SecuredBean


1   /*
2     * JBoss, Home of Professional Open Source
3     * Copyright 2005, JBoss Inc., and individual contributors as indicated
4     * by the @authors tag. See the copyright.txt in the distribution for a
5     * full listing of individual contributors.
6     *
7     * This is free software; you can redistribute it and/or modify it
8     * under the terms of the GNU Lesser General Public License as
9     * published by the Free Software Foundation; either version 2.1 of
10    * the License, or (at your option) any later version.
11    *
12    * This software is distributed in the hope that it will be useful,
13    * but WITHOUT ANY WARRANTY; without even the implied warranty of
14    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15    * Lesser General Public License for more details.
16    *
17    * You should have received a copy of the GNU Lesser General Public
18    * License along with this software; if not, write to the Free
19    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21    */
22  
23  package org.jboss.test.security.ejb;
24  
25  import java.rmi.RemoteException  ;
26  import java.security.Principal  ;
27  import java.security.acl.Group  ;
28  import java.util.Iterator  ;
29  import java.util.Set  ;
30  import javax.ejb.SessionContext  ;
31  import javax.ejb.SessionBean  ;
32  import javax.ejb.EJBException  ;
33  import javax.naming.InitialContext  ;
34  import javax.security.auth.Subject  ;
35  import javax.security.jacc.PolicyContext  ;
36  import javax.security.jacc.PolicyContextException  ;
37  
38  import org.jboss.test.security.interfaces.RunAsServiceRemote;
39  import org.jboss.test.security.interfaces.RunAsServiceRemoteHome;
40  import org.jboss.test.security.interfaces.CallerInfo;
41  import org.jboss.security.SimplePrincipal;
42  
43  /**
44   * A session facade that tests that the security context reflected by the 
45   * SecurityAssociation.getSubject and PolicyContext. This will not run under
46   * the security manager tests as ejbs are not granted access to these security
47   * apis.
48   * 
49   * @author Scott.Stark@jboss.org
50   * @version $Revision: 40163 $
51   */
52  public class SecuredBean implements SessionBean  
53  {
54     /** The JACC PolicyContext key for the current Subject */
55     private static final String   SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
56     private SessionContext   context;
57  
58     public void ejbCreate()
59     {
60     }
61     public void ejbActivate()
62     {
63     }
64     public void ejbPassivate()
65     {
66     }
67     public void ejbRemove()
68     {
69     }
70     public void setSessionContext(SessionContext   context)
71     {
72        this.context = context;
73     }
74  
75     public void unprotectedEjbMethod(CallerInfo info)
76        throws RemoteException  
77     {
78        Principal   caller = context.getCallerPrincipal();
79        if( caller.equals(info.getCallerIdentity()) == false )
80           throw new EJBException  ("getCallerPrincipal("+caller+") does not equal CallerIdentity: "+info.getCallerIdentity());
81  
82        validateRoles(info);
83        try
84        {
85           Subject   subject = (Subject  ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
86           validateRoles(info, subject);
87        }
88        catch (PolicyContextException   e)
89        {
90           throw new EJBException  (e);
91        }
92  
93        RunAsServiceRemote bean = getBean();
94        bean.unprotectedEjbMethod(info);
95     }
96     public void runAsMethod(CallerInfo info)
97        throws RemoteException  
98     {
99        Principal   caller = context.getCallerPrincipal();
100       if( caller.equals(info.getCallerIdentity()) == false )
101          throw new EJBException  ("getCallerPrincipal("+caller+") does not equal CallerIdentity: "+info.getCallerIdentity());
102 
103       validateRoles(info);
104       try
105       {
106          Subject   subject = (Subject  ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
107          validateRoles(info, subject);
108       }
109       catch (PolicyContextException   e)
110       {
111          throw new EJBException  (e);
112       }
113 
114       RunAsServiceRemote bean = getBean();
115       bean.runAsMethod(info);
116    }
117    public void groupMemberMethod(CallerInfo info)
118       throws RemoteException  
119    {
120       Principal   caller = context.getCallerPrincipal();
121       if( caller.equals(info.getCallerIdentity()) == false )
122          throw new EJBException  ("getCallerPrincipal("+caller+") does not equal CallerIdentity: "+info.getCallerIdentity());
123 
124       validateRoles(info);
125       try
126       {
127          Subject   subject = (Subject  ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
128          validateRoles(info, subject);
129       }
130       catch (PolicyContextException   e)
131       {
132          throw new EJBException  (e);
133       }
134 
135       RunAsServiceRemote bean = getBean();
136       bean.groupMemberMethod(info);
137    }
138    public void userMethod(CallerInfo info)
139       throws RemoteException  
140    {
141       Principal   caller = context.getCallerPrincipal();
142       if( caller.equals(info.getCallerIdentity()) == false )
143          throw new EJBException  ("getCallerPrincipal("+caller+") does not equal CallerIdentity: "+info.getCallerIdentity());
144 
145       validateRoles(info);
146       try
147       {
148          Subject   subject = (Subject  ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
149          validateRoles(info, subject);
150       }
151       catch (PolicyContextException   e)
152       {
153          throw new EJBException  (e);
154       }
155 
156       RunAsServiceRemote bean = getBean();
157       bean.userMethod(info);
158    }
159    public void allAuthMethod(CallerInfo info)
160       throws RemoteException  
161    {
162       Principal   caller = context.getCallerPrincipal();
163       if( caller.equals(info.getCallerIdentity()) == false )
164          throw new EJBException  ("getCallerPrincipal("+caller+") does not equal CallerIdentity: "+info.getCallerIdentity());
165 
166       validateRoles(info);
167       try
168       {
169          Subject   subject = (Subject  ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
170          validateRoles(info, subject);
171       }
172       catch (PolicyContextException   e)
173       {
174          throw new EJBException  (e);
175       }
176 
177       RunAsServiceRemote bean = getBean();
178       bean.allAuthMethod(info);
179    }
180    public void publicMethod(CallerInfo info)
181       throws RemoteException  
182    {
183       Principal   caller = context.getCallerPrincipal();
184       if( caller.equals(info.getCallerIdentity()) == false )
185          throw new EJBException  ("getCallerPrincipal("+caller+") does not equal CallerIdentity: "+info.getCallerIdentity());
186 
187       validateRoles(info);
188       try
189       {
190          Subject   subject = (Subject  ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
191          validateRoles(info, subject);
192       }
193       catch (PolicyContextException   e)
194       {
195          throw new EJBException  (e);
196       }
197 
198       RunAsServiceRemote bean = getBean();
199       bean.publicMethod(info);
200    }
201 
202    private RunAsServiceRemote getBean()
203    {
204       RunAsServiceRemote bean = null;
205       try
206       {
207          InitialContext   ctx = new InitialContext  ();
208          RunAsServiceRemoteHome home = (RunAsServiceRemoteHome) ctx.lookup("jacc/RunAs");
209          bean = home.create();
210       }
211       catch(Exception   e)
212       {
213          throw new EJBException  ("Failed to create RunAsServiceRemote", e);
214       }
215       return bean;
216    }
217 
218    private void validateRoles(CallerInfo info)
219       throws EJBException  
220    {
221       Iterator   iter = info.getExpectedCallerRoles().iterator();
222       StringBuffer   buffer = new StringBuffer  ();
223       while( iter.hasNext() )
224       {
225          String   role = (String  ) iter.next();
226          if( context.isCallerInRole(role) == false )
227          {
228             buffer.append(',');
229             buffer.append(role);
230          }
231       }
232 
233       if( buffer.length() > 0 )
234       {
235          buffer.insert(0, "isCallerInRole failed for: ");
236          throw new EJBException  (buffer.toString());
237       }
238    }
239 
240    private void validateRoles(CallerInfo info, Subject   subject)
241       throws EJBException  
242    {
243       // If there are no expected roles succeed
244       if( info.getExpectedCallerRoles().size() == 0 )
245          return;
246 
247       Iterator   iter = info.getExpectedCallerRoles().iterator();
248       Set   groups = subject.getPrincipals(Group  .class);
249       if( groups == null || groups.size() == 0 )
250          throw new EJBException  ("No groups found in the subject: "+subject);
251 
252       Group   roles = (Group  ) groups.iterator().next();
253       StringBuffer   buffer = new StringBuffer  ();
254       while( iter.hasNext() )
255       {
256          String   role = (String  ) iter.next();
257          SimplePrincipal srole = new SimplePrincipal(role);
258          if( roles.isMember(srole) == false )
259          {
260             buffer.append(',');
261             buffer.append(role);
262          }
263       }
264 
265       if( buffer.length() > 0 )
266       {
267          buffer.insert(0, "Principals failed for: ");
268          throw new EJBException  (buffer.toString());
269       }
270    }
271 }
272
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags