Package javax.security.jacc

Examples of javax.security.jacc.WebRoleRefPermission

587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
      for (; esrr.hasMoreElements();){
    SecurityRoleReference srr = (SecurityRoleReference)esrr.nextElement();
    if(srr != null){
        String action = srr.getRoleName();
        WebRoleRefPermission wrrp = new WebRoleRefPermission(name, action);
        role.add(new Role(action));
        pc.addToRole(srr.getSecurityRoleLink().getName(),wrrp);
        if (logger.isLoggable(Level.FINE)){
      logger.log(Level.FINE,"JACC: role-reference translation: RoleRefPermission created with name(servlet-name)  = "+ name  +
           " and action(Role-name tag) = " + action + " added to role(role-link tag) = "+ srr.getSecurityRoleLink().getName());
        }

    }
      }
      if (logger.isLoggable(Level.FINE)){
    logger.log(Level.FINE,"JACC: role-reference translation: Going through the list of roles not present in RoleRef elements and creating WebRoleRefPermissions ");
      }
      for(Iterator it = roleset.iterator(); it.hasNext();){
    Role r = (Role)it.next();
    if (logger.isLoggable(Level.FINE)){
        logger.log(Level.FINE,"JACC: role-reference translation: Looking at Role =  "+r.getName());
    }
    if(!role.contains(r)){
        String action = r.getName();
        WebRoleRefPermission wrrp = new WebRoleRefPermission(name, action);
        pc.addToRole(action ,wrrp);
        if (logger.isLoggable(Level.FINE)){
      logger.log(Level.FINE,"JACC: role-reference translation: RoleRef  = "+ action +
           " is added for servlet-resource = " + name);
      logger.log(Level.FINE, "JACC: role-reference translation: Permission added for above role-ref ="
           + wrrp.getName() +" "+ wrrp.getActions());
        }
    }
      }
  }
  if (logger.isLoggable(Level.FINE)){
      logger.exiting("WebPermissionUtil", "createWebRoleRefPermission");
  }
       
        // START S1AS8PE 4966609
        /**
         * For every security role in the web application add a
         * WebRoleRefPermission to the corresponding role. The name of all such
         * permissions shall be the empty string, and the actions of each
         * permission shall be the corresponding role name. When checking a
         * WebRoleRefPermission from a JSP not mapped to a servlet, use a
         * permission with the empty string as its name
         * and with the argument to isUserInRole as its actions
         */
        for(Iterator it = roleset.iterator(); it.hasNext();){
            Role r = (Role)it.next();
            if (logger.isLoggable(Level.FINE)){
                logger.log(Level.FINE,
                    "JACC: role-reference translation: Looking at Role =  "
                        + r.getName());
            }
            String action = r.getName();
            WebRoleRefPermission wrrp = new WebRoleRefPermission("", action);
            pc.addToRole(action ,wrrp);
            if (logger.isLoggable(Level.FINE)){
                logger.log(Level.FINE,
                    "JACC: role-reference translation: RoleRef  = "
                    + action
                    + " is added for jsp's that can't be mapped to servlets");
                logger.log(Level.FINE,
                    "JACC: role-reference translation: Permission added for above role-ref ="
                     + wrrp.getName() +" "+ wrrp.getActions());
            }
        }
        // END S1AS8PE 4966609
               
    }
View Full Code Here
590
591
592
593
594
595
596
597
    }

    private void addUnmappedJSPPermissions(Set securityRoles, Map rolePermissions) {
        for (Iterator iter = securityRoles.iterator(); iter.hasNext();) {
            String roleName = (String) iter.next();
            addPermissionToRole(roleName, new WebRoleRefPermission("", roleName), rolePermissions);
        }
    }
View Full Code Here
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
            SecurityRoleRefType securityRoleRefType = securityRoleRefTypeArray[j];
            String roleName = securityRoleRefType.getRoleName().getStringValue().trim();
            String roleLink = securityRoleRefType.getRoleLink().getStringValue().trim();

            //jacc 3.1.3.2
            addPermissionToRole(roleLink, new WebRoleRefPermission(servletName, roleName), rolePermissions);
            unmappedRoles.remove(roleName);
        }
        for (Iterator iterator = unmappedRoles.iterator(); iterator.hasNext();) {
            String roleName = (String) iterator.next();
            addPermissionToRole(roleName, new WebRoleRefPermission(servletName, roleName), rolePermissions);
        }
//       servletData.setAttribute("webRoleRefPermissions", webRoleRefPermissions);

    }
View Full Code Here
928
929
930
931
932
933
934
935
    }

    private void addUnmappedJSPPermissions(Set securityRoles, Map rolePermissions) {
        for (Iterator iter = securityRoles.iterator(); iter.hasNext();) {
            String roleName = (String) iter.next();
            addPermissionToRole(roleName, new WebRoleRefPermission("", roleName), rolePermissions);
        }
    }
View Full Code Here
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
            * must be the value of the role-name (that is the  reference), appearing in the security-role-ref.
            * The deployment tools must  call the addToRole method on the PolicyConfiguration object to add the
            * WebRoleRefPermission object resulting from the translation to the role
            * identified in the role-link appearing in the security-role-ref.
            */
            addPermissionToRole(roleLink, new WebRoleRefPermission(servletName, roleName), rolePermissions);
            unmappedRoles.remove(roleName);
        }
        for (Iterator iterator = unmappedRoles.iterator(); iterator.hasNext();) {
            String roleName = (String) iterator.next();
            addPermissionToRole(roleName, new WebRoleRefPermission(servletName, roleName), rolePermissions);
        }
//        servletData.setAttribute("webRoleRefPermissions", webRoleRefPermissions);

        earContext.addGBean(servletData);
    }
View Full Code Here
147
148
149
150
151
152
153
154
155
156
157
            // JACC v1.0 secion B.19
            String servletName = JettyServletHolder.getCurrentServletName();
            if (servletName.equals("jsp")) {
                servletName = "";
            }
            acc.checkPermission(new WebRoleRefPermission(servletName, role));
        } catch (AccessControlException e) {
            return false;
        }
        return true;
    }
View Full Code Here
293
294
295
296
297
298
299
300
301
302
303
        try {
            /**
             * JACC v1.0 secion 4.1.3
             */
            acc.checkPermission(new WebRoleRefPermission(name, role));
        } catch (AccessControlException e) {
            return false;
        }

        return true;
View Full Code Here
143
144
145
146
147
148
149
150
151
152
153
            // JACC v1.0 secion B.19
            String servletName = InternalJettyServletHolder.getCurrentServletName();
            if (servletName == null || servletName.equals("jsp")) {
                servletName = "";
            }
            acc.checkPermission(new WebRoleRefPermission(servletName, role));
        } catch (AccessControlException e) {
            return false;
        }
        return true;
    }
View Full Code Here
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
         Set<String> unreferencedRoles = metaData.getSecurityRoleNames();
         if(roleRefs != null)
         for(SecurityRoleRefMetaData roleRef : roleRefs)
         {
            String roleName = roleRef.getRoleLink();
            WebRoleRefPermission wrrp = new WebRoleRefPermission(servletName, roleRef.getName());
            pc.addToRole(roleName, wrrp);
            /* A bit of a hack due to how tomcat calls out to its Realm.hasRole()
            with a role name that has been mapped to the role-link value. We
            may need to handle this with a custom request wrapper.
            */
            wrrp = new WebRoleRefPermission(servletName, roleName);
            pc.addToRole(roleRef.getName(), wrrp);
            // Remove the role from the unreferencedRoles
            unreferencedRoles.remove(roleName);
         }
        
         //Spec 3.1.3.2: For each servlet element in the deployment descriptor
         //a WebRoleRefPermission must be added to each security-role of the
         //application whose name does not appear as the rolename
         //in a security-role-ref within the servlet element. 
         if(unreferencedRoles != null)
         for(String unrefRole : unreferencedRoles)
         {
            WebRoleRefPermission unrefP = new WebRoleRefPermission(servletName,unrefRole);
            pc.addToRole(unrefRole, unrefP);
         }
      }

      Set<String> unreferencedRoles = metaData.getSecurityRoleNames();
      //JACC 1.1:Spec 3.1.3.2: For each security-role defined in the deployment descriptor, an
      //additional WebRoleRefPermission must be added to the corresponding role by
      //calling the addToRole method on the PolicyConfiguration object. The
      //name of all such permissions must be the empty string, and the actions of each
      //such permission must be the role-name of the corresponding role.
      if(unreferencedRoles != null)
      for(String unreferencedRole : unreferencedRoles)
      {
        WebRoleRefPermission wrrep = new WebRoleRefPermission("", unreferencedRole);
        pc.addToRole(unreferencedRole, wrrep);
      }
     
      // Now build the cross product of the unreferencedRoles and servlets
      Set<String> servletNames = servlets.keySet();
      if(servletNames != null)
      for(String servletName : servletNames)
      {
         if(unreferencedRoles != null)
         for(String role : unreferencedRoles)
         {
            WebRoleRefPermission wrrp = new WebRoleRefPermission(servletName, role);
            pc.addToRole(role, wrrp);           
         }
      }
      /**
       * The programmatic security checks are made from jsps.
       * JBAS-3054:Use of isCallerInRole from jsp does not work for JACC
       */
      if(unreferencedRoles != null)
      for(String role : unreferencedRoles)
      {
         WebRoleRefPermission wrrp = new WebRoleRefPermission("", role);
         pc.addToRole(role, wrrp)
      }
   }
View Full Code Here
46
47
48
49
50
51
52
53
54
55
56
                // Get the permissions associated with the Subject we obtained
                PermissionCollection permissionCollection = getPermissionCollection(subject);
               
                // Resolve any potentially unresolved permissions
                permissionCollection.implies(new WebRoleRefPermission("", "nothing"));
               
                // Filter just the roles from all the permissions, which may include things like
                // java.net.SocketPermission, java.io.FilePermission, and obtain the actual role names.
                Set<String> roles = filterRoles(request, permissionCollection);
               
View Full Code Here
TOP

Related Classes of javax.security.jacc.WebRoleRefPermission

  • com.sun.enterprise.security.web.integration.WebPermissionUtil
  • com.sun.web.security.WebPermissionUtil
  • org.apache.geronimo.jetty.deployment.JettyModuleBuilder
  • org.apache.geronimo.jetty.InternalJAASJettyRealm
  • org.apache.geronimo.jetty.JAASJettyRealm
  • org.apache.geronimo.jetty.JettyXMLConfiguration
  • org.apache.geronimo.jetty6.InternalJAASJettyRealm
  • org.apache.geronimo.jetty7.handler.GeronimoUserIdentity
  • org.apache.geronimo.jetty8.handler.GeronimoJettyUserIdentity
  • org.apache.geronimo.jetty8.handler.GeronimoUserIdentity
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.