Examples with ImmediateInterceptorFactory org.jboss.invocation.ImmediateInterceptorFactory used on opensource projects

Example 1 with ImmediateInterceptorFactory

use of org.jboss.invocation.ImmediateInterceptorFactory in project wildfly by wildfly.

the class WeldComponentIntegrationProcessor method addWeldIntegration.

/**
     * As the weld based instantiator needs access to the bean manager it is installed as a service.
     */
private void addWeldIntegration(final Iterable<ComponentIntegrator> componentIntegrators, final ComponentInterceptorSupport componentInterceptorSupport, final ServiceTarget target, final ComponentConfiguration configuration, final ComponentDescription description, final Class<?> componentClass, final String beanName, final ServiceName weldServiceName, final ServiceName weldStartService, final ServiceName beanManagerService, final Set<Class<?>> interceptorClasses, final ClassLoader classLoader, final String beanDeploymentArchiveId) {
    final ServiceName serviceName = configuration.getComponentDescription().getServiceName().append("WeldInstantiator");
    final WeldComponentService weldComponentService = new WeldComponentService(componentClass, beanName, interceptorClasses, classLoader, beanDeploymentArchiveId, description.isCDIInterceptorEnabled(), description, isComponentWithView(description, componentIntegrators));
    final ServiceBuilder<WeldComponentService> builder = target.addService(serviceName, weldComponentService).addDependency(weldServiceName, WeldBootstrapService.class, weldComponentService.getWeldContainer()).addDependency(weldStartService);
    configuration.setInstanceFactory(WeldManagedReferenceFactory.INSTANCE);
    configuration.getStartDependencies().add(new DependencyConfigurator<ComponentStartService>() {

        @Override
        public void configureDependency(final ServiceBuilder<?> serviceBuilder, ComponentStartService service) throws DeploymentUnitProcessingException {
            serviceBuilder.addDependency(serviceName);
        }
    });
    boolean isComponentIntegrationPerformed = false;
    for (ComponentIntegrator componentIntegrator : componentIntegrators) {
        Supplier<ServiceName> bindingServiceNameSupplier = () -> {
            if (componentInterceptorSupport == null) {
                WeldLogger.DEPLOYMENT_LOGGER.componentInterceptorSupportNotAvailable(componentClass);
            }
            return addWeldInterceptorBindingService(target, configuration, componentClass, beanName, weldServiceName, weldStartService, beanDeploymentArchiveId, componentInterceptorSupport);
        };
        DefaultInterceptorIntegrationAction integrationAction = (bindingServiceName) -> {
            if (componentInterceptorSupport == null) {
                WeldLogger.DEPLOYMENT_LOGGER.componentInterceptorSupportNotAvailable(componentClass);
            }
            addJsr299BindingsCreateInterceptor(configuration, description, beanName, weldServiceName, builder, bindingServiceName, componentInterceptorSupport);
            addCommonLifecycleInterceptionSupport(configuration, builder, bindingServiceName, beanManagerService, componentInterceptorSupport);
            configuration.addComponentInterceptor(new UserInterceptorFactory(factory(InterceptionType.AROUND_INVOKE, builder, bindingServiceName, componentInterceptorSupport), factory(InterceptionType.AROUND_TIMEOUT, builder, bindingServiceName, componentInterceptorSupport)), InterceptorOrder.Component.CDI_INTERCEPTORS, false);
        };
        if (componentIntegrator.integrate(beanManagerService, configuration, description, builder, bindingServiceNameSupplier, integrationAction, componentInterceptorSupport)) {
            isComponentIntegrationPerformed = true;
            break;
        }
    }
    if (!isComponentIntegrationPerformed) {
        //otherwise they will be called twice
        description.setIgnoreLifecycleInterceptors(true);
        // for components with no view register interceptors that delegate to InjectionTarget lifecycle methods to trigger lifecycle interception
        configuration.addPostConstructInterceptor(new ImmediateInterceptorFactory(new AbstractInjectionTargetDelegatingInterceptor() {

            @Override
            protected void run(Object instance) {
                weldComponentService.getInjectionTarget().postConstruct(instance);
            }
        }), InterceptorOrder.ComponentPostConstruct.CDI_INTERCEPTORS);
        configuration.addPreDestroyInterceptor(new ImmediateInterceptorFactory(new AbstractInjectionTargetDelegatingInterceptor() {

            @Override
            protected void run(Object instance) {
                weldComponentService.getInjectionTarget().preDestroy(instance);
            }
        }), InterceptorOrder.ComponentPreDestroy.CDI_INTERCEPTORS);
    }
    builder.install();
    configuration.addPostConstructInterceptor(new ImmediateInterceptorFactory(new WeldInjectionContextInterceptor(weldComponentService)), InterceptorOrder.ComponentPostConstruct.WELD_INJECTION_CONTEXT_INTERCEPTOR);
    configuration.addPostConstructInterceptor(new ImmediateInterceptorFactory(new WeldInterceptorInjectionInterceptor(interceptorClasses)), InterceptorOrder.ComponentPostConstruct.INTERCEPTOR_WELD_INJECTION);
    configuration.addPostConstructInterceptor(WeldInjectionInterceptor.FACTORY, InterceptorOrder.ComponentPostConstruct.COMPONENT_WELD_INJECTION);
}

Example 2 with ImmediateInterceptorFactory

use of org.jboss.invocation.ImmediateInterceptorFactory in project wildfly by wildfly.

the class WeldComponentIntegrationProcessor method addJsr299BindingsCreateInterceptor.

private static void addJsr299BindingsCreateInterceptor(final ComponentConfiguration configuration, final ComponentDescription description, final String beanName, final ServiceName weldServiceName, ServiceBuilder<WeldComponentService> builder, final ServiceName bindingServiceName, final ComponentInterceptorSupport componentInterceptorSupport) {
    //add the create interceptor that creates the CDI interceptors
    final Jsr299BindingsCreateInterceptor createInterceptor = new Jsr299BindingsCreateInterceptor(description.getBeanDeploymentArchiveId(), beanName, componentInterceptorSupport);
    configuration.addPostConstructInterceptor(new ImmediateInterceptorFactory(createInterceptor), InterceptorOrder.ComponentPostConstruct.CREATE_CDI_INTERCEPTORS);
    builder.addDependency(weldServiceName, WeldBootstrapService.class, createInterceptor.getWeldContainer());
    builder.addDependency(bindingServiceName, InterceptorBindings.class, createInterceptor.getInterceptorBindings());
}

Example 3 with ImmediateInterceptorFactory

use of org.jboss.invocation.ImmediateInterceptorFactory in project wildfly by wildfly.

the class EJBSecurityViewConfigurator method configure.

@Override
public void configure(DeploymentPhaseContext context, ComponentConfiguration componentConfiguration, ViewDescription viewDescription, ViewConfiguration viewConfiguration) throws DeploymentUnitProcessingException {
    if (componentConfiguration.getComponentDescription() instanceof EJBComponentDescription == false) {
        throw EjbLogger.ROOT_LOGGER.invalidEjbComponent(componentConfiguration.getComponentName(), componentConfiguration.getComponentClass());
    }
    final DeploymentUnit deploymentUnit = context.getDeploymentUnit();
    final EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentConfiguration.getComponentDescription();
    final boolean isSecurityDomainKnown = ejbComponentDescription.isSecurityDomainKnown();
    if ((!deploymentUnit.hasAttachment(SecurityAttachments.SECURITY_ENABLED)) && (!isSecurityDomainKnown)) {
        // the security subsystem is not present and Elytron is not being used for security, we don't apply any security settings
        return;
    }
    final DeploymentReflectionIndex deploymentReflectionIndex = deploymentUnit.getAttachment(org.jboss.as.server.deployment.Attachments.REFLECTION_INDEX);
    // In such cases, we do *not* apply any security interceptors
    if (ejbComponentDescription.getSecurityDomain() == null || ejbComponentDescription.getSecurityDomain().isEmpty()) {
        if (ROOT_LOGGER.isDebugEnabled()) {
            ROOT_LOGGER.debug("Security is *not* enabled on EJB: " + ejbComponentDescription.getEJBName() + ", since no explicit security domain is configured for the bean, nor is there any default security domain configured in the EJB3 subsystem");
        }
        return;
    }
    final String viewClassName = viewDescription.getViewClassName();
    final EJBViewDescription ejbViewDescription = (EJBViewDescription) viewDescription;
    // setup the JACC contextID.
    String contextID = deploymentUnit.getName();
    if (deploymentUnit.getParent() != null) {
        contextID = deploymentUnit.getParent().getName() + "!" + contextID;
    }
    final EJBViewMethodSecurityAttributesService.Builder viewMethodSecurityAttributesServiceBuilder;
    final ServiceName viewMethodSecurityAttributesServiceName;
    // for both these views. So here we skip the @WebService view if the bean also has a @LocalBean (no-interface) view and let the EJBViewMethodSecurityAttributesService be built when the no-interface view is processed
    if (ejbComponentDescription instanceof SessionBeanComponentDescription && MethodIntf.SERVICE_ENDPOINT == ejbViewDescription.getMethodIntf() && ((SessionBeanComponentDescription) ejbComponentDescription).hasNoInterfaceView()) {
        viewMethodSecurityAttributesServiceBuilder = null;
        viewMethodSecurityAttributesServiceName = null;
    } else {
        viewMethodSecurityAttributesServiceBuilder = new EJBViewMethodSecurityAttributesService.Builder();
        viewMethodSecurityAttributesServiceName = EJBViewMethodSecurityAttributesService.getServiceName(ejbComponentDescription.getApplicationName(), ejbComponentDescription.getModuleName(), ejbComponentDescription.getEJBName(), viewClassName);
    }
    // setup the method specific security interceptor(s)
    boolean beanHasMethodLevelSecurityMetadata = false;
    final List<Method> viewMethods = viewConfiguration.getProxyFactory().getCachedMethods();
    final List<Method> methodsWithoutExplicitSecurityConfiguration = new ArrayList<Method>();
    for (final Method viewMethod : viewMethods) {
        // TODO: proxy factory exposes non-public methods, is this a bug in the no-interface view?
        if (!Modifier.isPublic(viewMethod.getModifiers())) {
            continue;
        }
        if (viewMethod.getDeclaringClass() == WriteReplaceInterface.class) {
            continue;
        }
        // setup the authorization interceptor
        final ApplicableMethodInformation<EJBMethodSecurityAttribute> permissions = ejbComponentDescription.getDescriptorMethodPermissions();
        boolean methodHasSecurityMetadata = handlePermissions(contextID, componentConfiguration, viewConfiguration, deploymentReflectionIndex, viewClassName, ejbViewDescription, viewMethod, permissions, false, viewMethodSecurityAttributesServiceBuilder, ejbComponentDescription);
        if (!methodHasSecurityMetadata) {
            //if it was not handled by the descriptor processor we look for annotation basic info
            methodHasSecurityMetadata = handlePermissions(contextID, componentConfiguration, viewConfiguration, deploymentReflectionIndex, viewClassName, ejbViewDescription, viewMethod, ejbComponentDescription.getAnnotationMethodPermissions(), true, viewMethodSecurityAttributesServiceBuilder, ejbComponentDescription);
        }
        // if any method has security metadata then the bean has method level security metadata
        if (methodHasSecurityMetadata) {
            beanHasMethodLevelSecurityMetadata = true;
        } else {
            // make a note that this method didn't have any explicit method permissions configured
            methodsWithoutExplicitSecurityConfiguration.add(viewMethod);
        }
    }
    final boolean securityRequired = beanHasMethodLevelSecurityMetadata || ejbComponentDescription.hasBeanLevelSecurityMetadata();
    // setup the security context interceptor
    if (isSecurityDomainKnown) {
        final HashMap<Integer, InterceptorFactory> elytronInterceptorFactories = ejbComponentDescription.getElytronInterceptorFactories(contextID, ejbComponentDescription.isEnableJacc());
        elytronInterceptorFactories.forEach((priority, elytronInterceptorFactory) -> viewConfiguration.addViewInterceptor(elytronInterceptorFactory, priority));
    } else {
        viewConfiguration.addViewInterceptor(new SecurityContextInterceptorFactory(securityRequired, true, contextID), InterceptorOrder.View.SECURITY_CONTEXT);
    }
    // now add the authorization interceptor if the bean has *any* security metadata applicable
    if (securityRequired) {
        // check the missing-method-permissions-deny-access configuration and add the authorization interceptor
        // to methods which don't have explicit method permissions.
        // (@see http://anil-identity.blogspot.in/2010/02/tip-interpretation-of-missing-ejb.html for details)
        final Boolean denyAccessToMethodsMissingPermissions = ((EJBComponentDescription) componentConfiguration.getComponentDescription()).isMissingMethodPermissionsDeniedAccess();
        // default to "deny access"
        if (denyAccessToMethodsMissingPermissions != Boolean.FALSE) {
            for (final Method viewMethod : methodsWithoutExplicitSecurityConfiguration) {
                if (viewMethodSecurityAttributesServiceBuilder != null) {
                    // build the EJBViewMethodSecurityAttributesService to expose these security attributes to other components like WS (@see https://issues.jboss.org/browse/WFLY-308)
                    viewMethodSecurityAttributesServiceBuilder.addMethodSecurityMetadata(viewMethod, EJBMethodSecurityAttribute.denyAll());
                }
                // "deny access" implies we need the authorization interceptor to be added so that it can nuke the invocation
                if (isSecurityDomainKnown) {
                    viewConfiguration.addViewInterceptor(viewMethod, new ImmediateInterceptorFactory(RolesAllowedInterceptor.DENY_ALL), InterceptorOrder.View.EJB_SECURITY_AUTHORIZATION_INTERCEPTOR);
                } else {
                    final Interceptor authorizationInterceptor = new AuthorizationInterceptor(EJBMethodSecurityAttribute.denyAll(), viewClassName, viewMethod, contextID);
                    viewConfiguration.addViewInterceptor(viewMethod, new ImmediateInterceptorFactory(authorizationInterceptor), InterceptorOrder.View.EJB_SECURITY_AUTHORIZATION_INTERCEPTOR);
                }
            }
        }
    }
    if (viewMethodSecurityAttributesServiceBuilder != null) {
        final EJBViewMethodSecurityAttributesService viewMethodSecurityAttributesService = viewMethodSecurityAttributesServiceBuilder.build();
        context.getServiceTarget().addService(viewMethodSecurityAttributesServiceName, viewMethodSecurityAttributesService).install();
    }
}

Example 4 with ImmediateInterceptorFactory

use of org.jboss.invocation.ImmediateInterceptorFactory in project wildfly by wildfly.

the class EJBSecurityViewConfigurator method handlePermissions.

private boolean handlePermissions(String contextID, ComponentConfiguration componentConfiguration, ViewConfiguration viewConfiguration, DeploymentReflectionIndex deploymentReflectionIndex, String viewClassName, EJBViewDescription ejbViewDescription, Method viewMethod, ApplicableMethodInformation<EJBMethodSecurityAttribute> permissions, boolean annotations, final EJBViewMethodSecurityAttributesService.Builder viewMethodSecurityAttributesServiceBuilder, EJBComponentDescription componentDescription) {
    EJBMethodSecurityAttribute ejbMethodSecurityMetaData = permissions.getViewAttribute(ejbViewDescription.getMethodIntf(), viewMethod);
    final List<EJBMethodSecurityAttribute> allAttributes = new ArrayList<EJBMethodSecurityAttribute>();
    allAttributes.addAll(permissions.getAllAttributes(ejbViewDescription.getMethodIntf(), viewMethod));
    if (ejbMethodSecurityMetaData == null) {
        ejbMethodSecurityMetaData = permissions.getViewAttribute(MethodIntf.BEAN, viewMethod);
    }
    allAttributes.addAll(permissions.getAllAttributes(MethodIntf.BEAN, viewMethod));
    final Method classMethod = ClassReflectionIndexUtil.findMethod(deploymentReflectionIndex, componentConfiguration.getComponentClass(), viewMethod);
    if (ejbMethodSecurityMetaData == null) {
        //if this is null we try with the corresponding bean method
        if (classMethod != null) {
            ejbMethodSecurityMetaData = permissions.getAttribute(ejbViewDescription.getMethodIntf(), classMethod);
            if (ejbMethodSecurityMetaData == null) {
                ejbMethodSecurityMetaData = permissions.getAttribute(MethodIntf.BEAN, classMethod);
            }
        }
    }
    if (classMethod != null) {
        allAttributes.addAll(permissions.getAllAttributes(ejbViewDescription.getMethodIntf(), classMethod));
        allAttributes.addAll(permissions.getAllAttributes(MethodIntf.BEAN, classMethod));
    }
    //we do not add the security interceptor if there is no security information
    if (ejbMethodSecurityMetaData != null) {
        if (!annotations && !ejbMethodSecurityMetaData.isDenyAll() && !ejbMethodSecurityMetaData.isPermitAll()) {
            //roles are additive when defined in the deployment descriptor
            final Set<String> rolesAllowed = new HashSet<String>();
            for (EJBMethodSecurityAttribute attr : allAttributes) {
                rolesAllowed.addAll(attr.getRolesAllowed());
            }
            ejbMethodSecurityMetaData = EJBMethodSecurityAttribute.rolesAllowed(rolesAllowed);
        }
        // build the EJBViewMethodSecurityAttributesService to expose these security attributes to other components like WS (@see https://issues.jboss.org/browse/WFLY-308)
        if (viewMethodSecurityAttributesServiceBuilder != null) {
            viewMethodSecurityAttributesServiceBuilder.addMethodSecurityMetadata(viewMethod, ejbMethodSecurityMetaData);
        }
        if (ejbMethodSecurityMetaData.isPermitAll()) {
            // no need to add authorizing interceptor
            return true;
        }
        // add the interceptor
        final Interceptor authorizationInterceptor;
        if (componentDescription.isSecurityDomainKnown()) {
            if (ejbMethodSecurityMetaData.isDenyAll()) {
                authorizationInterceptor = RolesAllowedInterceptor.DENY_ALL;
            } else {
                if (componentDescription.isEnableJacc()) {
                    authorizationInterceptor = new JaccInterceptor(viewClassName, viewMethod);
                } else {
                    authorizationInterceptor = new RolesAllowedInterceptor(ejbMethodSecurityMetaData.getRolesAllowed());
                }
            }
        } else {
            authorizationInterceptor = new AuthorizationInterceptor(ejbMethodSecurityMetaData, viewClassName, viewMethod, contextID);
        }
        viewConfiguration.addViewInterceptor(viewMethod, new ImmediateInterceptorFactory(authorizationInterceptor), InterceptorOrder.View.EJB_SECURITY_AUTHORIZATION_INTERCEPTOR);
        return true;
    }
    return false;
}

Example 5 with ImmediateInterceptorFactory

use of org.jboss.invocation.ImmediateInterceptorFactory in project wildfly by wildfly.

the class ManagedBeanAnnotationProcessor method deploy.

/**
     * Check the deployment annotation index for all classes with the @ManagedBean annotation.  For each class with the
     * annotation, collect all the required information to create a managed bean instance, and attach it to the context.
     *
     * @param phaseContext the deployment unit context
     * @throws DeploymentUnitProcessingException
     *
     */
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
    final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
    final EEResourceReferenceProcessorRegistry registry = deploymentUnit.getAttachment(org.jboss.as.ee.component.Attachments.RESOURCE_REFERENCE_PROCESSOR_REGISTRY);
    final EEModuleDescription moduleDescription = deploymentUnit.getAttachment(org.jboss.as.ee.component.Attachments.EE_MODULE_DESCRIPTION);
    final CompositeIndex compositeIndex = deploymentUnit.getAttachment(Attachments.COMPOSITE_ANNOTATION_INDEX);
    final PropertyReplacer replacer = EJBAnnotationPropertyReplacement.propertyReplacer(deploymentUnit);
    if (compositeIndex == null) {
        return;
    }
    final List<AnnotationInstance> instances = compositeIndex.getAnnotations(MANAGED_BEAN_ANNOTATION_NAME);
    if (instances == null || instances.isEmpty()) {
        return;
    }
    for (AnnotationInstance instance : instances) {
        AnnotationTarget target = instance.target();
        if (!(target instanceof ClassInfo)) {
            throw EeLogger.ROOT_LOGGER.classOnlyAnnotation("@ManagedBean", target);
        }
        final ClassInfo classInfo = (ClassInfo) target;
        // skip if it's not a valid managed bean class
        if (!assertManagedBeanClassValidity(classInfo)) {
            continue;
        }
        final String beanClassName = classInfo.name().toString();
        // Get the managed bean name from the annotation
        final AnnotationValue nameValue = instance.value();
        final String beanName = (nameValue == null || nameValue.asString().isEmpty()) ? beanClassName : replacer.replaceProperties(nameValue.asString());
        final ManagedBeanComponentDescription componentDescription = new ManagedBeanComponentDescription(beanName, beanClassName, moduleDescription, deploymentUnit.getServiceName());
        // Add the view
        ViewDescription viewDescription = new ViewDescription(componentDescription, beanClassName);
        viewDescription.getConfigurators().addFirst(new ViewConfigurator() {

            public void configure(final DeploymentPhaseContext context, final ComponentConfiguration componentConfiguration, final ViewDescription description, final ViewConfiguration configuration) throws DeploymentUnitProcessingException {
                // Add MB association interceptors
                configuration.addClientPostConstructInterceptor(ManagedBeanCreateInterceptor.FACTORY, InterceptorOrder.ClientPostConstruct.INSTANCE_CREATE);
                final ClassLoader classLoader = componentConfiguration.getModuleClassLoader();
                configuration.addViewInterceptor(AccessCheckingInterceptor.getFactory(), InterceptorOrder.View.CHECKING_INTERCEPTOR);
                configuration.addViewInterceptor(new ImmediateInterceptorFactory(new ContextClassLoaderInterceptor(classLoader)), InterceptorOrder.View.TCCL_INTERCEPTOR);
            }
        });
        viewDescription.getBindingNames().addAll(Arrays.asList("java:module/" + beanName, "java:app/" + moduleDescription.getModuleName() + "/" + beanName));
        componentDescription.getViews().add(viewDescription);
        moduleDescription.addComponent(componentDescription);
        // register an EEResourceReferenceProcessor which can process @Resource references to this managed bean.
        registry.registerResourceReferenceProcessor(new ManagedBeanResourceReferenceProcessor(beanClassName));
    }
}