001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.test.security.ejb;
023:
024: import java.rmi.RemoteException;
025: import java.security.Principal;
026: import javax.ejb.CreateException;
027: import javax.ejb.EJBException;
028: import javax.ejb.SessionBean;
029: import javax.ejb.SessionContext;
030: import javax.naming.InitialContext;
031:
032: import org.jboss.test.security.interfaces.Entity;
033: import org.jboss.test.security.interfaces.EntityHome;
034: import org.jboss.test.security.interfaces.StatelessSession;
035: import org.jboss.test.security.interfaces.StatelessSessionHome;
036:
037: import org.apache.log4j.Category;
038:
039: /** A SessionBean that accesses an Entity bean in its echo() method to test runAs
040: identity propagation. It also access its own excluded() method to test that the runAs
041: identity is also see on methods of this bean that are invoked through the
042: remote interface.
043:
044: @author Scott.Stark@jboss.org
045: @version $Revision: 57211 $
046: */
047: public class StatelessSessionBean3 implements SessionBean {
048: private static Category log = Category
049: .getInstance(StatelessSessionBean3.class);
050: private SessionContext sessionContext;
051:
052: public void ejbCreate() throws RemoteException, CreateException {
053: log.debug("ejbCreate() called");
054: }
055:
056: public void ejbActivate() throws RemoteException {
057: log.debug("ejbActivate() called");
058: }
059:
060: public void ejbPassivate() throws RemoteException {
061: log.debug("ejbPassivate() called");
062: }
063:
064: public void ejbRemove() throws RemoteException {
065: log.debug("ejbRemove() called");
066: }
067:
068: public void setSessionContext(SessionContext context)
069: throws RemoteException {
070: sessionContext = context;
071: }
072:
073: /** This method creates an instance of the entity bean bound under
074: java:comp/env/ejb/Entity and then invokes its echo method. This
075: method should be accessible by user's with a role of Echo, while
076: the Entity bean should only be accessible by the runAs role.
077: */
078: public String echo(String arg) {
079: log.debug("echo, arg=" + arg);
080: // This call should fail if the bean is not secured
081: Principal p = sessionContext.getCallerPrincipal();
082: log.debug("echo, callerPrincipal=" + p);
083: String echo = null;
084: try {
085: InitialContext ctx = new InitialContext();
086: EntityHome home = (EntityHome) ctx
087: .lookup("java:comp/env/ejb/Entity");
088: Entity bean = home.findByPrimaryKey(arg);
089: echo = bean.echo(arg);
090: } catch (Exception e) {
091: log.debug("failed", e);
092: e.fillInStackTrace();
093: throw new EJBException(e);
094: }
095: return echo;
096: }
097:
098: public String forward(String echoArg) {
099: log.debug("forward, echoArg=" + echoArg);
100: String echo = null;
101: try {
102: InitialContext ctx = new InitialContext();
103: StatelessSessionHome home = (StatelessSessionHome) ctx
104: .lookup("java:comp/env/ejb/Session");
105: StatelessSession bean = home.create();
106: echo = bean.echo(echoArg);
107: } catch (Exception e) {
108: log.debug("failed", e);
109: e.fillInStackTrace();
110: throw new EJBException(e);
111: }
112: return echo;
113: }
114:
115: /** This method gets this bean's remote interface and invokes the
116: excluded() method to test that the method is accessed as the
117: runAs role.
118: */
119: public void noop() {
120: log.debug("noop calling excluded...");
121: StatelessSession myEJB = (StatelessSession) sessionContext
122: .getEJBObject();
123: try {
124: myEJB.excluded();
125: } catch (RemoteException e) {
126: throw new EJBException("Failed to access excluded: "
127: + e.detail);
128: }
129: }
130:
131: public void npeError() {
132: log.debug("npeError");
133: Object obj = null;
134: obj.toString();
135: }
136:
137: public void unchecked() {
138: Principal p = sessionContext.getCallerPrincipal();
139: log.debug("StatelessSessionBean.unchecked, callerPrincipal="
140: + p);
141: }
142:
143: /** This method should be assigned access to the runAs role and no user
144: should have this role.
145: */
146: public void excluded() {
147: log.debug("excluded, accessed");
148: // This call should fail if the bean is not secured
149: Principal p = sessionContext.getCallerPrincipal();
150: log.debug("excluded, callerPrincipal=" + p);
151: }
152: }
|