/jboss-as-7.1.1.Final/webservices/server-integration/src/main/java/org/jboss/as/webservices/tomcat/WebMetaDataCreator.java
Java | 366 lines | 174 code | 43 blank | 149 comment | 37 complexity | 8c6019a0112301a83886266988f1edbb MD5 | raw file
Possible License(s): LGPL-2.1, Apache-2.0
1/*
2 * JBoss, Home of Professional Open Source.
3 * Copyright 2011, Red Hat Middleware LLC, and individual contributors
4 * as indicated by the @author tags. See the copyright.txt file in the
5 * distribution for a full listing of individual contributors.
6 *
7 * This is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this software; if not, write to the Free
19 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21 */
22package org.jboss.as.webservices.tomcat;
23
24import java.util.Arrays;
25import java.util.List;
26
27import org.jboss.as.server.deployment.DeploymentUnit;
28import org.jboss.as.web.deployment.WarMetaData;
29import org.jboss.as.webservices.util.ASHelper;
30import org.jboss.as.webservices.util.WebMetaDataHelper;
31import org.jboss.metadata.ear.spec.EarMetaData;
32import org.jboss.metadata.javaee.spec.SecurityRolesMetaData;
33import org.jboss.metadata.merge.javaee.spec.SecurityRolesMetaDataMerger;
34import org.jboss.metadata.web.jboss.JBossServletsMetaData;
35import org.jboss.metadata.web.jboss.JBossWebMetaData;
36import org.jboss.metadata.web.spec.LoginConfigMetaData;
37import org.jboss.metadata.web.spec.SecurityConstraintMetaData;
38import org.jboss.metadata.web.spec.ServletMappingMetaData;
39import org.jboss.metadata.web.spec.WebResourceCollectionsMetaData;
40import org.jboss.ws.common.integration.WSHelper;
41import org.jboss.wsf.spi.deployment.Deployment;
42import org.jboss.wsf.spi.deployment.Endpoint;
43import org.jboss.wsf.spi.deployment.HttpEndpoint;
44
45import static org.jboss.as.webservices.WSLogger.ROOT_LOGGER;
46
47/**
48 * @author <a href="mailto:ropalka@redhat.com">Richard Opalka</a>
49 */
50final class WebMetaDataCreator {
51
52 private static final String EJB_WEBSERVICE_REALM = "EJBWebServiceEndpointServlet Realm";
53
54 private final SecurityMetaDataAccessorEJB ejb21SecurityAccessor = new SecurityMetaDataAccessorEJB21();
55
56 private final SecurityMetaDataAccessorEJB ejb3SecurityAccessor = new SecurityMetaDataAccessorEJB3();
57
58 WebMetaDataCreator() {
59 super();
60 }
61
62 /**
63 * Creates web meta data for EJB deployments.
64 *
65 * @param dep webservice deployment
66 */
67 void create(final Deployment dep) {
68 final DeploymentUnit unit = WSHelper.getRequiredAttachment(dep, DeploymentUnit.class);
69 WarMetaData warMD = ASHelper.getOptionalAttachment(unit, WarMetaData.ATTACHMENT_KEY);
70 JBossWebMetaData jbossWebMD = warMD != null ? warMD.getMergedJBossWebMetaData() : null;
71
72 if (warMD == null) {
73 warMD = new WarMetaData();
74 }
75 if (jbossWebMD == null) {
76 jbossWebMD = new JBossWebMetaData();
77 warMD.setMergedJBossWebMetaData(jbossWebMD);
78 unit.putAttachment(WarMetaData.ATTACHMENT_KEY, warMD);
79 }
80
81 createWebAppDescriptor(dep, jbossWebMD);
82 createJBossWebAppDescriptor(dep, jbossWebMD);
83
84 dep.addAttachment(JBossWebMetaData.class, jbossWebMD);
85 }
86
87 /**
88 * Creates web.xml descriptor meta data.
89 *
90 * @param dep webservice deployment
91 * @param jbossWebMD jboss web meta data
92 */
93 private void createWebAppDescriptor(final Deployment dep, final JBossWebMetaData jbossWebMD) {
94 ROOT_LOGGER.creatingWebXmlDescriptor();
95 createServlets(dep, jbossWebMD);
96 createServletMappings(dep, jbossWebMD);
97 createSecurityConstraints(dep, jbossWebMD);
98 createLoginConfig(dep, jbossWebMD);
99 createSecurityRoles(dep, jbossWebMD);
100 }
101
102 /**
103 * Creates jboss-web.xml descriptor meta data.
104 * <p/>
105 * <pre>
106 * <jboss-web>
107 * <security-domain>java:/jaas/custom-security-domain</security-domain>
108 * <context-root>/custom-context-root</context-root>
109 * <virtual-host>host1</virtual-host>
110 * ...
111 * <virtual-host>hostN</virtual-host>
112 * </jboss-web>
113 * </pre>
114 *
115 * @param dep webservice deployment
116 * @param jbossWebMD jboss web meta data
117 */
118 private void createJBossWebAppDescriptor(final Deployment dep, final JBossWebMetaData jbossWebMD) {
119 ROOT_LOGGER.creatingJBossWebXmlDescriptor();
120 final SecurityMetaDataAccessorEJB ejbMDAccessor = getEjbSecurityMetaDataAccessor(dep);
121
122 // Set security domain
123 final String securityDomain = ejbMDAccessor.getSecurityDomain(dep);
124 final boolean hasSecurityDomain = securityDomain != null;
125
126 if (hasSecurityDomain) {
127 ROOT_LOGGER.settingSecurityDomain(securityDomain);
128 jbossWebMD.setSecurityDomain(securityDomain);
129 }
130
131 // Set virtual host
132 final String virtualHost = dep.getService().getVirtualHost();
133 if (virtualHost != null) {
134 ROOT_LOGGER.settingVirtualHost(virtualHost);
135 jbossWebMD.setVirtualHosts(Arrays.asList(virtualHost));
136 }
137 }
138
139 /**
140 * Creates servlets part of web.xml descriptor.
141 * <p/>
142 * <pre>
143 * <servlet>
144 * <servlet-name>EJBEndpointShortName</servlet-name>
145 * <servlet-class>EJBEndpointTargetBeanName</servlet-class>
146 * </servlet>
147 * </pre>
148 *
149 * @param dep webservice deployment
150 * @param jbossWebMD jboss web meta data
151 */
152 private void createServlets(final Deployment dep, final JBossWebMetaData jbossWebMD) {
153 ROOT_LOGGER.creatingServlets();
154 final JBossServletsMetaData servlets = WebMetaDataHelper.getServlets(jbossWebMD);
155
156 for (final Endpoint endpoint : dep.getService().getEndpoints()) {
157 final String endpointName = endpoint.getShortName();
158 final String endpointClassName = endpoint.getTargetBeanName();
159
160 ROOT_LOGGER.creatingServlet(endpointName, endpointClassName);
161 WebMetaDataHelper.newServlet(endpointName, endpointClassName, servlets);
162 }
163 }
164
165 /**
166 * Creates servlet-mapping part of web.xml descriptor.
167 * <p/>
168 * <pre>
169 * <servlet-mapping>
170 * <servlet-name>EJBEndpointShortName</servlet-name>
171 * <url-pattern>EJBEndpointURLPattern</url-pattern>
172 * </servlet-mapping>
173 * </pre>
174 *
175 * @param dep webservice deployment
176 * @param jbossWebMD jboss web meta data
177 */
178 private void createServletMappings(final Deployment dep, final JBossWebMetaData jbossWebMD) {
179 ROOT_LOGGER.creatingServletMappings();
180 final List<ServletMappingMetaData> servletMappings = WebMetaDataHelper.getServletMappings(jbossWebMD);
181
182 for (final Endpoint ep : dep.getService().getEndpoints()) {
183 if (ep instanceof HttpEndpoint) {
184 final String endpointName = ep.getShortName();
185 final List<String> urlPatterns = WebMetaDataHelper.getUrlPatterns(((HttpEndpoint) ep).getURLPattern());
186
187 ROOT_LOGGER.creatingServletMapping(endpointName, urlPatterns);
188 WebMetaDataHelper.newServletMapping(endpointName, urlPatterns, servletMappings);
189 }
190 }
191 }
192
193 /**
194 * Creates security constraints part of web.xml descriptor.
195 * <p/>
196 * <pre>
197 * <security-constraint>
198 * <web-resource-collection>
199 * <web-resource-name>EJBEndpointShortName</web-resource-name>
200 * <url-pattern>EJBEndpointURLPattern</url-pattern>
201 * <http-method>GET</http-method>
202 * <http-method>POST</http-method>
203 * </web-resource-collection>
204 * <auth-constraint>
205 * <role-name>*</role-name>
206 * </auth-constraint>
207 * <user-data-constraint>
208 * <transport-guarantee>EjbTransportGuarantee</transport-guarantee>
209 * </user-data-constraint>
210 * </security-constraint>
211 * </pre>
212 *
213 * @param dep webservice deployment
214 * @param jbossWebMD jboss web meta data
215 */
216 private void createSecurityConstraints(final Deployment dep, final JBossWebMetaData jbossWebMD) {
217 ROOT_LOGGER.creatingSecurityConstraints();
218 final SecurityMetaDataAccessorEJB ejbMDAccessor = getEjbSecurityMetaDataAccessor(dep);
219
220 for (final Endpoint ejbEndpoint : dep.getService().getEndpoints()) {
221 final boolean secureWsdlAccess = ejbMDAccessor.isSecureWsdlAccess(ejbEndpoint);
222 final String transportGuarantee = ejbMDAccessor.getTransportGuarantee(ejbEndpoint);
223 final boolean hasTransportGuarantee = transportGuarantee != null;
224 final String authMethod = ejbMDAccessor.getAuthMethod(ejbEndpoint);
225 final boolean hasAuthMethod = authMethod != null;
226
227 if (ejbEndpoint instanceof HttpEndpoint && (hasAuthMethod || hasTransportGuarantee)) {
228 final List<SecurityConstraintMetaData> securityConstraints = WebMetaDataHelper
229 .getSecurityConstraints(jbossWebMD);
230
231 // security-constraint
232 final SecurityConstraintMetaData securityConstraint = WebMetaDataHelper
233 .newSecurityConstraint(securityConstraints);
234
235 // web-resource-collection
236 final WebResourceCollectionsMetaData webResourceCollections = WebMetaDataHelper
237 .getWebResourceCollections(securityConstraint);
238 final String endpointName = ejbEndpoint.getShortName();
239 final String urlPattern = ((HttpEndpoint) ejbEndpoint).getURLPattern();
240 ROOT_LOGGER.creatingWebResourceCollection(endpointName, urlPattern);
241 WebMetaDataHelper.newWebResourceCollection(endpointName, urlPattern, secureWsdlAccess,
242 webResourceCollections);
243
244 // auth-constraint
245 if (hasAuthMethod) {
246 ROOT_LOGGER.creatingAuthConstraint(endpointName);
247 WebMetaDataHelper.newAuthConstraint(WebMetaDataHelper.getAllRoles(), securityConstraint);
248 }
249
250 // user-data-constraint
251 if (hasTransportGuarantee) {
252 ROOT_LOGGER.creatingUserDataConstraint(endpointName, transportGuarantee);
253 WebMetaDataHelper.newUserDataConstraint(transportGuarantee, securityConstraint);
254 }
255 }
256 }
257 }
258
259 /**
260 * Creates login-config part of web.xml descriptor.
261 * <p/>
262 * <pre>
263 * <login-config>
264 * <auth-method>EjbDeploymentAuthMethod</auth-method>
265 * <realm-name>EJBWebServiceEndpointServlet Realm</realm-name>
266 * </login-config>
267 * </pre>
268 *
269 * @param dep webservice deployment
270 * @param jbossWebMD jboss web meta data
271 */
272 private void createLoginConfig(final Deployment dep, final JBossWebMetaData jbossWebMD) {
273 final String authMethod = getAuthMethod(dep);
274 final boolean hasAuthMethod = authMethod != null;
275
276 if (hasAuthMethod) {
277 ROOT_LOGGER.creatingLoginConfig(EJB_WEBSERVICE_REALM, authMethod);
278 final LoginConfigMetaData loginConfig = WebMetaDataHelper.getLoginConfig(jbossWebMD);
279 loginConfig.setRealmName(WebMetaDataCreator.EJB_WEBSERVICE_REALM);
280 loginConfig.setAuthMethod(authMethod);
281 }
282 }
283
284 /**
285 * Creates security roles part of web.xml descriptor.
286 * <p/>
287 * <pre>
288 * <security-role>
289 * <role-name>role1</role-name>
290 * ...
291 * <role-name>roleN</role-name>
292 * </security-role>
293 * </pre>
294 *
295 * @param dep webservice deployment
296 * @param jbossWebMD jboss web meta data
297 */
298 private void createSecurityRoles(final Deployment dep, final JBossWebMetaData jbossWebMD) {
299 final String authMethod = getAuthMethod(dep);
300 final boolean hasAuthMethod = authMethod != null;
301
302 if (hasAuthMethod) {
303 final SecurityMetaDataAccessorEJB ejbMDAccessor = getEjbSecurityMetaDataAccessor(dep);
304 final SecurityRolesMetaData securityRolesMD = ejbMDAccessor.getSecurityRoles(dep);
305 final boolean hasSecurityRolesMD = securityRolesMD != null;
306
307 if (hasSecurityRolesMD) {
308 ROOT_LOGGER.creatingSecurityRoles();
309 jbossWebMD.setSecurityRoles(securityRolesMD);
310 }
311 }
312
313 //merge security roles from the ear
314 //TODO: is there somewhere better to put this?
315 final DeploymentUnit unit = dep.getAttachment(DeploymentUnit.class);
316 DeploymentUnit parent = unit.getParent();
317 if (parent != null) {
318 final EarMetaData earMetaData = parent.getAttachment(org.jboss.as.ee.structure.Attachments.EAR_METADATA);
319 if (earMetaData != null) {
320 if (jbossWebMD.getSecurityRoles() == null) {
321 jbossWebMD.setSecurityRoles(new SecurityRolesMetaData());
322 }
323
324 SecurityRolesMetaData earSecurityRolesMetaData = earMetaData.getSecurityRoles();
325 if (earSecurityRolesMetaData != null) {
326 SecurityRolesMetaDataMerger.merge(jbossWebMD.getSecurityRoles(), jbossWebMD.getSecurityRoles(), earSecurityRolesMetaData);
327 }
328 }
329 }
330 }
331
332 /**
333 * Returns deployment authentication method.
334 *
335 * @param dep webservice deployment
336 * @return deployment authentication method
337 */
338 private String getAuthMethod(final Deployment dep) {
339 final SecurityMetaDataAccessorEJB ejbMDAccessor = getEjbSecurityMetaDataAccessor(dep);
340
341 for (final Endpoint ejbEndpoint : dep.getService().getEndpoints()) {
342 final String beanAuthMethod = ejbMDAccessor.getAuthMethod(ejbEndpoint);
343 final boolean hasBeanAuthMethod = beanAuthMethod != null;
344
345 if (hasBeanAuthMethod) {
346 // First found auth-method defines war
347 // login-config/auth-method
348 return beanAuthMethod;
349 }
350 }
351
352 return null;
353 }
354
355 /**
356 * Returns security builder associated with EJB deployment.
357 *
358 * @param dep webservice EJB deployment
359 * @return security builder for EJB deployment
360 */
361 private SecurityMetaDataAccessorEJB getEjbSecurityMetaDataAccessor(final Deployment dep) {
362 final boolean isJaxws = WSHelper.isJaxwsDeployment(dep);
363
364 return isJaxws ? ejb3SecurityAccessor : ejb21SecurityAccessor;
365 }
366}