Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.openejb.cdi;
import org.apache.openejb.loader.SystemInstance;
import org.apache.webbeans.config.WebBeansContext;
import org.apache.webbeans.exception.WebBeansException;
import org.apache.webbeans.spi.SecurityService;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.security.*;
import java.util.Properties;
/**
* This is a copy of the owb ManagedSecurityService with the getPrincipal method implemented as in the owb OpenEJBSecurityService.
* This version of the {@link org.apache.webbeans.spi.SecurityService} uses the java.lang.SecurityManager
* to check low level access to the underlying functions via doPriviliged blocks.
*
* The most secure way is to just copy the source over to your own class and configure
* it in openwebbeans.properties. This way you can add whatever security features
* you like to use.
*/
public class ManagedSecurityService implements SecurityService
{
private static final int METHOD_CLASS_GETDECLAREDCONSTRUCTOR = 0x01;
private static final int METHOD_CLASS_GETDECLAREDCONSTRUCTORS = 0x02;
private static final int METHOD_CLASS_GETDECLAREDMETHOD = 0x03;
private static final int METHOD_CLASS_GETDECLAREDMETHODS = 0x04;
private static final int METHOD_CLASS_GETDECLAREDFIELD = 0x05;
private static final int METHOD_CLASS_GETDECLAREDFIELDS = 0x06;
private static final PrivilegedActionGetSystemProperties SYSTEM_PROPERTY_ACTION = new PrivilegedActionGetSystemProperties();
public ManagedSecurityService()
{
// we need to make sure that only WebBeansContext gets used to create us!
StackTraceElement[] stackTrace = Thread.currentThread().getStackTrace();
// in the Sun Java VM-1.6 the parent ct is alwasys entry [6]
// but we cannot rely on that because it might differ for
// other VMs.
boolean isCalledFromWebBeansContext = false;
for (int i = 3; i < 20; i++)
{
String declaringClass = stackTrace[i].getClassName();
String methodName = stackTrace[i].getMethodName();
if (declaringClass.equals(WebBeansContext.class.getName()) &&
methodName.equals(""))
{
isCalledFromWebBeansContext = true;
break;
}
}
if (!isCalledFromWebBeansContext)
{
throw new SecurityException("ManagedSecurityService must directly get created by WebBeansContext!");
}
// we also need to make sure that this very class didn't get subclassed
// to prevent man in the middle attacks
if (this.getClass() != ManagedSecurityService.class)
{
throw new SecurityException("ManagedSecurityService must not get subclassed!");
}
}
@Override
public Principal getCurrentPrincipal()
{
org.apache.openejb.spi.SecurityService service = SystemInstance.get().getComponent(org.apache.openejb.spi.SecurityService.class);
if(service != null)
{
return service.getCallerPrincipal();
}
return null;
}
@Override
public Constructor doPrivilegedGetDeclaredConstructor(Class clazz, Class... parameterTypes)
{
Object obj = AccessController.doPrivileged(
new PrivilegedActionForClass(clazz, parameterTypes, METHOD_CLASS_GETDECLAREDCONSTRUCTOR));
if (obj instanceof NoSuchMethodException)
{
return null;
}
return (Constructor)obj;
}
@Override
public Constructor[] doPrivilegedGetDeclaredConstructors(Class clazz)
{
Object obj = AccessController.doPrivileged(
new PrivilegedActionForClass(clazz, null, METHOD_CLASS_GETDECLAREDCONSTRUCTORS));
return (Constructor[])obj;
}
@Override
public Method doPrivilegedGetDeclaredMethod(Class clazz, String name, Class... parameterTypes)
{
Object obj = AccessController.doPrivileged(
new PrivilegedActionForClass(clazz, new Object[] {name, parameterTypes}, METHOD_CLASS_GETDECLAREDMETHOD));
if (obj instanceof NoSuchMethodException)
{
return null;
}
return (Method)obj;
}
@Override
public Method[] doPrivilegedGetDeclaredMethods(Class clazz)
{
Object obj = AccessController.doPrivileged(
new PrivilegedActionForClass(clazz, null, METHOD_CLASS_GETDECLAREDMETHODS));
return (Method[])obj;
}
@Override
public Field doPrivilegedGetDeclaredField(Class clazz, String name)
{
Object obj = AccessController.doPrivileged(
new PrivilegedActionForClass(clazz, name, METHOD_CLASS_GETDECLAREDFIELD));
if (obj instanceof NoSuchFieldException)
{
return null;
}
return (Field)obj;
}
@Override
public Field[] doPrivilegedGetDeclaredFields(Class clazz)
{
Object obj = AccessController.doPrivileged(
new PrivilegedActionForClass(clazz, null, METHOD_CLASS_GETDECLAREDFIELDS));
return (Field[])obj;
}
@Override
public void doPrivilegedSetAccessible(AccessibleObject obj, boolean flag)
{
AccessController.doPrivileged(new PrivilegedActionForSetAccessible(obj, flag));
}
@Override
public boolean doPrivilegedIsAccessible(AccessibleObject obj)
{
return (Boolean) AccessController.doPrivileged(new PrivilegedActionForIsAccessible(obj));
}
@Override
public T doPrivilegedObjectCreate(Class clazz) throws PrivilegedActionException, IllegalAccessException, InstantiationException
{
return (T) AccessController.doPrivileged(new PrivilegedActionForObjectCreation(clazz));
}
@Override
public void doPrivilegedSetSystemProperty(String propertyName, String value)
{
AccessController.doPrivileged(new PrivilegedActionForSetProperty(propertyName, value));
}
@Override
public String doPrivilegedGetSystemProperty(String propertyName, String defaultValue)
{
return AccessController.doPrivileged(new PrivilegedActionForProperty(propertyName, defaultValue));
}
@Override
public Properties doPrivilegedGetSystemProperties()
{
return AccessController.doPrivileged(SYSTEM_PROPERTY_ACTION);
}
// the following block contains internal wrapper classes for doPrivileged actions
protected static class PrivilegedActionForClass implements PrivilegedAction