djencks 2005/05/05 17:06:40
Modified: modules/openejb-builder/src/java/org/openejb/deployment
ContainerSecurityBuilder.java
Log:
deal with ears with some ejb modules with, some without assembly/security
descriptors
Revision Changes Path
1.16 +81 -78
openejb/modules/openejb-builder/src/java/org/openejb/deployment/ContainerSecurityBuilder.java
Index: ContainerSecurityBuilder.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/openejb-builder/src/java/org/openejb/deployment/ContainerSecurityBuilder.java,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- ContainerSecurityBuilder.java 18 Apr 2005 19:05:15 -0000 1.15
+++ ContainerSecurityBuilder.java 5 May 2005 21:06:39 -0000 1.16
@@ -98,12 +98,12 @@
* is also filled with permissions that need to be used to fill the JACC
* policy configuration.
*
- * @param notAssigned the set of all possible permissions. These
will be
- * culled so that all that are left are those
that have
- * not been assigned roles.
- * @param assemblyDescriptor the assembly descriptor
- * @param EJBName the name of the EJB
- * @param roleReferences the EJB's role references
+ * @param notAssigned the set of all possible permissions.
These will be
+ * culled so that all that are left are
those that have
+ * not been assigned roles.
+ * @param assemblyDescriptor the assembly descriptor
+ * @param EJBName the name of the EJB
+ * @param roleReferences the EJB's role references
* @param componentPermissions
* @throws DeploymentException if any constraints are violated
*/
@@ -119,93 +119,96 @@
PermissionCollection excludedPermissions =
componentPermissions.getExcludedPermissions();
Map rolePermissions = componentPermissions.getRolePermissions();
- /**
- * JACC v1.0 section 3.1.5.1
- */
- MethodPermissionType[] methodPermissions =
assemblyDescriptor.getMethodPermissionArray();
- if (methodPermissions != null) {
- for (int i = 0; i < methodPermissions.length; i++) {
- MethodPermissionType mpt = methodPermissions[i];
- MethodType[] methods = mpt.getMethodArray();
- RoleNameType[] roles = mpt.getRoleNameArray();
- boolean unchecked = mpt.isSetUnchecked();
+ //this can occur in an ear when one ejb module has security and one
doesn't. In this case we still need
+ //to make the non-secure one completely unchecked.
+ if (assemblyDescriptor != null) {
+ /**
+ * JACC v1.0 section 3.1.5.1
+ */
+ MethodPermissionType[] methodPermissions =
assemblyDescriptor.getMethodPermissionArray();
+ if (methodPermissions != null) {
+ for (int i = 0; i < methodPermissions.length; i++) {
+ MethodPermissionType mpt = methodPermissions[i];
+ MethodType[] methods = mpt.getMethodArray();
+ RoleNameType[] roles = mpt.getRoleNameArray();
+ boolean unchecked = mpt.isSetUnchecked();
+
+
+ for (int k = 0; k < methods.length; k++) {
+ MethodType method = methods[k];
+
+ if
(!EJBName.equals(method.getEjbName().getStringValue().trim())) continue;
+
+ String methodName =
OpenEJBModuleBuilder.getJ2eeStringValue(method.getMethodName());
+ String methodIntf =
OpenEJBModuleBuilder.getJ2eeStringValue(method.getMethodIntf());
+ String[] methodPara = (method.isSetMethodParams() ?
toStringArray(method.getMethodParams().getMethodParamArray()) : null);
+
+ // map EJB semantics to JACC semantics for method
names
+ if ("*".equals(methodName)) methodName = null;
+
+ EJBMethodPermission permission = new
EJBMethodPermission(EJBName, methodName, methodIntf, methodPara);
+ notAssigned = cullPermissions(notAssigned,
permission);
+ if (unchecked) {
+ uncheckedPermissions.add(permission);
+ } else {
+ for (int j = 0; j < roles.length; j++) {
+ String rolename =
roles[j].getStringValue().trim();
+
+ Permissions permissions = (Permissions)
rolePermissions.get(rolename);
+ if (permissions == null) {
+ permissions = new Permissions();
+ rolePermissions.put(rolename,
permissions);
+ }
+ permissions.add(permission);
+ }
+ }
+ }
+ }
+ }
- for (int k = 0; k < methods.length; k++) {
- MethodType method = methods[k];
+ /**
+ * JACC v1.0 section 3.1.5.2
+ */
+ ExcludeListType excludeList =
assemblyDescriptor.getExcludeList();
+ if (excludeList != null) {
+ MethodType[] methods = excludeList.getMethodArray();
+ for (int i = 0; i < methods.length; i++) {
+ MethodType method = methods[i];
if
(!EJBName.equals(method.getEjbName().getStringValue().trim())) continue;
String methodName =
OpenEJBModuleBuilder.getJ2eeStringValue(method.getMethodName());
String methodIntf =
OpenEJBModuleBuilder.getJ2eeStringValue(method.getMethodIntf());
- String[] methodPara = (method.isSetMethodParams()?
toStringArray(method.getMethodParams().getMethodParamArray()) : null);
-
- // map EJB semantics to JACC semantics for method names
- if ("*".equals(methodName)) methodName = null;
+ String[] methodPara = (method.isSetMethodParams() ?
toStringArray(method.getMethodParams().getMethodParamArray()) : null);
EJBMethodPermission permission = new
EJBMethodPermission(EJBName, methodName, methodIntf, methodPara);
+
+ excludedPermissions.add(permission);
notAssigned = cullPermissions(notAssigned, permission);
- if (unchecked) {
- uncheckedPermissions.add(permission);
- } else {
- for (int j = 0; j < roles.length; j++) {
- String rolename =
roles[j].getStringValue().trim();
-
- Permissions permissions = (Permissions)
rolePermissions.get(rolename);
- if (permissions == null) {
- permissions = new Permissions();
- rolePermissions.put(rolename, permissions);
- }
- permissions.add(permission);
- }
- }
}
-
}
- }
-
- /**
- * JACC v1.0 section 3.1.5.2
- */
- ExcludeListType excludeList = assemblyDescriptor.getExcludeList();
- if (excludeList != null) {
- MethodType[] methods = excludeList.getMethodArray();
- for (int i = 0; i < methods.length; i++) {
- MethodType method = methods[i];
-
- if
(!EJBName.equals(method.getEjbName().getStringValue().trim())) continue;
-
- String methodName =
OpenEJBModuleBuilder.getJ2eeStringValue(method.getMethodName());
- String methodIntf =
OpenEJBModuleBuilder.getJ2eeStringValue(method.getMethodIntf());
- String[] methodPara = (method.isSetMethodParams()?
toStringArray(method.getMethodParams().getMethodParamArray()) : null);
-
- EJBMethodPermission permission = new
EJBMethodPermission(EJBName, methodName, methodIntf, methodPara);
-
- excludedPermissions.add(permission);
- notAssigned = cullPermissions(notAssigned, permission);
- }
- }
- /**
- * JACC v1.0 section 3.1.5.3
- */
- if (roleReferences != null) {
- for (int i = 0; i < roleReferences.length; i++) {
- if (!roleReferences[i].isSetRoleLink()) throw new
DeploymentException("Missing role-link");
-
- String roleName =
roleReferences[i].getRoleName().getStringValue().trim();
- String roleLink =
roleReferences[i].getRoleLink().getStringValue().trim();
-
- PermissionCollection roleLinks = (PermissionCollection)
rolePermissions.get(roleLink);
- if (roleLinks == null) {
- roleLinks = new Permissions();
- rolePermissions.put(roleLink, roleLinks);
+ /**
+ * JACC v1.0 section 3.1.5.3
+ */
+ if (roleReferences != null) {
+ for (int i = 0; i < roleReferences.length; i++) {
+ if (!roleReferences[i].isSetRoleLink()) throw new
DeploymentException("Missing role-link");
+
+ String roleName =
roleReferences[i].getRoleName().getStringValue().trim();
+ String roleLink =
roleReferences[i].getRoleLink().getStringValue().trim();
+
+ PermissionCollection roleLinks = (PermissionCollection)
rolePermissions.get(roleLink);
+ if (roleLinks == null) {
+ roleLinks = new Permissions();
+ rolePermissions.put(roleLink, roleLinks);
+ }
+ roleLinks.add(new EJBRoleRefPermission(EJBName,
roleName));
}
- roleLinks.add(new EJBRoleRefPermission(EJBName, roleName));
}
}
-
/**
* EJB v2.1 section 21.3.2
* <p/>
@@ -253,8 +256,8 @@
* @throws DeploymentException
*/
public void addToPermissions(Permissions permissions,
- String EJBName, String methodInterface,
String interfaceClass,
- ClassLoader cl)
+ String EJBName, String methodInterface,
String interfaceClass,
+ ClassLoader cl)
throws DeploymentException {
if (interfaceClass == null) return;
