Skip to content

Commit

Permalink
Merge pull request #3920 from arjantijms/PAYARA-3785-security-cleanin…
Browse files Browse the repository at this point in the history 
…g-sweep-6

PAYARA-3785 Security code cleaning sweep 6
  • Loading branch information
@arjantijms
arjantijms authored May 1, 2019
2 parents d94fa2a + 0c10c3d commit 52d80ca
Show file tree
Hide file tree
Showing 19 changed files with 826 additions and 700 deletions.
95 changes: 50 additions & 45 deletions ...erver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/SecurityDeployer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,9 @@

/**
* Security Deployer which generate and clean the security policies
*
* <p>
* This contains many JACC life cycle methods which can/should be moved to the JACC package
*
*/
@Service(name = "Security")
Expand Down Expand Up @@ -154,7 +157,7 @@ public void event(Event event) {

Set<WebBundleDescriptor> webBundleDescriptors = app.getBundleDescriptors(WebBundleDescriptor.class);
linkPolicies(app, webBundleDescriptors);
commitEjbs(app);
commitEjbPolicies(app);

if (webBundleDescriptors != null && !webBundleDescriptors.isEmpty()) {
// Register the WebSecurityComponentInvocationHandler
Expand All @@ -164,7 +167,7 @@ public void event(Event event) {
}
}
} else if (AFTER_SERVLET_CONTEXT_INITIALIZED_EVENT.equals(event.type())) {
commitPolicy((WebBundleDescriptor) event.hook());
commitWebPolicy((WebBundleDescriptor) event.hook());
}
}
};
Expand Down Expand Up @@ -234,11 +237,6 @@ public MetaData getMetaData() {
return new MetaData(false, null, new Class[] { Application.class });
}



// ### Private methods


/**
* Translate Web Bundle Policy
*
Expand All @@ -262,25 +260,32 @@ public void loadPolicy(WebBundleDescriptor webDescriptor, boolean remove) throws
throw new DeploymentException("Error in generating security policy for " + webDescriptor.getModuleDescriptor().getModuleName(), se);
}
}



// ### Private methods


/**
* Puts Web Bundle Policy In Service, repeats translation is Descriptor indicate policy was changed by ContextListener.
*
* @param webBundleDescriptor
* @throws DeploymentException
*/
private void commitPolicy(WebBundleDescriptor webBundleDescriptor) throws DeploymentException {
private void commitWebPolicy(WebBundleDescriptor webBundleDescriptor) throws DeploymentException {
try {
if (webBundleDescriptor != null) {
if (webBundleDescriptor.isPolicyModified()) {
// redo policy translation for web module
loadPolicy(webBundleDescriptor, true);
}
String cid = SecurityUtil.getContextID(webBundleDescriptor);
websecurityProbeProvider.policyCreationStartedEvent(cid);
SecurityUtil.generatePolicyFile(cid);
websecurityProbeProvider.policyCreationEndedEvent(cid);
websecurityProbeProvider.policyCreationEvent(cid);

String contextId = SecurityUtil.getContextID(webBundleDescriptor);

websecurityProbeProvider.policyCreationStartedEvent(contextId);
SecurityUtil.generatePolicyFile(contextId);
websecurityProbeProvider.policyCreationEndedEvent(contextId);
websecurityProbeProvider.policyCreationEvent(contextId);

}
} catch (Exception se) {
Expand All @@ -295,15 +300,15 @@ private void commitPolicy(WebBundleDescriptor webBundleDescriptor) throws Deploy
*
* @param ejbs
*/
private void commitEjbs(Application app) throws DeploymentException {
Set<EjbBundleDescriptor> ejbDescriptors = app.getBundleDescriptors(EjbBundleDescriptor.class);
private void commitEjbPolicies(Application app) throws DeploymentException {
try {
for (EjbBundleDescriptor ejbBD : ejbDescriptors) {
String pcid = SecurityUtil.getContextID(ejbBD);
ejbProbeProvider.policyCreationStartedEvent(pcid);
SecurityUtil.generatePolicyFile(pcid);
ejbProbeProvider.policyCreationEndedEvent(pcid);
ejbProbeProvider.policyCreationEvent(pcid);
for (EjbBundleDescriptor ejbBD : app.getBundleDescriptors(EjbBundleDescriptor.class)) {
String contextId = SecurityUtil.getContextID(ejbBD);

ejbProbeProvider.policyCreationStartedEvent(contextId);
SecurityUtil.generatePolicyFile(contextId);
ejbProbeProvider.policyCreationEndedEvent(contextId);
ejbProbeProvider.policyCreationEvent(contextId);

}
} catch (Exception se) {
Expand Down Expand Up @@ -415,6 +420,30 @@ public static List<EventTypes> getDeploymentEvents() {
return events;
}

private void handleCNonceCacheBSInit(String appName, Set<WebBundleDescriptor> webDesc, boolean isHA) {
boolean hasDigest = false;
for (WebBundleDescriptor webBD : webDesc) {
LoginConfiguration lc = webBD.getLoginConfiguration();
if (lc != null && LoginConfiguration.DIGEST_AUTHENTICATION.equals(lc.getAuthenticationMethod())) {
hasDigest = true;
break;
}
}
if (!hasDigest) {
return;
}
// initialize the backing stores as well for cnonce cache.
if (isHaEnabled() && isHA) {
final String clusterName = haUtil.getClusterName();
final String instanceName = haUtil.getInstanceName();
if (cnonceCacheFactory != null) {
CNonceCache cache = cnonceCacheFactory.createCNonceCache(appName, clusterName, instanceName, HA_CNONCE_BS_NAME);
this.appCnonceMap.put(appName, cache);
}

}
}

private boolean isHaEnabled() {
boolean haEnabled = false;
// lazily init the required services instead of
Expand All @@ -439,28 +468,4 @@ private boolean isHaEnabled() {

return haEnabled;
}

private void handleCNonceCacheBSInit(String appName, Set<WebBundleDescriptor> webDesc, boolean isHA) {
boolean hasDigest = false;
for (WebBundleDescriptor webBD : webDesc) {
LoginConfiguration lc = webBD.getLoginConfiguration();
if (lc != null && LoginConfiguration.DIGEST_AUTHENTICATION.equals(lc.getAuthenticationMethod())) {
hasDigest = true;
break;
}
}
if (!hasDigest) {
return;
}
// initialize the backing stores as well for cnonce cache.
if (isHaEnabled() && isHA) {
final String clusterName = haUtil.getClusterName();
final String instanceName = haUtil.getInstanceName();
if (cnonceCacheFactory != null) {
CNonceCache cache = cnonceCacheFactory.createCNonceCache(appName, clusterName, instanceName, HA_CNONCE_BS_NAME);
this.appCnonceMap.put(appName, cache);
}

}
}
}
Loading

0 comments on commit 52d80ca

Please sign in to comment.