Examples with SecurityRolesMetaData org.jboss.metadata.javaee.spec.SecurityRolesMetaData used on opensource projects

Search in sources :

Example 6 with SecurityRolesMetaData

use of org.jboss.metadata.javaee.spec.SecurityRolesMetaData in project wildfly by wildfly.

the class WSIntegrationProcessorJAXWS_EJB method getDeclaredSecurityRoles.

private static Set<String> getDeclaredSecurityRoles(final DeploymentUnit unit, final ClassInfo webServiceClassInfo) {
    final Set<String> securityRoles = new HashSet<String>();
    // process assembly-descriptor DD section
    final EjbJarMetaData ejbJarMD = unit.getAttachment(EjbDeploymentAttachmentKeys.EJB_JAR_METADATA);
    if (ejbJarMD != null && ejbJarMD.getAssemblyDescriptor() != null) {
        final List<SecurityRoleMetaData> securityRoleMetaDatas = ejbJarMD.getAssemblyDescriptor().getAny(SecurityRoleMetaData.class);
        if (securityRoleMetaDatas != null) {
            for (final SecurityRoleMetaData securityRoleMetaData : securityRoleMetaDatas) {
                securityRoles.add(securityRoleMetaData.getRoleName());
            }
        }
        final SecurityRolesMetaData securityRolesMD = ejbJarMD.getAssemblyDescriptor().getSecurityRoles();
        if (securityRolesMD != null && securityRolesMD.size() > 0) {
            for (final SecurityRoleMetaData securityRoleMD : securityRolesMD) {
                securityRoles.add(securityRoleMD.getRoleName());
            }
        }
    }
    // process @RolesAllowed annotation
    if (webServiceClassInfo.annotations().containsKey(ROLES_ALLOWED_ANNOTATION)) {
        final List<AnnotationInstance> allowedRoles = webServiceClassInfo.annotations().get(ROLES_ALLOWED_ANNOTATION);
        for (final AnnotationInstance allowedRole : allowedRoles) {
            if (allowedRole.target().equals(webServiceClassInfo)) {
                for (final String roleName : allowedRole.value().asStringArray()) {
                    securityRoles.add(roleName);
                }
            }
        }
    }
    // process @DeclareRoles annotation
    if (webServiceClassInfo.annotations().containsKey(DECLARE_ROLES_ANNOTATION)) {
        final List<AnnotationInstance> declareRoles = webServiceClassInfo.annotations().get(DECLARE_ROLES_ANNOTATION);
        for (final AnnotationInstance declareRole : declareRoles) {
            if (declareRole.target().equals(webServiceClassInfo)) {
                for (final String roleName : declareRole.value().asStringArray()) {
                    securityRoles.add(roleName);
                }
            }
        }
    }
    // process @PermitAll annotation
    if (webServiceClassInfo.annotations().containsKey(PERMIT_ALL_ANNOTATION)) {
        for (AnnotationInstance permitAll : webServiceClassInfo.annotations().get(PERMIT_ALL_ANNOTATION)) {
            if (permitAll.target().equals(webServiceClassInfo)) {
                securityRoles.add("*");
                break;
            }
        }
    }
    //if there is no class level security annotation, it will delegate to ejb's security check
    if (securityRoles.isEmpty()) {
        securityRoles.add("*");
    }
    return Collections.unmodifiableSet(securityRoles);
}
Also used : SecurityRoleMetaData(org.jboss.metadata.javaee.spec.SecurityRoleMetaData) EjbJarMetaData(org.jboss.metadata.ejb.spec.EjbJarMetaData) SecurityRolesMetaData(org.jboss.metadata.javaee.spec.SecurityRolesMetaData) AnnotationInstance(org.jboss.jandex.AnnotationInstance) HashSet(java.util.HashSet)

Example 7 with SecurityRolesMetaData

use of org.jboss.metadata.javaee.spec.SecurityRolesMetaData in project wildfly by wildfly.

the class EjbJaccConfigurator method configure.

@Override
public void configure(final DeploymentPhaseContext context, final ComponentDescription description, final ComponentConfiguration configuration) throws DeploymentUnitProcessingException {
    final DeploymentUnit deploymentUnit = context.getDeploymentUnit();
    final DeploymentReflectionIndex reflectionIndex = deploymentUnit.getAttachment(Attachments.REFLECTION_INDEX);
    final EJBComponentDescription ejbComponentDescription = EJBComponentDescription.class.cast(description);
    final EjbJaccConfig ejbJaccConfig = new EjbJaccConfig();
    context.getDeploymentUnit().addToAttachmentList(EjbDeploymentAttachmentKeys.JACC_PERMISSIONS, ejbJaccConfig);
    // process the method permissions.
    for (final ViewConfiguration viewConfiguration : configuration.getViews()) {
        final List<Method> viewMethods = viewConfiguration.getProxyFactory().getCachedMethods();
        for (final Method viewMethod : viewMethods) {
            if (!Modifier.isPublic(viewMethod.getModifiers()) || viewMethod.getDeclaringClass() == WriteReplaceInterface.class) {
                continue;
            }
            final EJBViewConfiguration ejbViewConfiguration = EJBViewConfiguration.class.cast(viewConfiguration);
            // try to create permissions using the descriptor metadata first.
            ApplicableMethodInformation<EJBMethodSecurityAttribute> permissions = ejbComponentDescription.getDescriptorMethodPermissions();
            boolean createdPerms = this.createPermissions(ejbJaccConfig, ejbComponentDescription, ejbViewConfiguration, viewMethod, reflectionIndex, permissions);
            // no permissions created using the descriptor metadata - try to use annotation metadata.
            if (!createdPerms) {
                permissions = ejbComponentDescription.getAnnotationMethodPermissions();
                createPermissions(ejbJaccConfig, ejbComponentDescription, ejbViewConfiguration, viewMethod, reflectionIndex, permissions);
            }
        }
    }
    Set<String> securityRoles = new HashSet<String>();
    // get all roles from the deployments descriptor (assembly descriptor roles)
    SecurityRolesMetaData secRolesMetaData = ejbComponentDescription.getSecurityRoles();
    if (secRolesMetaData != null) {
        for (SecurityRoleMetaData secRoleMetaData : secRolesMetaData) {
            securityRoles.add(secRoleMetaData.getRoleName());
        }
    }
    // at this point any roles specified via RolesAllowed annotation have been mapped to EJBMethodPermissions, so
    // going through the permissions allows us to retrieve these roles.
    // TODO there might be a better way to retrieve just annotated roles without going through all processed permissions
    List<Map.Entry<String, Permission>> processedRoles = ejbJaccConfig.getRoles();
    for (Map.Entry<String, Permission> entry : processedRoles) {
        securityRoles.add(entry.getKey());
    }
    securityRoles.add(ANY_AUTHENTICATED_USER_ROLE);
    // process the security-role-ref from the deployment descriptor.
    Map<String, Collection<String>> securityRoleRefs = ejbComponentDescription.getSecurityRoleLinks();
    for (Map.Entry<String, Collection<String>> entry : securityRoleRefs.entrySet()) {
        String roleName = entry.getKey();
        for (String roleLink : entry.getValue()) {
            EJBRoleRefPermission p = new EJBRoleRefPermission(ejbComponentDescription.getEJBName(), roleName);
            ejbJaccConfig.addRole(roleLink, p);
        }
        securityRoles.remove(roleName);
    }
    // process remaining annotated declared roles that were not overridden in the descriptor.
    Set<String> declaredRoles = ejbComponentDescription.getDeclaredRoles();
    for (String role : declaredRoles) {
        if (!securityRoleRefs.containsKey(role)) {
            EJBRoleRefPermission p = new EJBRoleRefPermission(ejbComponentDescription.getEJBName(), role);
            ejbJaccConfig.addRole(role, p);
        }
        securityRoles.remove(role);
    }
    // an EJBRoleRefPermission must be created for each declared role that does not appear in the security-role-ref.
    for (String role : securityRoles) {
        EJBRoleRefPermission p = new EJBRoleRefPermission(ejbComponentDescription.getEJBName(), role);
        ejbJaccConfig.addRole(role, p);
    }
    // proxy by sending an invocation to the ejb container.
    if (ejbComponentDescription instanceof SessionBeanComponentDescription) {
        SessionBeanComponentDescription session = SessionBeanComponentDescription.class.cast(ejbComponentDescription);
        if (session.isStateful()) {
            EJBMethodPermission p = new EJBMethodPermission(ejbComponentDescription.getEJBName(), "getEJBObject", "Home", null);
            ejbJaccConfig.addPermit(p);
        }
    }
}
Also used : SecurityRoleMetaData(org.jboss.metadata.javaee.spec.SecurityRoleMetaData) EJBViewConfiguration(org.jboss.as.ejb3.component.EJBViewConfiguration) SecurityRolesMetaData(org.jboss.metadata.javaee.spec.SecurityRolesMetaData) WriteReplaceInterface(org.jboss.as.ee.component.serialization.WriteReplaceInterface) EJBMethodPermission(javax.security.jacc.EJBMethodPermission) EJBComponentDescription(org.jboss.as.ejb3.component.EJBComponentDescription) ViewConfiguration(org.jboss.as.ee.component.ViewConfiguration) EJBViewConfiguration(org.jboss.as.ejb3.component.EJBViewConfiguration) EJBMethodPermission(javax.security.jacc.EJBMethodPermission) EJBRoleRefPermission(javax.security.jacc.EJBRoleRefPermission) Permission(java.security.Permission) HashSet(java.util.HashSet) Method(java.lang.reflect.Method) EJBRoleRefPermission(javax.security.jacc.EJBRoleRefPermission) Collection(java.util.Collection) DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit) DeploymentReflectionIndex(org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex) Map(java.util.Map) SessionBeanComponentDescription(org.jboss.as.ejb3.component.session.SessionBeanComponentDescription)

Example 8 with SecurityRolesMetaData

use of org.jboss.metadata.javaee.spec.SecurityRolesMetaData in project wildfly by wildfly.

the class SecurityContextInterceptorFactory method create.

@Override
protected Interceptor create(final Component component, final InterceptorFactoryContext context) {
    if (component instanceof EJBComponent == false) {
        throw EjbLogger.ROOT_LOGGER.unexpectedComponent(component, EJBComponent.class);
    }
    final EJBComponent ejbComponent = (EJBComponent) component;
    final ServerSecurityManager securityManager;
    if (propagateSecurity) {
        securityManager = ejbComponent.getSecurityManager();
    } else {
        securityManager = new SimpleSecurityManager((SimpleSecurityManager) ejbComponent.getSecurityManager());
    }
    final EJBSecurityMetaData securityMetaData = ejbComponent.getSecurityMetaData();
    String securityDomain = securityMetaData.getSecurityDomain();
    if (securityDomain == null) {
        securityDomain = DEFAULT_DOMAIN;
    }
    if (ROOT_LOGGER.isTraceEnabled()) {
        ROOT_LOGGER.trace("Using security domain: " + securityDomain + " for EJB " + ejbComponent.getComponentName());
    }
    final String runAs = securityMetaData.getRunAs();
    // TODO - We should do something with DeclaredRoles although it never has much meaning in JBoss AS
    final String runAsPrincipal = securityMetaData.getRunAsPrincipal();
    final SecurityRolesMetaData securityRoles = securityMetaData.getSecurityRoles();
    Set<String> extraRoles = null;
    Map<String, Set<String>> principalVsRolesMap = null;
    if (securityRoles != null) {
        principalVsRolesMap = securityRoles.getPrincipalVersusRolesMap();
        if (runAsPrincipal != null)
            extraRoles = securityRoles.getSecurityRoleNamesByPrincipal(runAsPrincipal);
    }
    SecurityContextInterceptorHolder holder = new SecurityContextInterceptorHolder();
    holder.setSecurityManager(securityManager).setSecurityDomain(securityDomain).setRunAs(runAs).setRunAsPrincipal(runAsPrincipal).setPolicyContextID(this.policyContextID).setExtraRoles(extraRoles).setPrincipalVsRolesMap(principalVsRolesMap).setSkipAuthentication(securityRequired == false);
    return new SecurityContextInterceptor(holder);
}
Also used : Set(java.util.Set) SecurityRolesMetaData(org.jboss.metadata.javaee.spec.SecurityRolesMetaData) ServerSecurityManager(org.jboss.as.core.security.ServerSecurityManager) EJBComponent(org.jboss.as.ejb3.component.EJBComponent) SimpleSecurityManager(org.jboss.as.security.service.SimpleSecurityManager)

Example 9 with SecurityRolesMetaData

use of org.jboss.metadata.javaee.spec.SecurityRolesMetaData in project wildfly by wildfly.

the class WebMetaDataCreator method createSecurityRoles.

/**
     * Creates security roles part of web.xml descriptor.
     * <p/>
     * <pre>
     * &lt;security-role&gt;
     *   &lt;role-name&gt;role1&lt;/role-name&gt;
     *   ...
     *   &lt;role-name&gt;roleN&lt;/role-name&gt;
     * &lt;/security-role&gt;
     * </pre>
     *
     * @param dep        webservice deployment
     * @param jbossWebMD jboss web meta data
     */
private void createSecurityRoles(final Deployment dep, final JBossWebMetaData jbossWebMD) {
    final String authMethod = getAuthMethod(dep);
    final boolean hasAuthMethod = authMethod != null;
    if (hasAuthMethod) {
        final SecurityRolesMetaData securityRolesMD = ejb3SecurityAccessor.getSecurityRoles(dep);
        final boolean hasSecurityRolesMD = securityRolesMD != null && !securityRolesMD.isEmpty();
        if (hasSecurityRolesMD) {
            WSLogger.ROOT_LOGGER.trace("Setting security roles");
            jbossWebMD.setSecurityRoles(securityRolesMD);
        }
    }
    //merge security roles from the ear
    //TODO: is there somewhere better to put this?
    final DeploymentUnit unit = dep.getAttachment(DeploymentUnit.class);
    DeploymentUnit parent = unit.getParent();
    if (parent != null) {
        final EarMetaData earMetaData = parent.getAttachment(org.jboss.as.ee.structure.Attachments.EAR_METADATA);
        if (earMetaData != null) {
            if (jbossWebMD.getSecurityRoles() == null) {
                jbossWebMD.setSecurityRoles(new SecurityRolesMetaData());
            }
            SecurityRolesMetaData earSecurityRolesMetaData = earMetaData.getSecurityRoles();
            if (earSecurityRolesMetaData != null) {
                SecurityRolesMetaDataMerger.merge(jbossWebMD.getSecurityRoles(), jbossWebMD.getSecurityRoles(), earSecurityRolesMetaData);
            }
        }
    }
}
Also used : SecurityRolesMetaData(org.jboss.metadata.javaee.spec.SecurityRolesMetaData) DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit) EarMetaData(org.jboss.metadata.ear.spec.EarMetaData)

Aggregations

SecurityRolesMetaData (org.jboss.metadata.javaee.spec.SecurityRolesMetaData)9 SecurityRoleMetaData (org.jboss.metadata.javaee.spec.SecurityRoleMetaData)5 HashSet (java.util.HashSet)4 DeploymentUnit (org.jboss.as.server.deployment.DeploymentUnit)4 EarMetaData (org.jboss.metadata.ear.spec.EarMetaData)3 ArrayList (java.util.ArrayList)2 Set (java.util.Set)2 DeploymentUnitProcessingException (org.jboss.as.server.deployment.DeploymentUnitProcessingException)2 AnnotationInstance (org.jboss.jandex.AnnotationInstance)2 EjbJarMetaData (org.jboss.metadata.ejb.spec.EjbJarMetaData)2 Method (java.lang.reflect.Method)1 Permission (java.security.Permission)1 Principal (java.security.Principal)1 Collection (java.util.Collection)1 HashMap (java.util.HashMap)1 LinkedList (java.util.LinkedList)1 Map (java.util.Map)1 Manifest (java.util.jar.Manifest)1 EJBMethodPermission (javax.security.jacc.EJBMethodPermission)1 EJBRoleRefPermission (javax.security.jacc.EJBRoleRefPermission)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial