/** * Generate the JSR 115 policy file for a web application, bundled * within a ear or deployed as a standalone war file. * * Implementation note: If the generated file doesn't contains * all the permission, the role mapper is probably broken. */ protected void configureSecurity(WebBundleDescriptor wbd, boolean isSystem) { try { webSecurityManagerFactory.createManager(wbd,true, serverContext); String context = WebSecurityManager.getContextID(wbd); SecurityUtil.generatePolicyFile(context); if (isSystem && context.equals("__admingui/__admingui")) { websecurityProbeProvider.policyCreationEvent(context); } } catch (Exception ce) { _logger.log(Level.SEVERE, "policy.configure", ce); throw new RuntimeException(ce); } }
/** * Links the policy contexts of the application * * @param app * @param webs */ private void linkPolicies(Application app, Collection<WebBundleDescriptor> webs) throws DeploymentException { try { String linkName = null; boolean lastInService = false; for (WebBundleDescriptor wbd : webs) { String name = SecurityUtil.getContextID(wbd); lastInService = SecurityUtil.linkPolicyFile(name, linkName, lastInService); linkName = name; } Set<EjbBundleDescriptor> ejbs = app.getBundleDescriptors(EjbBundleDescriptor.class); for (EjbBundleDescriptor ejbd : ejbs) { String name = SecurityUtil.getContextID(ejbd); lastInService = SecurityUtil.linkPolicyFile(name, linkName, lastInService); linkName = name; } // extra commit (see above) } catch (IASSecurityException se) { String msg = "Error in linking security policy for " + app.getRegistrationName(); throw new DeploymentException(msg, se); } }
/** * commits ejb policy contexts. * This should occur in EjbApplication, being done here until * issue with ejb-ejb31-singleton-multimoduleApp.ear is resolved * @param ejbs */ private void commitEjbs(Application app) throws DeploymentException { Set<EjbBundleDescriptor> ejbDescriptors = app.getBundleDescriptors(EjbBundleDescriptor.class); try { for (EjbBundleDescriptor ejbBD : ejbDescriptors) { String pcid = SecurityUtil.getContextID(ejbBD); ejbProbeProvider.policyCreationStartedEvent(pcid); SecurityUtil.generatePolicyFile(pcid); ejbProbeProvider.policyCreationEndedEvent(pcid); ejbProbeProvider.policyCreationEvent(pcid); } } catch (Exception se) { String msg = "Error in committing security policy for ejbs of " + app.getRegistrationName(); throw new DeploymentException(msg, se); } }
SecurityUtil.removePolicy(contextId); probeProvider.policyDestructionEndedEvent(contextId); probeProvider.policyDestructionEvent(contextId); SecurityUtil.removeRoleMapper(dc);
public static String getContextID(WebBundleDescriptor wbd) { return SecurityUtil.getContextID(wbd); }
public static void removeRoleMapper(DeploymentContext dc) { OpsParams params = dc.getCommandParameters(OpsParams.class); if (params.origin != OpsParams.Origin.undeploy) { return; } String appName = params.name(); SecurityRoleMapperFactory factory = getRoleMapperFactory(); factory.removeRoleMapper(appName); }
@Override protected void cleanArtifacts(DeploymentContext dc) throws DeploymentException { removePolicy(dc); SecurityUtil.removeRoleMapper(dc); OpsParams params = dc.getCommandParameters(OpsParams.class); if (this.appCnonceMap != null) { CNonceCache cache = appCnonceMap.remove(params.name()); if (cache != null) { cache.destroy(); } } }
if (webcontexts[i] != null) { websecurityProbeProvider.policyDestructionStartedEvent(webcontexts[i]); SecurityUtil.removePolicy(webcontexts[i]); websecurityProbeProvider.policyDestructionEndedEvent(webcontexts[i]); websecurityProbeProvider.policyDestructionEvent(webcontexts[i]);
public static String getContextID(EjbBundleDescriptor ejbBundleDesc) { String cid = null; if (ejbBundleDesc != null) { /* detect special case of EJBs embedded in a war, * and make sure psuedo policy context id is unique within app */ Object root = ejbBundleDesc.getModuleDescriptor().getDescriptor(); if( (root != ejbBundleDesc) && (root instanceof WebBundleDescriptor ) ) { cid = createUniquePseudoModuleID(ejbBundleDesc); } else { cid = VersioningUtils.getRepositoryName(ejbBundleDesc.getApplication().getRegistrationName()) + '/' + ejbBundleDesc.getUniqueFriendlyId(); } } return cid; } public static String getContextID(WebBundleDescriptor wbd) {
/** * puts Web Bundle Policy In Service, repeats translation is Descriptor * indicate policy was changed by ContextListener. * @param webBD * @throws DeploymentException */ private void commitPolicy(WebBundleDescriptor webBD) throws DeploymentException { try { if (webBD != null) { if (webBD.isPolicyModified()) { // redo policy translation for web module loadPolicy(webBD, true); } String cid = SecurityUtil.getContextID(webBD); websecurityProbeProvider.policyCreationStartedEvent(cid); SecurityUtil.generatePolicyFile(cid); websecurityProbeProvider.policyCreationEndedEvent(cid); websecurityProbeProvider.policyCreationEvent(cid); } } catch (Exception se) { String msg = "Error in generating security policy for " + webBD.getModuleDescriptor().getModuleName(); throw new DeploymentException(msg, se); } }
public static String getContextID(EjbDescriptor ejbDesc) { return SecurityUtil.getContextID(ejbDesc.getEjbBundleDescriptor()); }
public EJBSecurityManager(EjbDescriptor ejbDescriptor, InvocationManager invMgr, EJBSecurityManagerFactory fact) throws Exception { this.deploymentDescriptor = (EjbDescriptor) ejbDescriptor; this.invMgr = invMgr; roleMapperFactory = SecurityUtil.getRoleMapperFactory(); // get the default policy policy = Policy.getPolicy(); ejbSFM = fact; boolean runas = !(deploymentDescriptor.getUsesCallerIdentity()); if (runas) { runAs = deploymentDescriptor.getRunAsIdentity(); // Note: runAs may be null even when runas==true if this EJB // is an MDB. if (runAs != null) { if (_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE, deploymentDescriptor.getEjbClassName() + " will run-as: " + runAs.getPrincipal() + " (" + runAs.getRoleName() + ")"); } } } else { runAs = null; } initialize(); }
/** * Translate Web Bundle Policy * @param webBD * @param remove boolean indicated whether any existing policy statements * are removed form context before translation * @throws DeploymentException */ private void loadPolicy(WebBundleDescriptor webBD, boolean remove) throws DeploymentException { try { if (webBD != null) { if (remove) { String cid = SecurityUtil.getContextID(webBD); WebSecurityManager wsm = wsmf.getManager(cid, null, true); if (wsm != null) { wsm.release(); } } wsmf.createManager(webBD, true, serverContext); } } catch (Exception se) { String msg = "Error in generating security policy for " + webBD.getModuleDescriptor().getModuleName(); throw new DeploymentException(msg, se); } }