001: /**
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */package org.apache.geronimo.corba;
017:
018: import java.net.URI;
019:
020: import javax.transaction.TransactionManager;
021:
022: import org.apache.commons.logging.Log;
023: import org.apache.commons.logging.LogFactory;
024: import org.apache.geronimo.gbean.AbstractName;
025: import org.apache.geronimo.gbean.GBeanLifecycle;
026: import org.apache.geronimo.gbean.InvalidConfigurationException;
027: import org.apache.geronimo.corba.security.config.ConfigAdapter;
028: import org.apache.geronimo.corba.security.config.css.CSSConfig;
029: import org.apache.geronimo.corba.security.config.ssl.SSLConfig;
030: import org.apache.geronimo.corba.security.config.tss.TSSConfig;
031: import org.apache.geronimo.corba.security.ClientPolicy;
032: import org.apache.geronimo.corba.transaction.ClientTransactionPolicyConfig;
033: import org.apache.geronimo.corba.transaction.ClientTransactionPolicy;
034: import org.apache.geronimo.corba.transaction.nodistributedtransactions.NoDTxClientTransactionPolicyConfig;
035: import org.apache.geronimo.corba.util.Util;
036: import org.omg.CORBA.ORB;
037: import org.omg.CORBA.UserException;
038: import org.omg.CORBA.PolicyManager;
039: import org.omg.CORBA.Policy;
040: import org.omg.CORBA.SetOverrideType;
041: import org.omg.CosNaming.NameComponent;
042: import org.omg.CosNaming.NamingContextExt;
043: import org.omg.CosNaming.NamingContextExtHelper;
044:
045: /**
046: * A CSSBean is an ORB instance configured for
047: * accessing EJBs using a specific security profile. A single
048: * CSSBean can be referenced by multiple ejb-refs that share a
049: * common security profile.
050: *
051: * For each CSSBean instance, there will be a backing
052: * ORB configured with the appropriate interceptors and
053: * principal information to access the target object.
054: * @version $Revision: 502382 $ $Date: 2007-02-01 14:23:31 -0800 (Thu, 01 Feb 2007) $
055: */
056: public class CSSBean implements GBeanLifecycle, ORBConfiguration {
057:
058: private final static Log log = LogFactory.getLog(CSSBean.class);
059:
060: private final ClassLoader classLoader;
061: private final ConfigAdapter configAdapter;
062: private final TransactionManager transactionManager;
063: private String description;
064: private CSSConfig cssConfig;
065: private SSLConfig sslConfig;
066: // ORB used for activating and accessing the target bean.
067: private ORB cssORB;
068: // ORB used for nameservice lookups.
069: private ORB nssORB;
070: private AbstractName abstractName;
071:
072: public CSSBean() {
073: this .classLoader = null;
074: this .configAdapter = null;
075: this .transactionManager = null;
076: this .abstractName = null;
077: this .sslConfig = null;
078: this .cssConfig = null;
079: }
080:
081: public CSSBean(ConfigAdapter configAdapter,
082: TransactionManager transactionManager, SSLConfig ssl,
083: AbstractName abstractName, ClassLoader classLoader)
084: throws ClassNotFoundException, IllegalAccessException,
085: InstantiationException {
086: this .abstractName = abstractName;
087: this .classLoader = classLoader;
088: this .transactionManager = transactionManager;
089: this .configAdapter = configAdapter;
090: this .sslConfig = ssl;
091: }
092:
093: public String getDescription() {
094: return description;
095: }
096:
097: public void setDescription(String description) {
098: this .description = description;
099: }
100:
101: public CSSConfig getCssConfig() {
102: return cssConfig;
103: }
104:
105: public void setCssConfig(CSSConfig config) {
106: if (config == null)
107: config = new CSSConfig();
108: this .cssConfig = config;
109: }
110:
111: public TSSConfig getTssConfig() {
112: // just return a default no security one.
113: return new TSSConfig();
114: }
115:
116: /**
117: * Return the SSLConfig used for this ORB instance.
118: * if one has not been configured, this returns
119: * a default configuration.
120: *
121: * @return The SSLConfig object use to manage transport-level
122: * security.
123: */
124: public SSLConfig getSslConfig() {
125: if (sslConfig == null) {
126: sslConfig = new SSLConfig();
127: }
128: return sslConfig;
129: }
130:
131: public ORB getORB() {
132: return cssORB;
133: }
134:
135: /**
136: * Return the retrieval URI for this bean.
137: *
138: * @return The URI for the bean AbstractName;
139: */
140: public String getURI() {
141: return abstractName.toString();
142: }
143:
144: public org.omg.CORBA.Object getHome(URI nsURI, String name) {
145:
146: if (log.isDebugEnabled())
147: log.debug(description + " - Looking up home from "
148: + nsURI.toString() + " at " + name);
149:
150: try {
151: // The following may seem unncecessary, but it isn't. We need to use one ORB to
152: // retrieve the object reference from the NameService because the SecurityInterceptor
153: // attached to the main ORB instance may add additional service contexts to the
154: // NameService request that will cause failures. We use one configuration to access
155: // the server, and the activate the object on the real one.
156: org.omg.CORBA.Object ref = nssORB.string_to_object(nsURI
157: .toString());
158: NamingContextExt ic = NamingContextExtHelper.narrow(ref);
159:
160: NameComponent[] nameComponent = ic.to_name(name);
161: org.omg.CORBA.Object bean = ic.resolve(nameComponent);
162:
163: // Ok, now we have an object reference from the naming service, but we need to
164: // activate that object on the cssORB instance before we hand it out. Activating it
165: // on the cssORB will ensure that all of the interceptors and policies we define on the
166: // cssORB will get used for all requests involving this bean.
167: String beanIOR = nssORB.object_to_string(bean);
168: bean = cssORB.string_to_object(beanIOR);
169:
170: return bean;
171: } catch (NoSuchMethodError e) {
172: log
173: .error("Incorrect level of org.omg.CORBA classes found.\nLikely cause is an incorrect java.endorsed.dirs configuration");
174: throw new InvalidConfigurationException(
175: "CORBA usage requires Yoko CORBA spec classes in java.endorsed.dirs classpath",
176: e);
177: } catch (UserException ue) {
178: log.error(description + " - Looking up home", ue);
179: throw new RuntimeException(description
180: + " - Looking up home", ue);
181: }
182: }
183:
184: /**
185: * Start this GBean instance, which essentially
186: * sets up an ORB and configures a client context
187: * for handling requests.
188: *
189: * @exception Exception
190: */
191: public void doStart() throws Exception {
192:
193: // we create a dummy CSSConfig if one has not be specified prior to this.
194: if (cssConfig == null) {
195: cssConfig = new CSSConfig();
196: }
197:
198: ClassLoader savedLoader = Thread.currentThread()
199: .getContextClassLoader();
200: try {
201: log.debug("Starting CSS ORB " + getURI());
202:
203: Thread.currentThread().setContextClassLoader(classLoader);
204: // register this so we can retrieve this in the interceptors
205: Util.registerORB(getURI(), this );
206:
207: // create an ORB using the name service.
208: nssORB = configAdapter.createNameServiceClientORB(this );
209: // the configAdapter creates the ORB instance for us.
210: cssORB = configAdapter.createClientORB(this );
211: PolicyManager policyManager = (PolicyManager) cssORB
212: .resolve_initial_references("ORBPolicyManager");
213: Policy[] policies = new Policy[] {
214: new ClientPolicy(cssConfig),
215: new ClientTransactionPolicy(
216: buildClientTransactionPolicyConfig()) };
217: policyManager.set_policy_overrides(policies,
218: SetOverrideType.ADD_OVERRIDE);
219: } finally {
220: Thread.currentThread().setContextClassLoader(savedLoader);
221: }
222:
223: log.debug("Started CORBA Client Security Server - "
224: + description);
225: }
226:
227: private ClientTransactionPolicyConfig buildClientTransactionPolicyConfig() {
228: return new NoDTxClientTransactionPolicyConfig(
229: transactionManager);
230: }
231:
232: public void doStop() throws Exception {
233: cssORB.destroy();
234: nssORB.destroy();
235: // remove this from the registry
236: Util.unregisterORB(getURI());
237: cssORB = null;
238: nssORB = null;
239: log.debug("Stopped CORBA Client Security Server - "
240: + description);
241: }
242:
243: public void doFail() {
244: log.debug("Failed CORBA Client Security Server " + description);
245: }
246:
247: }
|