On Wed, 2004-02-04 at 15:47, Scott M Stark wrote:
> Ok, there appear to be many dependencies on the server module,
> many coming from CachedConnectionInterceptor, others from the
> org/jboss/resource/adapter/jdbc/remote stuff I just addes due
> to naming and invoker stuff. We need to cleanup the server module.
>
> The naming stuff should be in common.
You mean org.jboss.naming in server?
>
> The interceptor/invoker/proxy stuff needs to be unified across the jmx,
> aop, and server modules. Let's get this discussion going as this
> needs to be resolved now.
I think the best model is provided by Bill's aop interceptors.
The fundamental idea is that the interceptor makes no assumptions
about what it is intercepting.
It simply asks the metadata object. The metadata object can be
configured according to whatever joinpoints are relevent.
i.e. field/method/constructor, jmx attribute/operation or it could even
be a url if it were applied to servlets.
The deployer, container or invocation sets up the relevent metadata
model. It is actually a hierarchy of metadata providers,
e.g. invocation, container, vm, cluster
You'll notice one outstanding issue is the REVISIT on how to
get a human readable string that represents the joinpoint
for error messages.
e.g.
public final class RoleBasedAuthorizationInterceptor implements
org.jboss.aop.advice.Interceptor
{
protected Logger log = Logger.getLogger(this.getClass());
public String getName() { return "RoleBasedAuthorizationInterceptor";
}
/**
* Check if the principal is authorized to call the method by
verifying that
* the it containes at least one of the required roles.
*/
public Object invoke(org.jboss.aop.joinpoint.Invocation invocation)
throws Throwable
{
AuthenticationManager securityManager =
(AuthenticationManager)invocation.getMetaData("security",
"authentication-manager");
// If there is not a security manager then there is no
authorization
// required
if(securityManager == null)
{
return invocation.invokeNext();
}
RealmMapping realmMapping =
(RealmMapping)invocation.getMetaData("security", "realm-mapping");
if(realmMapping == null)
{
throw new SecurityException("Role mapping manager has not been
set");
}
Set roles = (Set)invocation.getMetaData("security", "roles");
if(roles == null)
{
/*
REVISIT: for better message
String message = "No method permissions assigned. to " +
"method=" + invocation.getMethod().getName() +
", interface=" + invocation.getType();
*/
String message = "No method permissions assigned.";
log.error(message);
throw new SecurityException(message);
}
// See if there is a runAs role associated with this thread. If
there
// is, this is the security role against which the assigned method
// permissions must be checked.
Principal threadRunAsRole = SecurityAssociation.peekRunAsRole();
if(threadRunAsRole != null)
{
// Check the runAs role
if(!roles.contains(threadRunAsRole) &&
!roles.contains(AnybodyPrincipal.ANYBODY_PRINCIPAL))
{
String message = "Insufficient method permissions" +
", runAsRole=" + threadRunAsRole +
/* revisit:
", method=" + invocation.getMethod().getName() +
*/
", interface=" + invocation.getType() +
", requiredRoles=" + roles;
// Dain: I think this is redundant logging
log.error(message);
throw new SecurityException(message);
}
}
// If the method has no assigned roles or the user does not have
at
// least one of the roles then access is denied.
else
{
Principal principal =
(Principal)invocation.getMetaData("security", "principal");
if(!realmMapping.doesUserHaveRole(principal, roles))
{
String message = "Insufficient method permissions" +
", principal=" + principal +
/* REVISIT:
", method=" + invocation.getMethod().getName() +
*/
", interface=" + invocation.getType() +
", requiredRoles=" + roles +
", principalRoles=" +
realmMapping.getUserRoles(principal);
log.error(message);
throw new SecurityException(message);
}
}
return invocation.invokeNext();
}
}
Regards,
Adrian
>
>
>
> xxxxxxxxxxxxxxxxxxxxxxxx
> Scott Stark
> Chief Technology Officer
> JBoss Group, LLC
> xxxxxxxxxxxxxxxxxxxxxxxx
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Alexey Loubyansky
> Sent: Wednesday, February 04, 2004 6:34 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [JBoss-dev] Bad cross module dependency
>
> Because the server is compiled before the connector and JCA's
> WrappedStatement can't be used in CMP.
>
>
>
> -------------------------------------------------------
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> http://www.eclipsecon.org/osdn
> _______________________________________________
> JBoss-Development mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/jboss-development
--
xxxxxxxxxxxxxxxxxxxxxxxx
Adrian Brock
Director of Support
Back Office
JBoss Group, LLC
xxxxxxxxxxxxxxxxxxxxxxxx
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
JBoss-Development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
