KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > ejb3 > test > security > StatelessSessionBean3


1 /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10   * the License, or (at your option) any later version.
11   *
12   * This software is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this software; if not, write to the Free
19   * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21   */
22 package org.jboss.ejb3.test.security;
23
24 import java.rmi.RemoteException JavaDoc;
25 import java.security.Principal JavaDoc;
26
27 import javax.annotation.Resource;
28 import javax.annotation.security.RunAs;
29 import javax.ejb.EJBException JavaDoc;
30 import javax.ejb.Remote JavaDoc;
31 import javax.ejb.SessionContext JavaDoc;
32 import javax.ejb.Stateless JavaDoc;
33 import javax.naming.InitialContext JavaDoc;
34
35 import org.jboss.annotation.ejb.RemoteBinding;
36 import org.jboss.annotation.security.SecurityDomain;
37 import org.jboss.ejb3.test.security.StatelessSession;
38 import org.jboss.logging.Logger;
39
40
41 /** A SessionBean that accesses an Entity bean in its echo() method to test runAs
42  identity propagation. It also access its own excluded() method to test that the runAs
43  identity is also see on methods of this bean that are invoked through the
44  remote interface.
45  
46  @author Scott.Stark@jboss.org
47  @version $Revision: 45758 $
48  */
49 @Stateless JavaDoc
50 @Remote JavaDoc(org.jboss.ejb3.test.security.StatelessSession.class)
51 @RemoteBinding(jndiBinding = "spec.RunAsStatelessSession")
52 @SecurityDomain("spec-test")
53 @RunAs("InternalRole")
54 public class StatelessSessionBean3
55 {
56    private static final Logger log = Logger
57    .getLogger(StatelessSessionBean3.class);
58    
59    @Resource SessionContext JavaDoc sessionContext;
60    
61    public void testGetBusinessObject()
62    {
63       StatelessSession ss = (StatelessSession)sessionContext.getBusinessObject(org.jboss.ejb3.test.security.StatelessSession.class);
64       ss.noop();
65    }
66
67    /** This method creates an instance of the entity bean bound under
68     java:comp/env/ejb/Entity and then invokes its echo method. This
69     method should be accessible by user's with a role of Echo, while
70     the Entity bean should only be accessible by the runAs role.
71     */
72    public String JavaDoc echo(String JavaDoc arg)
73    {
74       log.debug("echo, arg="+arg);
75       // This call should fail if the bean is not secured
76 Principal JavaDoc p = sessionContext.getCallerPrincipal();
77       log.debug("echo, callerPrincipal="+p);
78       return p.getName();
79    }
80    
81    public String JavaDoc forward(String JavaDoc echoArg)
82    {
83       log.debug("forward, echoArg="+echoArg);
84       String JavaDoc echo = null;
85       try
86       {
87          InitialContext JavaDoc ctx = new InitialContext JavaDoc();
88          StatelessSession bean = (StatelessSession) ctx.lookup("java:comp/env/ejb/Session");
89          echo = bean.echo(echoArg);
90       }
91       catch(Exception JavaDoc e)
92       {
93          log.debug("failed", e);
94          throw new EJBException JavaDoc(e);
95       }
96       return echo;
97    }
98    
99    /** This method gets this bean's remote interface and invokes the
100     excluded() method to test that the method is accessed as the
101     runAs role.
102     */
103    public void noop()
104    {
105       log.debug("noop calling excluded...");
106       excluded();
107    }
108    
109    public void npeError()
110    {
111       log.debug("npeError");
112       Object JavaDoc obj = null;
113       obj.toString();
114    }
115    public void unchecked()
116    {
117       Principal JavaDoc p = sessionContext.getCallerPrincipal();
118       log.debug("StatelessSessionBean.unchecked, callerPrincipal="+p);
119    }
120    
121    /** This method should be assigned access to the runAs role and no user
122     should have this role.
123     */
124    public void excluded()
125    {
126       log.debug("excluded, accessed");
127       // This call should fail if the bean is not secured
128 Principal JavaDoc p = sessionContext.getCallerPrincipal();
129       log.debug("excluded, callerPrincipal="+p);
130    }
131 }
132
Popular Tags