AS7-5368: usage of allowedmethodsinfo to control ejb lookups and inje…

…ction of user transaction

cmp/src/main/java/org/jboss/as/cmp/component/CmpAllowedMethodsInformation.java

@@ -36,6 +36,10 @@ public class CmpAllowedMethodsInformation extends AllowedMethodsInformation {
 
     public static final CmpAllowedMethodsInformation INSTANCE = new CmpAllowedMethodsInformation();
 
+    protected CmpAllowedMethodsInformation() {
+        super(false);
+    }
+
     @Override
     protected void setup(Set<DeniedMethodKey> denied) {
         super.setup(denied);

ejb3/src/main/java/org/jboss/as/ejb3/EjbMessages.java

@@ -2451,4 +2451,7 @@ public interface EjbMessages {
     @Message(id = 14236, value = "default-missing-method-permissions-deny-access was set to true")
     String rejectTransformationDefinedDefaultMissingMethodPermissionsDenyAccess();
 
+    @Message(id = 14237, value = "Only session and message-driven beans with bean-managed transaction demarcation are allowed to access UserTransaction")
+    IllegalStateException unauthorizedAccessToUserTransaction();
+
 }

ejb3/src/main/java/org/jboss/as/ejb3/component/EJBComponent.java

@@ -359,8 +359,6 @@ public int getTransactionTimeout(final MethodIntf methodIntf, final MethodIdenti
     }
 
     public UserTransaction getUserTransaction() throws IllegalStateException {
-        if (!isBeanManagedTransaction())
-            throw MESSAGES.failToCallIsBeanManagedTransaction();
         return utilities.getUserTransaction();
     }
 
@@ -495,7 +493,7 @@ public EJBRemoteTransactionsRepository getEjbRemoteTransactionsRepository() {
     }
 
     public AllowedMethodsInformation getAllowedMethodsInformation() {
-        return AllowedMethodsInformation.INSTANCE;
+        return isBeanManagedTransaction() ? AllowedMethodsInformation.INSTANCE_BMT : AllowedMethodsInformation.INSTANCE_CMT;
     }
 
     public InvocationMetrics getInvocationMetrics() {

ejb3/src/main/java/org/jboss/as/ejb3/component/allowedmethods/AllowedMethodsInformation.java

@@ -45,14 +45,15 @@
  */
 public class AllowedMethodsInformation {
 
-    public static final AllowedMethodsInformation INSTANCE = new AllowedMethodsInformation();
-
+    public static final AllowedMethodsInformation INSTANCE_BMT = new AllowedMethodsInformation(true);
+    public static final AllowedMethodsInformation INSTANCE_CMT = new AllowedMethodsInformation(false);
 
     private final Set<DeniedMethodKey> denied;
     private final Set<DeniedSyncMethodKey> deniedSyncMethods;
+    private final boolean beanManagedTransaction;
 
-
-    protected AllowedMethodsInformation() {
+    protected AllowedMethodsInformation(boolean beanManagedTransaction) {
+        this.beanManagedTransaction = beanManagedTransaction;
         final Set<DeniedMethodKey> denied = new HashSet<DeniedMethodKey>();
         add(denied, InvocationType.SET_ENTITY_CONTEXT, MethodType.TIMER_SERVICE_METHOD);
         add(denied, InvocationType.SET_ENTITY_CONTEXT, MethodType.TIMER_SERVICE_METHOD);
@@ -133,6 +134,9 @@ protected void realCheckPermission(MethodType methodType, InvocationType invocat
                 throwException(methodType, invocationType);
             }
         }
+        if (!beanManagedTransaction && methodType == MethodType.GET_USER_TRANSACTION) {
+            throw EjbMessages.MESSAGES.unauthorizedAccessToUserTransaction();
+        }
     }
 
     /**

ejb3/src/main/java/org/jboss/as/ejb3/component/entity/EntityBeanAllowedMethodsInformation.java

@@ -36,6 +36,10 @@ public class EntityBeanAllowedMethodsInformation extends AllowedMethodsInformati
 
     public static final EntityBeanAllowedMethodsInformation INSTANCE = new EntityBeanAllowedMethodsInformation();
 
+    protected EntityBeanAllowedMethodsInformation() {
+        super(false);
+    }
+
     @Override
     protected void setup(Set<DeniedMethodKey> denied) {
         super.setup(denied);

ejb3/src/main/java/org/jboss/as/ejb3/component/messagedriven/MessageDrivenAllowedMethodsInformation.java

@@ -34,7 +34,12 @@
  */
 public class MessageDrivenAllowedMethodsInformation extends AllowedMethodsInformation {
 
-    public static final MessageDrivenAllowedMethodsInformation INSTANCE = new MessageDrivenAllowedMethodsInformation();
+    public static final MessageDrivenAllowedMethodsInformation INSTANCE_BMT = new MessageDrivenAllowedMethodsInformation(true);
+    public static final MessageDrivenAllowedMethodsInformation INSTANCE_CMT = new MessageDrivenAllowedMethodsInformation(false);
+
+    protected MessageDrivenAllowedMethodsInformation(boolean beanManagedTransaction) {
+        super(beanManagedTransaction);
+    }
 
     @Override
     protected void setup(Set<DeniedMethodKey> denied) {

ejb3/src/main/java/org/jboss/as/ejb3/component/messagedriven/MessageDrivenComponent.java

@@ -211,6 +211,6 @@ public void stop() {
 
     @Override
     public AllowedMethodsInformation getAllowedMethodsInformation() {
-        return MessageDrivenAllowedMethodsInformation.INSTANCE;
+        return isBeanManagedTransaction() ? MessageDrivenAllowedMethodsInformation.INSTANCE_BMT : MessageDrivenAllowedMethodsInformation.INSTANCE_CMT;
     }
 }

ejb3/src/main/java/org/jboss/as/ejb3/component/session/SessionBeanAllowedMethodsInformation.java

@@ -34,6 +34,10 @@
  */
 public class SessionBeanAllowedMethodsInformation  extends AllowedMethodsInformation {
 
+    protected SessionBeanAllowedMethodsInformation(boolean beanManagedTransaction) {
+        super(beanManagedTransaction);
+    }
+
     @Override
     protected void setup(Set<DeniedMethodKey> denied) {
         super.setup(denied);

ejb3/src/main/java/org/jboss/as/ejb3/component/singleton/SingletonAllowedMethodsInformation.java

@@ -34,7 +34,12 @@
  */
 public class SingletonAllowedMethodsInformation extends SessionBeanAllowedMethodsInformation {
 
-    public static final SingletonAllowedMethodsInformation INSTANCE = new SingletonAllowedMethodsInformation();
+    public static final SingletonAllowedMethodsInformation INSTANCE_BMT = new SingletonAllowedMethodsInformation(true);
+    public static final SingletonAllowedMethodsInformation INSTANCE_CMT = new SingletonAllowedMethodsInformation(false);
+
+    protected SingletonAllowedMethodsInformation(boolean beanManagedTransaction) {
+        super(beanManagedTransaction);
+    }
 
     @Override
     protected void setup(Set<DeniedMethodKey> denied) {

ejb3/src/main/java/org/jboss/as/ejb3/component/singleton/SingletonComponent.java

@@ -196,10 +196,9 @@ private void destroySingletonInstance() {
 
     @Override
     public AllowedMethodsInformation getAllowedMethodsInformation() {
-        return SingletonAllowedMethodsInformation.INSTANCE;
+        return isBeanManagedTransaction() ? SingletonAllowedMethodsInformation.INSTANCE_BMT : SingletonAllowedMethodsInformation.INSTANCE_CMT;
     }
 
-
     private static ServiceContainer currentServiceContainer() {
         return AccessController.doPrivileged(new PrivilegedAction<ServiceContainer>() {
             @Override

ejb3/src/main/java/org/jboss/as/ejb3/component/stateful/StatefulAllowedMethodsInformation.java

@@ -34,7 +34,12 @@
  */
 public class StatefulAllowedMethodsInformation extends SessionBeanAllowedMethodsInformation {
 
-    public static final StatefulAllowedMethodsInformation INSTANCE = new StatefulAllowedMethodsInformation();
+    public static final StatefulAllowedMethodsInformation INSTANCE_BMT = new StatefulAllowedMethodsInformation(true);
+    public static final StatefulAllowedMethodsInformation INSTANCE_CMT = new StatefulAllowedMethodsInformation(false);
+
+    protected StatefulAllowedMethodsInformation(boolean beanManagedTransaction) {
+        super(beanManagedTransaction);
+    }
 
     @Override
     protected void setup(Set<DeniedMethodKey> denied) {

ejb3/src/main/java/org/jboss/as/ejb3/component/stateful/StatefulSessionComponent.java

@@ -332,7 +332,7 @@ public void stop() {
 
     @Override
     public AllowedMethodsInformation getAllowedMethodsInformation() {
-        return StatefulAllowedMethodsInformation.INSTANCE;
+        return isBeanManagedTransaction() ? StatefulAllowedMethodsInformation.INSTANCE_BMT : StatefulAllowedMethodsInformation.INSTANCE_CMT;
     }
 
     public Set<Object> getSerialiableInterceptorContextKeys() {

ejb3/src/main/java/org/jboss/as/ejb3/component/stateless/StatelessAllowedMethodsInformation.java

@@ -34,7 +34,12 @@
  */
 public class StatelessAllowedMethodsInformation extends SessionBeanAllowedMethodsInformation {
 
-    public static final StatelessAllowedMethodsInformation INSTANCE = new StatelessAllowedMethodsInformation();
+    public static final StatelessAllowedMethodsInformation INSTANCE_BMT = new StatelessAllowedMethodsInformation(true);
+    public static final StatelessAllowedMethodsInformation INSTANCE_CMT = new StatelessAllowedMethodsInformation(false);
+
+    protected StatelessAllowedMethodsInformation(boolean beanManagedTransaction) {
+        super(beanManagedTransaction);
+    }
 
     @Override
     protected void setup(Set<DeniedMethodKey> denied) {

ejb3/src/main/java/org/jboss/as/ejb3/component/stateless/StatelessSessionComponent.java

@@ -141,6 +141,6 @@ public void stop() {
 
     @Override
     public AllowedMethodsInformation getAllowedMethodsInformation() {
-        return StatelessAllowedMethodsInformation.INSTANCE;
+        return isBeanManagedTransaction() ? StatelessAllowedMethodsInformation.INSTANCE_BMT : StatelessAllowedMethodsInformation.INSTANCE_CMT;
     }
 }

ejb3/src/main/java/org/jboss/as/ejb3/subsystem/EJB3SubsystemAdd.java

@@ -126,6 +126,7 @@
 import org.jboss.as.server.deployment.Phase;
 import org.jboss.as.server.deployment.jbossallxml.JBossAllXmlParserRegisteringProcessor;
 import org.jboss.as.txn.service.TxnServices;
+import org.jboss.as.txn.service.UserTransactionAccessControlService;
 import org.jboss.com.sun.corba.se.impl.javax.rmi.RemoteObjectSubstitutionManager;
 import org.jboss.dmr.ModelNode;
 import org.jboss.ejb.client.EJBClientContext;
@@ -320,6 +321,12 @@ protected void execute(DeploymentProcessorTarget processorTarget) {
         // add clustering service
         this.addClusteringServices(context, newControllers, appclient);
 
+        // add user transaction access control service
+        final EJB3UserTransactionAccessControlService userTxAccessControlService = new EJB3UserTransactionAccessControlService();
+        newControllers.add(context.getServiceTarget().addService(EJB3UserTransactionAccessControlService.SERVICE_NAME, userTxAccessControlService)
+                .addDependency(UserTransactionAccessControlService.SERVICE_NAME, UserTransactionAccessControlService.class, userTxAccessControlService.getUserTransactionAccessControlServiceInjector())
+                .install());
+
         if (!appclient) {
             final EJBUtilities utilities = new EJBUtilities();
             newControllers.add(serviceTarget.addService(EJBUtilities.SERVICE_NAME, utilities)

ejb3/src/main/java/org/jboss/as/ejb3/subsystem/EJB3UserTransactionAccessControlService.java

@@ -0,0 +1,76 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2013, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.as.ejb3.subsystem;
+
+import org.jboss.as.ejb3.component.allowedmethods.AllowedMethodsInformation;
+import org.jboss.as.ejb3.component.allowedmethods.MethodType;
+import org.jboss.as.txn.service.UserTransactionAccessControl;
+import org.jboss.as.txn.service.UserTransactionAccessControlService;
+import org.jboss.msc.inject.Injector;
+import org.jboss.msc.service.Service;
+import org.jboss.msc.service.ServiceName;
+import org.jboss.msc.service.StartContext;
+import org.jboss.msc.service.StartException;
+import org.jboss.msc.service.StopContext;
+import org.jboss.msc.value.InjectedValue;
+
+/**
+ * Service which installs the {@link javax.transaction.UserTransaction} access control into the transaction subsystem.
+ *
+ * @author Eduardo Martins
+ */
+public class EJB3UserTransactionAccessControlService implements Service<EJB3UserTransactionAccessControlService> {
+
+    public static final ServiceName SERVICE_NAME = ServiceName.JBOSS.append("ejb3", "EJB3UserTransactionAccessControlService");
+
+    private final InjectedValue<UserTransactionAccessControlService> accessControlService = new InjectedValue<UserTransactionAccessControlService>();
+
+    @Override
+    public void start(StartContext context) throws StartException {
+        UserTransactionAccessControl accessControl = new UserTransactionAccessControl() {
+            @Override
+            public void authorizeAccess() {
+                AllowedMethodsInformation.checkAllowed(MethodType.GET_USER_TRANSACTION);
+            }
+        };
+        this.accessControlService.getValue().setAccessControl(accessControl);
+    }
+
+    @Override
+    public void stop(StopContext context) {
+        this.accessControlService.getValue().setAccessControl(null);
+    }
+
+    @Override
+    public EJB3UserTransactionAccessControlService getValue() throws IllegalStateException, IllegalArgumentException {
+        return this;
+    }
+
+    /**
+     *
+     * @return
+     */
+    public Injector<UserTransactionAccessControlService> getUserTransactionAccessControlServiceInjector() {
+        return this.accessControlService;
+    }
+}

testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/ee/injection/resource/resourceref/ejb-jar.xml

@@ -13,6 +13,7 @@
             <business-remote>org.jboss.as.test.integration.ee.injection.resource.resourceref.StatelessBeanRemote</business-remote>
             <ejb-class>org.jboss.as.test.integration.ee.injection.resource.resourceref.StatelessBean</ejb-class>
             <session-type>Stateless</session-type>
+            <transaction-type>Bean</transaction-type>
 
             <resource-env-ref>
                 <resource-env-ref-name>MyEJBContext</resource-env-ref-name>

testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/ejb/packaging/war/namingcontext/War1Ejb.java

@@ -24,6 +24,8 @@
 import javax.annotation.Resource;
 import javax.ejb.LocalBean;
 import javax.ejb.Stateless;
+import javax.ejb.TransactionManagement;
+import javax.ejb.TransactionManagementType;
 import javax.naming.InitialContext;
 import javax.naming.NamingException;
 import javax.transaction.UserTransaction;
@@ -33,6 +35,7 @@
  */
 @Stateless
 @LocalBean
+@TransactionManagement(value = TransactionManagementType.BEAN)
 public class War1Ejb implements EjbInterface {
 
     @Resource

testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/ejb/packaging/war/namingcontext/War2Ejb.java

@@ -24,6 +24,8 @@
 import javax.annotation.Resource;
 import javax.ejb.LocalBean;
 import javax.ejb.Stateless;
+import javax.ejb.TransactionManagement;
+import javax.ejb.TransactionManagementType;
 import javax.naming.InitialContext;
 import javax.naming.NamingException;
 import javax.transaction.UserTransaction;
@@ -33,6 +35,7 @@
  */
 @Stateless
 @LocalBean
+@TransactionManagement(value = TransactionManagementType.BEAN)
 public class War2Ejb implements EjbInterface {
 
     @Resource