From 899c9e004284164dd655a1a9ea3b11e60a443298 Mon Sep 17 00:00:00 2001
From: Heng Sin Low <hengsin@gmail.com>
Date: Fri, 25 May 2007 06:47:28 +0000
Subject: [PATCH] * [ adempiere-Bugs-1719617 ] Server bean allows remote
 unauthenticated queries - Implemented jaas authentication for server bean

---
 serverRoot/.classpath                         |  1 +
 serverRoot/build.xml                          |  5 +
 .../session/AdempiereLoginModule.java         | 95 +++++++++++++++++++
 .../ejb/org/compiere/session/ServerBean.java  | 21 +++-
 .../ejb/org/compiere/session/StatusBean.java  |  1 +
 serverRoot/xdoclet-build.xml                  |  4 -
 6 files changed, 122 insertions(+), 5 deletions(-)
 create mode 100644 serverRoot/src/main/ejb/org/compiere/session/AdempiereLoginModule.java

diff --git a/serverRoot/.classpath b/serverRoot/.classpath
index 222c888044..9e859e7478 100644
--- a/serverRoot/.classpath
+++ b/serverRoot/.classpath
@@ -7,5 +7,6 @@
 	<classpathentry kind="src" path="/tools"/>
 	<classpathentry kind="src" path="/base"/>
 	<classpathentry combineaccessrules="false" kind="src" path="/looks"/>
+	<classpathentry kind="lib" path="/lib/jboss.jar"/>
 	<classpathentry kind="output" path="build/classes"/>
 </classpath>
diff --git a/serverRoot/build.xml b/serverRoot/build.xml
index 75b5758863..7634040bbf 100644
--- a/serverRoot/build.xml
+++ b/serverRoot/build.xml
@@ -54,6 +54,8 @@
     <pathelement location="${xdoclet.home}/lib/xdoclet-ejb-module-1.2.3.jar" />
     <pathelement location="${xdoclet.home}/lib/xjavadoc-1.1.jar" />
     <pathelement location="${xdoclet.home}/lib/xdoclet-xdoclet-module-1.2.3.jar" />
+    <pathelement location="${xdoclet.home}/lib/xdoclet-jboss-module-1.2.3.jar" />
+  	<pathelement location="${xdoclet.home}/lib/xdoclet-jmx-module-1.2.3.jar" />
     <pathelement location="${xdoclet.home}/lib/commons-collections-3.1.jar" />
   </path>
 
@@ -100,6 +102,9 @@
       <localinterface/>
       <localhomeinterface/>
       <remoteinterface/>
+      <jboss 
+      	securityDomain="java:/jaas/adempiere"
+      	destdir="${build.dir}/META-INF"/>
       <deploymentdescriptor destdir="${build.dir}/META-INF"/>
     </ejbdoclet>
   </target>
diff --git a/serverRoot/src/main/ejb/org/compiere/session/AdempiereLoginModule.java b/serverRoot/src/main/ejb/org/compiere/session/AdempiereLoginModule.java
new file mode 100644
index 0000000000..5339320a0f
--- /dev/null
+++ b/serverRoot/src/main/ejb/org/compiere/session/AdempiereLoginModule.java
@@ -0,0 +1,95 @@
+package org.compiere.session;
+
+import java.io.IOException;
+import java.security.Identity;
+import java.security.Principal;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.compiere.util.Env;
+import org.compiere.util.KeyNamePair;
+import org.compiere.util.Login;
+import org.jboss.security.SimpleGroup;
+import org.jboss.security.SimplePrincipal;
+
+public class AdempiereLoginModule implements LoginModule {
+
+	private String unauthenticatedIdentity;
+	private CallbackHandler handler;
+	private Subject subject;
+	private KeyNamePair[] roles;
+	private String name;
+	
+	public boolean abort() throws LoginException {
+		roles = null;
+		name = null;
+		return false;
+	}
+
+	public boolean commit() throws LoginException {
+		if (roles == null || roles.length == 0)
+		{
+			subject.getPrincipals().add(new SimplePrincipal(unauthenticatedIdentity));
+			SimpleGroup roleGroup = new SimpleGroup("Roles");
+			subject.getPrincipals().add(roleGroup);
+		}
+		else
+		{
+			subject.getPrincipals().add(new SimplePrincipal(name));
+			SimpleGroup roleGroup = new SimpleGroup("Roles");
+			roleGroup.addMember(new SimplePrincipal("adempiereUsers"));
+			for(int i = 0; i < roles.length; i++)
+			{
+				roleGroup.addMember(new SimplePrincipal(roles[i].getName()));
+			}
+			subject.getPrincipals().add(roleGroup);
+		}
+		return true;
+	}
+
+	public void initialize(Subject subject, CallbackHandler callbackHandler,
+			Map<String, ?> sharedState, Map<String, ?> options) {
+		unauthenticatedIdentity = (String)options.get("unauthenticatedIdentity");
+		handler = callbackHandler;
+		this.subject = subject;
+	}
+
+	public boolean login() throws LoginException {
+		Callback callbacks[] = new Callback[]{new NameCallback("Login:"), new PasswordCallback("Password:", false)};
+		try {
+			handler.handle(callbacks);
+		} catch (IOException e) {
+		} catch (UnsupportedCallbackException e) {
+		}
+		name = ((NameCallback)callbacks[0]).getName();
+		char[] pass = ((PasswordCallback)callbacks[1]).getPassword();
+		String passwd = pass != null ? new String(pass) : null;
+		if (name != null && passwd != null)
+		{
+			Login login = new Login(Env.getCtx());
+			roles = login.getRoles(name, passwd);
+		}
+		else
+		{
+			roles = null;
+		}
+		
+		return true;
+	}
+
+	public boolean logout() throws LoginException {
+		roles = null;
+		name = null;
+		
+		return true;
+	}
+
+}
diff --git a/serverRoot/src/main/ejb/org/compiere/session/ServerBean.java b/serverRoot/src/main/ejb/org/compiere/session/ServerBean.java
index 567d63c45c..f8006f7cb7 100644
--- a/serverRoot/src/main/ejb/org/compiere/session/ServerBean.java
+++ b/serverRoot/src/main/ejb/org/compiere/session/ServerBean.java
@@ -51,6 +51,8 @@ import org.compiere.wf.*;
  *  @ejb.ejb-ref ejb-name="adempiere/Server"
  *  	view-type="local"
  *		ref-name="adempiere/ServerLocal"
+ *  
+ *  @ejb.permission role-name="adempiereUsers"
  *
  * 	@author 	Jorg Janke
  * 	@version 	$Id: ServerBean.java,v 1.3 2006/07/30 00:53:33 jjanke Exp $
@@ -134,6 +136,7 @@ public class ServerBean implements SessionBean
 	{
 		
 		validateSecurityToken(token);
+		//log.finer(m_Context.getCallerPrincipal().getName() + " - " + info.getSql());
 			
 		log.finer("[" + m_no + "]");
 		m_stmt_rowSetCount++;
@@ -153,6 +156,7 @@ public class ServerBean implements SessionBean
 	{
 		validateSecurityToken(token);
 		
+		//log.finer(m_Context.getCallerPrincipal().getName() + " - " + info.getSql());
 		log.finer("[" + m_no + "]");
 		m_stmt_rowSetCount++;
 		CStatement stmt = new CStatement(info);
@@ -171,6 +175,7 @@ public class ServerBean implements SessionBean
 	{
 		validateSecurityToken(token);
 		
+		//log.finer(m_Context.getCallerPrincipal().getName() + " - " + info.getSql());
 		log.finer("[" + m_no + "]");
 		m_stmt_updateCount++;
 		if (info.getParameterCount() == 0)
@@ -527,6 +532,7 @@ public class ServerBean implements SessionBean
 	/**************************************************************************
 	 * 	Describes the instance and its content for debugging purpose
 	 *  @ejb.interface-method view-type="both"
+	 *  @ejb.permission unchecked="true"
 	 * 	@return Debugging information about the instance and its content
 	 */
 	public String getStatus()
@@ -658,6 +664,18 @@ public class ServerBean implements SessionBean
 		return gridTabVO.getFields();
 	}
 	
+	/**
+	 * Get table id from ad_table by table name
+	 * @ejb.interface-method view-type="both"
+	 * @ejb.permission unchecked="true"
+	 * @param tableName
+	 * @return tableName
+	 */
+	public int getTableID(String tableName)
+	{
+		return MTable.getTable_ID(tableName);
+	}
+	
 	/**
 	 * 	String Representation
 	 * 	@return info
@@ -673,6 +691,7 @@ public class ServerBean implements SessionBean
 	 * 	@throws EJBException
 	 * 	@throws CreateException
 	 *  @ejb.create-method view-type="both"
+	 *  @ejb.permission unchecked="true"
 	 */
 	public void ejbCreate() throws EJBException, CreateException
 	{
@@ -680,7 +699,7 @@ public class ServerBean implements SessionBean
 		try
 		{
 			if (!Adempiere.startup(false))
-				throw new CreateException("Compiere could not start");
+				throw new CreateException("Adempiere could not start");
 		}
 		catch (Exception ex)
 		{
diff --git a/serverRoot/src/main/ejb/org/compiere/session/StatusBean.java b/serverRoot/src/main/ejb/org/compiere/session/StatusBean.java
index 19deb8c107..238aa989c4 100644
--- a/serverRoot/src/main/ejb/org/compiere/session/StatusBean.java
+++ b/serverRoot/src/main/ejb/org/compiere/session/StatusBean.java
@@ -41,6 +41,7 @@ import org.compiere.util.*;
  *  @ejb.ejb-ref ejb-name="adempiere/Status"
  *  	view-type="local"
  *		ref-name="adempiere/StatusLocal"
+ *  @ejb.permission unchecked="true"
  *
  * 	@author 	Jorg Janke
  * 	@version 	$Id: StatusBean.java,v 1.3 2006/07/30 00:53:33 jjanke Exp $
diff --git a/serverRoot/xdoclet-build.xml b/serverRoot/xdoclet-build.xml
index 3c61bae1ad..43820e443b 100644
--- a/serverRoot/xdoclet-build.xml
+++ b/serverRoot/xdoclet-build.xml
@@ -14,20 +14,16 @@
 <pathelement location="C:/Adempiere/adempiere-all2/tools/lib/activation.jar"/>
 <pathelement location="C:/Adempiere/adempiere-all2/tools/lib/standard.jar"/>
 <pathelement location="C:/Adempiere/adempiere-all2/tools/lib/ocrs12.jar"/>
-<pathelement location="C:/Adempiere/adempiere-all2/dbPort/lib"/>
 <pathelement location="C:/Adempiere/adempiere-all2/jboss/client/jbossall-client.jar"/>
 <pathelement location="C:/Adempiere/adempiere-all2/jboss/server/adempiere/lib/javax.servlet.jar"/>
 <pathelement location="C:/Adempiere/adempiere-all2/jboss/lib/jboss-jmx.jar"/>
 <pathelement location="C:/Adempiere/adempiere-all2/jboss/lib/jboss-system.jar"/>
 <pathelement location="C:/Adempiere/adempiere-all2/lib/oracle.jar"/>
 <pathelement location="C:/eclipse/plugins/org.junit_3.8.1/junit.jar"/>
-<pathelement location="C:/Adempiere/adempiere-all2/interfaces/Interfaces.jar"/>
 <pathelement location="C:/Adempiere/adempiere-all2/lib/postgresql.jar"/>
 <pathelement location="C:/Adempiere/adempiere-all2/server/lib"/>
 <pathelement location="C:/Adempiere/adempiere-all2/base/lib"/>
-<pathelement location="C:/Adempiere/adempiere-all2/print/lib"/>
 <pathelement location="C:/Adempiere/adempiere-all2/lib/jPDFPrinterDemo.jar"/>
-<pathelement location="C:/Adempiere/adempiere-all2/interfaces/classes"/>
 
 <fileset dir="C:/eclipse/plugins/org.jboss.ide.eclipse.xdoclet.core_1.2.130/">
 <include name="*.jar"/>