001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.test.securitymgr.ejb;
023:
024: import java.security.Principal;
025: import javax.ejb.SessionBean;
026: import javax.ejb.SessionContext;
027: import javax.security.auth.Subject;
028:
029: import org.apache.log4j.Category;
030:
031: import org.jboss.security.SecurityAssociation;
032: import org.jboss.security.RunAsIdentity;
033:
034: /** A session bean that attempts things that should not be allowed
035: when running JBoss with a security manager.
036:
037: @author Scott.Stark@jboss.org
038: @version $Revision: 57211 $
039: */
040: public class BadBean implements SessionBean {
041: static final Category log = Category.getInstance(BadBean.class);
042:
043: public void ejbCreate() {
044: }
045:
046: public void ejbActivate() {
047: }
048:
049: public void ejbPassivate() {
050: }
051:
052: public void ejbRemove() {
053: }
054:
055: public void setSessionContext(SessionContext context) {
056: }
057:
058: /** Creates a new instance of BadBean */
059: public BadBean() {
060: }
061:
062: public void accessSystemProperties() {
063: System.getProperty("java.home");
064: System.setProperty("java.home", "tjo");
065: }
066:
067: public Principal getPrincipal() {
068: return SecurityAssociation.getPrincipal();
069: }
070:
071: public Object getCredential() {
072: return SecurityAssociation.getCredential();
073: }
074:
075: public void setPrincipal(Principal user) {
076: SecurityAssociation.setPrincipal(user);
077: }
078:
079: public void setCredential(char[] password) {
080: SecurityAssociation.setCredential(password);
081: }
082:
083: public void getSubject() {
084: // This should be allowed
085: Subject s = SecurityAssociation.getSubject();
086: }
087:
088: public void getSubjectCredentials() {
089: // This should be allowed
090: Subject s = SecurityAssociation.getSubject();
091: // This should fail
092: s.getPrivateCredentials();
093: }
094:
095: public void setSubject() {
096: Subject s = new Subject();
097: SecurityAssociation.pushSubjectContext(s, null, null);
098: }
099:
100: public void popRunAsRole() {
101: SecurityAssociation.popRunAsIdentity();
102: }
103:
104: public void pushRunAsRole() {
105: RunAsIdentity runAs = new RunAsIdentity("SuperUser", "admin");
106: SecurityAssociation.pushRunAsIdentity(runAs);
107: }
108:
109: }
|