diff --git a/appserver/deployment/dol/src/main/java/com/sun/enterprise/deployment/EjbBeanDescriptor.java b/appserver/deployment/dol/src/main/java/com/sun/enterprise/deployment/EjbBeanDescriptor.java index 430f4634431..cc3e11010f2 100644 --- a/appserver/deployment/dol/src/main/java/com/sun/enterprise/deployment/EjbBeanDescriptor.java +++ b/appserver/deployment/dol/src/main/java/com/sun/enterprise/deployment/EjbBeanDescriptor.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation. + * Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation. * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved. * * This program and the accompanying materials are made available under the @@ -1363,7 +1363,8 @@ public void setUsesCallerIdentity(boolean flag) { @Override public void setRunAsIdentity(RunAsIdentityDescriptor desc) { if (usesCallerIdentity == null || usesCallerIdentity) { - throw new IllegalStateException("Cannot set RunAs identity when using caller identity"); + throw new IllegalStateException("Cannot set RunAs identity when using caller identity." + + " Set usesCallerIdentity to false first."); } this.runAsIdentity = desc; } @@ -1371,9 +1372,6 @@ public void setRunAsIdentity(RunAsIdentityDescriptor desc) { @Override public RunAsIdentityDescriptor getRunAsIdentity() { - if (usesCallerIdentity == null || usesCallerIdentity) { - throw new IllegalStateException("Cannot get RunAs identity when using caller identity"); - } return runAsIdentity; } diff --git a/appserver/deployment/dol/src/main/java/com/sun/enterprise/deployment/annotation/handlers/RunAsHandler.java b/appserver/deployment/dol/src/main/java/com/sun/enterprise/deployment/annotation/handlers/RunAsHandler.java index 40927caa004..6648b8df61b 100644 --- a/appserver/deployment/dol/src/main/java/com/sun/enterprise/deployment/annotation/handlers/RunAsHandler.java +++ b/appserver/deployment/dol/src/main/java/com/sun/enterprise/deployment/annotation/handlers/RunAsHandler.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Contributors to the Eclipse Foundation + * Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved. * * This program and the accompanying materials are made available under the @@ -56,7 +56,7 @@ protected HandlerProcessingResult processAnnotation(AnnotationInfo ainfo, EjbCon RunAs runAsAn = (RunAs) ainfo.getAnnotation(); for (EjbContext ejbContext : ejbContexts) { EjbDescriptor ejbDesc = ejbContext.getDescriptor(); - // override by xml + // overriden by xml if (ejbDesc.getUsesCallerIdentity() != null) { continue; } diff --git a/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/deployment/node/EjbNode.java b/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/deployment/node/EjbNode.java index 7a78f4a3b49..8cad0a5ce23 100644 --- a/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/deployment/node/EjbNode.java +++ b/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/deployment/node/EjbNode.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022, 2022 Contributors to the Eclipse Foundation. + * Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation. * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved. * * This program and the accompanying materials are made available under the @@ -181,7 +181,7 @@ protected void writeCommonHeaderEjbDescriptor(Node ejbNode, EjbDescriptor descri * @param descriptor the EJB descriptor the security information to be retrieved */ protected void writeSecurityIdentityDescriptor(Node parent, EjbDescriptor descriptor) { - if (!descriptor.getUsesCallerIdentity() && descriptor.getRunAsIdentity() == null) { + if (descriptor.getUsesCallerIdentity() == null && descriptor.getRunAsIdentity() == null) { return; } SecurityIdentityNode.writeSecureIdentity(parent, SECURITY_IDENTITY, descriptor); diff --git a/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/deployment/node/SecurityIdentityNode.java b/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/deployment/node/SecurityIdentityNode.java index 82b7dce1602..5c0a65e0c2d 100644 --- a/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/deployment/node/SecurityIdentityNode.java +++ b/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/deployment/node/SecurityIdentityNode.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Contributors to the Eclipse Foundation + * Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved. * * This program and the accompanying materials are made available under the @@ -22,14 +22,15 @@ import com.sun.enterprise.deployment.node.XMLElement; import com.sun.enterprise.deployment.xml.TagNames; -import java.util.Collections; +import java.util.HashMap; import java.util.Map; import org.glassfish.deployment.common.Descriptor; -import org.glassfish.ejb.deployment.EjbTagNames; import org.glassfish.ejb.deployment.descriptor.EjbDescriptor; import org.w3c.dom.Node; -import org.xml.sax.Attributes; + +import static com.sun.enterprise.deployment.xml.TagNames.RUNAS_SPECIFIED_IDENTITY; +import static org.glassfish.ejb.deployment.EjbTagNames.USE_CALLER_IDENTITY; /** * This node handles all information relative to security-indentity tag @@ -38,54 +39,47 @@ */ public class SecurityIdentityNode extends DeploymentDescriptorNode { - public static Node writeSecureIdentity(Node parent, String nodeName, EjbDescriptor descriptor) { - Node subNode = appendChild(parent, nodeName); - appendTextChild(subNode, TagNames.DESCRIPTION, descriptor.getSecurityIdentityDescription()); - if (descriptor.getUsesCallerIdentity()) { - Node useCaller = subNode.getOwnerDocument().createElement(EjbTagNames.USE_CALLER_IDENTITY); - subNode.appendChild(useCaller); - } else { - RunAsNode runAs = new RunAsNode(); - runAs.writeDescriptor(subNode, TagNames.RUNAS_SPECIFIED_IDENTITY, descriptor.getRunAsIdentity()); - } - return subNode; - } - - public SecurityIdentityNode() { - registerElementHandler(new XMLElement(TagNames.RUNAS_SPECIFIED_IDENTITY), RunAsNode.class); + registerElementHandler(new XMLElement(RUNAS_SPECIFIED_IDENTITY), RunAsNode.class); } @Override public Descriptor getDescriptor() { - return null; + return getParentNodeDescriptor(); } @Override protected Map getDispatchTable() { - return Collections.emptyMap(); + Map table = new HashMap<>(); + table.put(USE_CALLER_IDENTITY, "setUsesCallerIdentity"); + table.put(RUNAS_SPECIFIED_IDENTITY, "setRunAsIdentity"); + return table; } - @Override - public void startElement(XMLElement element, Attributes attributes) { - if (EjbTagNames.USE_CALLER_IDENTITY.equals(element.getQName())) { - ((EjbDescriptor) getParentNode().getDescriptor()).setUsesCallerIdentity(true); - } else { - super.startElement(element, attributes); - } - return; + public EjbDescriptor getParentNodeDescriptor() { + return (EjbDescriptor) super.getParentNode().getDescriptor(); } - @Override - public void setElementValue(XMLElement element, String value) { - if (TagNames.DESCRIPTION.equals(element.getQName())) { - ((EjbDescriptor) getParentNode().getDescriptor()).setSecurityIdentityDescription(value); - } else { - super.setElementValue(element, value); + /** + * @param parent parent node + * @param nodeName name of this node under the parent node. + * @param descriptor parent descriptor. + * @return new {@link Node} + */ + public static Node writeSecureIdentity(Node parent, String nodeName, EjbDescriptor descriptor) { + Node secureIdentityNode = appendChild(parent, nodeName); + appendTextChild(secureIdentityNode, TagNames.DESCRIPTION, descriptor.getSecurityIdentityDescription()); + if (Boolean.TRUE.equals(descriptor.getUsesCallerIdentity())) { + Node useCaller = secureIdentityNode.getOwnerDocument().createElement(USE_CALLER_IDENTITY); + secureIdentityNode.appendChild(useCaller); + } else if (Boolean.FALSE.equals(descriptor.getUsesCallerIdentity())) { + RunAsNode runAs = new RunAsNode(); + runAs.writeDescriptor(secureIdentityNode, RUNAS_SPECIFIED_IDENTITY, descriptor.getRunAsIdentity()); } + return secureIdentityNode; } } diff --git a/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/deployment/node/runtime/EjbNode.java b/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/deployment/node/runtime/EjbNode.java index 7d8262c7dee..a1fbbd94044 100644 --- a/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/deployment/node/runtime/EjbNode.java +++ b/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/deployment/node/runtime/EjbNode.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation + * Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved. * * This program and the accompanying materials are made available under the @@ -212,7 +212,7 @@ public Node writeDescriptor(Node parent, String nodeName, EjbDescriptor ejbDescr } // principal - if ( Boolean.FALSE.equals(ejbDescriptor.getUsesCallerIdentity()) ) { + if (Boolean.FALSE.equals(ejbDescriptor.getUsesCallerIdentity())) { RunAsIdentityDescriptor raid = ejbDescriptor.getRunAsIdentity(); if ( raid != null && raid.getPrincipal() != null ) { Node principalNode = appendChild(ejbNode, RuntimeTagNames.PRINCIPAL); diff --git a/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/deployment/util/EjbBundleValidator.java b/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/deployment/util/EjbBundleValidator.java index c2f1c572ab1..98cd726b885 100644 --- a/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/deployment/util/EjbBundleValidator.java +++ b/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/deployment/util/EjbBundleValidator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation + * Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved. * * This program and the accompanying materials are made available under the @@ -583,7 +583,7 @@ private void computeRuntimeDefault(EjbDescriptor ejb) { ejb.setJndiName(SimpleJndiName.of(intfName)); } - if (!ejb.getUsesCallerIdentity()) { + if (Boolean.FALSE.equals(ejb.getUsesCallerIdentity())) { computeRunAsPrincipalDefault(ejb.getRunAsIdentity(), ejb.getApplication()); } } diff --git a/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/application/EJBSecurityManager.java b/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/application/EJBSecurityManager.java index be26512eea1..975213665d9 100644 --- a/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/application/EJBSecurityManager.java +++ b/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/application/EJBSecurityManager.java @@ -601,7 +601,8 @@ private String getRealmName(EjbDescriptor deploymentDescriptor) { } private RunAsIdentityDescriptor getRunAs(EjbDescriptor deploymentDescriptor) { - if (deploymentDescriptor.getUsesCallerIdentity()) { + if (!Boolean.FALSE.equals(deploymentDescriptor.getUsesCallerIdentity())) { + // true or null disable runAs return null; } diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/Audit.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/Audit.java index 15ad13fc9ce..bc9ae59a9ae 100644 --- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/Audit.java +++ b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/Audit.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation + * Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation * Copyright (c) 1997, 2020 Oracle and/or its affiliates. All rights reserved. * * This program and the accompanying materials are made available under the @@ -386,7 +386,7 @@ private static void dumpDiagnostics(Application app) { logger.finest("EJB: " + ejb.getEjbClassName()); // check and show run-as if present - if (!ejb.getUsesCallerIdentity()) { + if (Boolean.FALSE.equals(ejb.getUsesCallerIdentity())) { RunAsIdentityDescriptor runas = ejb.getRunAsIdentity(); if (runas == null) { logger.finest(" (ejb does not use caller " + "identity)");