001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.test.security.ejb;
023:
024: import java.security.Principal;
025: import java.security.acl.Group;
026: import java.util.Set;
027: import java.util.Iterator;
028: import javax.ejb.SessionContext;
029: import javax.ejb.SessionBean;
030: import javax.ejb.EJBException;
031: import javax.security.auth.Subject;
032: import javax.security.jacc.PolicyContext;
033: import javax.security.jacc.PolicyContextException;
034:
035: import org.jboss.test.security.interfaces.CallerInfo;
036: import org.jboss.security.SimplePrincipal;
037:
038: /**
039: A target session bean that should be deployed with a caller executing with
040: a run-as identity.
041:
042: @author Scott.Stark@jboss.org
043: @version $Revision: 57211 $
044: */
045: public class RunAsBean implements SessionBean {
046: /** The JACC PolicyContext key for the current Subject */
047: private static final String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
048: private SessionContext context;
049:
050: public void ejbCreate() {
051: }
052:
053: public void ejbActivate() {
054: }
055:
056: public void ejbPassivate() {
057: }
058:
059: public void ejbRemove() {
060: }
061:
062: public void setSessionContext(SessionContext context) {
063: this .context = context;
064: }
065:
066: public void unprotectedEjbMethod(CallerInfo info) {
067: Principal caller = context.getCallerPrincipal();
068: if (caller.equals(info.getRunAsIdentity()) == false)
069: throw new EJBException("getCallerPrincipal(" + caller
070: + ") does not contain runAsIdentity: "
071: + info.getRunAsIdentity());
072:
073: validateRoles(info);
074:
075: try {
076: Subject subject = (Subject) PolicyContext
077: .getContext(SUBJECT_CONTEXT_KEY);
078: String msg = "unprotectedEjbMethod, PolicyContext subject: "
079: + subject + ", CallerPrincipal: " + caller;
080: System.out.println(msg);
081: Set principals = subject.getPrincipals();
082: if (principals.contains(info.getRunAsIdentity()) == false)
083: throw new EJBException(principals
084: + " does not contain runAsIdentity: "
085: + info.getRunAsIdentity());
086: validateRoles(info, subject);
087: } catch (PolicyContextException e) {
088: }
089: }
090:
091: public void runAsMethod(CallerInfo info) {
092: Principal caller = context.getCallerPrincipal();
093: if (caller.equals(info.getRunAsIdentity()) == false)
094: throw new EJBException("getCallerPrincipal(" + caller
095: + ") does not contain runAsIdentity: "
096: + info.getRunAsIdentity());
097:
098: validateRoles(info);
099:
100: try {
101: Subject subject = (Subject) PolicyContext
102: .getContext(SUBJECT_CONTEXT_KEY);
103: String msg = "runAsMethod, PolicyContext subject: "
104: + subject + ", CallerPrincipal: " + caller;
105: System.out.println(msg);
106: Set principals = subject.getPrincipals();
107: if (principals.contains(info.getRunAsIdentity()) == false)
108: throw new EJBException(principals
109: + " does not contain runAsIdentity: "
110: + info.getRunAsIdentity());
111: validateRoles(info, subject);
112: } catch (PolicyContextException e) {
113: }
114: }
115:
116: public void groupMemberMethod(CallerInfo info) {
117: Principal caller = context.getCallerPrincipal();
118: if (caller.equals(info.getRunAsIdentity()) == false)
119: throw new EJBException("getCallerPrincipal(" + caller
120: + ") does not contain runAsIdentity: "
121: + info.getRunAsIdentity());
122:
123: validateRoles(info);
124:
125: try {
126: Subject subject = (Subject) PolicyContext
127: .getContext(SUBJECT_CONTEXT_KEY);
128: String msg = "groupMemberMethod, PolicyContext subject: "
129: + subject + ", CallerPrincipal: " + caller;
130: System.out.println(msg);
131: Set principals = subject.getPrincipals();
132: if (principals.contains(info.getRunAsIdentity()) == false)
133: throw new EJBException(principals
134: + " does not contain runAsIdentity: "
135: + info.getRunAsIdentity());
136: validateRoles(info, subject);
137: } catch (PolicyContextException e) {
138: }
139: }
140:
141: public void userMethod(CallerInfo info) {
142: Principal caller = context.getCallerPrincipal();
143: if (caller.equals(info.getRunAsIdentity()) == false)
144: throw new EJBException("getCallerPrincipal(" + caller
145: + ") does not contain runAsIdentity: "
146: + info.getRunAsIdentity());
147:
148: validateRoles(info);
149:
150: try {
151: Subject subject = (Subject) PolicyContext
152: .getContext(SUBJECT_CONTEXT_KEY);
153: String msg = "userMethod, PolicyContext subject: "
154: + subject + ", CallerPrincipal: " + caller;
155: System.out.println(msg);
156: Set principals = subject.getPrincipals();
157: if (principals.contains(info.getRunAsIdentity()) == false)
158: throw new EJBException(principals
159: + " does not contain runAsIdentity: "
160: + info.getRunAsIdentity());
161: validateRoles(info, subject);
162: } catch (PolicyContextException e) {
163: }
164: }
165:
166: public void allAuthMethod(CallerInfo info) {
167: Principal caller = context.getCallerPrincipal();
168: if (caller.equals(info.getRunAsIdentity()) == false)
169: throw new EJBException("getCallerPrincipal(" + caller
170: + ") does not contain runAsIdentity: "
171: + info.getRunAsIdentity());
172:
173: validateRoles(info);
174:
175: try {
176: Subject subject = (Subject) PolicyContext
177: .getContext(SUBJECT_CONTEXT_KEY);
178: String msg = "allAuthMethod, PolicyContext subject: "
179: + subject + ", CallerPrincipal: " + caller;
180: System.out.println(msg);
181: Set principals = subject.getPrincipals();
182: if (principals.contains(info.getRunAsIdentity()) == false)
183: throw new EJBException(principals
184: + " does not contain runAsIdentity: "
185: + info.getRunAsIdentity());
186: validateRoles(info, subject);
187: } catch (PolicyContextException e) {
188: }
189: }
190:
191: public void publicMethod(CallerInfo info) {
192: Principal caller = context.getCallerPrincipal();
193: if (caller.equals(info.getRunAsIdentity()) == false)
194: throw new EJBException("getCallerPrincipal(" + caller
195: + ") does not contain runAsIdentity: "
196: + info.getRunAsIdentity());
197:
198: validateRoles(info);
199:
200: try {
201: Subject subject = (Subject) PolicyContext
202: .getContext(SUBJECT_CONTEXT_KEY);
203: String msg = "publicMethod, PolicyContext subject: "
204: + subject + ", CallerPrincipal: " + caller;
205: System.out.println(msg);
206: validateRoles(info, subject);
207: } catch (PolicyContextException e) {
208: }
209: }
210:
211: private void validateRoles(CallerInfo info) throws EJBException {
212: Iterator iter = info.getExpectedRunAsRoles().iterator();
213: StringBuffer buffer = new StringBuffer();
214: while (iter.hasNext()) {
215: String role = (String) iter.next();
216: if (context.isCallerInRole(role) == false) {
217: buffer.append(',');
218: buffer.append(role);
219: }
220: }
221:
222: if (buffer.length() > 0) {
223: buffer.insert(0, "isCallerInRole failed for: ");
224: throw new EJBException(buffer.toString());
225: }
226: }
227:
228: private void validateRoles(CallerInfo info, Subject subject)
229: throws EJBException {
230: Iterator iter = info.getExpectedRunAsRoles().iterator();
231: Set groups = subject.getPrincipals(Group.class);
232: if (groups == null || groups.size() == 0)
233: throw new EJBException("No groups found in the subject: "
234: + subject);
235:
236: Group roles = (Group) groups.iterator().next();
237: StringBuffer buffer = new StringBuffer();
238: while (iter.hasNext()) {
239: String role = (String) iter.next();
240: SimplePrincipal srole = new SimplePrincipal(role);
241: if (roles.isMember(srole) == false) {
242: buffer.append(',');
243: buffer.append(role);
244: }
245: }
246:
247: if (buffer.length() > 0) {
248: buffer.insert(0, "Principals failed for: ");
249: throw new EJBException(buffer.toString());
250: }
251: }
252: }
|