public class PermissionsParserProcessor extends Object implements org.jboss.as.server.deployment.DeploymentUnitProcessor
DeploymentUnitProcessor
that parses security permission files that might be
included in application components.
The EE7 specification (section EE6.2.2.6) allows application components to specify required security permissions:
"Permission declarations must be stored in META-INF/permissions.xml file within an EJB, web, application client, or
resource adapter archive in order for them to be located and processed.
The permissions for a packaged library are the same as the permissions for the module. Thus, if a library is packaged
in a .war file, it gets the permissions of the .war file.
For applications packaged in an .ear file, the declaration of permissions must be at .ear file level. This permission
set is applied to all modules and libraries packaged within the .ear file or within its contained modules. Any
permissions.xml files within such packaged modules are ignored, regardless of whether a permissions.xml file has been
supplied for the .ear file itself."
As can be noted, the EE spec doesn't allow sub-deployments to override permissions set at the .ear level. We find it
a bit too restrictive, so we introduced the META-INF/jboss-permissions.xml descriptor. It uses the same schema as the
standard permissions.xml file but, unlike the latter, is always processed and the permissions contained in it override
any permissions set by a parent deployment. If a deployment contains both permissions files, jboss-permissions.xml
takes precedence over the standard permissions.xml.Constructor and Description |
---|
PermissionsParserProcessor(List<org.jboss.modules.security.PermissionFactory> minPermissions)
Creates an instance of
PermissionsParserProcessor with the specified minimum and maximum set of permissions. |
Modifier and Type | Method and Description |
---|---|
void |
deploy(org.jboss.as.server.deployment.DeploymentPhaseContext phaseContext) |
void |
undeploy(org.jboss.as.server.deployment.DeploymentUnit context) |
public PermissionsParserProcessor(List<org.jboss.modules.security.PermissionFactory> minPermissions)
PermissionsParserProcessor
with the specified minimum and maximum set of permissions.minPermissions
- a List
containing the permissions that are to be granted to all deployments.public void deploy(org.jboss.as.server.deployment.DeploymentPhaseContext phaseContext) throws org.jboss.as.server.deployment.DeploymentUnitProcessingException
deploy
in interface org.jboss.as.server.deployment.DeploymentUnitProcessor
org.jboss.as.server.deployment.DeploymentUnitProcessingException
public void undeploy(org.jboss.as.server.deployment.DeploymentUnit context)
undeploy
in interface org.jboss.as.server.deployment.DeploymentUnitProcessor
Copyright © 2017 JBoss by Red Hat. All rights reserved.