POOL_SIZE : Integer.valueOf(maxPoolSize), Defaults.PREFILL, Defaults.USE_STRICT_MIN, Defaults.FLUSH_STRATEGY, Defaults.IS_SAME_RM_OVERRIDE, Defaults.INTERLEAVING, Defaults.PAD_XID, Defaults.WRAP_XA_RESOURCE, Defaults.NO_TX_SEPARATE_POOL, Boolean.FALSE, null, Defaults.FAIR, null);
            final ModifiableXaDataSource dataSource = new ModifiableXaDataSource(transactionIsolation(), null, dsSecurity, null, null, null, null, null, null, poolName, true, jndiName, false, false, Defaults.CONNECTABLE, Defaults.TRACKING, Defaults.MCP, Defaults.ENLISTMENT_TRACE, properties, className, null, null, xaPool, null);
            final XaDataSourceService xds = new XaDataSourceService(bindInfo.getBinderServiceName().getCanonicalName(), bindInfo, module.getClassLoader());
            xds.getDataSourceConfigInjector().inject(dataSource);
            startDataSource(xds, bindInfo, eeModuleDescription, context, phaseContext.getServiceTarget(), serviceBuilder, injector, support);
        } else {
            final DsPoolImpl commonPool = new DsPoolImpl(minPoolSize < 0 ? Defaults.MIN_POOL_SIZE : Integer.valueOf(minPoolSize), initialPoolSize < 0 ? Defaults.INITIAL_POOL_SIZE : Integer.valueOf(initialPoolSize), maxPoolSize < 1 ? Defaults.MAX_POOL_SIZE : Integer.valueOf(maxPoolSize), Defaults.PREFILL, Defaults.USE_STRICT_MIN, Defaults.FLUSH_STRATEGY, Boolean.FALSE, null, Defaults.FAIR, null);
            final ModifiableDataSource dataSource = new ModifiableDataSource(url, null, className, null, transactionIsolation(), properties, null, dsSecurity, null, null, null, null, null, false, poolName, true, jndiName, Defaults.SPY, Defaults.USE_CCM, transactional, Defaults.CONNECTABLE, Defaults.TRACKING, Defaults.MCP, Defaults.ENLISTMENT_TRACE, commonPool);
            final LocalDataSourceService ds = new LocalDataSourceService(bindInfo.getBinderServiceName().getCanonicalName(), bindInfo, module.getClassLoader());
            ds.getDataSourceConfigInjector().inject(dataSource);
            startDataSource(ds, bindInfo, eeModuleDescription, context, phaseContext.getServiceTarget(), serviceBuilder, injector, support);
        }
    } catch (Exception e) {
        throw new DeploymentUnitProcessingException(e);
    }
}

Example 5 with DeploymentReflectionIndex

use of org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex in project wildfly by wildfly.

the class EEModuleConfigurationProcessor method deploy.

public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
    final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
    final EEModuleDescription moduleDescription = deploymentUnit.getAttachment(Attachments.EE_MODULE_DESCRIPTION);
    final Module module = deploymentUnit.getAttachment(org.jboss.as.server.deployment.Attachments.MODULE);
    final DeploymentReflectionIndex reflectionIndex = deploymentUnit.getAttachment(org.jboss.as.server.deployment.Attachments.REFLECTION_INDEX);
    if (module == null || moduleDescription == null) {
        return;
    }
    final Set<ServiceName> failed = new HashSet<ServiceName>();
    final EEModuleConfiguration moduleConfiguration = new EEModuleConfiguration(moduleDescription);
    deploymentUnit.putAttachment(Attachments.EE_MODULE_CONFIGURATION, moduleConfiguration);
    final ClassLoader oldCl = WildFlySecurityManager.getCurrentContextClassLoaderPrivileged();
    try {
        WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(module.getClassLoader());
        final Iterator<ComponentDescription> iterator = moduleDescription.getComponentDescriptions().iterator();
        while (iterator.hasNext()) {
            final ComponentDescription componentDescription = iterator.next();
            ROOT_LOGGER.debugf("Configuring component class: %s named %s", componentDescription.getComponentClassName(), componentDescription.getComponentName());
            final ComponentConfiguration componentConfiguration;
            try {
                componentConfiguration = componentDescription.createConfiguration(reflectionIndex.getClassIndex(ClassLoadingUtils.loadClass(componentDescription.getComponentClassName(), module)), module.getClassLoader(), module.getModuleLoader());
                for (final ComponentConfigurator componentConfigurator : componentDescription.getConfigurators()) {
                    componentConfigurator.configure(phaseContext, componentDescription, componentConfiguration);
                }
                moduleConfiguration.addComponentConfiguration(componentConfiguration);
            } catch (Throwable e) {
                if (componentDescription.isOptional()) {
                    // https://issues.jboss.org/browse/WFLY-924 Just log a WARN summary of which component failed and then log the cause at DEBUG level
                    ROOT_LOGGER.componentInstallationFailure(componentDescription.getComponentName());
                    ROOT_LOGGER.debugf(e, "Not installing optional component %s due to an exception", componentDescription.getComponentName());
                    // keep track of failed optional components
                    failed.add(componentDescription.getStartServiceName());
                    failed.add(componentDescription.getCreateServiceName());
                    failed.add(componentDescription.getServiceName());
                    iterator.remove();
                } else {
                    throw EeLogger.ROOT_LOGGER.cannotConfigureComponent(e, componentDescription.getComponentName());
                }
            }
        }
        deploymentUnit.putAttachment(Attachments.FAILED_COMPONENTS, Collections.synchronizedSet(failed));
    } finally {
        WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(oldCl);
    }
}