[JBoss-dev] CVS update: jboss/src/main/org/jboss/ejb/plugins SecurityInterceptor.java SecurityProxyInterceptor.java
User: starksm Date: 01/12/02 19:43:42 Modified:src/main/org/jboss/ejb/plugins SecurityInterceptor.java SecurityProxyInterceptor.java Log: Rename EJBSecurityManager to AuthenticationManager Revision ChangesPath 1.27 +3 -3 jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java Index: SecurityInterceptor.java === RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- SecurityInterceptor.java 2001/11/26 03:12:25 1.26 +++ SecurityInterceptor.java 2001/12/03 03:43:42 1.27 @@ -17,7 +17,7 @@ import org.jboss.metadata.BeanMetaData; import org.jboss.metadata.SecurityIdentityMetaData; import org.jboss.security.AnybodyPrincipal; -import org.jboss.security.EJBSecurityManager; +import org.jboss.security.AuthenticationManager; import org.jboss.security.RealmMapping; import org.jboss.security.SecurityAssociation; import org.jboss.security.SimplePrincipal; @@ -27,7 +27,7 @@ @author a href=[EMAIL PROTECTED]Oleg Nitz/a @author a href=mailto:[EMAIL PROTECTED];Scott Stark/a. -@version $Revision: 1.26 $ +@version $Revision: 1.27 $ */ public class SecurityInterceptor extends AbstractInterceptor { @@ -42,7 +42,7 @@ * @supplierQualifier authentication * @clientCardinality 1..* */ -protected EJBSecurityManager securityManager; +protected AuthenticationManager securityManager; /** * @supplierCardinality 0..1 1.8 +3 -3 jboss/src/main/org/jboss/ejb/plugins/SecurityProxyInterceptor.java Index: SecurityProxyInterceptor.java === RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/ejb/plugins/SecurityProxyInterceptor.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- SecurityProxyInterceptor.java 2001/11/24 20:43:23 1.7 +++ SecurityProxyInterceptor.java 2001/12/03 03:43:42 1.8 @@ -18,7 +18,7 @@ import org.jboss.ejb.EnterpriseContext; import org.jboss.ejb.MethodInvocation; -import org.jboss.security.EJBSecurityManager; +import org.jboss.security.AuthenticationManager; import org.jboss.security.SecurityProxy; import org.jboss.security.SecurityProxyFactory; @@ -30,7 +30,7 @@ * interceptor has access to the EJB instance and context. * * @author a href=mailto:[EMAIL PROTECTED];Scott Stark/a. - * @version $Revision: 1.7 $ + * @version $Revision: 1.8 $ */ public class SecurityProxyInterceptor extends AbstractInterceptor @@ -51,7 +51,7 @@ */ protected Container container; - protected EJBSecurityManager securityManager; + protected AuthenticationManager securityManager; /** * @supplierCardinality 0..1 ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: jboss/src/main/org/jboss/ejb/plugins SecurityInterceptor.java SecurityProxyInterceptor.java
User: starksm Date: 01/11/09 02:39:37 Modified:src/main/org/jboss/ejb/plugins Tag: Branch_2_4 SecurityInterceptor.java SecurityProxyInterceptor.java Log: Change org.jboss.security.SecurityManager to org.jboss.security.AuthenticationManager since SecurityManager clashes with the java.lang.SecurityManager Add support for an ssl-domain config element to support RMI+SSL in the container invoker config Revision ChangesPath No revision No revision 1.17.2.5 +3 -3 jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java Index: SecurityInterceptor.java === RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java,v retrieving revision 1.17.2.4 retrieving revision 1.17.2.5 diff -u -r1.17.2.4 -r1.17.2.5 --- SecurityInterceptor.java 2001/11/05 04:09:37 1.17.2.4 +++ SecurityInterceptor.java 2001/11/09 10:39:37 1.17.2.5 @@ -19,7 +19,7 @@ import org.jboss.metadata.BeanMetaData; import org.jboss.metadata.SecurityIdentityMetaData; import org.jboss.security.AnybodyPrincipal; -import org.jboss.security.SecurityManager; +import org.jboss.security.AuthenticationManager; import org.jboss.security.RealmMapping; import org.jboss.security.SecurityAssociation; import org.jboss.security.SimplePrincipal; @@ -29,7 +29,7 @@ @author a href=[EMAIL PROTECTED]Oleg Nitz/a @author [EMAIL PROTECTED] -@version $Revision: 1.17.2.4 $ +@version $Revision: 1.17.2.5 $ */ public class SecurityInterceptor extends AbstractInterceptor { @@ -44,7 +44,7 @@ * @supplierQualifier authentication * @clientCardinality 1..* */ -protected SecurityManager securityManager; +protected AuthenticationManager securityManager; /** * @supplierCardinality 0..1 1.2.2.2 +3 -3 jboss/src/main/org/jboss/ejb/plugins/SecurityProxyInterceptor.java Index: SecurityProxyInterceptor.java === RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/ejb/plugins/SecurityProxyInterceptor.java,v retrieving revision 1.2.2.1 retrieving revision 1.2.2.2 diff -u -r1.2.2.1 -r1.2.2.2 --- SecurityProxyInterceptor.java 2001/11/05 04:09:37 1.2.2.1 +++ SecurityProxyInterceptor.java 2001/11/09 10:39:37 1.2.2.2 @@ -17,7 +17,7 @@ import org.jboss.ejb.EnterpriseContext; import org.jboss.ejb.MethodInvocation; -import org.jboss.security.SecurityManager; +import org.jboss.security.AuthenticationManager; import org.jboss.security.SecurityProxy; import org.jboss.security.SecurityProxyFactory; @@ -28,7 +28,7 @@ interceptor has access to the EJB instance and context. @author [EMAIL PROTECTED] -@version $Revision: 1.2.2.1 $ +@version $Revision: 1.2.2.2 $ */ public class SecurityProxyInterceptor extends AbstractInterceptor { @@ -42,7 +42,7 @@ * @supplierCardinality 1 */ protected Container container; -protected SecurityManager securityManager; +protected AuthenticationManager securityManager; /** * @supplierCardinality 0..1 ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: jboss/src/main/org/jboss/ejb/plugins SecurityInterceptor.java
User: starksm Date: 01/09/26 09:01:08 Modified:src/main/org/jboss/ejb/plugins Tag: Branch_2_4 SecurityInterceptor.java Log: Log the principal roles on authorization failure Revision ChangesPath No revision No revision 1.17.2.3 +3 -2 jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java Index: SecurityInterceptor.java === RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java,v retrieving revision 1.17.2.2 retrieving revision 1.17.2.3 diff -u -r1.17.2.2 -r1.17.2.3 --- SecurityInterceptor.java 2001/08/20 22:16:35 1.17.2.2 +++ SecurityInterceptor.java 2001/09/26 16:01:07 1.17.2.3 @@ -29,7 +29,7 @@ @author a href=[EMAIL PROTECTED]Oleg Nitz/a @author [EMAIL PROTECTED] -@version $Revision: 1.17.2.2 $ +@version $Revision: 1.17.2.3 $ */ public class SecurityInterceptor extends AbstractInterceptor { @@ -209,8 +209,9 @@ else if( realmMapping.doesUserHaveRole(principal, methodRoles) == false ) { String method = mi.getMethod().getName(); +Set userRoles = realmMapping.getUserRoles(principal); String msg = Insufficient method permissions, principal=+principal -+ , method=+method+, requiredRoles=+methodRoles; ++ , method=+method+, requiredRoles=+methodRoles+, principalRoles=+userRoles; Logger.error(msg); SecurityException e = new SecurityException(msg); throw new RemoteException(checkSecurityAssociation, e); ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: jboss/src/main/org/jboss/ejb/plugins SecurityInterceptor.java
User: starksm Date: 01/09/25 23:00:26 Modified:src/main/org/jboss/ejb/plugins SecurityInterceptor.java Log: Display the principal roles set in the authorization error msg Revision ChangesPath 1.24 +3 -2 jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java Index: SecurityInterceptor.java === RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- SecurityInterceptor.java 2001/09/11 18:34:59 1.23 +++ SecurityInterceptor.java 2001/09/26 06:00:26 1.24 @@ -30,7 +30,7 @@ @author a href=[EMAIL PROTECTED]Oleg Nitz/a @author a href=mailto:[EMAIL PROTECTED];Scott Stark/a. -@version $Revision: 1.23 $ +@version $Revision: 1.24 $ */ public class SecurityInterceptor extends AbstractInterceptor { @@ -213,8 +213,9 @@ else if( realmMapping.doesUserHaveRole(principal, methodRoles) == false ) { String method = mi.getMethod().getName(); +Set userRoles = realmMapping.getUserRoles(principal); String msg = Insufficient method permissions, principal=+principal -+ , method=+method+, requiredRoles=+methodRoles; ++ , method=+method+, requiredRoles=+methodRoles+, principalRoles=+userRoles; log.error(msg); SecurityException e = new SecurityException(msg); throw new RemoteException(checkSecurityAssociation, e); ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: jboss/src/main/org/jboss/ejb/plugins SecurityInterceptor.java
User: starksm Date: 01/08/20 15:16:35 Modified:src/main/org/jboss/ejb/plugins Tag: Branch_2_4 SecurityInterceptor.java Log: Need to validate the method permission role set against the anybody role Revision ChangesPath No revision No revision 1.17.2.2 +220 -218 jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java Index: SecurityInterceptor.java === RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java,v retrieving revision 1.17.2.1 retrieving revision 1.17.2.2 diff -u -r1.17.2.1 -r1.17.2.2 --- SecurityInterceptor.java 2001/07/09 08:33:26 1.17.2.1 +++ SecurityInterceptor.java 2001/08/20 22:16:35 1.17.2.2 @@ -1,218 +1,220 @@ -/* - * JBoss, the OpenSource EJB server - * - * Distributable under LGPL license. - * See terms of license at gnu.org. - */ -package org.jboss.ejb.plugins; - -import java.lang.reflect.Method; -import java.rmi.RemoteException; -import java.security.Principal; -import java.util.Iterator; -import java.util.Set; -import javax.naming.InitialContext; - -import org.jboss.ejb.Container; -import org.jboss.ejb.MethodInvocation; -import org.jboss.logging.Logger; -import org.jboss.metadata.BeanMetaData; -import org.jboss.metadata.SecurityIdentityMetaData; -import org.jboss.security.EJBSecurityManager; -import org.jboss.security.RealmMapping; -import org.jboss.security.SecurityAssociation; -import org.jboss.security.SimplePrincipal; - -/** The SecurityInterceptor is where the EJB 2.0 declarative security model -is enforced. This is where the caller identity propagation is controlled as well. - -@author a href=[EMAIL PROTECTED]Oleg Nitz/a -@author [EMAIL PROTECTED] -@version $Revision: 1.17.2.1 $ -*/ -public class SecurityInterceptor extends AbstractInterceptor -{ -/** - * @clientCardinality 0..1 - * @supplierCardinality 1 - */ -protected Container container; - -/** - * @supplierCardinality 0..1 - * @supplierQualifier authentication - * @clientCardinality 1..* - */ -protected EJBSecurityManager securityManager; - -/** - * @supplierCardinality 0..1 - * @clientCardinality 1..* - * @supplierQualifier identity mapping - */ -protected RealmMapping realmMapping; -protected Principal runAsRole; - -public SecurityInterceptor() -{ -} - -/** Called by the super class to set the container to which this interceptor - belongs. We obtain the security manager and runAs identity to use here. - */ -public void setContainer(Container container) -{ -this.container = container; -BeanMetaData beanMetaData = container.getBeanMetaData(); -SecurityIdentityMetaData secMetaData = beanMetaData.getSecurityIdentityMetaData(); -if( secMetaData != null secMetaData.getUseCallerIdentity() == false ) -{ -String roleName = secMetaData.getRunAsRoleName(); -runAsRole = new SimplePrincipal(roleName); -} -securityManager = container.getSecurityManager(); -realmMapping = container.getRealmMapping(); -} - -public Container getContainer() -{ -return container; -} - - // Container implementation -- -public void start() throws Exception -{ -super.start(); -} - -public Object invokeHome(MethodInvocation mi) throws Exception -{ -// Authenticate the subject and apply any declarative security checks -checkSecurityAssociation(mi, true); -/* If a run-as role was specified, push it so that any calls made - by this bean will have the runAsRole available for declarative - security checks. -*/ -if( runAsRole != null ) -{ -SecurityAssociation.pushRunAsRole(runAsRole); -} -try -{ -Object returnValue = getNext().invokeHome(mi); -return returnValue; -} -finally -{ -if( runAsRole != null ) -{ -SecurityAssociation.popRunAsRole(); -} -} -} -public Object invoke(MethodInvocation mi) throws Exception -{ -// Authenticate the subject and apply any declarative security checks -checkSecurityAssociation(mi, false); -/* If a run-as role was specified, push it so that any calls made - by this bean will have the runAsRole available for declarative - security checks. -*/ -if( runAsRole != null ) -{ -
[JBoss-dev] CVS update: jboss/src/main/org/jboss/ejb/plugins SecurityInterceptor.java
User: starksm Date: 01/07/09 01:33:26 Modified:src/main/org/jboss/ejb/plugins Tag: Branch_2_4 SecurityInterceptor.java Log: Update support for unauthenticated users via the standard security manager and login modules. Revision ChangesPath No revision No revision 1.17.2.1 +218 -218 jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java Index: SecurityInterceptor.java === RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java,v retrieving revision 1.17 retrieving revision 1.17.2.1 diff -u -r1.17 -r1.17.2.1 --- SecurityInterceptor.java 2001/06/15 08:31:02 1.17 +++ SecurityInterceptor.java 2001/07/09 08:33:26 1.17.2.1 @@ -1,218 +1,218 @@ -/* - * JBoss, the OpenSource EJB server - * - * Distributable under LGPL license. - * See terms of license at gnu.org. - */ -package org.jboss.ejb.plugins; - -import java.lang.reflect.Method; -import java.rmi.RemoteException; -import java.security.Principal; -import java.util.Iterator; -import java.util.Set; -import javax.naming.InitialContext; - -import org.jboss.ejb.Container; -import org.jboss.ejb.MethodInvocation; -import org.jboss.logging.Logger; -import org.jboss.metadata.BeanMetaData; -import org.jboss.metadata.SecurityIdentityMetaData; -import org.jboss.security.EJBSecurityManager; -import org.jboss.security.RealmMapping; -import org.jboss.security.SecurityAssociation; -import org.jboss.security.SimplePrincipal; - -/** The SecurityInterceptor is where the EJB 2.0 declarative security model -is enforced. This is where the caller identity propagation is controlled as well. - -@author a href=[EMAIL PROTECTED]Oleg Nitz/a -@author [EMAIL PROTECTED] -@version $Revision: 1.17 $ -*/ -public class SecurityInterceptor extends AbstractInterceptor -{ -/** - * @clientCardinality 0..1 - * @supplierCardinality 1 - */ -protected Container container; - -/** - * @supplierCardinality 0..1 - * @supplierQualifier authentication - * @clientCardinality 1..* - */ -protected EJBSecurityManager securityManager; - -/** - * @supplierCardinality 0..1 - * @clientCardinality 1..* - * @supplierQualifier identity mapping - */ -protected RealmMapping realmMapping; -protected Principal runAsRole; - -public SecurityInterceptor() -{ -} - -/** Called by the super class to set the container to which this interceptor - belongs. We obtain the security manager and runAs identity to use here. - */ -public void setContainer(Container container) -{ -this.container = container; -BeanMetaData beanMetaData = container.getBeanMetaData(); -SecurityIdentityMetaData secMetaData = beanMetaData.getSecurityIdentityMetaData(); -if( secMetaData != null secMetaData.getUseCallerIdentity() == false ) -{ -String roleName = secMetaData.getRunAsRoleName(); -runAsRole = new SimplePrincipal(roleName); -} -securityManager = container.getSecurityManager(); -realmMapping = container.getRealmMapping(); -} - -public Container getContainer() -{ -return container; -} - - // Container implementation -- -public void start() throws Exception -{ -super.start(); -} - -public Object invokeHome(MethodInvocation mi) throws Exception -{ -// Authenticate the subject and apply any declarative security checks -checkSecurityAssociation(mi, true); -/* If a run-as role was specified, push it so that any calls made - by this bean will have the runAsRole available for declarative - security checks. -*/ -if( runAsRole != null ) -{ -SecurityAssociation.pushRunAsRole(runAsRole); -} -try -{ -Object returnValue = getNext().invokeHome(mi); -return returnValue; -} -finally -{ -if( runAsRole != null ) -{ -SecurityAssociation.popRunAsRole(); -} -} -} -public Object invoke(MethodInvocation mi) throws Exception -{ -// Authenticate the subject and apply any declarative security checks -checkSecurityAssociation(mi, false); -/* If a run-as role was specified, push it so that any calls made - by this bean will have the runAsRole available for declarative - security checks. -*/ -if( runAsRole != null ) -{ -
[JBoss-dev] CVS update: jboss/src/main/org/jboss/ejb/plugins SecurityInterceptor.java
User: starksm Date: 01/06/15 01:31:02 Modified:src/main/org/jboss/ejb/plugins SecurityInterceptor.java Log: Add support for the EJB2.0 security-identity/run-as element Revision ChangesPath 1.17 +90 -9 jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java Index: SecurityInterceptor.java === RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- SecurityInterceptor.java 2001/06/11 07:04:15 1.16 +++ SecurityInterceptor.java 2001/06/15 08:31:02 1.17 @@ -16,17 +16,19 @@ import org.jboss.ejb.Container; import org.jboss.ejb.MethodInvocation; import org.jboss.logging.Logger; - +import org.jboss.metadata.BeanMetaData; +import org.jboss.metadata.SecurityIdentityMetaData; import org.jboss.security.EJBSecurityManager; import org.jboss.security.RealmMapping; import org.jboss.security.SecurityAssociation; +import org.jboss.security.SimplePrincipal; /** The SecurityInterceptor is where the EJB 2.0 declarative security model -is enforced. +is enforced. This is where the caller identity propagation is controlled as well. @author a href=[EMAIL PROTECTED]Oleg Nitz/a @author [EMAIL PROTECTED] -@version $Revision: 1.16 $ +@version $Revision: 1.17 $ */ public class SecurityInterceptor extends AbstractInterceptor { @@ -49,14 +51,25 @@ * @supplierQualifier identity mapping */ protected RealmMapping realmMapping; +protected Principal runAsRole; public SecurityInterceptor() { } +/** Called by the super class to set the container to which this interceptor + belongs. We obtain the security manager and runAs identity to use here. + */ public void setContainer(Container container) { this.container = container; +BeanMetaData beanMetaData = container.getBeanMetaData(); +SecurityIdentityMetaData secMetaData = beanMetaData.getSecurityIdentityMetaData(); +if( secMetaData != null secMetaData.getUseCallerIdentity() == false ) +{ +String roleName = secMetaData.getRunAsRoleName(); +runAsRole = new SimplePrincipal(roleName); +} securityManager = container.getSecurityManager(); realmMapping = container.getRealmMapping(); } @@ -76,13 +89,51 @@ { // Authenticate the subject and apply any declarative security checks checkSecurityAssociation(mi, true); -return getNext().invokeHome(mi); +/* If a run-as role was specified, push it so that any calls made + by this bean will have the runAsRole available for declarative + security checks. +*/ +if( runAsRole != null ) +{ +SecurityAssociation.pushRunAsRole(runAsRole); +} +try +{ +Object returnValue = getNext().invokeHome(mi); +return returnValue; +} +finally +{ +if( runAsRole != null ) +{ +SecurityAssociation.popRunAsRole(); +} +} } public Object invoke(MethodInvocation mi) throws Exception { // Authenticate the subject and apply any declarative security checks checkSecurityAssociation(mi, false); -return getNext().invoke(mi); +/* If a run-as role was specified, push it so that any calls made + by this bean will have the runAsRole available for declarative + security checks. +*/ +if( runAsRole != null ) +{ +SecurityAssociation.pushRunAsRole(runAsRole); +} +try +{ +Object returnValue = getNext().invoke(mi); +return returnValue; +} +finally +{ +if( runAsRole != null ) +{ +SecurityAssociation.popRunAsRole(); +} +} } /** The EJB 2.0 declarative security algorithm: @@ -93,9 +144,14 @@ private void checkSecurityAssociation(MethodInvocation mi, boolean home) throws Exception { -// if this isn't ok, bean shouldn't deploy +Principal principal = mi.getPrincipal(); +Object credential = mi.getCredential(); +// If there is not a security manager then there is no authentication required if (securityManager == null) { +// Allow for the progatation of caller info to other beans +SecurityAssociation.setPrincipal( principal ); +SecurityAssociation.setCredential( credential ); return; }
[JBoss-dev] CVS update: jboss/src/main/org/jboss/ejb/plugins SecurityInterceptor.java
User: starksm Date: 01/05/24 00:04:45 Modified:src/main/org/jboss/ejb/plugins Tag: Branch_2_2 SecurityInterceptor.java Log: Improve the SecurityException message Revision ChangesPath No revision No revision 1.13.2.2 +8 -5 jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java Index: SecurityInterceptor.java === RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java,v retrieving revision 1.13.2.1 retrieving revision 1.13.2.2 diff -u -r1.13.2.1 -r1.13.2.2 --- SecurityInterceptor.java 2001/04/01 01:52:05 1.13.2.1 +++ SecurityInterceptor.java 2001/05/24 07:04:45 1.13.2.2 @@ -39,7 +39,7 @@ @author a href=[EMAIL PROTECTED]Oleg Nitz/a @author [EMAIL PROTECTED] -@version $Revision: 1.13.2.1 $ +@version $Revision: 1.13.2.2 $ */ public class SecurityInterceptor extends AbstractInterceptor { @@ -208,8 +208,9 @@ Object credential = mi.getCredential(); if( principal == null || securityManager.isValid(principal, credential) == false ) { -Logger.error(Authentication exception, principal=+principal); -SecurityException e = new SecurityException(Authentication exception); +String msg = Authentication exception, principal=+principal; +Logger.error(msg); +SecurityException e = new SecurityException(msg); throw new RemoteException(checkSecurityAssociation, e); } else @@ -225,8 +226,10 @@ if( methodRoles == null || realmMapping.doesUserHaveRole(principal, methodRoles) == false ) { String method = mi.getMethod().getName(); -Logger.error(Illegal access, principal=+principal+ method=+method); -SecurityException e = new SecurityException(Illegal access exception); +String msg = Insufficient method permissions, principal=+principal ++ , method=+method+, requiredRoles=+methodRoles; +Logger.error(msg); +SecurityException e = new SecurityException(msg); throw new RemoteException(checkSecurityAssociation, e); } } ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: jboss/src/main/org/jboss/ejb/plugins SecurityInterceptor.java
User: starksm Date: 01/05/09 20:19:54 Modified:src/main/org/jboss/ejb/plugins SecurityInterceptor.java Log: Make the SecurityException msgs more descriptive Revision ChangesPath 1.15 +8 -5 jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java Index: SecurityInterceptor.java === RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- SecurityInterceptor.java 2001/03/30 10:40:58 1.14 +++ SecurityInterceptor.java 2001/05/10 03:19:54 1.15 @@ -39,7 +39,7 @@ @author a href=[EMAIL PROTECTED]Oleg Nitz/a @author [EMAIL PROTECTED] -@version $Revision: 1.14 $ +@version $Revision: 1.15 $ */ public class SecurityInterceptor extends AbstractInterceptor { @@ -208,8 +208,9 @@ Object credential = mi.getCredential(); if( principal == null || securityManager.isValid(principal, credential) == false ) { -Logger.error(Authentication exception, principal=+principal); -SecurityException e = new SecurityException(Authentication exception); +String msg = Authentication exception, principal=+principal; +Logger.error(msg); +SecurityException e = new SecurityException(msg); throw new RemoteException(checkSecurityAssociation, e); } else @@ -225,8 +226,10 @@ if( methodRoles == null || realmMapping.doesUserHaveRole(principal, methodRoles) == false ) { String method = mi.getMethod().getName(); -Logger.error(Illegal access, principal=+principal+ method=+method); -SecurityException e = new SecurityException(Illegal access exception); +String msg = Insufficient method permissions, principal=+principal ++ , method=+method+, requiredRoles=+methodRoles; +Logger.error(msg); +SecurityException e = new SecurityException(msg); throw new RemoteException(checkSecurityAssociation, e); } } ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: jboss/src/main/org/jboss/ejb/plugins SecurityInterceptor.java
User: starksm Date: 01/03/30 02:40:58 Modified:src/main/org/jboss/ejb/plugins SecurityInterceptor.java Log: Fix the logging of the method name that fails the access permission check. Revision ChangesPath 1.14 +3 -2 jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java Index: SecurityInterceptor.java === RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- SecurityInterceptor.java 2001/03/27 07:23:06 1.13 +++ SecurityInterceptor.java 2001/03/30 10:40:58 1.14 @@ -39,7 +39,7 @@ @author a href="[EMAIL PROTECTED]"Oleg Nitz/a @author [EMAIL PROTECTED] -@version $Revision: 1.13 $ +@version $Revision: 1.14 $ */ public class SecurityInterceptor extends AbstractInterceptor { @@ -224,7 +224,8 @@ */ if( methodRoles == null || realmMapping.doesUserHaveRole(principal, methodRoles) == false ) { -Logger.error("Illegal access, principal="+principal+" method="+mi); +String method = mi.getMethod().getName(); +Logger.error("Illegal access, principal="+principal+" method="+method); SecurityException e = new SecurityException("Illegal access exception"); throw new RemoteException("checkSecurityAssociation", e); } ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development