Java > Open Source Codes > org > jboss > test > security > ejb > RunAsBean


1 /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10   * the License, or (at your option) any later version.
11   *
12   * This software is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this software; if not, write to the Free
19   * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21   */
22
23 /*
24  * JBoss, Home of Professional Open Source
25  *
26  * Distributable under LGPL license.
27  * See terms of license at gnu.org.
28  */
29
30 package org.jboss.test.security.ejb;
31
32 import java.security.Principal ;
33 import java.security.acl.Group ;
34 import java.util.Set ;
35 import java.util.Iterator ;
36 import javax.ejb.SessionContext ;
37 import javax.ejb.SessionBean ;
38 import javax.ejb.EJBException ;
39 import javax.security.auth.Subject ;
40 import javax.security.jacc.PolicyContext ;
41 import javax.security.jacc.PolicyContextException ;
42
43 import org.jboss.test.security.interfaces.CallerInfo;
44 import org.jboss.security.SimplePrincipal;
45
46 /**
47  A target session bean that should be deployed with a caller executing with
48  a run-as identity.
49
50  @author Scott.Stark@jboss.org
51  @version $Revision: 40165 $
52  */
53 public class RunAsBean implements SessionBean
54 {
55    /** The JACC PolicyContext key for the current Subject */
56    private static final String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
57    private SessionContext context;
58
59    public void ejbCreate()
60    {
61    }
62    public void ejbActivate()
63    {
64    }
65    public void ejbPassivate()
66    {
67    }
68    public void ejbRemove()
69    {
70    }
71    public void setSessionContext(SessionContext context)
72    {
73       this.context = context;
74    }
75
76    public void unprotectedEjbMethod(CallerInfo info)
77    {
78       Principal caller = context.getCallerPrincipal();
79       if( caller.equals(info.getRunAsIdentity()) == false )
80          throw new EJBException ("getCallerPrincipal("+caller+") does not contain runAsIdentity: "+info.getRunAsIdentity());
81
82       validateRoles(info);
83
84       try
85       {
86          Subject subject = (Subject ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
87          String msg = "unprotectedEjbMethod, PolicyContext subject: "+subject
88          + ", CallerPrincipal: "+caller;
89          System.out.println(msg);
90          Set principals = subject.getPrincipals();
91          if( principals.contains(info.getRunAsIdentity()) == false )
92             throw new EJBException (principals+" does not contain runAsIdentity: "+info.getRunAsIdentity());
93          validateRoles(info, subject);
94       }
95       catch(PolicyContextException e)
96       {
97       }
98    }
99    public void runAsMethod(CallerInfo info)
100    {
101       Principal caller = context.getCallerPrincipal();
102       if( caller.equals(info.getRunAsIdentity()) == false )
103             throw new EJBException ("getCallerPrincipal("+caller+") does not contain runAsIdentity: "+info.getRunAsIdentity());
104
105       validateRoles(info);
106
107       try
108       {
109          Subject subject = (Subject ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
110          String msg = "runAsMethod, PolicyContext subject: "+subject
111          + ", CallerPrincipal: "+caller;
112          System.out.println(msg);
113          Set principals = subject.getPrincipals();
114          if( principals.contains(info.getRunAsIdentity()) == false )
115             throw new EJBException (principals+" does not contain runAsIdentity: "+info.getRunAsIdentity());
116          validateRoles(info, subject);
117       }
118       catch(PolicyContextException e)
119       {
120       }
121    }
122    public void groupMemberMethod(CallerInfo info)
123    {
124       Principal caller = context.getCallerPrincipal();
125       if( caller.equals(info.getRunAsIdentity()) == false )
126             throw new EJBException ("getCallerPrincipal("+caller+") does not contain runAsIdentity: "+info.getRunAsIdentity());
127
128       validateRoles(info);
129
130       try
131       {
132          Subject subject = (Subject ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
133          String msg = "groupMemberMethod, PolicyContext subject: "+subject
134          + ", CallerPrincipal: "+caller;
135          System.out.println(msg);
136          Set principals = subject.getPrincipals();
137          if( principals.contains(info.getRunAsIdentity()) == false )
138             throw new EJBException (principals+" does not contain runAsIdentity: "+info.getRunAsIdentity());
139          validateRoles(info, subject);
140       }
141       catch(PolicyContextException e)
142       {
143       }
144    }
145    public void userMethod(CallerInfo info)
146    {
147       Principal caller = context.getCallerPrincipal();
148       if( caller.equals(info.getRunAsIdentity()) == false )
149             throw new EJBException ("getCallerPrincipal("+caller+") does not contain runAsIdentity: "+info.getRunAsIdentity());
150
151       validateRoles(info);
152
153       try
154       {
155          Subject subject = (Subject ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
156          String msg = "userMethod, PolicyContext subject: "+subject
157          + ", CallerPrincipal: "+caller;
158          System.out.println(msg);
159          Set principals = subject.getPrincipals();
160          if( principals.contains(info.getRunAsIdentity()) == false )
161             throw new EJBException (principals+" does not contain runAsIdentity: "+info.getRunAsIdentity());
162          validateRoles(info, subject);
163       }
164       catch(PolicyContextException e)
165       {
166       }
167    }
168    public void allAuthMethod(CallerInfo info)
169    {
170       Principal caller = context.getCallerPrincipal();
171       if( caller.equals(info.getRunAsIdentity()) == false )
172             throw new EJBException ("getCallerPrincipal("+caller+") does not contain runAsIdentity: "+info.getRunAsIdentity());
173
174       validateRoles(info);
175
176       try
177       {
178          Subject subject = (Subject ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
179          String msg = "allAuthMethod, PolicyContext subject: "+subject
180          + ", CallerPrincipal: "+caller;
181          System.out.println(msg);
182          Set principals = subject.getPrincipals();
183          if( principals.contains(info.getRunAsIdentity()) == false )
184             throw new EJBException (principals+" does not contain runAsIdentity: "+info.getRunAsIdentity());
185          validateRoles(info, subject);
186       }
187       catch(PolicyContextException e)
188       {
189       }
190    }
191    public void publicMethod(CallerInfo info)
192    {
193       Principal caller = context.getCallerPrincipal();
194       if( caller.equals(info.getRunAsIdentity()) == false )
195             throw new EJBException ("getCallerPrincipal("+caller+") does not contain runAsIdentity: "+info.getRunAsIdentity());
196
197       validateRoles(info);
198
199       try
200       {
201          Subject subject = (Subject ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
202          String msg = "publicMethod, PolicyContext subject: "+subject
203             + ", CallerPrincipal: "+caller;
204          System.out.println(msg);
205          validateRoles(info, subject);
206       }
207       catch(PolicyContextException e)
208       {
209       }
210    }
211
212    private void validateRoles(CallerInfo info)
213       throws EJBException
214    {
215       Iterator iter = info.getExpectedRunAsRoles().iterator();
216       StringBuffer buffer = new StringBuffer ();
217       while( iter.hasNext() )
218       {
219          String role = (String ) iter.next();
220          if( context.isCallerInRole(role) == false )
221          {
222             buffer.append(',');
223             buffer.append(role);
224          }
225       }
226
227       if( buffer.length() > 0 )
228       {
229          buffer.insert(0, "isCallerInRole failed for: ");
230          throw new EJBException (buffer.toString());
231       }
232    }
233
234    private void validateRoles(CallerInfo info, Subject subject)
235       throws EJBException
236    {
237       Iterator iter = info.getExpectedRunAsRoles().iterator();
238       Set groups = subject.getPrincipals(Group .class);
239       if( groups == null || groups.size() == 0 )
240          throw new EJBException ("No groups found in the subject: "+subject);
241
242       Group roles = (Group ) groups.iterator().next();
243       StringBuffer buffer = new StringBuffer ();
244       while( iter.hasNext() )
245       {
246          String role = (String ) iter.next();
247          SimplePrincipal srole = new SimplePrincipal(role);
248          if( roles.isMember(srole) == false )
249          {
250             buffer.append(',');
251             buffer.append(role);
252          }
253       }
254
255       if( buffer.length() > 0 )
256       {
257          buffer.insert(0, "Principals failed for: ");
258          throw new EJBException (buffer.toString());
259       }
260    }
261 }
262

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags