use of org.jboss.invocation.ImmediateInterceptorFactory in project wildfly by wildfly.
the class WeldComponentIntegrationProcessor method addWeldIntegration.
/**
* As the weld based instantiator needs access to the bean manager it is installed as a service.
*/
private void addWeldIntegration(final Iterable<ComponentIntegrator> componentIntegrators, final ComponentInterceptorSupport componentInterceptorSupport, final ServiceTarget target, final ComponentConfiguration configuration, final ComponentDescription description, final Class<?> componentClass, final String beanName, final ServiceName weldServiceName, final ServiceName weldStartService, final ServiceName beanManagerService, final Set<Class<?>> interceptorClasses, final ClassLoader classLoader, final String beanDeploymentArchiveId) {
final ServiceName serviceName = configuration.getComponentDescription().getServiceName().append("WeldInstantiator");
final WeldComponentService weldComponentService = new WeldComponentService(componentClass, beanName, interceptorClasses, classLoader, beanDeploymentArchiveId, description.isCDIInterceptorEnabled(), description, isComponentWithView(description, componentIntegrators));
final ServiceBuilder<WeldComponentService> builder = target.addService(serviceName, weldComponentService).addDependency(weldServiceName, WeldBootstrapService.class, weldComponentService.getWeldContainer()).addDependency(weldStartService);
configuration.setInstanceFactory(WeldManagedReferenceFactory.INSTANCE);
configuration.getStartDependencies().add(new DependencyConfigurator<ComponentStartService>() {
@Override
public void configureDependency(final ServiceBuilder<?> serviceBuilder, ComponentStartService service) throws DeploymentUnitProcessingException {
serviceBuilder.addDependency(serviceName);
}
});
boolean isComponentIntegrationPerformed = false;
for (ComponentIntegrator componentIntegrator : componentIntegrators) {
Supplier<ServiceName> bindingServiceNameSupplier = () -> {
if (componentInterceptorSupport == null) {
WeldLogger.DEPLOYMENT_LOGGER.componentInterceptorSupportNotAvailable(componentClass);
}
return addWeldInterceptorBindingService(target, configuration, componentClass, beanName, weldServiceName, weldStartService, beanDeploymentArchiveId, componentInterceptorSupport);
};
DefaultInterceptorIntegrationAction integrationAction = (bindingServiceName) -> {
if (componentInterceptorSupport == null) {
WeldLogger.DEPLOYMENT_LOGGER.componentInterceptorSupportNotAvailable(componentClass);
}
addJsr299BindingsCreateInterceptor(configuration, description, beanName, weldServiceName, builder, bindingServiceName, componentInterceptorSupport);
addCommonLifecycleInterceptionSupport(configuration, builder, bindingServiceName, beanManagerService, componentInterceptorSupport);
configuration.addComponentInterceptor(new UserInterceptorFactory(factory(InterceptionType.AROUND_INVOKE, builder, bindingServiceName, componentInterceptorSupport), factory(InterceptionType.AROUND_TIMEOUT, builder, bindingServiceName, componentInterceptorSupport)), InterceptorOrder.Component.CDI_INTERCEPTORS, false);
};
if (componentIntegrator.integrate(beanManagerService, configuration, description, builder, bindingServiceNameSupplier, integrationAction, componentInterceptorSupport)) {
isComponentIntegrationPerformed = true;
break;
}
}
if (!isComponentIntegrationPerformed) {
//otherwise they will be called twice
description.setIgnoreLifecycleInterceptors(true);
// for components with no view register interceptors that delegate to InjectionTarget lifecycle methods to trigger lifecycle interception
configuration.addPostConstructInterceptor(new ImmediateInterceptorFactory(new AbstractInjectionTargetDelegatingInterceptor() {
@Override
protected void run(Object instance) {
weldComponentService.getInjectionTarget().postConstruct(instance);
}
}), InterceptorOrder.ComponentPostConstruct.CDI_INTERCEPTORS);
configuration.addPreDestroyInterceptor(new ImmediateInterceptorFactory(new AbstractInjectionTargetDelegatingInterceptor() {
@Override
protected void run(Object instance) {
weldComponentService.getInjectionTarget().preDestroy(instance);
}
}), InterceptorOrder.ComponentPreDestroy.CDI_INTERCEPTORS);
}
builder.install();
configuration.addPostConstructInterceptor(new ImmediateInterceptorFactory(new WeldInjectionContextInterceptor(weldComponentService)), InterceptorOrder.ComponentPostConstruct.WELD_INJECTION_CONTEXT_INTERCEPTOR);
configuration.addPostConstructInterceptor(new ImmediateInterceptorFactory(new WeldInterceptorInjectionInterceptor(interceptorClasses)), InterceptorOrder.ComponentPostConstruct.INTERCEPTOR_WELD_INJECTION);
configuration.addPostConstructInterceptor(WeldInjectionInterceptor.FACTORY, InterceptorOrder.ComponentPostConstruct.COMPONENT_WELD_INJECTION);
}
use of org.jboss.invocation.ImmediateInterceptorFactory in project wildfly by wildfly.
the class WeldComponentIntegrationProcessor method addJsr299BindingsCreateInterceptor.
private static void addJsr299BindingsCreateInterceptor(final ComponentConfiguration configuration, final ComponentDescription description, final String beanName, final ServiceName weldServiceName, ServiceBuilder<WeldComponentService> builder, final ServiceName bindingServiceName, final ComponentInterceptorSupport componentInterceptorSupport) {
//add the create interceptor that creates the CDI interceptors
final Jsr299BindingsCreateInterceptor createInterceptor = new Jsr299BindingsCreateInterceptor(description.getBeanDeploymentArchiveId(), beanName, componentInterceptorSupport);
configuration.addPostConstructInterceptor(new ImmediateInterceptorFactory(createInterceptor), InterceptorOrder.ComponentPostConstruct.CREATE_CDI_INTERCEPTORS);
builder.addDependency(weldServiceName, WeldBootstrapService.class, createInterceptor.getWeldContainer());
builder.addDependency(bindingServiceName, InterceptorBindings.class, createInterceptor.getInterceptorBindings());
}
use of org.jboss.invocation.ImmediateInterceptorFactory in project wildfly by wildfly.
the class EJBSecurityViewConfigurator method configure.
@Override
public void configure(DeploymentPhaseContext context, ComponentConfiguration componentConfiguration, ViewDescription viewDescription, ViewConfiguration viewConfiguration) throws DeploymentUnitProcessingException {
if (componentConfiguration.getComponentDescription() instanceof EJBComponentDescription == false) {
throw EjbLogger.ROOT_LOGGER.invalidEjbComponent(componentConfiguration.getComponentName(), componentConfiguration.getComponentClass());
}
final DeploymentUnit deploymentUnit = context.getDeploymentUnit();
final EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentConfiguration.getComponentDescription();
final boolean isSecurityDomainKnown = ejbComponentDescription.isSecurityDomainKnown();
if ((!deploymentUnit.hasAttachment(SecurityAttachments.SECURITY_ENABLED)) && (!isSecurityDomainKnown)) {
// the security subsystem is not present and Elytron is not being used for security, we don't apply any security settings
return;
}
final DeploymentReflectionIndex deploymentReflectionIndex = deploymentUnit.getAttachment(org.jboss.as.server.deployment.Attachments.REFLECTION_INDEX);
// In such cases, we do *not* apply any security interceptors
if (ejbComponentDescription.getSecurityDomain() == null || ejbComponentDescription.getSecurityDomain().isEmpty()) {
if (ROOT_LOGGER.isDebugEnabled()) {
ROOT_LOGGER.debug("Security is *not* enabled on EJB: " + ejbComponentDescription.getEJBName() + ", since no explicit security domain is configured for the bean, nor is there any default security domain configured in the EJB3 subsystem");
}
return;
}
final String viewClassName = viewDescription.getViewClassName();
final EJBViewDescription ejbViewDescription = (EJBViewDescription) viewDescription;
// setup the JACC contextID.
String contextID = deploymentUnit.getName();
if (deploymentUnit.getParent() != null) {
contextID = deploymentUnit.getParent().getName() + "!" + contextID;
}
final EJBViewMethodSecurityAttributesService.Builder viewMethodSecurityAttributesServiceBuilder;
final ServiceName viewMethodSecurityAttributesServiceName;
// for both these views. So here we skip the @WebService view if the bean also has a @LocalBean (no-interface) view and let the EJBViewMethodSecurityAttributesService be built when the no-interface view is processed
if (ejbComponentDescription instanceof SessionBeanComponentDescription && MethodIntf.SERVICE_ENDPOINT == ejbViewDescription.getMethodIntf() && ((SessionBeanComponentDescription) ejbComponentDescription).hasNoInterfaceView()) {
viewMethodSecurityAttributesServiceBuilder = null;
viewMethodSecurityAttributesServiceName = null;
} else {
viewMethodSecurityAttributesServiceBuilder = new EJBViewMethodSecurityAttributesService.Builder();
viewMethodSecurityAttributesServiceName = EJBViewMethodSecurityAttributesService.getServiceName(ejbComponentDescription.getApplicationName(), ejbComponentDescription.getModuleName(), ejbComponentDescription.getEJBName(), viewClassName);
}
// setup the method specific security interceptor(s)
boolean beanHasMethodLevelSecurityMetadata = false;
final List<Method> viewMethods = viewConfiguration.getProxyFactory().getCachedMethods();
final List<Method> methodsWithoutExplicitSecurityConfiguration = new ArrayList<Method>();
for (final Method viewMethod : viewMethods) {
// TODO: proxy factory exposes non-public methods, is this a bug in the no-interface view?
if (!Modifier.isPublic(viewMethod.getModifiers())) {
continue;
}
if (viewMethod.getDeclaringClass() == WriteReplaceInterface.class) {
continue;
}
// setup the authorization interceptor
final ApplicableMethodInformation<EJBMethodSecurityAttribute> permissions = ejbComponentDescription.getDescriptorMethodPermissions();
boolean methodHasSecurityMetadata = handlePermissions(contextID, componentConfiguration, viewConfiguration, deploymentReflectionIndex, viewClassName, ejbViewDescription, viewMethod, permissions, false, viewMethodSecurityAttributesServiceBuilder, ejbComponentDescription);
if (!methodHasSecurityMetadata) {
//if it was not handled by the descriptor processor we look for annotation basic info
methodHasSecurityMetadata = handlePermissions(contextID, componentConfiguration, viewConfiguration, deploymentReflectionIndex, viewClassName, ejbViewDescription, viewMethod, ejbComponentDescription.getAnnotationMethodPermissions(), true, viewMethodSecurityAttributesServiceBuilder, ejbComponentDescription);
}
// if any method has security metadata then the bean has method level security metadata
if (methodHasSecurityMetadata) {
beanHasMethodLevelSecurityMetadata = true;
} else {
// make a note that this method didn't have any explicit method permissions configured
methodsWithoutExplicitSecurityConfiguration.add(viewMethod);
}
}
final boolean securityRequired = beanHasMethodLevelSecurityMetadata || ejbComponentDescription.hasBeanLevelSecurityMetadata();
// setup the security context interceptor
if (isSecurityDomainKnown) {
final HashMap<Integer, InterceptorFactory> elytronInterceptorFactories = ejbComponentDescription.getElytronInterceptorFactories(contextID, ejbComponentDescription.isEnableJacc());
elytronInterceptorFactories.forEach((priority, elytronInterceptorFactory) -> viewConfiguration.addViewInterceptor(elytronInterceptorFactory, priority));
} else {
viewConfiguration.addViewInterceptor(new SecurityContextInterceptorFactory(securityRequired, true, contextID), InterceptorOrder.View.SECURITY_CONTEXT);
}
// now add the authorization interceptor if the bean has *any* security metadata applicable
if (securityRequired) {
// check the missing-method-permissions-deny-access configuration and add the authorization interceptor
// to methods which don't have explicit method permissions.
// (@see http://anil-identity.blogspot.in/2010/02/tip-interpretation-of-missing-ejb.html for details)
final Boolean denyAccessToMethodsMissingPermissions = ((EJBComponentDescription) componentConfiguration.getComponentDescription()).isMissingMethodPermissionsDeniedAccess();
// default to "deny access"
if (denyAccessToMethodsMissingPermissions != Boolean.FALSE) {
for (final Method viewMethod : methodsWithoutExplicitSecurityConfiguration) {
if (viewMethodSecurityAttributesServiceBuilder != null) {
// build the EJBViewMethodSecurityAttributesService to expose these security attributes to other components like WS (@see https://issues.jboss.org/browse/WFLY-308)
viewMethodSecurityAttributesServiceBuilder.addMethodSecurityMetadata(viewMethod, EJBMethodSecurityAttribute.denyAll());
}
// "deny access" implies we need the authorization interceptor to be added so that it can nuke the invocation
if (isSecurityDomainKnown) {
viewConfiguration.addViewInterceptor(viewMethod, new ImmediateInterceptorFactory(RolesAllowedInterceptor.DENY_ALL), InterceptorOrder.View.EJB_SECURITY_AUTHORIZATION_INTERCEPTOR);
} else {
final Interceptor authorizationInterceptor = new AuthorizationInterceptor(EJBMethodSecurityAttribute.denyAll(), viewClassName, viewMethod, contextID);
viewConfiguration.addViewInterceptor(viewMethod, new ImmediateInterceptorFactory(authorizationInterceptor), InterceptorOrder.View.EJB_SECURITY_AUTHORIZATION_INTERCEPTOR);
}
}
}
}
if (viewMethodSecurityAttributesServiceBuilder != null) {
final EJBViewMethodSecurityAttributesService viewMethodSecurityAttributesService = viewMethodSecurityAttributesServiceBuilder.build();
context.getServiceTarget().addService(viewMethodSecurityAttributesServiceName, viewMethodSecurityAttributesService).install();
}
}
use of org.jboss.invocation.ImmediateInterceptorFactory in project wildfly by wildfly.
the class EJBSecurityViewConfigurator method handlePermissions.
private boolean handlePermissions(String contextID, ComponentConfiguration componentConfiguration, ViewConfiguration viewConfiguration, DeploymentReflectionIndex deploymentReflectionIndex, String viewClassName, EJBViewDescription ejbViewDescription, Method viewMethod, ApplicableMethodInformation<EJBMethodSecurityAttribute> permissions, boolean annotations, final EJBViewMethodSecurityAttributesService.Builder viewMethodSecurityAttributesServiceBuilder, EJBComponentDescription componentDescription) {
EJBMethodSecurityAttribute ejbMethodSecurityMetaData = permissions.getViewAttribute(ejbViewDescription.getMethodIntf(), viewMethod);
final List<EJBMethodSecurityAttribute> allAttributes = new ArrayList<EJBMethodSecurityAttribute>();
allAttributes.addAll(permissions.getAllAttributes(ejbViewDescription.getMethodIntf(), viewMethod));
if (ejbMethodSecurityMetaData == null) {
ejbMethodSecurityMetaData = permissions.getViewAttribute(MethodIntf.BEAN, viewMethod);
}
allAttributes.addAll(permissions.getAllAttributes(MethodIntf.BEAN, viewMethod));
final Method classMethod = ClassReflectionIndexUtil.findMethod(deploymentReflectionIndex, componentConfiguration.getComponentClass(), viewMethod);
if (ejbMethodSecurityMetaData == null) {
//if this is null we try with the corresponding bean method
if (classMethod != null) {
ejbMethodSecurityMetaData = permissions.getAttribute(ejbViewDescription.getMethodIntf(), classMethod);
if (ejbMethodSecurityMetaData == null) {
ejbMethodSecurityMetaData = permissions.getAttribute(MethodIntf.BEAN, classMethod);
}
}
}
if (classMethod != null) {
allAttributes.addAll(permissions.getAllAttributes(ejbViewDescription.getMethodIntf(), classMethod));
allAttributes.addAll(permissions.getAllAttributes(MethodIntf.BEAN, classMethod));
}
//we do not add the security interceptor if there is no security information
if (ejbMethodSecurityMetaData != null) {
if (!annotations && !ejbMethodSecurityMetaData.isDenyAll() && !ejbMethodSecurityMetaData.isPermitAll()) {
//roles are additive when defined in the deployment descriptor
final Set<String> rolesAllowed = new HashSet<String>();
for (EJBMethodSecurityAttribute attr : allAttributes) {
rolesAllowed.addAll(attr.getRolesAllowed());
}
ejbMethodSecurityMetaData = EJBMethodSecurityAttribute.rolesAllowed(rolesAllowed);
}
// build the EJBViewMethodSecurityAttributesService to expose these security attributes to other components like WS (@see https://issues.jboss.org/browse/WFLY-308)
if (viewMethodSecurityAttributesServiceBuilder != null) {
viewMethodSecurityAttributesServiceBuilder.addMethodSecurityMetadata(viewMethod, ejbMethodSecurityMetaData);
}
if (ejbMethodSecurityMetaData.isPermitAll()) {
// no need to add authorizing interceptor
return true;
}
// add the interceptor
final Interceptor authorizationInterceptor;
if (componentDescription.isSecurityDomainKnown()) {
if (ejbMethodSecurityMetaData.isDenyAll()) {
authorizationInterceptor = RolesAllowedInterceptor.DENY_ALL;
} else {
if (componentDescription.isEnableJacc()) {
authorizationInterceptor = new JaccInterceptor(viewClassName, viewMethod);
} else {
authorizationInterceptor = new RolesAllowedInterceptor(ejbMethodSecurityMetaData.getRolesAllowed());
}
}
} else {
authorizationInterceptor = new AuthorizationInterceptor(ejbMethodSecurityMetaData, viewClassName, viewMethod, contextID);
}
viewConfiguration.addViewInterceptor(viewMethod, new ImmediateInterceptorFactory(authorizationInterceptor), InterceptorOrder.View.EJB_SECURITY_AUTHORIZATION_INTERCEPTOR);
return true;
}
return false;
}
use of org.jboss.invocation.ImmediateInterceptorFactory in project wildfly by wildfly.
the class ManagedBeanAnnotationProcessor method deploy.
/**
* Check the deployment annotation index for all classes with the @ManagedBean annotation. For each class with the
* annotation, collect all the required information to create a managed bean instance, and attach it to the context.
*
* @param phaseContext the deployment unit context
* @throws DeploymentUnitProcessingException
*
*/
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
final EEResourceReferenceProcessorRegistry registry = deploymentUnit.getAttachment(org.jboss.as.ee.component.Attachments.RESOURCE_REFERENCE_PROCESSOR_REGISTRY);
final EEModuleDescription moduleDescription = deploymentUnit.getAttachment(org.jboss.as.ee.component.Attachments.EE_MODULE_DESCRIPTION);
final CompositeIndex compositeIndex = deploymentUnit.getAttachment(Attachments.COMPOSITE_ANNOTATION_INDEX);
final PropertyReplacer replacer = EJBAnnotationPropertyReplacement.propertyReplacer(deploymentUnit);
if (compositeIndex == null) {
return;
}
final List<AnnotationInstance> instances = compositeIndex.getAnnotations(MANAGED_BEAN_ANNOTATION_NAME);
if (instances == null || instances.isEmpty()) {
return;
}
for (AnnotationInstance instance : instances) {
AnnotationTarget target = instance.target();
if (!(target instanceof ClassInfo)) {
throw EeLogger.ROOT_LOGGER.classOnlyAnnotation("@ManagedBean", target);
}
final ClassInfo classInfo = (ClassInfo) target;
// skip if it's not a valid managed bean class
if (!assertManagedBeanClassValidity(classInfo)) {
continue;
}
final String beanClassName = classInfo.name().toString();
// Get the managed bean name from the annotation
final AnnotationValue nameValue = instance.value();
final String beanName = (nameValue == null || nameValue.asString().isEmpty()) ? beanClassName : replacer.replaceProperties(nameValue.asString());
final ManagedBeanComponentDescription componentDescription = new ManagedBeanComponentDescription(beanName, beanClassName, moduleDescription, deploymentUnit.getServiceName());
// Add the view
ViewDescription viewDescription = new ViewDescription(componentDescription, beanClassName);
viewDescription.getConfigurators().addFirst(new ViewConfigurator() {
public void configure(final DeploymentPhaseContext context, final ComponentConfiguration componentConfiguration, final ViewDescription description, final ViewConfiguration configuration) throws DeploymentUnitProcessingException {
// Add MB association interceptors
configuration.addClientPostConstructInterceptor(ManagedBeanCreateInterceptor.FACTORY, InterceptorOrder.ClientPostConstruct.INSTANCE_CREATE);
final ClassLoader classLoader = componentConfiguration.getModuleClassLoader();
configuration.addViewInterceptor(AccessCheckingInterceptor.getFactory(), InterceptorOrder.View.CHECKING_INTERCEPTOR);
configuration.addViewInterceptor(new ImmediateInterceptorFactory(new ContextClassLoaderInterceptor(classLoader)), InterceptorOrder.View.TCCL_INTERCEPTOR);
}
});
viewDescription.getBindingNames().addAll(Arrays.asList("java:module/" + beanName, "java:app/" + moduleDescription.getModuleName() + "/" + beanName));
componentDescription.getViews().add(viewDescription);
moduleDescription.addComponent(componentDescription);
// register an EEResourceReferenceProcessor which can process @Resource references to this managed bean.
registry.registerResourceReferenceProcessor(new ManagedBeanResourceReferenceProcessor(beanClassName));
}
}
Aggregations