maguro 2004/11/12 16:29:21
Modified: modules/openejb-builder/src/java/org/openejb/deployment
CMPEntityBuilder.java ContainerSecurityBuilder.java
EntityBuilder.java MdbBuilder.java
OpenEJBModuleBuilder.java SessionBuilder.java
Log:
Intermediate checkin
http://nagoya.apache.org/jira/browse/GERONIMO-454
Revision Changes Path
1.6 +2 -1
openejb/modules/openejb-builder/src/java/org/openejb/deployment/CMPEntityBuilder.java
Index: CMPEntityBuilder.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/openejb-builder/src/java/org/openejb/deployment/CMPEntityBuilder.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- CMPEntityBuilder.java 11 Nov 2004 17:08:50 -0000 1.5
+++ CMPEntityBuilder.java 12 Nov 2004 21:29:21 -0000 1.6
@@ -558,7 +558,8 @@
((EjbJarType) ejbModule.getSpecDD()).getAssemblyDescriptor(),
getString(entityBean.getEjbName()),
entityBean.getSecurityIdentity(),
- entityBean.getSecurityRoleRefArray());
+ entityBean.getSecurityRoleRefArray(),
+ getModuleBuilder().getSecurityService());
processEnvironmentRefs(builder, earContext, ejbModule, entityBean,
openejbEntityBean, null, cl);
1.2 +13 -131
openejb/modules/openejb-builder/src/java/org/openejb/deployment/ContainerSecurityBuilder.java
Index: ContainerSecurityBuilder.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/openejb-builder/src/java/org/openejb/deployment/ContainerSecurityBuilder.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ContainerSecurityBuilder.java 11 Nov 2004 17:08:50 -0000 1.1
+++ ContainerSecurityBuilder.java 12 Nov 2004 21:29:21 -0000 1.2
@@ -47,8 +47,6 @@
*/
package org.openejb.deployment;
-import javax.management.MalformedObjectNameException;
-import javax.management.ObjectName;
import javax.security.auth.Subject;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
@@ -65,13 +63,12 @@
import org.apache.geronimo.security.GeronimoSecurityException;
import org.apache.geronimo.security.PrimaryRealmPrincipal;
import org.apache.geronimo.security.RealmPrincipal;
-import org.apache.geronimo.security.deploy.AutoMapAssistant;
+import org.apache.geronimo.security.SecurityService;
import org.apache.geronimo.security.deploy.DefaultPrincipal;
import org.apache.geronimo.security.deploy.Principal;
import org.apache.geronimo.security.deploy.Realm;
import org.apache.geronimo.security.deploy.Role;
import org.apache.geronimo.security.deploy.Security;
-import org.apache.geronimo.security.realm.SecurityRealm;
import org.apache.geronimo.security.util.ConfigurationUtil;
import org.apache.geronimo.xbeans.j2ee.AssemblyDescriptorType;
import org.apache.geronimo.xbeans.j2ee.ExcludeListType;
@@ -119,7 +116,8 @@
AssemblyDescriptorType
assemblyDescriptor,
String EJBName,
SecurityIdentityType
securityIdentity,
- SecurityRoleRefType[]
roleReferences)
+ SecurityRoleRefType[]
roleReferences,
+ SecurityService
securityService)
throws DeploymentException {
if (security == null) return;
@@ -229,41 +227,7 @@
/**
* Set the security interceptor's run-as subject, if one has been
defined.
*/
- boolean found = (securityIdentity == null ||
securityIdentity.getRunAs() == null);
- String runAsName = (!found ?
securityIdentity.getRunAs().getRoleName().getStringValue() : "");
- Iterator rollMappings = security.getRoleMappings().iterator();
- while (rollMappings.hasNext()) {
- Role role = (Role) rollMappings.next();
-
- String roleName = role.getRoleName();
- Subject roleDesignate = new Subject();
- Set principalSet = new HashSet();
-
- Iterator realms = role.getRealms().iterator();
- while (realms.hasNext()) {
- Realm realm = (Realm) realms.next();
-
- Iterator principals = realm.getPrincipals().iterator();
- while (principals.hasNext()) {
- Principal principal = (Principal) principals.next();
-
- RealmPrincipal realmPrincipal =
ConfigurationUtil.generateRealmPrincipal(principal, realm.getRealmName());
-
- if (realmPrincipal == null) throw new
DeploymentException("Unable to create realm principal");
-
- principalSet.add(realmPrincipal);
- if (principal.isDesignatedRunAs())
roleDesignate.getPrincipals().add(realmPrincipal);
- }
- }
- securityConfiguration.getRoleMapping().put(roleName,
principalSet);
-
- if (!found && roleDesignate.getPrincipals().size() > 0 &&
runAsName.equals(roleName)) {
- builder.setRunAs(roleDesignate);
- found = true;
- }
- }
- if (!found) throw new DeploymentException("Role designate not found
for role: " + runAsName);
-
+ addRoleMappings(securityConfiguration, builder, security,
securityIdentity, securityService);
/**
* EJB v2.1 section 21.3.2
@@ -300,31 +264,7 @@
* @return the default principal
*/
protected Subject generateDefaultSubject(Security security) throws
GeronimoSecurityException {
-
DefaultPrincipal defaultPrincipal = security.getDefaultPrincipal();
- if (defaultPrincipal == null) {
- AutoMapAssistant config = security.getAssistant();
- try {
- if (config != null) {
- Set assistants =
moduleBuilder.getKernel().listGBeans(new
ObjectName("geronimo.security:type=SecurityRealm,realm=" +
config.getSecurityRealm()));
- if (assistants.size() < 1 || assistants.size() > 1)
throw new GeronimoSecurityException("Only one auto mapping assistant should
match " + config.getSecurityRealm());
-
- org.apache.geronimo.security.realm.AutoMapAssistant
assistant = (org.apache.geronimo.security.realm.AutoMapAssistant)
assistants.iterator().next();
- org.apache.geronimo.security.deploy.Principal principal
= assistant.obtainDefaultPrincipal();
- defaultPrincipal = new DefaultPrincipal();
- defaultPrincipal.setPrincipal(principal);
- defaultPrincipal.setRealmName(((SecurityRealm)
assistant).getRealmName());
- }
- } catch (MalformedObjectNameException e) {
- throw new GeronimoSecurityException("Bad object name
geronimo.security:type=SecurityRealm,realm=" + config.getSecurityRealm());
- }
- }
- if (defaultPrincipal == null) throw new
GeronimoSecurityException("Unable to generate default principal");
-
- return generateDefaultSubject(security, defaultPrincipal);
- }
-
- protected Subject generateDefaultSubject(Security security,
DefaultPrincipal defaultPrincipal) throws GeronimoSecurityException {
Subject defaultSubject = new Subject();
RealmPrincipal realmPrincipal =
ConfigurationUtil.generateRealmPrincipal(defaultPrincipal.getPrincipal(),
defaultPrincipal.getRealmName());
@@ -382,83 +322,24 @@
protected void addRoleMappings(SecurityConfiguration
securityConfiguration,
SecureBuilder builder,
Security security,
- SecurityIdentityType securityIdentity)
- throws DeploymentException {
-
- String runAsName = ((securityIdentity != null &&
securityIdentity.getRunAs() != null) ?
securityIdentity.getRunAs().getRoleName().getStringValue() : "");
-
- autoMapRoles(securityConfiguration, builder, security,
securityIdentity, runAsName);
- addExplicitMappings(securityConfiguration, builder, security,
securityIdentity, runAsName);
-
- if (builder.getRunAs() == null) throw new DeploymentException("Role
designate not found for role: " + runAsName);
- }
-
- protected void autoMapRoles(SecurityConfiguration securityConfiguration,
- SecureBuilder builder,
- Security security,
- SecurityIdentityType securityIdentity,
- String runAsName)
+ SecurityIdentityType securityIdentity,
+ SecurityService securityService)
throws DeploymentException {
- Iterator rollMappings = security.getRoleMappings().iterator();
- AutoMapAssistant config = security.getAssistant();
- try {
- if (config != null) {
- ObjectName assistantName = new
ObjectName("geronimo.security:type=SecurityRealm,realm=" +
config.getSecurityRealm());
- Set assistants =
moduleBuilder.getKernel().listGBeans(assistantName);
- if (assistants.size() < 1 || assistants.size() > 1) throw
new GeronimoSecurityException("Only one auto mapping assistant should match " +
assistantName);
-
- org.apache.geronimo.security.realm.AutoMapAssistant
assistant = (org.apache.geronimo.security.realm.AutoMapAssistant)
assistants.iterator().next();
- while (rollMappings.hasNext()) {
- Role role = (Role) rollMappings.next();
+ security.autoGenerate(securityService);
+ addExplicitMappings(securityConfiguration, builder, security,
securityIdentity);
- String roleName = role.getRoleName();
- Subject roleDesignate = new Subject();
- Set principalSet = new HashSet();
-
- Iterator classNames =
assistant.obtainRolePrincipalClasses().iterator();
- while (classNames.hasNext()) {
- Principal principal = new Principal();
- principal.setClassName((String) classNames.next());
- principal.setPrincipalName(roleName);
-
- RealmPrincipal realmPrincipal =
ConfigurationUtil.generateRealmPrincipal(principal, ((SecurityRealm)
assistant).getRealmName());
-
- if (realmPrincipal == null) throw new
DeploymentException("Unable to create realm principal");
-
- principalSet.add(realmPrincipal);
- roleDesignate.getPrincipals().add(realmPrincipal);
- }
- Set roleMapping = (Set)
securityConfiguration.getRoleMapping().get(roleName);
- if (roleMapping == null) {
- roleMapping = new HashSet();
- securityConfiguration.getRoleMapping().put(roleName,
roleMapping);
- }
- roleMapping.addAll(principalSet);
-
- if (roleDesignate.getPrincipals().size() > 0 &&
runAsName.equals(roleName)) {
- if (builder.getRunAs() != null) {
-
builder.getRunAs().getPrincipals().addAll(roleDesignate.getPrincipals());
- } else {
- builder.setRunAs(roleDesignate);
- }
- }
- }
- }
- } catch (MalformedObjectNameException e) {
- throw new DeploymentException("Bad object name
geronimo.security:type=SecurityRealm,realm=" + config.getSecurityRealm());
- }
}
protected void addExplicitMappings(SecurityConfiguration
securityConfiguration,
SecureBuilder builder,
Security security,
- SecurityIdentityType securityIdentity,
- String runAsName)
+ SecurityIdentityType securityIdentity)
throws DeploymentException {
- Iterator rollMappings = security.getRoleMappings().iterator();
+ String runAsName = ((securityIdentity != null &&
securityIdentity.getRunAs() != null) ?
securityIdentity.getRunAs().getRoleName().getStringValue() : "");
+ Iterator rollMappings =
security.getRoleMappings().values().iterator();
while (rollMappings.hasNext()) {
Role role = (Role) rollMappings.next();
@@ -466,7 +347,7 @@
Subject roleDesignate = new Subject();
Set principalSet = new HashSet();
- Iterator realms = role.getRealms().iterator();
+ Iterator realms = role.getRealms().values().iterator();
while (realms.hasNext()) {
Realm realm = (Realm) realms.next();
@@ -497,6 +378,7 @@
}
}
}
+ if (builder.getRunAs() == null) throw new DeploymentException("Role
designate not found for role: " + runAsName);
}
/**
1.4 +2 -1
openejb/modules/openejb-builder/src/java/org/openejb/deployment/EntityBuilder.java
Index: EntityBuilder.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/openejb-builder/src/java/org/openejb/deployment/EntityBuilder.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- EntityBuilder.java 11 Nov 2004 17:08:50 -0000 1.3
+++ EntityBuilder.java 12 Nov 2004 21:29:21 -0000 1.4
@@ -134,7 +134,8 @@
((EjbJarType) ejbModule.getSpecDD()).getAssemblyDescriptor(),
entityBean.getEjbName().getStringValue(),
entityBean.getSecurityIdentity(),
- entityBean.getSecurityRoleRefArray());
+ entityBean.getSecurityRoleRefArray(),
+ getModuleBuilder().getSecurityService());
processEnvironmentRefs(builder, earContext, ejbModule, entityBean,
openejbEntityBean, null, cl);
1.3 +2 -1
openejb/modules/openejb-builder/src/java/org/openejb/deployment/MdbBuilder.java
Index: MdbBuilder.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/openejb-builder/src/java/org/openejb/deployment/MdbBuilder.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- MdbBuilder.java 11 Nov 2004 14:25:26 -0000 1.2
+++ MdbBuilder.java 12 Nov 2004 21:29:21 -0000 1.3
@@ -179,7 +179,8 @@
((EjbJarType) ejbModule.getSpecDD()).getAssemblyDescriptor(),
messageDrivenBean.getEjbName().getStringValue(),
messageDrivenBean.getSecurityIdentity(),
- null);
+ null,
+ getModuleBuilder().getSecurityService());
UserTransactionImpl userTransaction;
//TODO this is probably wrong???
1.7 +22 -10
openejb/modules/openejb-builder/src/java/org/openejb/deployment/OpenEJBModuleBuilder.java
Index: OpenEJBModuleBuilder.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/openejb-builder/src/java/org/openejb/deployment/OpenEJBModuleBuilder.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- OpenEJBModuleBuilder.java 11 Nov 2004 17:08:50 -0000 1.6
+++ OpenEJBModuleBuilder.java 12 Nov 2004 21:29:21 -0000 1.7
@@ -80,11 +80,12 @@
import org.apache.geronimo.schema.SchemaConversionUtils;
import org.apache.geronimo.security.deploy.Security;
import org.apache.geronimo.security.deployment.SecurityBuilder;
+import org.apache.geronimo.security.SecurityService;
import org.apache.geronimo.xbeans.geronimo.naming.GerResourceLocatorType;
import org.apache.geronimo.xbeans.j2ee.EjbJarDocument;
import org.apache.geronimo.xbeans.j2ee.EjbJarType;
import org.apache.geronimo.xbeans.j2ee.EnterpriseBeansType;
-import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.xbeans.j2ee.SecurityRoleType;
import org.apache.xmlbeans.XmlException;
import org.apache.xmlbeans.XmlObject;
@@ -116,7 +117,7 @@
*/
public class OpenEJBModuleBuilder implements ModuleBuilder,
EJBReferenceBuilder {
- private final Kernel kernel;
+ private final SecurityService securityService;
private final URI defaultParentId;
private final CMPEntityBuilder cmpEntityBuilder;
private final SessionBuilder sessionBuilder;
@@ -125,8 +126,8 @@
private final ContainerSecurityBuilder containerSecurityBuilder;
private final SkeletonGenerator skeletonGenerator;
- public OpenEJBModuleBuilder(Kernel kernel, URI defaultParentId,
SkeletonGenerator skeletonGenerator) {
- this.kernel = kernel;
+ public OpenEJBModuleBuilder(SecurityService securityService, URI
defaultParentId, SkeletonGenerator skeletonGenerator) {
+ this.securityService = securityService;
this.defaultParentId = defaultParentId;
this.skeletonGenerator = skeletonGenerator;
this.containerSecurityBuilder = new ContainerSecurityBuilder(this);
@@ -136,8 +137,8 @@
this.mdbBuilder = new MdbBuilder(this);
}
- public Kernel getKernel() {
- return kernel;
+ public SecurityService getSecurityService() {
+ return securityService;
}
public ContainerSecurityBuilder getSecurityBuilder() {
@@ -436,7 +437,7 @@
transactionPolicyHelper = new TransactionPolicyHelper();
}
- Security security =
SecurityBuilder.buildSecurityConfig(openejbEjbJar.getSecurity());
+ Security security =
SecurityBuilder.buildSecurityConfig(openejbEjbJar.getSecurity(),
collectRoleNames(ejbJar));
EnterpriseBeansType enterpriseBeans = ejbJar.getEnterpriseBeans();
@@ -451,6 +452,17 @@
return null;
}
+ private static Set collectRoleNames(EjbJarType ejbJar) {
+ Set roleNames = new HashSet();
+
+ SecurityRoleType[] securityRoles =
ejbJar.getAssemblyDescriptor().getSecurityRoleArray();
+ for (int i=0; i<securityRoles.length; i++) {
+ roleNames.add(securityRoles[i].getRoleName().getStringValue());
+ }
+
+ return roleNames;
+ }
+
private static ObjectName getResourceContainerId(URI uri,
GerResourceLocatorType resourceLocator, RefContext refContext, J2eeContext
j2eeContext) throws DeploymentException {
try {
if (resourceLocator.isSetResourceLink()) {
@@ -531,13 +543,13 @@
static {
GBeanInfoBuilder infoBuilder = new
GBeanInfoBuilder(OpenEJBModuleBuilder.class);
- infoBuilder.addAttribute("kernel", Kernel.class, false);
+ infoBuilder.addReference("SecurityService", SecurityService.class);
infoBuilder.addAttribute("defaultParentId", URI.class, true);
infoBuilder.addReference("SkeletonGenerator",
SkeletonGenerator.class);
infoBuilder.addInterface(ModuleBuilder.class);
infoBuilder.addInterface(EJBReferenceBuilder.class);
- infoBuilder.setConstructor(new String[] {"kernel",
"defaultParentId", "SkeletonGenerator"});
+ infoBuilder.setConstructor(new String[] {"SecurityService",
"defaultParentId", "SkeletonGenerator"});
GBEAN_INFO = infoBuilder.getBeanInfo();
}
1.4 +2 -1
openejb/modules/openejb-builder/src/java/org/openejb/deployment/SessionBuilder.java
Index: SessionBuilder.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/openejb-builder/src/java/org/openejb/deployment/SessionBuilder.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- SessionBuilder.java 11 Nov 2004 17:08:50 -0000 1.3
+++ SessionBuilder.java 12 Nov 2004 21:29:21 -0000 1.4
@@ -126,7 +126,8 @@
((EjbJarType) ejbModule.getSpecDD()).getAssemblyDescriptor(),
sessionBean.getEjbName().getStringValue(),
sessionBean.getSecurityIdentity(),
- sessionBean.getSecurityRoleRefArray());
+ sessionBean.getSecurityRoleRefArray(),
+ getModuleBuilder().getSecurityService());
UserTransactionImpl userTransaction;
if
("Bean".equals(sessionBean.getTransactionType().getStringValue())) {
