Examples of com.sun.enterprise.deployment.Role

• com.sun.enterprise.deployment.Role
  In EJBs, ACL checking is done using the Roles. Roles are an abstraction of an application specific Logical Principals. These Principals do not have any properties of Principals within a Security Domain (or Realm). They merely serve as abstraction to application specific entities. @author Harish Prabandham

        i = allRoles.iterator();
        logger.finest("--[ Configured roles and mappings ]--");
        HashMap allRoleMap = new HashMap();

        while (i.hasNext()) {
            Role r = (Role)i.next();
            logger.finest(" [" + r.getName() + "]");
            allRoleMap.put(r.getName(), new HashSet());

            sb = new StringBuffer();
            sb.append("  is mapped to groups: ");
            Enumeration grps = rmap.getGroupsAssignedTo(r);
            while (grps.hasMoreElements()) {
                sb.append(grps.nextElement());
                sb.append(" ");
            }
            logger.finest(sb.toString());

            sb = new StringBuffer();
            sb.append("  is mapped to principals: ");
            Enumeration users = rmap.getUsersAssignedTo(r);
            while (users.hasMoreElements()) {
                sb.append(users.nextElement());
                sb.append(" ");
            }
            logger.finest(sb.toString());
        }

        // Process all EJB modules

        Set ejbDescriptorSet = app.getEjbBundleDescriptors() ;

        i = ejbDescriptorSet.iterator();
        while (i.hasNext()) {

            EjbBundleDescriptor bundle = (EjbBundleDescriptor)i.next();

            logger.finest("--[ EJB module: " + bundle.getName() + " ]--");
            Set ejbs = bundle.getEjbs();
            Iterator it = ejbs.iterator();
            while (it.hasNext()) {

                EjbDescriptor ejb = (EjbDescriptor)it.next();
                logger.finest("EJB: "+ejb.getEjbClassName());

                // check and show run-as if present
                if (!ejb.getUsesCallerIdentity()) {
                     RunAsIdentityDescriptor runas = ejb.getRunAsIdentity();
                     if (runas == null) {
                         logger.finest(" (ejb does not use caller "+
                                            "identity)");
                     } else {
                         String role = runas.getRoleName();
                         String user = runas.getPrincipal();
                         logger.finest(" Will run-as: Role: " + role +
                                            "  Principal: " + user);
                         if (role==null || "".equals(role) ||
                             user==null || "".equals(user)) {
                                 if(logger.isLoggable(Level.FINEST)){
                                    logger.finest("*** Configuration error!");
                                 }
                         }
                     }
                }

                // iterate through available methods
                logger.finest(" Method to Role restriction list:");
                Set methods = ejb.getMethodDescriptors();
                Iterator si = methods.iterator();

                while (si.hasNext()) {

                    MethodDescriptor md = (MethodDescriptor)si.next();
                    logger.finest("   "+md.getFormattedString());

                    Set perms = ejb.getMethodPermissionsFor(md);
                    StringBuffer rbuf = new StringBuffer();
                    rbuf.append("     can only be invoked by: ");
                    Iterator sip = perms.iterator();
                    boolean unchecked=false,excluded=false,roleBased=false;

                    while (sip.hasNext()) {
                        MethodPermission p = (MethodPermission)sip.next();
                        if (p.isExcluded()) {
                            excluded=true;
                            logger.finest("     excluded - can not "+
                                               "be invoked");
                        } else if (p.isUnchecked()) {
                            unchecked=true;
                            logger.finest("     unchecked - can be "+
                                               "invoked by all");
                        } else if (p.isRoleBased()) {
                            roleBased = true;
                            Role r = p.getRole();
                            rbuf.append(r.getName());
                            rbuf.append(" ");
                                // add to role's accessible list
                            HashSet ram = (HashSet)allRoleMap.get(r.getName());
                            ram.add(bundle.getName() + ":" +
                                    ejb.getEjbClassName() + "." +
                                    md.getFormattedString());
                        }
                    }

            SecurityRoleMapping srm = (SecurityRoleMapping) newDescriptor;
            descriptor.getSunDescriptor().addSecurityRoleMapping(srm);
            // store it in the application using pure DOL descriptors...
            Application app = descriptor.getApplication();
            if (app!=null) {
                Role role = new Role(srm.getRoleName());
                SecurityRoleMapper rm = app.getRoleMapper();
                if (rm != null) {
                    List<PrincipalNameDescriptor> principals = srm.getPrincipalNames();
                    for (int i = 0; i < principals.size(); i++) {
                        rm.assignRole(principals.get(i).getPrincipal(),

            // override by xml
            if (ejbDesc.getUsesCallerIdentity() != null) {
                continue;
            }
            String roleName = runAsAn.value();
            Role role = new Role(roleName);
            // add Role if not exists
            ejbDesc.getEjbBundleDescriptor().addRole(role);
            RunAsIdentityDescriptor runAsDesc = new RunAsIdentityDescriptor();
            runAsDesc.setRoleName(roleName);
            ejbDesc.setUsesCallerIdentity(false);

            // override by xml
            if (webDesc.getRunAsIdentity() != null) {
                continue;
            }
            String roleName = runAsAn.value();
            Role role = new Role(roleName);
            // add Role if not exists
            webDesc.getWebBundleDescriptor().addRole(role);
            RunAsIdentityDescriptor runAsDesc = new RunAsIdentityDescriptor();
            runAsDesc.setRoleName(roleName);
            webDesc.setRunAsIdentity(runAsDesc);

                    roleRef.setSecurityRoleLink(
                           new SecurityRoleDescriptor(roleName, ""));
                    ejbDescriptor.addRoleReference(roleRef);
                }

                Role role = new Role(roleName);
                ejbDescriptor.getEjbBundleDescriptor().addRole(role);
            }
        }
        return getDefaultProcessedResult();
    }

    private HandlerProcessingResult processAnnotation(AnnotationInfo ainfo,
             WebBundleDescriptor webBundleDesc) {
        DeclareRoles rolesRefAn = (DeclareRoles)ainfo.getAnnotation();
        for (String roleName : rolesRefAn.value()) {
            Role role = new Role(roleName);
            webBundleDesc.addRole(role);
        }
        return getDefaultProcessedResult();
    }

        }
        return this.appRoles;
    }

    public void addAppRole(SecurityRoleDescriptor descriptor) {
        Role role = new Role(descriptor.getName());
        role.setDescription(descriptor.getDescription());
        getAppRoles().add(role);
    }

        if (newDescriptor instanceof SecurityRoleMapping) {
            SecurityRoleMapping roleMap = (SecurityRoleMapping)newDescriptor;
            descriptor.addSecurityRoleMapping(roleMap);
            Application app = descriptor.getApplication();
            if (app!=null) {
                Role role = new Role(roleMap.getRoleName());
                SecurityRoleMapper rm = app.getRoleMapper();
                if (rm != null) {
                    List<PrincipalNameDescriptor> principals = roleMap.getPrincipalNames();
                    for (int i = 0; i < principals.size(); i++) {
                        rm.assignRole(principals.get(i).getPrincipal(),

     * @param element the xml element
     * @param value it's associated value
     */
    public void setElementValue(XMLElement element, String value) {
        if (EjbTagNames.ROLE_NAME.equals(element.getQName())) {
            Role role = new Role(value);
            descriptor.addMethodPermission(new MethodPermission(role));
        } else {
            super.setElementValue(element, value);
        }
    }

     * @param md
     */
    private void addMethodPermissions(RolesAllowed rolesAllowedAn,
            EjbDescriptor ejbDesc, MethodDescriptor md) {
        for (String roleName : rolesAllowedAn.value()) {
            Role role = new Role(roleName);
            // add role if not exists
            ejbDesc.getEjbBundleDescriptor().addRole(role);
            ejbDesc.addPermissionedMethod(new MethodPermission(role), md);
        }
    }