| java.lang.Object
 org.jboss.web.AbstractWebDeployer
| AbstractWebDeployer | | abstract public class AbstractWebDeployer (Code) | | A template pattern class for web deployer integration into JBoss. This class
should be subclasses by war deployers providers wishing to integrate into
a JBoss server.
It provides support for mapping the following web-app.xml/jboss-web.xml elements
into the JBoss server JNDI namespace:
- env-entry
- resource-ref
- resource-env-ref
- ejb-ref
- ejb-local-ref
- security-domain
Subclasses need to implement the
AbstractWebDeployer.performDeploy(WebApplication,String,WebDescriptorParser) performDeploy() and
AbstractWebDeployer.performUndeploy(String,WebApplication) performUndeploy() methods to perform the
container specific steps and return the web application info required by the
AbstractWebContainer class.
Integration with the JBossSX security framework is based on the establishment
of a java:comp/env/security context as described in the
AbstractWebDeployer.linkSecurityDomain(String,Context) linkSecurityDomain comments.
The security context provides access to the JBossSX security mgr interface
implementations for use by subclass request interceptors. A outline of the
steps for authenticating a user is:
// Get the username & password from the request context...
String username = f(request);
String password = f(request);
// Get the JBoss security manager from the ENC context
InitialContext iniCtx = new InitialContext();
SecurityManager securityMgr = (SecurityManager) iniCtx.lookup("java:comp/env/security/securityMgr");
SimplePrincipal principal = new SimplePrincipal(username);
if( securityMgr.isValid(principal, password) )
{
// Indicate the user is allowed access to the web content...
// Propagate the user info to JBoss for any calls into made by the servlet
SecurityAssociation.setPrincipal(principal);
SecurityAssociation.setCredential(password.toCharArray());
}
else
{
// Deny access...
}
An outline of the steps for authorizing the user is:
// Get the username & required roles from the request context...
String username = f(request);
String[] roles = f(request);
// Get the JBoss security manager from the ENC context
InitialContext iniCtx = new InitialContext();
RealmMapping securityMgr = (RealmMapping) iniCtx.lookup("java:comp/env/security/realmMapping");
SimplePrincipal principal = new SimplePrincipal(username);
Set requiredRoles = new HashSet(Arrays.asList(roles));
if( securityMgr.doesUserHaveRole(principal, requiredRoles) )
{
// Indicate the user has the required roles for the web content...
}
else
{
// Deny access...
}
The one thing to be aware of is the relationship between the thread context
class loader and the JNDI ENC context. Any method that attempts to access
the JNDI ENC context must have the ClassLoader in the WebApplication returned
from the
AbstractWebDeployer.performDeploy(WebApplication,String,WebDescriptorParser) performDeploy as its thread
context ClassLoader or else the lookup for java:comp/env will fail with a
name not found exception, or worse, it will receive some other web application
ENC context. If your adapting a web container that is trying be compatible with
both 1.1 and 1.2 Java VMs this is something you need to pay special attention
to. For example, I have seen problems a request interceptor that was handling
the authentication/authorization callouts in tomcat3.2.1 not having the same
thread context ClassLoader as was used to dispatch the http service request.
See Also: AbstractWebDeployer.performDeploy(WebApplication webApp,String warUrl,WebDescriptorParser webAppParser)
See Also: AbstractWebDeployer.performUndeploy(String,WebApplication)
See Also: AbstractWebDeployer.parseWebAppDescriptors(DeploymentInfo,ClassLoader,WebMetaData)
See Also: AbstractWebDeployer.linkSecurityDomain(String,Context)
See Also: org.jboss.security.RealmMapping;
See Also: org.jboss.security.SimplePrincipal;
See Also: org.jboss.security.SecurityAssociation;
author:
Scott.Stark@jboss.org
version:
$Revision: 61864 $ |
| Method Summary | |
| protected void | addEnvEntries(Iterator envEntries, Context envCtx)
| | protected void | createPermissions(WebMetaData metaData, PolicyConfiguration pc)
Create the JACC permission based on the security constraints obtained
from the web.xml metadata. | | public String[] | getCompileClasspath(ClassLoader loader)
A utility method that walks up the ClassLoader chain starting at
the given loader and queries each ClassLoader for a 'URL[] getURLs()'
method from which a complete classpath of URL strings is built. | | public String | getDefaultSecurityDomain()
Get the default security domain implementation to use if a war
does not declare a security-domain. | | public boolean | getJava2ClassLoadingCompliance()
Get the flag indicating if the normal Java2 parent first class loading
model should be used over the servlet 2.3 web container first model. | | public boolean | getLenientEjbLink()
| | public MBeanServer | getServer()
| | public String[] | getStandardCompileClasspath(ClassLoader loader)
A utility method that searches the given loader for the
resources: "javax/servlet/resources/web-app_2_3.dtd",
"org/apache/jasper/resources/jsp12.dtd", and "javax/ejb/EJBHome.class"
and returns an array of URL strings. | | public boolean | getUnpackWars()
Set the flag indicating if war archives should be unpacked. | | abstract public void | init(Object containerConfig)
| | protected void | linkEjbLocalRefs(Iterator ejbRefs, Context envCtx, DeploymentInfo di)
| | protected void | linkEjbRefs(Iterator ejbRefs, Context envCtx, DeploymentInfo di)
| | protected void | linkMessageDestinationRefs(WebMetaData metaData, Context envCtx, DeploymentInfo di)
| | protected void | linkResourceEnvRefs(Iterator resourceEnvRefs, Context envCtx)
| | protected void | linkResourceRefs(Iterator resourceRefs, Context envCtx)
| | protected void | linkSecurityDomain(String securityDomain, Context envCtx)
This creates a java:comp/env/security context that contains a
securityMgr binding pointing to an AuthenticationManager implementation
and a realmMapping binding pointing to a RealmMapping implementation.
If the jboss-web.xml descriptor contained a security-domain element
then the bindings are LinkRefs to the jndi name specified by the
security-domain element. | | protected void | parseWebAppDescriptors(DeploymentInfo di, ClassLoader loader, WebMetaData metaData)
This method is invoked from within subclass performDeploy() method
implementations when they invoke WebDescriptorParser.parseWebAppDescriptors().
Parameters:
loader - the ClassLoader for the web application. | | abstract protected void | performDeploy(WebApplication webApp, String warUrl, WebDescriptorParser webAppParser)
This method is called by the deploy() method template and must be overriden by
subclasses to perform the web container specific deployment steps.
Parameters:
webApp - The web application information context. | | abstract protected void | performUndeploy(String warUrl, WebApplication webApp)
Called as part of the undeploy() method template to ask the
subclass for perform the web container specific undeployment steps. | | public void | setDefaultSecurityDomain(String defaultSecurityDomain)
Set the default security domain implementation to use if a war
does not declare a security-domain. | | public void | setJava2ClassLoadingCompliance(boolean flag)
Set the flag indicating if the normal Java2 parent first class loading
model should be used over the servlet 2.3 web container first model. | | public void | setLenientEjbLink(boolean flag)
| | public void | setServer(MBeanServer server)
| | public void | setUnpackWars(boolean flag)
Get the flag indicating if war archives should be unpacked. | | public synchronized WebApplication | start(DeploymentInfo di)
A template pattern implementation of the deploy() method. | | public synchronized void | stop(DeploymentInfo di)
A template pattern implementation of the undeploy() method. |
| defaultSecurityDomain | | protected String defaultSecurityDomain(Code) | | The default security-domain name to use
|
| java2ClassLoadingCompliance | | protected boolean java2ClassLoadingCompliance(Code) | | The parent class loader first model flag
|
| lenientEjbLink | | protected boolean lenientEjbLink(Code) | | If true, ejb-links that don't resolve don't cause an error (fallback to jndi-name)
|
| unpackWars | | protected boolean unpackWars(Code) | | A flag indicating if war archives should be unpacked
|
| AbstractWebDeployer | | public AbstractWebDeployer()(Code) | | |
| createPermissions | | protected void createPermissions(WebMetaData metaData, PolicyConfiguration pc) throws PolicyContextException(Code) | | Create the JACC permission based on the security constraints obtained
from the web.xml metadata.
Parameters:
metaData -
Parameters:
pc -
throws:
PolicyContextException - |
| getCompileClasspath | | public String[] getCompileClasspath(ClassLoader loader)(Code) | | A utility method that walks up the ClassLoader chain starting at
the given loader and queries each ClassLoader for a 'URL[] getURLs()'
method from which a complete classpath of URL strings is built.
|
| getDefaultSecurityDomain | | public String getDefaultSecurityDomain()(Code) | | Get the default security domain implementation to use if a war
does not declare a security-domain.
jndi name of the security domain binding to use. |
| getJava2ClassLoadingCompliance | | public boolean getJava2ClassLoadingCompliance()(Code) | | Get the flag indicating if the normal Java2 parent first class loading
model should be used over the servlet 2.3 web container first model.
true for parent first, false for the servlet 2.3 model |
| getLenientEjbLink | | public boolean getLenientEjbLink()(Code) | | Get the flag indicating if ejb-link errors should be ignored
in favour of trying the jndi-name in jboss-web.xml
a boolean value |
| getStandardCompileClasspath | | public String[] getStandardCompileClasspath(ClassLoader loader)(Code) | | A utility method that searches the given loader for the
resources: "javax/servlet/resources/web-app_2_3.dtd",
"org/apache/jasper/resources/jsp12.dtd", and "javax/ejb/EJBHome.class"
and returns an array of URL strings. Any jar: urls are reduced to the
underlying portion of the 'jar:!/{entry}' construct.
|
| getUnpackWars | | public boolean getUnpackWars()(Code) | | Set the flag indicating if war archives should be unpacked. This may
need to be set to false as long extraction paths under deploy can
show up as deployment failures on some platforms.
true is war archives should be unpacked |
| linkSecurityDomain | | protected void linkSecurityDomain(String securityDomain, Context envCtx) throws NamingException(Code) | | This creates a java:comp/env/security context that contains a
securityMgr binding pointing to an AuthenticationManager implementation
and a realmMapping binding pointing to a RealmMapping implementation.
If the jboss-web.xml descriptor contained a security-domain element
then the bindings are LinkRefs to the jndi name specified by the
security-domain element. If there was no security-domain element then
the bindings are to NullSecurityManager instance which simply allows
all access.
|
| parseWebAppDescriptors | | protected void parseWebAppDescriptors(DeploymentInfo di, ClassLoader loader, WebMetaData metaData) throws Exception(Code) | | This method is invoked from within subclass performDeploy() method
implementations when they invoke WebDescriptorParser.parseWebAppDescriptors().
Parameters:
loader - the ClassLoader for the web application. May not be null.
Parameters:
metaData - the WebMetaData from the WebApplication object passed tothe performDeploy method. |
| performDeploy | | abstract protected void performDeploy(WebApplication webApp, String warUrl, WebDescriptorParser webAppParser) throws Exception(Code) | | This method is called by the deploy() method template and must be overriden by
subclasses to perform the web container specific deployment steps.
Parameters:
webApp - The web application information context. This contains themetadata such as the context-root element value from the J2EEapplication/module/web application.xml descriptor and virtual-host.
Parameters:
warUrl - The string for the URL of the web application war.
Parameters:
webAppParser - The callback interface the web container should use tosetup the web app JNDI environment for use by the web app components. Thisneeds to be invoked after the web app class loader is known, but beforeand web app components attempt to access the java:comp/env JNDI namespace. |
| performUndeploy | | abstract protected void performUndeploy(String warUrl, WebApplication webApp) throws Exception(Code) | | Called as part of the undeploy() method template to ask the
subclass for perform the web container specific undeployment steps.
|
| setDefaultSecurityDomain | | public void setDefaultSecurityDomain(String defaultSecurityDomain)(Code) | | Set the default security domain implementation to use if a war
does not declare a security-domain.
Parameters:
defaultSecurityDomain - - jndi name of the security domain bindingto use. |
| setJava2ClassLoadingCompliance | | public void setJava2ClassLoadingCompliance(boolean flag)(Code) | | Set the flag indicating if the normal Java2 parent first class loading
model should be used over the servlet 2.3 web container first model.
Parameters:
flag - true for parent first, false for the servlet 2.3 model |
| setLenientEjbLink | | public void setLenientEjbLink(boolean flag)(Code) | | Set the flag indicating if ejb-link errors should be ignored
in favour of trying the jndi-name in jboss-web.xml
|
| setUnpackWars | | public void setUnpackWars(boolean flag)(Code) | | Get the flag indicating if war archives should be unpacked. This may
need to be set to false as long extraction paths under deploy can
show up as deployment failures on some platforms.
Parameters:
flag - , true is war archives should be unpacked |
| start | | public synchronized WebApplication start(DeploymentInfo di) throws DeploymentException(Code) | | A template pattern implementation of the deploy() method. This method
calls the
AbstractWebDeployer.performDeploy(WebApplication,String,WebDescriptorParser) performDeploy() method to
perform the container specific deployment steps and registers the
returned WebApplication in the deployment map. The steps performed are:
ClassLoader appClassLoader = thread.getContextClassLoader();
URLClassLoader warLoader = URLClassLoader.newInstance(empty, appClassLoader);
thread.setContextClassLoader(warLoader);
WebDescriptorParser webAppParser = ...;
WebMetaData metaData = di.metaData;
// Create JACC permissions, contextID, etc. ...
WebApplication warInfo = new WebApplication(metaData);
performDeploy(warInfo, warUrl, webAppParser);
deploymentMap.put(warUrl, warInfo);
thread.setContextClassLoader(appClassLoader);
The subclass performDeploy() implementation needs to invoke
webAppParser.parseWebAppDescriptors(loader, warInfo) to have the JNDI
java:comp/env namespace setup before any web app component can access
this namespace.
Also, an MBean for each servlet deployed should be created and its
JMX ObjectName placed into the DeploymentInfo.mbeans list so that the
JSR77 layer can create the approriate model view. The servlet MBean
needs to provide access to the min, max and total time in milliseconds.
Expose this information via MinServiceTime, MaxServiceTime and TotalServiceTime
attributes to integrate seemlessly with the JSR77 factory layer.
Parameters:
di - The deployment info that contains the context-root element valuefrom the J2EE application/module/web application.xml descriptor. This maybe null if war was is not being deployed as part of an enterprise application.It also contains the URL of the web application war. |
| stop | | public synchronized void stop(DeploymentInfo di) throws DeploymentException(Code) | | A template pattern implementation of the undeploy() method. This method
calls the
AbstractWebDeployer.performUndeploy(String,WebApplication) performUndeploy() method to
perform the container specific undeployment steps and unregisters the
the warUrl from the deployment map.
|
|
|