use of org.jboss.metadata.javaee.spec.SecurityRoleMetaData in project wildfly by wildfly.
the class EjbJaccConfigurator method configure.
@Override
public void configure(final DeploymentPhaseContext context, final ComponentDescription description, final ComponentConfiguration configuration) throws DeploymentUnitProcessingException {
final DeploymentUnit deploymentUnit = context.getDeploymentUnit();
final DeploymentReflectionIndex reflectionIndex = deploymentUnit.getAttachment(Attachments.REFLECTION_INDEX);
final EJBComponentDescription ejbComponentDescription = EJBComponentDescription.class.cast(description);
final EjbJaccConfig ejbJaccConfig = new EjbJaccConfig();
context.getDeploymentUnit().addToAttachmentList(EjbDeploymentAttachmentKeys.JACC_PERMISSIONS, ejbJaccConfig);
// process the method permissions.
for (final ViewConfiguration viewConfiguration : configuration.getViews()) {
final List<Method> viewMethods = viewConfiguration.getProxyFactory().getCachedMethods();
for (final Method viewMethod : viewMethods) {
if (!Modifier.isPublic(viewMethod.getModifiers()) || viewMethod.getDeclaringClass() == WriteReplaceInterface.class) {
continue;
}
final EJBViewConfiguration ejbViewConfiguration = EJBViewConfiguration.class.cast(viewConfiguration);
// try to create permissions using the descriptor metadata first.
ApplicableMethodInformation<EJBMethodSecurityAttribute> permissions = ejbComponentDescription.getDescriptorMethodPermissions();
boolean createdPerms = this.createPermissions(ejbJaccConfig, ejbComponentDescription, ejbViewConfiguration, viewMethod, reflectionIndex, permissions);
// no permissions created using the descriptor metadata - try to use annotation metadata.
if (!createdPerms) {
permissions = ejbComponentDescription.getAnnotationMethodPermissions();
createPermissions(ejbJaccConfig, ejbComponentDescription, ejbViewConfiguration, viewMethod, reflectionIndex, permissions);
}
}
}
Set<String> securityRoles = new HashSet<String>();
// get all roles from the deployments descriptor (assembly descriptor roles)
SecurityRolesMetaData secRolesMetaData = ejbComponentDescription.getSecurityRoles();
if (secRolesMetaData != null) {
for (SecurityRoleMetaData secRoleMetaData : secRolesMetaData) {
securityRoles.add(secRoleMetaData.getRoleName());
}
}
// at this point any roles specified via RolesAllowed annotation have been mapped to EJBMethodPermissions, so
// going through the permissions allows us to retrieve these roles.
// TODO there might be a better way to retrieve just annotated roles without going through all processed permissions
List<Map.Entry<String, Permission>> processedRoles = ejbJaccConfig.getRoles();
for (Map.Entry<String, Permission> entry : processedRoles) {
securityRoles.add(entry.getKey());
}
securityRoles.add(ANY_AUTHENTICATED_USER_ROLE);
// process the security-role-ref from the deployment descriptor.
Map<String, Collection<String>> securityRoleRefs = ejbComponentDescription.getSecurityRoleLinks();
for (Map.Entry<String, Collection<String>> entry : securityRoleRefs.entrySet()) {
String roleName = entry.getKey();
for (String roleLink : entry.getValue()) {
EJBRoleRefPermission p = new EJBRoleRefPermission(ejbComponentDescription.getEJBName(), roleName);
ejbJaccConfig.addRole(roleLink, p);
}
securityRoles.remove(roleName);
}
// process remaining annotated declared roles that were not overridden in the descriptor.
Set<String> declaredRoles = ejbComponentDescription.getDeclaredRoles();
for (String role : declaredRoles) {
if (!securityRoleRefs.containsKey(role)) {
EJBRoleRefPermission p = new EJBRoleRefPermission(ejbComponentDescription.getEJBName(), role);
ejbJaccConfig.addRole(role, p);
}
securityRoles.remove(role);
}
// an EJBRoleRefPermission must be created for each declared role that does not appear in the security-role-ref.
for (String role : securityRoles) {
EJBRoleRefPermission p = new EJBRoleRefPermission(ejbComponentDescription.getEJBName(), role);
ejbJaccConfig.addRole(role, p);
}
// proxy by sending an invocation to the ejb container.
if (ejbComponentDescription instanceof SessionBeanComponentDescription) {
SessionBeanComponentDescription session = SessionBeanComponentDescription.class.cast(ejbComponentDescription);
if (session.isStateful()) {
EJBMethodPermission p = new EJBMethodPermission(ejbComponentDescription.getEJBName(), "getEJBObject", "Home", null);
ejbJaccConfig.addPermit(p);
}
}
}
Aggregations