-
Notifications
You must be signed in to change notification settings - Fork 600
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Restructure and update Jakarta authorization code
- Update to have interfaces in EJB and Web bundles so that can reference actual classes instead of using Object - Move JaccService function to the corresponding EJB and Web projects to keep the methods with their appropriate container function - Update to add PrincipalMapper to PolicyContextHandlerImpl in preparation of adding PrincipalMapper implementation - Update to use instance methods instead of static methods in PolicyConfigurationManager - Inline most of the Validator and Propagator function into the EJB and Web classes except for EJB propagator which is used by both EJB function and base Jacc function
- Loading branch information
1 parent
4a4c285
commit e93defc
Showing
71 changed files
with
2,368 additions
and
3,289 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
86 changes: 86 additions & 0 deletions
86
...bm.ws.ejbcontainer.security/src/com/ibm/ws/ejbcontainer/security/jacc/EJBJaccService.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
/******************************************************************************* | ||
* Copyright (c) 2024 IBM Corporation and others. | ||
* All rights reserved. This program and the accompanying materials | ||
* are made available under the terms of the Eclipse Public License 2.0 | ||
* which accompanies this distribution, and is available at | ||
* http://www.eclipse.org/legal/epl-2.0/ | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 | ||
*******************************************************************************/ | ||
package com.ibm.ws.ejbcontainer.security.jacc; | ||
|
||
import java.util.List; | ||
|
||
import javax.ejb.EnterpriseBean; | ||
import javax.security.auth.Subject; | ||
|
||
import com.ibm.ejs.container.BeanMetaData; | ||
|
||
public interface EJBJaccService { | ||
|
||
/** | ||
* Propagates EJB role mapping information to JACC. | ||
* | ||
* @param bmd Bean meta data | ||
*/ | ||
public void propagateEJBRoles(BeanMetaData bmd); | ||
|
||
/** | ||
* Validates whether given Subject is granted to access the specified resource. | ||
* | ||
* @param applicationName Application name | ||
* @param moduleName Module name | ||
* @param beanName Bean name | ||
* @param methodName Method name | ||
* @param methodInterface Method interface | ||
* @param methodName Method signature | ||
* @param methodParameters The list of method parameters. this is optional and null is accepted. | ||
* @param bean EnterpriseBean object this is an optional and null is allowed. | ||
* @param subject Subject object to be authorized. | ||
* @return true if the specified subject is granted to access the specified resource. | ||
*/ | ||
public boolean isAuthorized(String applicationName, | ||
String moduleName, | ||
String beanName, | ||
String methodName, | ||
String methodInterface, | ||
String methodSignature, | ||
List<Object> methodParameters, | ||
EnterpriseBean bean, | ||
Subject subject); | ||
|
||
/** | ||
* Validates whether given Subject is a member of the specified role | ||
* | ||
* @param applicationName Application name | ||
* @param moduleName Module name | ||
* @param beanName Bean name | ||
* @param methodName Method name | ||
* @param methodInterface Method interface | ||
* @param methodParameters The list of method parameters. this is optional and null is accepted. | ||
* @param role Role name | ||
* @param bean EnterpriseBean object this is an optional and null is allowed. | ||
* @param subject Subject object to be authorized. | ||
* @return true if the specified subject has a member of the specified role. | ||
*/ | ||
public boolean isSubjectInRole(String applicationName, | ||
String moduleName, | ||
String beanName, | ||
String methodName, | ||
List<Object> methodParameters, | ||
String role, | ||
EnterpriseBean bean, | ||
Subject subject); | ||
|
||
/** | ||
* Returns whether RequestMethodArguments are required for authorization decision for EJB. | ||
* | ||
* @return true if RequestMethodArguments are required. false otherwise. | ||
*/ | ||
public boolean areRequestMethodArgumentsRequired(); | ||
|
||
/** | ||
* Reset the policyContext Handler as per JACC specification | ||
*/ | ||
public void resetPolicyContextHandlerInfo(); | ||
} |
12 changes: 6 additions & 6 deletions
12
.../authorization/jacc/web/package-info.java → ...container/security/jacc/package-info.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,18 @@ | ||
/******************************************************************************* | ||
* Copyright (c) 2015 IBM Corporation and others. | ||
* Copyright (c) 2024 IBM Corporation and others. | ||
* All rights reserved. This program and the accompanying materials | ||
* are made available under the terms of the Eclipse Public License 2.0 | ||
* which accompanies this distribution, and is available at | ||
* http://www.eclipse.org/legal/epl-2.0/ | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 | ||
* | ||
* Contributors: | ||
* IBM Corporation - initial API and implementation | ||
* SPDX-License-Identifier: EPL-2.0 | ||
*******************************************************************************/ | ||
/** | ||
* @version 1.0 | ||
*/ | ||
@org.osgi.annotation.versioning.Version("1.0") | ||
package com.ibm.ws.security.authorization.jacc.web; | ||
@TraceOptions(traceGroup = TraceConstants.TRACE_GROUP, messageBundle = TraceConstants.MESSAGE_BUNDLE) | ||
package com.ibm.ws.ejbcontainer.security.jacc; | ||
|
||
import com.ibm.websphere.ras.annotation.TraceOptions; | ||
import com.ibm.ws.ejbcontainer.security.internal.TraceConstants; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.