001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.ejb.plugins;
023:
024: import java.security.Principal;
025: import javax.ejb.EJBContext;
026: import javax.naming.InitialContext;
027:
028: import org.jboss.ejb.Container;
029: import org.jboss.ejb.EJBProxyFactoryContainer;
030: import org.jboss.ejb.EnterpriseContext;
031: import org.jboss.invocation.Invocation;
032: import org.jboss.logging.Logger;
033:
034: import org.jboss.security.AuthenticationManager;
035: import org.jboss.security.SecurityProxy;
036: import org.jboss.security.SecurityProxyFactory;
037:
038: /**
039: * The SecurityProxyInterceptor is where the EJB custom security proxy
040: * integration is performed. This interceptor is dynamically added to container
041: * interceptors when the deployment descriptors specifies a security
042: * proxy. It is added just before the container interceptor so that the
043: * interceptor has access to the EJB instance and context.
044: *
045: * @author <a href="mailto:Scott.Stark@jboss.org">Scott Stark</a>.
046: * @version $Revision: 57209 $
047: */
048: public class SecurityProxyInterceptor extends AbstractInterceptor {
049: /**
050: * The JNDI name of the SecurityProxyFactory used to wrap security
051: * proxy objects that do not implement the SecurityProxy interface
052: */
053: public final String SECURITY_PROXY_FACTORY_NAME = "java:/SecurityProxyFactory";
054:
055: /** Instance logger. */
056: protected Logger log = Logger.getLogger(this .getClass());
057:
058: protected AuthenticationManager securityManager;
059:
060: /**
061: * @supplierCardinality 0..1
062: * @clientCardinality 1
063: * @supplierQualifier custom security
064: */
065: protected SecurityProxy securityProxy;
066:
067: public SecurityProxyInterceptor() {
068: super ();
069: }
070:
071: public void setContainer(Container container) {
072: super .setContainer(container);
073: if (container != null) {
074: securityManager = container.getSecurityManager();
075: Object secProxy = container.getSecurityProxy();
076: if (secProxy != null) {
077: // If this is not a SecurityProxy instance then use the default
078: // SecurityProxy implementation
079: if ((secProxy instanceof SecurityProxy) == false) {
080: try {
081: // Get default SecurityProxyFactory from JNDI at
082: InitialContext iniCtx = new InitialContext();
083: SecurityProxyFactory proxyFactory = (SecurityProxyFactory) iniCtx
084: .lookup(SECURITY_PROXY_FACTORY_NAME);
085: securityProxy = proxyFactory.create(secProxy);
086: } catch (Exception e) {
087: log
088: .error(
089: "Failed to initialze DefaultSecurityProxy",
090: e);
091: }
092: } else {
093: securityProxy = (SecurityProxy) secProxy;
094: }
095:
096: // Initialize the securityProxy
097: try {
098: EJBProxyFactoryContainer ic = (EJBProxyFactoryContainer) container;
099: Class beanHome = ic.getHomeClass();
100: Class beanRemote = ic.getRemoteClass();
101: Class beanLocalHome = ic.getLocalHomeClass();
102: Class beanLocal = ic.getLocalClass();
103: if (beanLocal == null) {
104: securityProxy.init(beanHome, beanRemote,
105: securityManager);
106: } else {
107: securityProxy.init(beanHome, beanRemote,
108: beanLocalHome, beanLocal,
109: securityManager);
110: }
111: } catch (Exception e) {
112: log.error("Failed to initialze SecurityProxy", e);
113: }
114: if (log.isInfoEnabled())
115: log.info("Initialized SecurityProxy="
116: + securityProxy);
117: }
118: }
119: }
120:
121: // Container implementation --------------------------------------
122:
123: public void start() throws Exception {
124: super .start();
125: }
126:
127: public Object invokeHome(Invocation mi) throws Exception {
128: // Apply any custom security checks
129: if (securityProxy != null) {
130: EJBContext ctx = null;
131: EnterpriseContext ectx = (EnterpriseContext) mi
132: .getEnterpriseContext();
133: if (ectx != null)
134: ctx = ectx.getEJBContext();
135: Object[] args = mi.getArguments();
136: securityProxy.setEJBContext(ctx);
137: try {
138: securityProxy.invokeHome(mi.getMethod(), args);
139: } catch (SecurityException e) {
140: Principal principal = mi.getPrincipal();
141: String msg = "SecurityProxy.invokeHome exception, principal="
142: + principal;
143: log.error(msg, e);
144: throw e;
145: }
146: }
147: return getNext().invokeHome(mi);
148: }
149:
150: public Object invoke(Invocation mi) throws Exception {
151: // Apply any custom security checks
152: if (securityProxy != null) {
153: EnterpriseContext ectx = (EnterpriseContext) mi
154: .getEnterpriseContext();
155: Object bean = ectx.getInstance();
156: EJBContext ctx = ectx.getEJBContext();
157: Object[] args = mi.getArguments();
158: securityProxy.setEJBContext(ctx);
159: try {
160: securityProxy.invoke(mi.getMethod(), args, bean);
161: } catch (SecurityException e) {
162: Principal principal = mi.getPrincipal();
163: String msg = "SecurityProxy.invoke exception, principal="
164: + principal;
165: log.error(msg, e);
166: throw e;
167: }
168: }
169: return getNext().invoke(mi);
170: }
171: }
|