Skip to content

Commit

Permalink
[WFLY-5689] Refactor the EJB subsystem to use individual resources fo…
Browse files Browse the repository at this point in the history 
…r the security domain mappings
  • Loading branch information
@fjuma
fjuma committed Jan 20, 2016
1 parent 003e545 commit 319c598
Show file tree
Hide file tree
Showing 27 changed files with 487 additions and 401 deletions.
23 changes: 8 additions & 15 deletions ejb3/src/main/java/org/jboss/as/ejb3/component/EJBComponent.java
View file
Expand Up @@ -121,8 +121,6 @@ public Principal run() {
}
};

private final Map<String, SecurityDomain> securityDomainsByName;
private final boolean isSecurityDomainsConfigured;
private final SecurityDomain securityDomain;

/**
Expand Down Expand Up @@ -176,9 +174,7 @@ protected EJBComponent(final EJBComponentCreateService ejbComponentCreateService
this.controlPoint = ejbComponentCreateService.getControlPoint();
this.exceptionLoggingEnabled = ejbComponentCreateService.getExceptionLoggingEnabled();

this.securityDomainsByName = ejbComponentCreateService.getSecurityDomainsByName();
this.isSecurityDomainsConfigured = (securityDomainsByName != null) && (! securityDomainsByName.isEmpty());
this.securityDomain = isSecurityDomainsConfigured ? securityDomainsByName.get(securityMetaData.getSecurityDomain()) : null;
this.securityDomain = ejbComponentCreateService.getSecurityDomain();
}

protected <T> T createViewInstanceProxy(final Class<T> viewInterface, final Map<Object, Object> contextData) {
Expand Down Expand Up @@ -262,8 +258,8 @@ public ApplicationExceptionDetails getApplicationException(Class<?> exceptionCla
}

public Principal getCallerPrincipal() {
if (isSecurityDomainsConfigured) {
return (securityDomain != null) ? securityDomain.getCurrentSecurityIdentity().getPrincipal() : AnonymousPrincipal.getInstance();
if (isSecurityDomainKnown()) {
return securityDomain.getCurrentSecurityIdentity().getPrincipal();
} else if (WildFlySecurityManager.isChecking()) {
return WildFlySecurityManager.doUnchecked(getCaller);
} else {
Expand Down Expand Up @@ -407,10 +403,7 @@ public boolean isBeanManagedTransaction() {
}

public boolean isCallerInRole(final String roleName) throws IllegalStateException {
if (isSecurityDomainsConfigured) {
if (securityDomain == null) {
return false;
}
if (isSecurityDomainKnown()) {
final SecurityIdentity identity = securityDomain.getCurrentSecurityIdentity();
return "**".equals(roleName) ? ! (identity.getPrincipal() instanceof AnonymousPrincipal) : identity.getRoles("ejb").contains(roleName);
} else if (WildFlySecurityManager.isChecking()) {
Expand Down Expand Up @@ -558,12 +551,12 @@ public ControlPoint getControlPoint() {
return this.controlPoint;
}

public Map<String, SecurityDomain> getSecurityDomainsByName() {
return securityDomainsByName;
public SecurityDomain getSecurityDomain() {
return securityDomain;
}

public boolean isSecurityDomainsConfigured() {
return this.isSecurityDomainsConfigured;
public boolean isSecurityDomainKnown() {
return securityDomain != null;
}

@Override
Expand Down
43 changes: 38 additions & 5 deletions ejb3/src/main/java/org/jboss/as/ejb3/component/EJBComponentCreateService.java
View file
Expand Up @@ -39,6 +39,7 @@
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.Function;

import org.jboss.as.core.security.ServerSecurityManager;
import org.jboss.as.ee.component.BasicComponentCreateService;
Expand All @@ -50,13 +51,18 @@
import org.jboss.as.ejb3.deployment.ApplicationExceptions;
import org.jboss.as.ejb3.remote.EJBRemoteTransactionsRepository;
import org.jboss.as.ejb3.security.EJBSecurityMetaData;
import org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainService.ApplicationSecurityDomain;
import org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainService.Registration;
import org.jboss.as.server.deployment.DeploymentUnit;
import org.jboss.invocation.InterceptorFactory;
import org.jboss.invocation.Interceptors;
import org.jboss.invocation.proxy.MethodIdentifier;
import org.jboss.msc.inject.Injector;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.jboss.msc.value.InjectedValue;
import org.wildfly.extension.requestcontroller.ControlPoint;
import org.wildfly.security.auth.server.SecurityDomain;
Expand Down Expand Up @@ -103,10 +109,12 @@ public class EJBComponentCreateService extends BasicComponentCreateService {
private final InjectedValue<ServerSecurityManager> serverSecurityManagerInjectedValue = new InjectedValue<>();
private final InjectedValue<ControlPoint> controlPoint = new InjectedValue<>();
private final InjectedValue<AtomicBoolean> exceptionLoggingEnabled = new InjectedValue<>();
private final InjectedValue<Map<String, SecurityDomain>> securityDomainsByName = new InjectedValue<>();
private final InjectedValue<ApplicationSecurityDomain> applicationSecurityDomain = new InjectedValue<>();

private final ShutDownInterceptorFactory shutDownInterceptorFactory;

private Registration registration;

/**
* Construct a new instance.
*
Expand Down Expand Up @@ -207,6 +215,26 @@ public EJBComponentCreateService(final ComponentConfiguration componentConfigura
this.shutDownInterceptorFactory = ejbComponentDescription.getShutDownInterceptorFactory();
}

@Override
public synchronized void start(final StartContext context) throws StartException {
super.start(context);
ApplicationSecurityDomain applicationSecurityDomain = getApplicationSecurityDomain();
Function<String, Registration> securityFunction = applicationSecurityDomain != null ? applicationSecurityDomain.getSecurityFunction() : null;
if (securityFunction != null) {
final DeploymentUnit deploymentUnit = getDeploymentUnitInjector().getValue();
final String deploymentName = deploymentUnit.getParent() == null ? deploymentUnit.getName() : deploymentUnit.getParent().getName() + "." + deploymentUnit.getName();
registration = securityFunction.apply(deploymentName);
}
}

@Override
public synchronized void stop(final StopContext context) {
super.stop(context);
if (registration != null) {
registration.cancel();
}
}

@Override
protected boolean requiresInterceptors(final Method method, final ComponentConfiguration componentConfiguration) {
if (super.requiresInterceptors(method, componentConfiguration)) {
Expand Down Expand Up @@ -386,12 +414,17 @@ public AtomicBoolean getExceptionLoggingEnabled() {
return exceptionLoggingEnabled.getValue();
}

InjectedValue<Map<String, SecurityDomain>> getSecurityDomainsByNameInjector() {
return securityDomainsByName;
Injector<ApplicationSecurityDomain> getApplicationSecurityDomainInjector() {
return applicationSecurityDomain;
}

public ApplicationSecurityDomain getApplicationSecurityDomain() {
return applicationSecurityDomain.getOptionalValue();
}

public Map<String, SecurityDomain> getSecurityDomainsByName() {
return securityDomainsByName.getValue();
public SecurityDomain getSecurityDomain() {
ApplicationSecurityDomain applicationSecurityDomain = getApplicationSecurityDomain();
return applicationSecurityDomain != null ? applicationSecurityDomain.getSecurityDomain() : null;
}

public ShutDownInterceptorFactory getShutDownInterceptorFactory() {
Expand Down
67 changes: 28 additions & 39 deletions ejb3/src/main/java/org/jboss/as/ejb3/component/EJBComponentDescription.java
View file
Expand Up @@ -21,8 +21,6 @@
*/
package org.jboss.as.ejb3.component;

import static org.jboss.as.ejb3.subsystem.EJB3SubsystemRootResourceDefinition.SECURITY_DOMAINS_CAPABILITY;

import javax.ejb.EJBLocalObject;
import javax.ejb.TimerService;
import javax.ejb.TransactionAttributeType;
Expand All @@ -43,7 +41,9 @@
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.Predicate;

import org.jboss.as.controller.capability.CapabilityServiceSupport;
import org.jboss.as.core.security.ServerSecurityManager;
import org.jboss.as.ee.component.Attachments;
import org.jboss.as.ee.component.BindingConfiguration;
Expand Down Expand Up @@ -86,6 +86,8 @@
import org.jboss.as.ejb3.security.EJBSecurityViewConfigurator;
import org.jboss.as.ejb3.security.ElytronInterceptorFactory;
import org.jboss.as.ejb3.security.SecurityContextInterceptorFactory;
import org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainDefinition;
import org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainService.ApplicationSecurityDomain;
import org.jboss.as.ejb3.timerservice.AutoTimer;
import org.jboss.as.ejb3.timerservice.NonFunctionalTimerService;
import org.jboss.as.security.deployment.SecurityAttachments;
Expand All @@ -108,7 +110,6 @@
import org.jboss.msc.service.Service;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.value.InjectedValue;
import org.jboss.security.SecurityConstants;

/**
Expand Down Expand Up @@ -137,9 +138,10 @@ public abstract class EJBComponentDescription extends ComponentDescription {
private String defaultSecurityDomain;

/**
* Whether or not security domains are explicitly configured in the EJB3 subsystem.
* A predicate that returns whether or not a given security domain name has been mapped to an
* Elytron security domain
*/
private boolean securityDomainsConfigured;
private Predicate<String> knownSecurityDomain = null;

/**
* The @DeclareRoles (a.k.a security-role-ref) for the bean
Expand Down Expand Up @@ -285,7 +287,6 @@ public EJBComponentDescription(final String componentName, final String componen
getConfigurators().addFirst(new NamespaceConfigurator());
getConfigurators().add(new EjbJarConfigurationConfigurator());
getConfigurators().add(new SecurityDomainDependencyConfigurator(this));
addSecurityDomainsDependency();

// setup a dependency on the EJBUtilities service
this.addDependency(EJBUtilities.SERVICE_NAME, ServiceBuilder.DependencyType.REQUIRED);
Expand Down Expand Up @@ -333,7 +334,7 @@ public void configure(final DeploymentPhaseContext context, final ComponentDescr
configuration.addTimeoutViewInterceptor(new ImmediateInterceptorFactory(new ContextClassLoaderInterceptor(classLoader)), InterceptorOrder.View.TCCL_INTERCEPTOR);
configuration.addTimeoutViewInterceptor(configuration.getNamespaceContextInterceptorFactory(), InterceptorOrder.View.JNDI_NAMESPACE_INTERCEPTOR);
configuration.addTimeoutViewInterceptor(CurrentInvocationContextInterceptor.FACTORY, InterceptorOrder.View.INVOCATION_CONTEXT_INTERCEPTOR);
if (((EJBComponentDescription) description).isSecurityDomainsConfigured()) {
if (((EJBComponentDescription) description).isSecurityDomainKnown()) {
configuration.addTimeoutViewInterceptor(new ElytronInterceptorFactory(policyContextID), InterceptorOrder.View.SECURITY_CONTEXT);
} else if (deploymentUnit.hasAttachment(SecurityAttachments.SECURITY_ENABLED)) {
configuration.addTimeoutViewInterceptor(new SecurityContextInterceptorFactory(hasBeanLevelSecurityMetadata(), policyContextID), InterceptorOrder.View.SECURITY_CONTEXT);
Expand Down Expand Up @@ -577,7 +578,7 @@ protected void addServerSecurityManagerDependency() {
getConfigurators().add(new ComponentConfigurator() {
@Override
public void configure(final DeploymentPhaseContext context, final ComponentDescription description, final ComponentConfiguration componentConfiguration) throws DeploymentUnitProcessingException {
if (! ((EJBComponentDescription) description).isSecurityDomainsConfigured()) {
if (! ((EJBComponentDescription) description).isSecurityDomainKnown()) {
componentConfiguration.getCreateDependencies().add(new DependencyConfigurator<EJBComponentCreateService>() {
@Override
public void configureDependency(final ServiceBuilder<?> serviceBuilder, final EJBComponentCreateService ejbComponentCreateService) throws DeploymentUnitProcessingException {
Expand Down Expand Up @@ -615,25 +616,6 @@ public void configure(DeploymentPhaseContext context, ComponentConfiguration com
});
}

/**
* Sets up a {@link ComponentConfigurator} which then sets up the dependency on the security domains service for the {@link EJBComponentCreateService}.
*/
protected void addSecurityDomainsDependency() {
getConfigurators().add(new ComponentConfigurator() {
@Override
public void configure(final DeploymentPhaseContext context, final ComponentDescription description,
final ComponentConfiguration componentConfiguration) throws DeploymentUnitProcessingException {
componentConfiguration.getCreateDependencies().add(new DependencyConfigurator<EJBComponentCreateService>() {
@Override
public void configureDependency(final ServiceBuilder<?> serviceBuilder, final EJBComponentCreateService ejbComponentCreateService)
throws DeploymentUnitProcessingException {
serviceBuilder.addDependency(SECURITY_DOMAINS_CAPABILITY.getCapabilityServiceName(), Map.class, (InjectedValue) ejbComponentCreateService.getSecurityDomainsByNameInjector());
}
});
}
});
}

public boolean isEntity() {
return false;
}
Expand Down Expand Up @@ -698,12 +680,12 @@ public void setDefaultSecurityDomain(final String defaultSecurityDomain) {
this.defaultSecurityDomain = defaultSecurityDomain;
}

public void setSecurityDomainsConfigured(final boolean securityDomainsConfigured) {
this.securityDomainsConfigured = securityDomainsConfigured;
public void setKnownSecurityDomainPredicate(final Predicate<String> knownSecurityDomain) {
this.knownSecurityDomain = knownSecurityDomain;
}

public boolean isSecurityDomainsConfigured() {
return this.securityDomainsConfigured;
public boolean isSecurityDomainKnown() {
return knownSecurityDomain == null ? false : knownSecurityDomain.test(getSecurityDomain());
}

/**
Expand Down Expand Up @@ -889,20 +871,27 @@ private class SecurityDomainDependencyConfigurator implements ComponentConfigura

@Override
public void configure(DeploymentPhaseContext context, ComponentDescription description, ComponentConfiguration configuration) throws DeploymentUnitProcessingException {
if (! SecurityDomainDependencyConfigurator.this.ejbComponentDescription.isSecurityDomainsConfigured()) {
configuration.getCreateDependencies().add(new DependencyConfigurator<Service<Component>>() {
@Override
public void configureDependency(ServiceBuilder<?> serviceBuilder, Service<Component> service) throws DeploymentUnitProcessingException {
final String securityDomainName = SecurityDomainDependencyConfigurator.this.ejbComponentDescription.getSecurityDomain();
configuration.getCreateDependencies().add(new DependencyConfigurator<Service<Component>>() {
@Override
public void configureDependency(ServiceBuilder<?> serviceBuilder, Service<Component> service) throws DeploymentUnitProcessingException {
final EJBComponentCreateService ejbComponentCreateService = (EJBComponentCreateService) service;
final String securityDomainName = SecurityDomainDependencyConfigurator.this.ejbComponentDescription.getSecurityDomain();
if (SecurityDomainDependencyConfigurator.this.ejbComponentDescription.isSecurityDomainKnown()) {
if (securityDomainName != null && ! securityDomainName.isEmpty()) {
final DeploymentUnit deploymentUnit = context.getDeploymentUnit();
final CapabilityServiceSupport support = deploymentUnit.getAttachment(org.jboss.as.server.deployment.Attachments.CAPABILITY_SERVICE_SUPPORT);
serviceBuilder.addDependency(support.getCapabilityServiceName(ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_CAPABILITY, securityDomainName),
ApplicationSecurityDomain.class, ejbComponentCreateService.getApplicationSecurityDomainInjector());
}
} else {
if (securityDomainName != null && !securityDomainName.isEmpty()) {
final ServiceName securityDomainServiceName = SecurityDomainService.SERVICE_NAME.append(securityDomainName);
serviceBuilder.addDependency(securityDomainServiceName);
}
serviceBuilder.addDependency(SecurityDomainService.SERVICE_NAME.append(SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY));

}
});
}
}
});
}
}

Expand Down
2 changes: 1 addition & 1 deletion ...src/main/java/org/jboss/as/ejb3/component/interceptors/AsyncFutureInterceptorFactory.java
View file
Expand Up @@ -68,7 +68,7 @@ public Interceptor create(final InterceptorFactoryContext context) {

final SessionBeanComponent component = (SessionBeanComponent) context.getContextData().get(Component.class);

if (component.isSecurityDomainsConfigured()) {
if (component.isSecurityDomainKnown()) {
return new Interceptor() {
@Override
public Object processInvocation(final InterceptorContext context) throws Exception {
Expand Down
2 changes: 1 addition & 1 deletion ejb3/src/main/java/org/jboss/as/ejb3/component/singleton/SingletonComponentDescription.java
View file
Expand Up @@ -119,7 +119,7 @@ public void configure(final DeploymentPhaseContext context, final ComponentDescr
if (deploymentUnit.getParent() != null) {
contextID = deploymentUnit.getParent().getName() + "!" + contextID;
}
if (isSecurityDomainsConfigured()) {
if (isSecurityDomainKnown()) {
configuration.addPostConstructInterceptor(new ElytronInterceptorFactory(contextID), InterceptorOrder.View.SECURITY_CONTEXT);
} else {
configuration.addPostConstructInterceptor(new SecurityContextInterceptorFactory(isExplicitSecurityDomainConfigured(), false, contextID), InterceptorOrder.View.SECURITY_CONTEXT);
Expand Down

0 comments on commit 319c598

Please sign in to comment.