EJB's declaration of roles used in role references

[glassfishrobot]

The EJB spec requires that role references be declared either by annotation (@DeclareRole or @RolesAllowed) or by security-role-ref within the EJB deployment descriptor. The EJB sepc does not consider the definition of a security-role within the EJB deployment descriptor, as an implicit declaration of a corresponding security-role-ref for the role (given that the security-role-ref has not otherwise been declared).

Affected Versions

[4.0]

[glassfishrobot]

• Issue Imported From: https://github.com/javaee/glassfish/issues/20036
• Original Issue Raised By:@glassfishrobot
• Original Issue Assigned To: @yaminikb
• Original Issue Closed By:@glassfishrobot

[glassfishrobot]

@glassfishrobot Commented crperez said: There are couple areas to address:

• Adding of the EJBRoleRefPermission grants
• Handling of the IllegalStateException when invoking isCallerInRole()

[glassfishrobot]

@glassfishrobot Commented crperez said:

• What is the impact on the customer of the bug?

Existing EJB security-role-ref handling not conformant with JACC 1.5 and EJB 3.2 specifications

• What is the cost/risk of fixing the bug?

Small, the code changes update EJB role reference handling and remove exceptions thrown when role references where not found to be declared at run-time.

• Is there an impact on documentation or message strings?

No

• Which tests should QA (re)run to verify the fix did not destabilize GlassFish?

CTS7 JACC TCK, EJB tests

• Which is the targeted build of 4.0 for this fix?

b85

• If this an integration of a new version of a component from another project, what are the changes that are being brought in? This might be list of Jira issues from that project or a list of revision messages.

N/A

[glassfishrobot]

@glassfishrobot Commented tmueller said: Approved for 4.0.

[glassfishrobot]

@glassfishrobot Commented crperez said: [glassfish~svn:61324] #20036 - EJB's declaration of roles used in role references

Project: glassfish Repository: svn Revision: 61324 Author: crperez Date: 2013-04-10 15:12:58 UTC Link:

Log Message:

20036 - EJB's declaration of roles used in role references

• Add handling of EJBRoleRefPermission based on security-role declarations
• Remove exception for isCallerInRole() when security-role-ref not decalred Reviewed by Ron Monzillo, Marina Vatkina Passed JACC TCK, QuickLook, findbugs, CTS smoke, devtests EJB Web Admin

Revisions:

61324

Modified Paths:

trunk/main/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/application/EJBSecurityManager.java trunk/main/appserver/ejb/ejb-full-container/src/main/java/org/glassfish/ejb/mdb/MessageBeanContextImpl.java trunk/main/appserver/ejb/ejb-container/src/main/java/com/sun/ejb/containers/EJBContextImpl.java

[glassfishrobot]

@glassfishrobot Commented crperez said: [glassfish~svn:61325] #20036 - Add in the devtest cases based on security-role-ref han

Project: glassfish Repository: svn Revision: 61325 Author: crperez Date: 2013-04-10 15:14:50 UTC Link:

Log Message:

20036 - Add in the devtest cases based on security-role-ref handling

• any authenticated user role not declared explictly
• role references to security roles not required

Revisions:

61325

Modified Paths:

trunk/v2/appserv-tests/devtests/security/jaccmr8/client/Client.java trunk/v2/appserv-tests/devtests/security/jaccmr8/ejb/HelloStatefulEJB.java trunk/v2/appserv-tests/devtests/security/jaccmr8/ejb/HelloEJB.java trunk/v2/appserv-tests/devtests/security/jaccmr8/descriptor/ejb-jar.xml

[glassfishrobot]

@glassfishrobot Commented crperez said: [glassfish~svn:61366] #20036 - Remove commented code blocks

Project: glassfish Repository: svn Revision: 61366 Author: crperez Date: 2013-04-11 17:01:48 UTC Link:

Log Message:

20036 - Remove commented code blocks

Revisions:

61366

Modified Paths:

trunk/main/appserver/ejb/ejb-full-container/src/main/java/org/glassfish/ejb/mdb/MessageBeanContextImpl.java trunk/main/appserver/ejb/ejb-container/src/main/java/com/sun/ejb/containers/EJBContextImpl.java

[glassfishrobot]

@glassfishrobot Commented Was assigned to crperez

[glassfishrobot]

@glassfishrobot Commented This issue was imported from java.net JIRA GLASSFISH-20036

[glassfishrobot]

@glassfishrobot Commented Reported by crperez

[glassfishrobot]

@glassfishrobot Commented Marked as fixed on Wednesday, April 10th 2013, 8:23:01 am