001: /**
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */package org.apache.geronimo.corba;
017:
018: import org.apache.commons.logging.Log;
019: import org.apache.commons.logging.LogFactory;
020: import org.apache.geronimo.gbean.GBeanLifecycle;
021: import org.apache.geronimo.gbean.InvalidConfigurationException;
022: import org.omg.CORBA.Any;
023: import org.omg.CORBA.ORB;
024: import org.omg.CORBA.Policy;
025: import org.omg.CosNaming.NamingContextExt;
026: import org.omg.CosNaming.NamingContextExtHelper;
027: import org.omg.PortableServer.IdAssignmentPolicyValue;
028: import org.omg.PortableServer.ImplicitActivationPolicyValue;
029: import org.omg.PortableServer.LifespanPolicyValue;
030: import org.omg.PortableServer.POA;
031: import org.omg.PortableServer.RequestProcessingPolicyValue;
032: import org.omg.PortableServer.ServantRetentionPolicyValue;
033: import org.apache.geronimo.corba.security.ServerPolicy;
034: import org.apache.geronimo.corba.security.ServerPolicyFactory;
035: import org.apache.geronimo.corba.security.config.tss.TSSConfig;
036: import org.apache.geronimo.corba.security.config.tss.TSSNULLTransportConfig;
037:
038: import java.util.HashMap;
039: import java.util.Map;
040:
041: /**
042: * A TSSBean represents a transport-level security profile for exported EJB objects. An
043: * exported object is attached to a TSSBean-created named POA. The TSSBean POA
044: * is created in the context of the ORB controlled by a CORBABean instance.
045: * The parent CORBABean controls the transport-level security of the host connection and
046: * defines the endpoint connnection for the object (host and listener port).
047: * TSSBean may then define additional characteristics that
048: * get encoded in the IOR of the connection.
049: * @version $Revision: 497125 $ $Date: 2007-01-17 10:51:30 -0800 (Wed, 17 Jan 2007) $
050: */
051: public class TSSBean implements GBeanLifecycle {
052:
053: private final Log log = LogFactory.getLog(TSSBean.class);
054:
055: private final ClassLoader classLoader;
056: private final String POAName;
057: private final CORBABean server;
058: private POA localPOA;
059: private NamingContextExt initialContext;
060: private TSSConfig tssConfig;
061: private final Map adapters = new HashMap();
062: private Policy securityPolicy;
063:
064: /**
065: * gbean endpoint constructor
066: */
067: public TSSBean() {
068: classLoader = null;
069: POAName = null;
070: server = null;
071: }
072:
073: public TSSBean(ClassLoader classLoader, String POAName,
074: CORBABean server) {
075: this .classLoader = classLoader;
076: this .POAName = POAName;
077: this .server = server;
078: }
079:
080: public CORBABean getServer() {
081: return server;
082: }
083:
084: public String getPOAName() {
085: return POAName;
086: }
087:
088: public TSSConfig getTssConfig() {
089: return tssConfig;
090: }
091:
092: public void setTssConfig(TSSConfig tssConfig) {
093: if (tssConfig == null)
094: tssConfig = new TSSConfig();
095: this .tssConfig = tssConfig;
096: }
097:
098: /**
099: * TODO: Security policy really shouldn't be inserted if there is not CSI
100: * config to put into it.
101: *
102: * @throws Exception
103: */
104: public void doStart() throws Exception {
105: ClassLoader savedLoader = Thread.currentThread()
106: .getContextClassLoader();
107: try {
108: Thread.currentThread().setContextClassLoader(classLoader);
109:
110: ORB orb = server.getORB();
111: POA rootPOA = server.getRootPOA();
112:
113: Any any = orb.create_any();
114: any.insert_Value(new ServerPolicy.Config(
115: createCSIv2Config(), classLoader));
116:
117: securityPolicy = orb.create_policy(
118: ServerPolicyFactory.POLICY_TYPE, any);
119: Policy[] policies = new Policy[] {
120: securityPolicy,
121: rootPOA
122: .create_lifespan_policy(LifespanPolicyValue.TRANSIENT),
123: rootPOA
124: .create_request_processing_policy(RequestProcessingPolicyValue.USE_ACTIVE_OBJECT_MAP_ONLY),
125: rootPOA
126: .create_servant_retention_policy(ServantRetentionPolicyValue.RETAIN),
127: rootPOA
128: .create_id_assignment_policy(IdAssignmentPolicyValue.USER_ID),
129: rootPOA
130: .create_implicit_activation_policy(ImplicitActivationPolicyValue.NO_IMPLICIT_ACTIVATION), };
131: // there may be ORB-specific policy overrides required.
132: policies = server.addPolicyOverrides(policies);
133:
134: localPOA = rootPOA.create_POA(POAName, rootPOA
135: .the_POAManager(), policies);
136:
137: localPOA.the_POAManager().activate();
138:
139: org.omg.CORBA.Object obj = server.getORB()
140: .resolve_initial_references("NameService");
141: // NB: This is initial context is never used by the TSSBean, but we request it here
142: // to verify that the server ORB is correctly configured and our target server is accessible.
143: initialContext = NamingContextExtHelper.narrow(obj);
144: } catch (NoSuchMethodError e) {
145: log
146: .error("Incorrect level of org.omg.CORBA classes found.\nLikely cause is an incorrect java.endorsed.dirs configuration");
147: throw new InvalidConfigurationException(
148: "CORBA usage requires Yoko CORBA spec classes in java.endorsed.dirs classpath",
149: e);
150: } finally {
151: Thread.currentThread().setContextClassLoader(savedLoader);
152: }
153:
154: log.debug("Started CORBA Target Security Service in POA "
155: + POAName);
156: }
157:
158: public void doStop() throws Exception {
159: if (localPOA != null) {
160: // make sure this POA is destroyed so the bean can be potentially restarted.
161: // NOTE: we do NOT deactivate() the poa manager, as that will take down any
162: // other POAs attached to the same manager. Just destroying this POA is sufficient.
163: localPOA.destroy(true, false);
164: localPOA = null;
165: }
166: log.debug("Stopped CORBA Target Security Service in POA "
167: + POAName);
168: }
169:
170: public void doFail() {
171: log.warn("Failed CORBA Target Security Service in POA "
172: + POAName);
173: }
174:
175: private TSSConfig createCSIv2Config() {
176: if (tssConfig == null)
177: return null;
178: if (tssConfig.isInherit())
179: return server.getTssConfig();
180:
181: TSSConfig config = new TSSConfig();
182:
183: if (server.getTssConfig() != null) {
184: config.setTransport_mech(server.getTssConfig()
185: .getTransport_mech());
186: } else {
187: config.setTransport_mech(new TSSNULLTransportConfig());
188: }
189:
190: config.getMechListConfig().setStateful(
191: tssConfig.getMechListConfig().isStateful());
192: for (int i = 0; i < tssConfig.getMechListConfig().size(); i++) {
193: config.getMechListConfig().add(
194: tssConfig.getMechListConfig().mechAt(i));
195: }
196:
197: return config;
198: }
199:
200: public void registerContainer(TSSLink tssLink)
201: throws CORBAException {
202: AdapterWrapper adapterWrapper = new AdapterWrapper(tssLink);
203:
204: adapterWrapper.start(server.getORB(), localPOA, securityPolicy);
205: adapters.put(tssLink.getContainerId(), adapterWrapper);
206:
207: log.debug(POAName + " - Linked container "
208: + tssLink.getContainerId());
209: }
210:
211: public void unregisterContainer(TSSLink tssLink) {
212: AdapterWrapper adapterWrapper = (AdapterWrapper) adapters
213: .remove(tssLink.getContainerId());
214: if (adapterWrapper != null) {
215: try {
216: adapterWrapper.stop();
217: log.debug(POAName + " - Unlinked container "
218: + tssLink.getContainerId());
219: } catch (CORBAException e) {
220: log.error(POAName + " - Error unlinking container "
221: + tssLink.getContainerId(), e);
222: }
223: }
224: }
225:
226: /**
227: * Add the policy overrides (if any) to the list
228: * of policies used to create a POA instance.
229: *
230: * @param policies The base set of policies.
231: *
232: * @return A new Policy array with the overrides added. Returns
233: * the same array if no overrides are required.
234: */
235: public Policy[] addPolicyOverrides(Policy[] policies) {
236: return server.addPolicyOverrides(policies);
237: }
238: }
|