Package org.jboss.metadata.javaee.spec

Examples of org.jboss.metadata.javaee.spec.SecurityRolesMetaData

94
95
96
97
98
99
100
101
102
103
104
            }
        }

        Set<String> securityRoles = new HashSet<String>();
        // get all roles from the deployments descriptor (assembly descriptor roles)
        SecurityRolesMetaData secRolesMetaData = ejbComponentDescription.getSecurityRoles();
        if (secRolesMetaData != null) {
            for (SecurityRoleMetaData secRoleMetaData : secRolesMetaData) {
                securityRoles.add(secRoleMetaData.getRoleName());
            }
        }
View Full Code Here
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
            ROOT_LOGGER.trace("Using security domain: " + securityDomain + " for EJB " + ejbComponent.getComponentName());
        }
        final String runAs = securityMetaData.getRunAs();
        // TODO - We should do something with DeclaredRoles although it never has much meaning in JBoss AS
        final String runAsPrincipal = securityMetaData.getRunAsPrincipal();
        final SecurityRolesMetaData securityRoles = securityMetaData.getSecurityRoles();
        Set<String> extraRoles = null;
        Map<String,Set<String>> principalVsRolesMap = null;
        if (securityRoles != null) {
            principalVsRolesMap = securityRoles.getPrincipalVersusRolesMap();
            if (runAsPrincipal != null)
                extraRoles = securityRoles.getSecurityRoleNamesByPrincipal(runAsPrincipal);
        }
        SecurityContextInterceptorHolder holder = new SecurityContextInterceptorHolder();
        holder.setSecurityManager(securityManager).setSecurityDomain(securityDomain)
        .setRunAs(runAs).setRunAsPrincipal(runAsPrincipal).setPolicyContextID(this.policyContextID)
        .setExtraRoles(extraRoles).setPrincipalVsRolesMap(principalVsRolesMap)
View Full Code Here
143
144
145
146
147
148
149
150
151
152
153
154
            if (securityRoleMetaDatas != null) {
                for (final SecurityRoleMetaData securityRoleMetaData : securityRoleMetaDatas) {
                    securityRoles.add(securityRoleMetaData.getRoleName());
                }
            }
            final SecurityRolesMetaData securityRolesMD = ejbJarMD.getAssemblyDescriptor().getSecurityRoles();
            if (securityRolesMD != null && securityRolesMD.size() > 0) {
                for (final SecurityRoleMetaData securityRoleMD : securityRolesMD) {
                    securityRoles.add(securityRoleMD.getRoleName());
                }
            }
        }
View Full Code Here
369
370
371
372
373
374
375
376
377
378
379
380
381
382
        //merge security roles from the ear
        DeploymentUnit parent = deploymentUnit.getParent();
        if (parent != null) {
            final EarMetaData earMetaData = parent.getAttachment(org.jboss.as.ee.structure.Attachments.EAR_METADATA);
            if (earMetaData != null) {
                SecurityRolesMetaData earSecurityRolesMetaData = earMetaData.getSecurityRoles();
                if(earSecurityRolesMetaData != null) {
                    if(mergedMetaData.getSecurityRoles() == null) {
                        mergedMetaData.setSecurityRoles(new SecurityRolesMetaData());
                    }
                    SecurityRolesMetaDataMerger.merge(mergedMetaData.getSecurityRoles(), mergedMetaData.getSecurityRoles(), earSecurityRolesMetaData);
                }
            }
        }
View Full Code Here
217
218
219
220
221
222
223
224
225
226
227
228
        Map<String, Set<String>> previousRolesAssociationMap = null;
        try {
            // ensure the security roles association contains the incoming principal x roles map.
            if (incommingMappedRoles != null) {
                SecurityRolesMetaData rolesMetaData = (SecurityRolesMetaData) incommingMappedRoles;
                previousRolesAssociationMap = this.setSecurityRolesAssociation(rolesMetaData.getPrincipalVersusRolesMap());
            }

            AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext);
            for (String roleName : roleNames) {
                if (helper.isCallerInRole(resource, roleName)) {
View Full Code Here
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
            }
        }
        // @DeclareRoles
        final List<AnnotationInstance> declareRolesAnnotations = index.getAnnotations(declareRoles);
        if (declareRolesAnnotations != null && declareRolesAnnotations.size() > 0) {
            SecurityRolesMetaData securityRoles = metaData.getSecurityRoles();
            if (securityRoles == null) {
               securityRoles = new SecurityRolesMetaData();
               metaData.setSecurityRoles(securityRoles);
            }
            for (final AnnotationInstance annotation : declareRolesAnnotations) {
                if (annotation.value() == null) {
                    throw new DeploymentUnitProcessingException(UndertowLogger.ROOT_LOGGER.invalidDeclareRolesAnnotation(annotation.target()));
                }
                for (String role : annotation.value().asStringArray()) {
                    SecurityRoleMetaData sr = new SecurityRoleMetaData();
                    sr.setRoleName(role);
                    securityRoles.add(sr);
                }
            }
        }
        // @MultipartConfig
        final List<AnnotationInstance> multipartConfigAnnotations = index.getAnnotations(multipartConfig);
View Full Code Here
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
    private void createSecurityRoles(final Deployment dep, final JBossWebMetaData jbossWebMD) {
        final String authMethod = getAuthMethod(dep);
        final boolean hasAuthMethod = authMethod != null;

        if (hasAuthMethod) {
            final SecurityRolesMetaData securityRolesMD = ejb3SecurityAccessor.getSecurityRoles(dep);
            final boolean hasSecurityRolesMD = securityRolesMD != null && !securityRolesMD.isEmpty();

            if (hasSecurityRolesMD) {
                 WSLogger.ROOT_LOGGER.trace("Setting security roles");
                jbossWebMD.setSecurityRoles(securityRolesMD);
            }
        }

        //merge security roles from the ear
        //TODO: is there somewhere better to put this?
        final DeploymentUnit unit = dep.getAttachment(DeploymentUnit.class);
        DeploymentUnit parent = unit.getParent();
        if (parent != null) {
            final EarMetaData earMetaData = parent.getAttachment(org.jboss.as.ee.structure.Attachments.EAR_METADATA);
            if (earMetaData != null) {
                if (jbossWebMD.getSecurityRoles() == null) {
                    jbossWebMD.setSecurityRoles(new SecurityRolesMetaData());
                }

                SecurityRolesMetaData earSecurityRolesMetaData = earMetaData.getSecurityRoles();
                if (earSecurityRolesMetaData != null) {
                    SecurityRolesMetaDataMerger.merge(jbossWebMD.getSecurityRoles(), jbossWebMD.getSecurityRoles(), earSecurityRolesMetaData);
                }
            }
        }
View Full Code Here
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
        return securityDomain;
    }

    public SecurityRolesMetaData getSecurityRoles(final Deployment dep) {
        final SecurityRolesMetaData securityRolesMD = new SecurityRolesMetaData();

        Set<String> firstEndpointDeclaredSecurityRoles = null;
        for (final EJBEndpoint ejbEndpoint : getEjbEndpoints(dep)) {
            final Set<String> declaredSecurityRoles = ejbEndpoint.getDeclaredSecurityRoles();
            if (firstEndpointDeclaredSecurityRoles == null) {
                firstEndpointDeclaredSecurityRoles = declaredSecurityRoles;
            } else if (!firstEndpointDeclaredSecurityRoles.equals(declaredSecurityRoles)) {
                WSLogger.ROOT_LOGGER.multipleEndpointsWithDifferentDeclaredSecurityRoles();
            }
            //union of declared security roles from all endpoints...
            for (final String roleName : declaredSecurityRoles) {
                final SecurityRoleMetaData securityRoleMD = new SecurityRoleMetaData();
                securityRoleMD.setRoleName(roleName);
                securityRolesMD.add(securityRoleMD);
            }
        }

        return securityRolesMD;
    }
View Full Code Here
67
68
69
70
71
72
73
74
75
76
77
78
79
         servlets = new ServletsMetaData();
         metaData.setServlets(servlets);
      }
      super.processClass(servlets, type);
      // @DeclareRoles
      SecurityRolesMetaData securityRoles = metaData.getSecurityRoles();
      if(securityRoles == null)
      {
         securityRoles = new SecurityRolesMetaData();
         metaData.setSecurityRoles(securityRoles);
      }
      super.processClass(securityRoles, type);
   }
View Full Code Here
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
     * @param roleNames The role names for which the caller is being checked for
     * @return true if the user is in <b>any</b> one of the <code>roleNames</code>. Else returns false
     */
    public boolean isCallerInRole(final Object incommingMappedRoles, final Map<String, Collection<String>> roleLinks,
                                  final String... roleNames) {
        final SecurityRolesMetaData mappedRoles = (SecurityRolesMetaData) incommingMappedRoles;
        final SecurityContext securityContext = doPrivileged(securityContext());
        if (securityContext == null) {
            return false;
        }

        RoleGroup roleGroup = null;

        RunAs runAs = securityContext.getIncomingRunAs();
        if (runAs != null && runAs instanceof RunAsIdentity) {
            RunAsIdentity runAsIdentity = (RunAsIdentity) runAs;
            roleGroup = runAsIdentity.getRunAsRolesAsRoleGroup();
        } else {
            AuthorizationManager am = securityContext.getAuthorizationManager();
            SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(securityContext);

            roleGroup = am.getSubjectRoles(securityContext.getSubjectInfo().getAuthenticatedSubject(), scb);
        }

        List<Role> roles = roleGroup.getRoles();

        // TODO - Review most performant way.
        Set<String> requiredRoles = new HashSet<String>();
        for (String current : roleNames) {
            requiredRoles.add(current);
        }
        Set<String> actualRoles = new HashSet<String>();
        for (Role current : roles) {
            actualRoles.add(current.getRoleName());
        }
        // add mapped roles
        if (mappedRoles != null) {
            Principal callerPrincipal = getCallerPrincipal();
            Set<String> mapped = mappedRoles.getSecurityRoleNamesByPrincipal(callerPrincipal.getName());
            if (mapped != null) {
                actualRoles.addAll(mapped);
            }
        }
        // if the actual roles matches any of the required roles, then return true
View Full Code Here
TOP

Related Classes of org.jboss.metadata.javaee.spec.SecurityRolesMetaData

  • org.jboss.as.ejb3.deployment.processors.merging.RunAsMergingProcessor
  • org.jboss.as.ejb3.deployment.processors.merging.SecurityRolesMergingProcessor
  • org.jboss.as.ejb3.security.EjbJaccConfigurator
  • org.jboss.as.ejb3.security.SecurityContextInterceptorFactory
  • org.jboss.as.metadata.parser.servlet.WebCommonMetaDataParser
  • org.jboss.as.security.service.SimpleSecurityManager
  • org.jboss.as.web.deployment.JBossContextConfig
  • org.jboss.as.web.deployment.WarAnnotationDeploymentProcessor
  • org.jboss.as.web.deployment.WarMetaDataProcessor
  • org.jboss.as.webservices.deployers.WSIntegrationProcessorJAXRPC_EJB
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.