001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one or more
003     * contributor license agreements.  See the NOTICE file distributed with
004     * this work for additional information regarding copyright ownership.
005     * The ASF licenses this file to You under the Apache License, Version 2.0
006     * (the "License"); you may not use this file except in compliance with
007     * the License.  You may obtain a copy of the License at
008     *
009     *     http://www.apache.org/licenses/LICENSE-2.0
010     *
011     * Unless required by applicable law or agreed to in writing, software
012     * distributed under the License is distributed on an "AS IS" BASIS,
013     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     * See the License for the specific language governing permissions and
015     * limitations under the License.
016     */
017    package org.apache.geronimo.corba;
018    
019    import java.net.URI;
020    
021    import javax.transaction.TransactionManager;
022    
023    import org.apache.commons.logging.Log;
024    import org.apache.commons.logging.LogFactory;
025    import org.apache.geronimo.gbean.AbstractName;
026    import org.apache.geronimo.gbean.GBeanLifecycle;
027    import org.apache.geronimo.gbean.InvalidConfigurationException; 
028    import org.apache.geronimo.corba.security.config.ConfigAdapter;
029    import org.apache.geronimo.corba.security.config.css.CSSConfig;
030    import org.apache.geronimo.corba.security.config.ssl.SSLConfig;
031    import org.apache.geronimo.corba.security.config.tss.TSSConfig;
032    import org.apache.geronimo.corba.security.ClientPolicy;
033    import org.apache.geronimo.corba.transaction.ClientTransactionPolicyConfig;
034    import org.apache.geronimo.corba.transaction.ClientTransactionPolicy;
035    import org.apache.geronimo.corba.transaction.nodistributedtransactions.NoDTxClientTransactionPolicyConfig;
036    import org.apache.geronimo.corba.util.Util;
037    import org.omg.CORBA.ORB;
038    import org.omg.CORBA.UserException;
039    import org.omg.CORBA.PolicyManager;
040    import org.omg.CORBA.Policy;
041    import org.omg.CORBA.SetOverrideType;
042    import org.omg.CosNaming.NameComponent;
043    import org.omg.CosNaming.NamingContextExt;
044    import org.omg.CosNaming.NamingContextExtHelper;
045    
046    
047    /**
048     * A CSSBean is an ORB instance configured for
049     * accessing EJBs using a specific security profile.  A single
050     * CSSBean can be referenced by multiple ejb-refs that share a
051     * common security profile.
052     *
053     * For each CSSBean instance, there will be a backing
054     * ORB configured with the appropriate interceptors and
055     * principal information to access the target object.
056     * @version $Revision: 502382 $ $Date: 2007-02-01 14:23:31 -0800 (Thu, 01 Feb 2007) $
057     */
058    public class CSSBean implements GBeanLifecycle, ORBConfiguration {
059    
060        private final static Log log = LogFactory.getLog(CSSBean.class);
061    
062        private final ClassLoader classLoader;
063        private final ConfigAdapter configAdapter;
064        private final TransactionManager transactionManager;
065        private String description;
066        private CSSConfig cssConfig;
067        private SSLConfig sslConfig;
068        // ORB used for activating and accessing the target bean.
069        private ORB cssORB;
070        // ORB used for nameservice lookups.
071        private ORB nssORB;
072        private AbstractName abstractName;
073    
074        public CSSBean() {
075            this.classLoader = null;
076            this.configAdapter = null;
077            this.transactionManager = null;
078            this.abstractName = null;
079            this.sslConfig = null;
080            this.cssConfig = null;
081        }
082    
083        public CSSBean(ConfigAdapter configAdapter, TransactionManager transactionManager, SSLConfig ssl, AbstractName abstractName, ClassLoader classLoader) throws ClassNotFoundException, IllegalAccessException, InstantiationException {
084            this.abstractName = abstractName;
085            this.classLoader = classLoader;
086            this.transactionManager = transactionManager;
087            this.configAdapter = configAdapter;
088            this.sslConfig = ssl;
089        }
090    
091        public String getDescription() {
092            return description;
093        }
094    
095        public void setDescription(String description) {
096            this.description = description;
097        }
098    
099        public CSSConfig getCssConfig() {
100            return cssConfig;
101        }
102    
103        public void setCssConfig(CSSConfig config) {
104            if (config == null) config = new CSSConfig();
105            this.cssConfig = config;
106        }
107    
108        public TSSConfig getTssConfig() {
109            // just return a default no security one.
110            return new TSSConfig();
111        }
112    
113        /**
114         * Return the SSLConfig used for this ORB instance.
115         * if one has not been configured, this returns
116         * a default configuration.
117         *
118         * @return The SSLConfig object use to manage transport-level
119         *         security.
120         */
121        public SSLConfig getSslConfig() {
122            if (sslConfig == null) {
123                sslConfig = new SSLConfig();
124            }
125            return sslConfig;
126        }
127    
128        public ORB getORB() {
129            return cssORB;
130        }
131    
132        /**
133         * Return the retrieval URI for this bean.
134         *
135         * @return The URI for the bean AbstractName;
136         */
137        public String getURI() {
138            return abstractName.toString();
139        }
140    
141        public org.omg.CORBA.Object getHome(URI nsURI, String name) {
142    
143            if (log.isDebugEnabled())
144                log.debug(description + " - Looking up home from " + nsURI.toString() + " at " + name);
145    
146            try {
147                // The following may seem unncecessary, but it isn't.  We need to use one ORB to
148                // retrieve the object reference from the NameService because the SecurityInterceptor
149                // attached to the main ORB instance may add additional service contexts to the
150                // NameService request that will cause failures.  We use one configuration to access
151                // the server, and the activate the object on the real one.
152                org.omg.CORBA.Object ref = nssORB.string_to_object(nsURI.toString());
153                NamingContextExt ic = NamingContextExtHelper.narrow(ref);
154    
155                NameComponent[] nameComponent = ic.to_name(name);
156                org.omg.CORBA.Object bean = ic.resolve(nameComponent);
157    
158                // Ok, now we have an object reference from the naming service, but we need to 
159                // activate that object on the cssORB instance before we hand it out.  Activating it 
160                // on the cssORB will ensure that all of the interceptors and policies we define on the 
161                // cssORB will get used for all requests involving this bean. 
162                String beanIOR = nssORB.object_to_string(bean);
163                bean = cssORB.string_to_object(beanIOR);
164    
165                return bean;
166            } catch (NoSuchMethodError e) {
167                log.error("Incorrect level of org.omg.CORBA classes found.\nLikely cause is an incorrect java.endorsed.dirs configuration"); 
168                throw new InvalidConfigurationException("CORBA usage requires Yoko CORBA spec classes in java.endorsed.dirs classpath", e); 
169            } catch (UserException ue) {
170                log.error(description + " - Looking up home", ue);
171                throw new RuntimeException(description + " - Looking up home", ue);
172            }
173        }
174    
175        /**
176         * Start this GBean instance, which essentially
177         * sets up an ORB and configures a client context
178         * for handling requests.
179         *
180         * @exception Exception
181         */
182        public void doStart() throws Exception {
183    
184            // we create a dummy CSSConfig if one has not be specified prior to this.
185            if (cssConfig == null) {
186                cssConfig = new CSSConfig();
187            }
188    
189            ClassLoader savedLoader = Thread.currentThread().getContextClassLoader();
190            try {
191                log.debug("Starting CSS ORB " + getURI());
192    
193                Thread.currentThread().setContextClassLoader(classLoader);
194                // register this so we can retrieve this in the interceptors 
195                Util.registerORB(getURI(), this); 
196    
197                // create an ORB using the name service.
198                nssORB = configAdapter.createNameServiceClientORB(this);
199                // the configAdapter creates the ORB instance for us.
200                cssORB = configAdapter.createClientORB(this);
201                PolicyManager policyManager = (PolicyManager) cssORB.resolve_initial_references("ORBPolicyManager");
202                Policy[] policies = new Policy[] {new ClientPolicy(cssConfig), new ClientTransactionPolicy(buildClientTransactionPolicyConfig())};
203                policyManager.set_policy_overrides(policies, SetOverrideType.ADD_OVERRIDE);
204            } finally {
205                Thread.currentThread().setContextClassLoader(savedLoader);
206            }
207    
208            log.debug("Started CORBA Client Security Server - " + description);
209        }
210    
211        private ClientTransactionPolicyConfig buildClientTransactionPolicyConfig() {
212            return new NoDTxClientTransactionPolicyConfig(transactionManager);
213        }
214    
215        public void doStop() throws Exception {
216            cssORB.destroy();
217            nssORB.destroy();
218            // remove this from the registry 
219            Util.unregisterORB(getURI()); 
220            cssORB = null;
221            nssORB = null;
222            log.debug("Stopped CORBA Client Security Server - " + description);
223        }
224    
225        public void doFail() {
226            log.debug("Failed CORBA Client Security Server " + description);
227        }
228    
229    }