Example 6 with SecurityRoleMetaData
use of org.jboss.metadata.javaee.spec.SecurityRoleMetaData in project wildfly by wildfly.
the class EjbJaccConfigurator method configure.
@Override
public void configure(final DeploymentPhaseContext context, final ComponentDescription description, final ComponentConfiguration configuration) throws DeploymentUnitProcessingException {
final DeploymentUnit deploymentUnit = context.getDeploymentUnit();
final DeploymentReflectionIndex reflectionIndex = deploymentUnit.getAttachment(Attachments.REFLECTION_INDEX);
final EJBComponentDescription ejbComponentDescription = EJBComponentDescription.class.cast(description);
final EjbJaccConfig ejbJaccConfig = new EjbJaccConfig();
context.getDeploymentUnit().addToAttachmentList(EjbDeploymentAttachmentKeys.JACC_PERMISSIONS, ejbJaccConfig);
// process the method permissions.
for (final ViewConfiguration viewConfiguration : configuration.getViews()) {
final List<Method> viewMethods = viewConfiguration.getProxyFactory().getCachedMethods();
for (final Method viewMethod : viewMethods) {
if (!Modifier.isPublic(viewMethod.getModifiers()) || viewMethod.getDeclaringClass() == WriteReplaceInterface.class) {
continue;
}
final EJBViewConfiguration ejbViewConfiguration = EJBViewConfiguration.class.cast(viewConfiguration);
// try to create permissions using the descriptor metadata first.
ApplicableMethodInformation<EJBMethodSecurityAttribute> permissions = ejbComponentDescription.getDescriptorMethodPermissions();
boolean createdPerms = this.createPermissions(ejbJaccConfig, ejbComponentDescription, ejbViewConfiguration, viewMethod, reflectionIndex, permissions);
// no permissions created using the descriptor metadata - try to use annotation metadata.
if (!createdPerms) {
permissions = ejbComponentDescription.getAnnotationMethodPermissions();
createPermissions(ejbJaccConfig, ejbComponentDescription, ejbViewConfiguration, viewMethod, reflectionIndex, permissions);
}
}
}
Set<String> securityRoles = new HashSet<String>();
// get all roles from the deployments descriptor (assembly descriptor roles)
SecurityRolesMetaData secRolesMetaData = ejbComponentDescription.getSecurityRoles();
if (secRolesMetaData != null) {
for (SecurityRoleMetaData secRoleMetaData : secRolesMetaData) {
securityRoles.add(secRoleMetaData.getRoleName());
}
}
// at this point any roles specified via RolesAllowed annotation have been mapped to EJBMethodPermissions, so
// going through the permissions allows us to retrieve these roles.
// TODO there might be a better way to retrieve just annotated roles without going through all processed permissions
List<Map.Entry<String, Permission>> processedRoles = ejbJaccConfig.getRoles();
for (Map.Entry<String, Permission> entry : processedRoles) {
securityRoles.add(entry.getKey());
}
securityRoles.add(ANY_AUTHENTICATED_USER_ROLE);
// process the security-role-ref from the deployment descriptor.
Map<String, Collection<String>> securityRoleRefs = ejbComponentDescription.getSecurityRoleLinks();
for (Map.Entry<String, Collection<String>> entry : securityRoleRefs.entrySet()) {
String roleName = entry.getKey();
for (String roleLink : entry.getValue()) {
EJBRoleRefPermission p = new EJBRoleRefPermission(ejbComponentDescription.getEJBName(), roleName);
ejbJaccConfig.addRole(roleLink, p);
}
securityRoles.remove(roleName);
}
// process remaining annotated declared roles that were not overridden in the descriptor.
Set<String> declaredRoles = ejbComponentDescription.getDeclaredRoles();
for (String role : declaredRoles) {
if (!securityRoleRefs.containsKey(role)) {
EJBRoleRefPermission p = new EJBRoleRefPermission(ejbComponentDescription.getEJBName(), role);
ejbJaccConfig.addRole(role, p);
}
securityRoles.remove(role);
}
// an EJBRoleRefPermission must be created for each declared role that does not appear in the security-role-ref.
for (String role : securityRoles) {
EJBRoleRefPermission p = new EJBRoleRefPermission(ejbComponentDescription.getEJBName(), role);
ejbJaccConfig.addRole(role, p);
}
// proxy by sending an invocation to the ejb container.
if (ejbComponentDescription instanceof SessionBeanComponentDescription) {
SessionBeanComponentDescription session = SessionBeanComponentDescription.class.cast(ejbComponentDescription);
if (session.isStateful()) {
EJBMethodPermission p = new EJBMethodPermission(ejbComponentDescription.getEJBName(), "getEJBObject", "Home", null);
ejbJaccConfig.addPermit(p);
}
}
}
Also used :
SecurityRoleMetaData(org.jboss.metadata.javaee.spec.SecurityRoleMetaData)
EJBViewConfiguration(org.jboss.as.ejb3.component.EJBViewConfiguration)
SecurityRolesMetaData(org.jboss.metadata.javaee.spec.SecurityRolesMetaData)
WriteReplaceInterface(org.jboss.as.ee.component.serialization.WriteReplaceInterface)
EJBMethodPermission(javax.security.jacc.EJBMethodPermission)
EJBComponentDescription(org.jboss.as.ejb3.component.EJBComponentDescription)
ViewConfiguration(org.jboss.as.ee.component.ViewConfiguration)
EJBViewConfiguration(org.jboss.as.ejb3.component.EJBViewConfiguration)
EJBMethodPermission(javax.security.jacc.EJBMethodPermission)
EJBRoleRefPermission(javax.security.jacc.EJBRoleRefPermission)
Permission(java.security.Permission)
HashSet(java.util.HashSet)
Method(java.lang.reflect.Method)
EJBRoleRefPermission(javax.security.jacc.EJBRoleRefPermission)
Collection(java.util.Collection)
DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit)
DeploymentReflectionIndex(org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex)
Map(java.util.Map)
SessionBeanComponentDescription(org.jboss.as.ejb3.component.session.SessionBeanComponentDescription)
Aggregations
SecurityRoleMetaData (org.jboss.metadata.javaee.spec.SecurityRoleMetaData)6
SecurityRolesMetaData (org.jboss.metadata.javaee.spec.SecurityRolesMetaData)5
HashSet (java.util.HashSet)2
DeploymentUnit (org.jboss.as.server.deployment.DeploymentUnit)2
AnnotationInstance (org.jboss.jandex.AnnotationInstance)2
EjbJarMetaData (org.jboss.metadata.ejb.spec.EjbJarMetaData)2
Method (java.lang.reflect.Method)1
Permission (java.security.Permission)1
ArrayList (java.util.ArrayList)1
Collection (java.util.Collection)1
Map (java.util.Map)1
EJBMethodPermission (javax.security.jacc.EJBMethodPermission)1
EJBRoleRefPermission (javax.security.jacc.EJBRoleRefPermission)1
Descriptions (org.jboss.annotation.javaee.Descriptions)1
ViewConfiguration (org.jboss.as.ee.component.ViewConfiguration)1
WriteReplaceInterface (org.jboss.as.ee.component.serialization.WriteReplaceInterface)1
EJBComponentDescription (org.jboss.as.ejb3.component.EJBComponentDescription)1
EJBViewConfiguration (org.jboss.as.ejb3.component.EJBViewConfiguration)1
SessionBeanComponentDescription (org.jboss.as.ejb3.component.session.SessionBeanComponentDescription)1
DeploymentUnitProcessingException (org.jboss.as.server.deployment.DeploymentUnitProcessingException)1
