| Methods Summary |
|---|
| private void | addEJBRoleReferenceToCache(EjbDescriptor eDescriptor)This method converts ejb role references to jacc permission objects
and adds them to the corresponding permission cache.
String eName = eDescriptor.getName();
Iterator iroleref = eDescriptor.getRoleReferences().iterator();
while(iroleref.hasNext()){
SecurityRoleReference roleRef =
(SecurityRoleReference) iroleref.next();
String rolename = roleRef.getRolename();
EJBRoleRefPermission ejbrr =
new EJBRoleRefPermission(eName, rolename);
String rolelink = roleRef.getSecurityRoleLink().getName();
cacheRoleToPerm.put(eName+"_"+rolename, ejbrr);
if(_logger.isLoggable(Level.FINE)){
_logger.fine("JACC: Converting role-ref -> "+roleRef.toString()+
" to permission with name("+ejbrr.getName()+
") and actions ("+ejbrr.getActions()+
")" + "mapped to role ("+rolelink+")");
}
}
|
| private static java.security.Permissions | addToExcludedPermissions(java.security.Permissions permissions, MethodPermission mp, javax.security.jacc.EJBMethodPermission ejbmp)
if(mp.isExcluded()){
if (permissions == null) {
permissions = new Permissions();
}
permissions.add(ejbmp);
if(_logger.isLoggable(Level.FINE)){
_logger.fine("JACC DD conversion: EJBMethodPermission ->("
+ejbmp.getName()+" "+ejbmp.getActions()+
") is (excluded)");
}
}
return permissions;
|
| private static java.util.HashMap | addToRolePermissionsTable(java.util.HashMap table, MethodPermission mp, javax.security.jacc.EJBMethodPermission ejbmp)
if (mp.isRoleBased()){
if (table == null) {
table = new HashMap();
}
String roleName = mp.getRole().getName();
Permissions rolePermissions =
(Permissions) table.get(roleName);
if (rolePermissions == null) {
rolePermissions = new Permissions();
table.put(roleName,rolePermissions);
}
rolePermissions.add(ejbmp);
if(_logger.isLoggable(Level.FINE)){
_logger.fine("JACC DD conversion: EJBMethodPermission ->("+
ejbmp.getName()+" "+ejbmp.getActions()+
")protected by role -> "+roleName);
}
}
return table;
|
| private static java.security.Permissions | addToUncheckedPermissions(java.security.Permissions permissions, MethodPermission mp, javax.security.jacc.EJBMethodPermission ejbmp)
if(mp.isUnchecked()){
if (permissions == null) {
permissions = new Permissions();
}
permissions.add(ejbmp);
if(_logger.isLoggable(Level.FINE)){
_logger.fine("JACC DD conversion: EJBMethodPermission ->("
+ejbmp.getName()+" "+ejbmp.getActions()+
") is (unchecked)");
}
}
return permissions;
|
| private boolean | areMethodPermissionsSet()Checks if any method permissions are set. If they are not set
it is possible that this is a J2ee 1.2 APP and we would need to
grant permissions for execution anyways
boolean empty =
deploymentDescriptor.getPermissionedMethodsByPermission().isEmpty();
return !empty;
|
| public boolean | authorize(com.sun.ejb.Invocation inv)This method is called by the EJB container to decide whether or not
a method specified in the Invocation should be allowed.
if (inv.auth != null) {
return inv.auth.booleanValue();
}
boolean ret=false;
CachedPermission cp = null;
Permission ejbmp = null;
if (inv.invocationInfo == null || inv.invocationInfo.cachedPermission == null) {
ejbmp = new EJBMethodPermission(ejbName,inv.getMethodInterface(),inv.method);
cp = new CachedPermissionImpl(uncheckedMethodPermissionCache,ejbmp);
if (inv.invocationInfo != null) {
inv.invocationInfo.cachedPermission = cp;
if (_logger.isLoggable(Level.FINE)){
_logger.fine("JACC: permission initialized in InvocationInfo: EJBMethodPermission (Name) = "+ ejbmp.getName() + " (Action) = "+ ejbmp.getActions());
}
}
} else {
cp = inv.invocationInfo.cachedPermission;
ejbmp = cp.getPermission();
}
String caller = null;
SecurityContext sc = null;
pcHandlerImpl.getHandlerData().setInvocation(inv);
ret = cp.checkPermission();
if (!ret) {
sc = SecurityContext.getCurrent();
Set principalSet = sc.getPrincipalSet();
ProtectionDomain prdm = getCachedProtectionDomain(principalSet,true);
try {
// set the policy context in the TLS.
String oldContextId = setPolicyContext(this.contextId);
try {
ret = policy.implies(prdm, ejbmp);
} catch (SecurityException se){
_logger.log(Level.SEVERE,"JACC: Unexpected security exception on access decision",se);
ret = false;
} catch (Throwable t) {
_logger.log(Level.SEVERE,"JACC: Unexpected exception on access decision",t);
ret = false;
} finally {
resetPolicyContext(oldContextId,this.contextId);
}
} catch (Throwable t) {
_logger.log(Level.SEVERE,"JACC: Unexpected exception manipulating policy context",t);
ret = false;
}
}
inv.auth = (ret) ? Boolean.TRUE : Boolean.FALSE;
if (auditManager.isAuditOn()){
if (sc == null) {
sc = SecurityContext.getCurrent();
}
caller = sc.getCallerPrincipal().getName();
auditManager.ejbInvocation(caller, ejbName, inv.method.toString(), ret);
}
if (ret && inv.isWebService && !inv.preInvokeDone) {
preInvoke(inv);
}
if(_logger.isLoggable(Level.FINE)){
_logger.fine("JACC: Access Control Decision Result: " +ret + " EJBMethodPermission (Name) = "+ ejbmp.getName() + " (Action) = "+ ejbmp.getActions() + " (Caller) = " + caller);
}
return ret;
|
| private static void | convertEJBMethodPermissions(EjbDescriptor eDescriptor, java.lang.String pcid)This method converts the dd in two phases.
Phase 1:
gets a map representing the methodPermission elements exactly as they
occured for the ejb in the dd. The map is keyed by method-permission
element and each method-permission is mapped to a list of method
elements representing the method elements of the method permision
element. Each method element is converted to a corresponding
EJBMethodPermission and added, based on its associated method-permission,
to the policy configuration object.
phase 2:
configures additional EJBMethodPermission policy statements
for the purpose of optimizing Permissions.implies matching by the
policy provider. This phase also configures unchecked policy
statements for any uncovered methods. This method gets the list
of method descriptors for the ejb from the EjbDescriptor object.
For each method descriptor, it will get a list of MethodPermission
objects that signify the method permissions for the Method and
convert each to a corresponding EJBMethodPermission to be added
to the policy configuration object.
PolicyConfiguration pc =
getPolicyFactory().getPolicyConfiguration(pcid, false);
assert pc != null;
if (pc != null) {
String eName = eDescriptor.getName();
Permissions uncheckedPermissions = null;
Permissions excludedPermissions = null;
HashMap rolePermissionsTable = null;
EJBMethodPermission ejbmp = null;
// phase 1
Map mpMap = eDescriptor.getMethodPermissionsFromDD();
if (mpMap != null) {
Iterator mpIt = mpMap.keySet().iterator();
while(mpIt.hasNext()) {
MethodPermission mp = (MethodPermission)mpIt.next();
Iterator mdIt = ((ArrayList) mpMap.get(mp)).iterator();
while(mdIt.hasNext()) {
MethodDescriptor md = (MethodDescriptor) mdIt.next();
String mthdName = md.getName();
String mthdIntf = md.getEjbClassSymbol();
String mthdParams[] = md.getStyle() == 3 ?
md.getParameterClassNames() : null;
ejbmp = new EJBMethodPermission(eName,mthdName.equals("*") ?
null : mthdName,
mthdIntf,mthdParams);
rolePermissionsTable =
addToRolePermissionsTable(rolePermissionsTable,mp,ejbmp);
uncheckedPermissions =
addToUncheckedPermissions(uncheckedPermissions,mp,ejbmp);
excludedPermissions =
addToExcludedPermissions(excludedPermissions,mp,ejbmp);
}
}
}
// phase 2 - configures additional perms:
// . to optimize performance of Permissions.implies
// . to cause any uncovered methods to be unchecked
Iterator mdIt = eDescriptor.getMethodDescriptors().iterator();
while(mdIt.hasNext()) {
MethodDescriptor md = (MethodDescriptor)mdIt.next();
Method mthd = md.getMethod(eDescriptor);
String mthdIntf = md.getEjbClassSymbol();
if(mthd == null){
continue;
}
if(mthdIntf == null || mthdIntf.equals("")) {
_logger.severe("MethodDescriptor interface not defined - "+
" ejbName: "+eName+
" methodName: " +md.getName()+
" methodParams: " +md.getParameterClassNames());
continue;
}
ejbmp = new EJBMethodPermission(eName,mthdIntf,mthd);
Iterator mpIt = eDescriptor.getMethodPermissionsFor(md).iterator();
while(mpIt.hasNext()) {
MethodPermission mp = (MethodPermission) mpIt.next();
rolePermissionsTable =
addToRolePermissionsTable(rolePermissionsTable,mp,ejbmp);
uncheckedPermissions =
addToUncheckedPermissions(uncheckedPermissions,mp,ejbmp);
excludedPermissions =
addToExcludedPermissions(excludedPermissions,mp,ejbmp);
}
}
if (uncheckedPermissions != null) {
pc.addToUncheckedPolicy(uncheckedPermissions);
}
if (excludedPermissions != null) {
pc.addToExcludedPolicy(excludedPermissions);
}
if (rolePermissionsTable != null) {
Iterator roleIt = rolePermissionsTable.keySet().iterator();
while (roleIt.hasNext()) {
String roleName = (String) roleIt.next();
pc.addToRole(roleName,
(Permissions)rolePermissionsTable.get(roleName));
}
}
}
|
| private static void | convertEJBRoleReferences(EjbDescriptor eDescriptor, java.lang.String pcid)This method converts ejb role references to jacc permission objects
and adds them to the policy configuration object
It gets the list of role references from the ejb descriptor. For each
such role reference, create a EJBRoleRefPermission and add it to the
PolicyConfiguration object.
PolicyConfiguration pc =
getPolicyFactory().getPolicyConfiguration(pcid, false);
assert pc != null;
if (pc != null) {
String eName = eDescriptor.getName();
Iterator iroleref = eDescriptor.getRoleReferences().iterator();
while(iroleref.hasNext()){
SecurityRoleReference roleRef =
(SecurityRoleReference) iroleref.next();
String rolename = roleRef.getRolename();
EJBRoleRefPermission ejbrr =
new EJBRoleRefPermission(eName, rolename);
String rolelink = roleRef.getSecurityRoleLink().getName();
pc.addToRole(rolelink, ejbrr);
if(_logger.isLoggable(Level.FINE)){
_logger.fine("JACC: Converting role-ref -> "+roleRef.toString()+
" to permission with name("+ejbrr.getName()+
") and actions ("+ejbrr.getActions()+
")" + "mapped to role ("+rolelink+")");
}
}
}
|
| public void | destroy()
try {
PolicyConfigurationFactory pcf = getPolicyFactory();
boolean wasInService = pcf.inService(this.contextId);
PolicyConfiguration
pc = pcf.getPolicyConfiguration(this.contextId, false);
// pc.delete() will be invoked during undeployment
if (wasInService) {
policy.refresh();
PermissionCacheFactory.removePermissionCache(uncheckedMethodPermissionCache);
uncheckedMethodPermissionCache = null;
}
roleMapperFactory.removeAppNameForContext(this.contextId);
} catch (PolicyContextException pce){
String msg = localStrings.getLocalString("ejbsm.could_not_delete",
"Could not delete policy file during undeployment");
// Just log it.
_logger.log(Level.WARNING, msg, pce);
}
FactoryForSecurityManagerFactory ffsmf
= FactoryForSecurityManagerFactoryImpl.getInstance();
SecurityManagerFactory smf = ffsmf.getSecurityManagerFactory("ejb");
smf.removeSecurityManager(contextId);
|
| public java.lang.Object | doAsPrivileged(java.security.PrivilegedExceptionAction pea)
SecurityContext sc = SecurityContext.getCurrent();
Set principalSet = sc.getPrincipalSet();
AccessControlContext acc =
(AccessControlContext)accessControlContextCache.get(principalSet);
if(acc == null){
final ProtectionDomain[] pdArray = new ProtectionDomain[1];
pdArray[0] = getCachedProtectionDomain(principalSet,false);
try{
if (principalSet != null) {
final Subject s = sc.getSubject();
acc = (AccessControlContext)
AccessController.doPrivileged(new PrivilegedExceptionAction(){
public java.lang.Object run() throws Exception{
return new AccessControlContext
(new AccessControlContext(pdArray),
new SubjectDomainCombiner(s));
}
});
} else {
acc = new AccessControlContext(pdArray);
}
// form a new key set so that it does not share with
// cacheProtectionDomain and protectionDomainCache
accessControlContextCache.put(new HashSet(principalSet),acc);
_logger.fine("JACC: new AccessControlContext added to cache");
} catch(Exception e){
_logger.log(Level.SEVERE,
"java_security.security_context_exception",e);
acc = null;
throw e;
}
}
Object rvalue = null;
String oldContextId = setPolicyContext(this.contextId);
if(_logger.isLoggable(Level.FINE)){
_logger.fine("JACC: doAsPrivileged contextId("+this.contextId+")");
}
try {
rvalue = AccessController.doPrivileged(pea,acc);
} finally {
resetPolicyContext(oldContextId,this.contextId);
}
return rvalue;
|
| private static java.security.CodeSource | getApplicationCodeSource(java.lang.String pcid)
CodeSource result = null;
String archiveURI = "file:///" + pcid.replace(' ", '_");
try{
java.net.URI uri = null;
try{
uri = new java.net.URI(archiveURI);
if(uri != null){
result = new CodeSource(uri.toURL(),
(java.security.cert.Certificate[]) null);
}
} catch(java.net.URISyntaxException use){
// manually create the URL
_logger.log(Level.SEVERE,"JACC: Error Creating URI ", use);
throw new RuntimeException(use);
}
} catch(java.net.MalformedURLException mue){
// should never come here.
_logger.log(Level.SEVERE,"JACC: ejbsm.codesourceerror", mue);
throw new RuntimeException(mue);
}
return result;
|
| private java.security.ProtectionDomain | getCachedProtectionDomain(java.util.Set principalSet, boolean applicationCodeSource)
ProtectionDomain prdm = null;
Principal[] principals = null;
/* Need to use the application codeSource for permission evaluations
* as the manager codesource is granted all permissions in server.policy.
* The manager codesource needs to be used for doPrivileged to allow system
* apps to have all permissions, but we either need to revert to
* real doAsPrivileged, or find a way to distinguish system apps.
*/
CodeSource cs = null;
if (applicationCodeSource) {
prdm = (ProtectionDomain)cacheProtectionDomain.get(principalSet);
cs = codesource;
} else {
prdm = (ProtectionDomain)protectionDomainCache.get(principalSet);
cs = managerCodeSource;
}
if(prdm == null) {
principals = (principalSet == null ? null :
(Principal [])principalSet.toArray(new Principal[principalSet.size()]));
prdm = new ProtectionDomain (cs, null, null, principals);
// form a new key set so that it does not share with others
Set newKeySet = ((principalSet != null)? new HashSet(principalSet) : new HashSet());
if (applicationCodeSource) {
cacheProtectionDomain.put(newKeySet,prdm);
} else {
// form a new key set so that it does not share with others
protectionDomainCache.put(newKeySet,prdm);
}
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("JACC: new ProtectionDomain added to cache");
}
}
if(_logger.isLoggable(Level.FINE)){
if (principalSet == null) {
_logger.fine("JACC: returning cached ProtectionDomain PrincipalSet: null");
} else {
StringBuffer pBuf = null;
principals = (Principal [])principalSet.toArray(new Principal[0]);
for (int i=0; i<principals.length; i++) {
if (i == 0) pBuf = new StringBuffer(principals[i].toString());
else pBuf.append(" " + principals[i].toString());
}
_logger.fine("JACC: returning cached ProtectionDomain - CodeSource: ("
+ cs + ") PrincipalSet: "+pBuf);
}
}
return prdm;
|
| public java.security.Principal | getCallerPrincipal()This method returns the Client Principal who initiated the current
Invocation.
SecurityContext sc = null;
if (runAs != null){ // Run As
/* return the principal associated with the old security
* context
*/
InvocationManager im = theSwitch.getInvocationManager();
ComponentInvocation ci = im.getCurrentInvocation();
if (ci == null) {
throw new InvocationException(); // 4646060
}
sc = ci.getOldSecurityContext();
} else{
// lets optimize a little. no need to look up oldsecctx
// its the same as the new one
sc = SecurityContext.getCurrent();
}
Principal prin;
if (sc != null) {
prin = sc.getCallerPrincipal();
} else {
prin = SecurityContext.getDefaultCallerPrincipal();
}
return prin;
|
| public static java.lang.String | getContextID(EjbDescriptor ejbDesc)
return getContextID(ejbDesc.getEjbBundleDescriptor());
|
| public static java.lang.String | getContextID(EjbBundleDescriptor ejbBundleDesc)
String cid = null;
if (ejbBundleDesc != null ) {
cid = ejbBundleDesc.getApplication().getRegistrationName() +
'/" + ejbBundleDesc.getUniqueFriendlyId();
}
return cid;
|
| public javax.security.auth.Subject | getCurrentSubject()This will return the subject associated with the current call. If the
run as subject is in effect. It will return that subject. This is done
to support the JACC specification which says if the runas principal is
in effect, that principal should be used for making a component call.
// just get the security context will return the empt subject
// of the default securityContext when appropriate.
return SecurityContext.getCurrent().getSubject();
|
| public static com.sun.enterprise.security.application.EJBSecurityManager | getInstance(Descriptor des)Return an instance of EJBSecurityManager. This class is no longer
instantiable directly.
return new EJBSecurityManager(des);
|
| private static javax.security.jacc.PolicyConfigurationFactory | getPolicyFactory()
synchronized (EJBSecurityManager.class) {
if (pcf == null) {
try {
pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
} catch(ClassNotFoundException cnfe){
_logger.severe("jaccfactory.notfound");
throw new PolicyContextException(cnfe);
} catch(PolicyContextException pce){
_logger.severe("jaccfactory.notfound");
throw pce;
}
}
}
return pcf;
|
| public boolean | getUsesCallerIdentity()
return (runAs == null);
|
| private void | initialize()
contextId = getContextID(deploymentDescriptor);
String appName = deploymentDescriptor.getApplication().getRegistrationName();
roleMapperFactory.setAppNameForContext(appName, contextId);
codesource = getApplicationCodeSource(contextId);
ejbName = deploymentDescriptor.getName();
realmName= deploymentDescriptor.getApplication().getRealm();
if (realmName == null) {
Set iorConfigs = deploymentDescriptor.getIORConfigurationDescriptors();
// iorConfigs is not null from implementation of EjbDescriptor
Iterator iter = iorConfigs.iterator();
if (iter != null) {
// there should be at most one element in the loop from
// definition of dtd
while (iter.hasNext()) {
EjbIORConfigurationDescriptor iorConfig =
(EjbIORConfigurationDescriptor)iter.next();
realmName = iorConfig.getRealmName();
}
}
}
if(_logger.isLoggable(Level.FINE)){
_logger.fine("JACC: Context id (id under which all EJB's in application will be created) = " + contextId);
_logger.fine("Codebase (module id for ejb "+ejbName+") = "+ codebase);
}
// translate the deployment descriptor to populate the role-ref permission cache
addEJBRoleReferenceToCache(deploymentDescriptor);
// create and initialize the unchecked permission cache.
uncheckedMethodPermissionCache =
PermissionCacheFactory.createPermissionCache(
this.contextId, this.codesource,
EJBMethodPermission.class,
this.ejbName);
|
| public boolean | isCallerInRole(java.lang.String role)This method returns a boolean value indicating whether or not the
caller is in the specified role.
/* In case of Run As - Should check isCallerInRole with
* respect to the old security context.
*/
boolean ret= false;
if(_logger.isLoggable(Level.FINE)){
_logger.entering("EJBSecurityManager", "isCallerInRole", role);
}
EJBRoleRefPermission ejbrr =
(EJBRoleRefPermission)cacheRoleToPerm.get(ejbName+"_"+role);
if(ejbrr == null){
ejbrr = new EJBRoleRefPermission(ejbName, role);
}
SecurityContext sc;
if (runAs != null) {
InvocationManager im = theSwitch.getInvocationManager();
ComponentInvocation ci = im.getCurrentInvocation();
sc = ci.getOldSecurityContext();
} else {
sc = SecurityContext.getCurrent();
}
Set principalSet = null;
if (sc != null) principalSet = sc.getPrincipalSet();
ProtectionDomain prdm = getCachedProtectionDomain(principalSet,true);
try {
ret = policy.implies(prdm, ejbrr);
} catch(SecurityException se){
_logger.log(Level.SEVERE,"JACC: Unexpected security exception isCallerInRole",se);
ret = false;
} catch (Throwable t) {
_logger.log(Level.SEVERE,"JACC: Unexpected exception isCallerInRole",t);
ret = false;
}
if(_logger.isLoggable(Level.FINE)){
_logger.fine("JACC: isCallerInRole Result: " +ret + " EJBRoleRefPermission (Name) = "+ ejbrr.getName() + " (Action) = "+ ejbrr.getActions() + " (Codesource) = " + prdm.getCodeSource());
}
return ret;
|
| public static void | loadPolicyConfiguration(EjbDescriptor eDescriptor)
String pcid = getContextID(eDescriptor);
String appName = eDescriptor.getApplication().getRegistrationName();
roleMapperFactory.setAppNameForContext(appName, pcid);
boolean inService = getPolicyFactory().inService(pcid);
// only load the policy configuration if it isn't already in service.
// Consequently, all things that deploy modules (as apposed to
// loading already deployed modules) must make sure pre-exiting
// pc is either in deleted or open state before this method
// is called. Note that policy statements are not
// removed to allow multiple EJB's to be represented by same pc.
if (!inService) {
// translate the deployment descriptor to configure the policy rules.
convertEJBMethodPermissions(eDescriptor,pcid);
convertEJBRoleReferences(eDescriptor,pcid);
if(_logger.isLoggable(Level.FINE)){
_logger.fine("JACC: policy translated for policy context:" +pcid);
}
}
|
| private void | loginForRunAs()Logs in a principal for run-as. This method is called if the
run-as principal is required. The user has already logged in -
now it needs to change to the new principal. In order that all
the correct permissions work - this method logs the new principal
with no password -generating valid credentials.
AppservAccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
LoginContextDriver.loginPrincipal (runAs.getPrincipal(), realmName);
return null;
}
});
|
| public void | postInvoke(com.sun.enterprise.ComponentInvocation inv)This method is used by Message Driven Bean Container to remove
the run-as identity information that was set up using the
preSetRunAsIdentity method
if (runAs != null && inv.preInvokeDone){
final ComponentInvocation finv = inv;
AppservAccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
SecurityContext.setCurrent (finv.getOldSecurityContext());
return null;
}
});
}
|
| public void | preInvoke(com.sun.enterprise.ComponentInvocation inv)This method is used by MDB Container - Invocation Manager to setup
the run-as identity information. It has to be coupled with
the postSetRunAsIdentity method.
This method is called for EJB/MDB Containers
boolean isWebService = false;
if (inv instanceof Invocation) {
isWebService = ((Invocation)inv).isWebService;
}
// if it is not a webservice or successful authorization
// and preInvoke is not call before
if ((!isWebService || (inv.auth != null && inv.auth.booleanValue()))
&& !inv.preInvokeDone) {
if (isMdb) {
SecurityContext.setUnauthenticatedContext();
}
if (runAs != null){
inv.setOldSecurityContext(SecurityContext.getCurrent());
loginForRunAs();
}
inv.preInvokeDone = true;
}
|
| private static void | resetPolicyContext(java.lang.String newV, java.lang.String oldV)
if (oldV != newV && newV != null && (oldV == null || !oldV.equals(newV))) {
if(_logger.isLoggable(Level.FINE)){
_logger.fine("JACC: Changing Policy Context ID: oldV = "
+ oldV + " newV = " + newV);
}
try {
AppservAccessController.doPrivileged(new PrivilegedExceptionAction(){
public java.lang.Object run() throws Exception{
PolicyContext.setContextID(newV);
return null;
}
});
} catch (java.security.PrivilegedActionException pae) {
Throwable cause = pae.getCause();
if( cause instanceof java.security.AccessControlException) {
_logger.log(Level.SEVERE,"setPolicy SecurityPermission required to call PolicyContext.setContextID",cause);
} else {
_logger.log(Level.SEVERE,"Unexpected Exception while setting PolicyContext",cause);
}
throw cause;
}
}
|
| public java.lang.Object | runMethod(java.lang.reflect.Method beanClassMethod, java.lang.Object obj, java.lang.Object[] oa)Runs a business method of an EJB withint the bean's policy context.
The original policy context is restored after method execution.
This method should only be used by com.sun.enterprise.security.SecurityUtil.
String oldCtxID = setPolicyContext(this.contextId);
Object ret = null;
try {
ret = beanClassMethod.invoke(obj, oa);
} finally {
resetPolicyContext(oldCtxID, this.contextId);
}
return ret;
|
| private static java.lang.String | setPolicyContext(java.lang.String newV)
String oldV = PolicyContext.getContextID();
resetPolicyContext(newV,oldV);
return oldV;
|
