javax.security.jacc.EJBMethodPermission Java Examples
The following examples show how to use
javax.security.jacc.EJBMethodPermission.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: StandardJaccServiceImpl.java From lams with GNU General Public License v2.0 | 6 votes |
|
@Override
public void addPermission(GrantedPermission permissionDeclaration) {
// todo : do we need to wrap these PolicyConfiguration calls in privileged actions like we do during permission checks?
if ( policyConfiguration == null ) {
policyConfiguration = locatePolicyConfiguration( contextId );
}
for ( String grantedAction : permissionDeclaration.getPermissibleAction().getImpliedActions() ) {
final EJBMethodPermission permission = new EJBMethodPermission(
permissionDeclaration.getEntityName(),
grantedAction,
null, // interfaces
null // arguments
);
log.debugf( "Adding permission [%s] to role [%s]", grantedAction, permissionDeclaration.getRole() );
try {
policyConfiguration.addToRole( permissionDeclaration.getRole(), permission );
}
catch (PolicyContextException pce) {
throw new HibernateException( "policy context exception occurred", pce );
}
}
}
Example #2
| Source File: StandardJaccServiceImpl.java From lams with GNU General Public License v2.0 | 6 votes |
|
private void doPermissionCheckInContext(PermissionCheckEntityInformation entityInformation, PermissibleAction action) {
final Policy policy = Policy.getPolicy();
final Principal[] principals = getCallerPrincipals();
final CodeSource codeSource = entityInformation.getEntity().getClass().getProtectionDomain().getCodeSource();
final ProtectionDomain pd = new ProtectionDomain( codeSource, null, null, principals );
// the action is known as 'method name' in JACC
final EJBMethodPermission jaccPermission = new EJBMethodPermission(
entityInformation.getEntityName(),
action.getImpliedActions()[0],
null,
null
);
if ( ! policy.implies( pd, jaccPermission) ) {
throw new SecurityException(
String.format(
"JACC denied permission to [%s.%s] for [%s]",
entityInformation.getEntityName(),
action.getImpliedActions()[0],
join( principals )
)
);
}
}
Example #3
| Source File: AbstractSecurityService.java From tomee with Apache License 2.0 | 6 votes |
|
@Override
public boolean isCallerAuthorized(final Method method, final InterfaceType type) {
final ThreadContext threadContext = ThreadContext.getThreadContext();
final BeanContext beanContext = threadContext.getBeanContext();
try {
final String ejbName = beanContext.getEjbName();
String name = type == null ? null : type.getSpecName();
if ("LocalBean".equals(name) || "LocalBeanHome".equals(name)) {
name = null;
}
final Identity currentIdentity = clientIdentity.get();
final SecurityContext securityContext;
if (currentIdentity == null) {
securityContext = threadContext.get(SecurityContext.class);
} else {
securityContext = new SecurityContext(currentIdentity.getSubject());
}
securityContext.acc.checkPermission(new EJBMethodPermission(ejbName, name, method));
} catch (final AccessControlException e) {
return false;
}
return true;
}
Example #4
| Source File: EJBJACCPolicyModuleDelegate.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Process the request
* @param callerSubject
* @param role
* @return
*/
private int process(Subject callerSubject, Role role)
{
EJBMethodPermission methodPerm =
new EJBMethodPermission(ejbName, methodInterface, ejbMethod);
boolean policyDecision = checkWithPolicy(methodPerm, callerSubject, role);
if( policyDecision == false && PicketBoxLogger.LOGGER.isDebugEnabled() )
{
PicketBoxLogger.LOGGER.debugJACCDeniedAccess(methodPerm.toString(), callerSubject,
role != null ? role.toString() : null);
}
return policyDecision ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
}
Example #5
| Source File: JACCPreDeleteEventListener.java From cacheonix-core with GNU Lesser General Public License v2.1 | 5 votes |
|
public boolean onPreDelete(PreDeleteEvent event) {
EJBMethodPermission deletePermission = new EJBMethodPermission(
event.getPersister().getEntityName(),
HibernatePermission.DELETE,
null,
null
);
JACCPermissions.checkPermission( event.getEntity().getClass(), contextID, deletePermission );
return false;
}
Example #6
| Source File: JACCPreLoadEventListener.java From cacheonix-core with GNU Lesser General Public License v2.1 | 5 votes |
|
public void onPreLoad(PreLoadEvent event) {
EJBMethodPermission loadPermission = new EJBMethodPermission(
event.getPersister().getEntityName(),
HibernatePermission.READ,
null,
null
);
JACCPermissions.checkPermission( event.getEntity().getClass(), contextID, loadPermission );
}
Example #7
| Source File: JACCConfiguration.java From cacheonix-core with GNU Lesser General Public License v2.1 | 5 votes |
|
public void addPermission(String role, String entityName, String action) {
if ( action.equals( "*" ) ) {
action = "insert,read,update,delete";
}
StringTokenizer tok = new StringTokenizer( action, "," );
while ( tok.hasMoreTokens() ) {
String methodName = tok.nextToken().trim();
EJBMethodPermission permission = new EJBMethodPermission(
entityName,
methodName,
null, // interfaces
null // arguments
);
if ( log.isDebugEnabled() ) {
log.debug( "adding permission to role " + role + ": " + permission );
}
try {
policyConfiguration.addToRole( role, permission );
}
catch (PolicyContextException pce) {
throw new HibernateException( "policy context exception occurred", pce );
}
}
}
Example #8
| Source File: JACCPreInsertEventListener.java From cacheonix-core with GNU Lesser General Public License v2.1 | 5 votes |
|
public boolean onPreInsert(PreInsertEvent event) {
EJBMethodPermission insertPermission = new EJBMethodPermission(
event.getPersister().getEntityName(),
HibernatePermission.INSERT,
null,
null
);
JACCPermissions.checkPermission( event.getEntity().getClass(), contextID, insertPermission );
return false;
}
Example #9
| Source File: JACCPreUpdateEventListener.java From cacheonix-core with GNU Lesser General Public License v2.1 | 5 votes |
|
public boolean onPreUpdate(PreUpdateEvent event) {
EJBMethodPermission updatePermission = new EJBMethodPermission(
event.getPersister().getEntityName(),
HibernatePermission.UPDATE,
null,
null
);
JACCPermissions.checkPermission( event.getEntity().getClass(), contextID, updatePermission );
return false;
}
Example #10
| Source File: JaccPermissionsBuilder.java From tomee with Apache License 2.0 | 3 votes |
|
/**
* Generate all the possible permissions for a bean's interface.
*
* Method permissions are defined in the deployment descriptor as a binary
* relation from the set of security roles to the set of methods of the
* home, component, and/or web service endpoint interfaces of session and
* entity beans, including all their superinterfaces (including the methods
* of the <code>EJBHome</code> and <code>EJBObject</code> interfaces and/or
* <code>EJBLocalHome</code> and <code>EJBLocalObject</code> interfaces).
*
* @param permissions the permission set to be extended
* @param ejbName the name of the EJB
* @param methodInterface the EJB method interface
* @param clazz clazz
* @throws OpenEJBException in case a class could not be found
*/
public void addPossibleEjbMethodPermissions(final PermissionCollection permissions,
final String ejbName,
final String methodInterface,
final Class clazz) throws OpenEJBException {
if (clazz == null) {
return;
}
for (final Method method : clazz.getMethods()) {
final String methodIface = "LocalBean".equals(methodInterface) || "LocalBeanHome".equals(methodInterface) ? null : methodInterface;
permissions.add(new EJBMethodPermission(ejbName, methodIface, method));
}
}
