FileDocCategorySizeDatePackage
JaccAuthorizationInterceptor.javaAPI DocJBoss 4.2.14138Fri Jul 13 20:53:52 BST 2007org.jboss.ejb3.security

JaccAuthorizationInterceptor

public class JaccAuthorizationInterceptor extends Object implements org.jboss.aop.advice.Interceptor
This interceptor is where the JACC authorization is performed.
author
Scott Stark.
version
$Revision$

Fields Summary
public static final String
JACC
public static final String
CTX
private String
ejbName
private CodeSource
ejbCS
private org.jboss.security.RealmMapping
realmMapping
Constructors Summary
public JaccAuthorizationInterceptor(String ejbName, CodeSource cs)


       
   
      this.ejbName = ejbName;
      this.ejbCS = cs;
Methods Summary
private voidcheckSecurityAssociation(org.jboss.aop.joinpoint.MethodInvocation mi)
Authorize the caller's access to the method invocation

      String contextID = (String) mi.getMetaData(JACC, CTX);
      SecurityActions.setContextID(contextID);
      
      
      //EJBArgsPolicyContextHandler.setArgs(mi.getArguments());

      //Set custom JACC policy handlers - Following used in EJB 2, but just seems to be ignored
      //BeanMetaDataPolicyContextHandler.setMetaData(null);

      Method m = mi.getMethod();

      InvokerLocator locator = (InvokerLocator) mi.getMetaData(InvokeRemoteInterceptor.REMOTING, InvokeRemoteInterceptor.INVOKER_LOCATOR);

      String iface = (locator != null) ? "Remote" : "Local";

      EJBMethodPermission methodPerm = new EJBMethodPermission(ejbName, iface, m);
      if(realmMapping != null)
      { 
         JaccHelper.checkPermission(ejbCS, methodPerm,realmMapping);  
      }
      /*// Get the caller
      Subject caller = SecurityActions.getContextSubject(); 

      Principal[] principals = null;
      if( caller != null )
      {
         // Get the caller principals
         Set principalsSet = caller.getPrincipals();
         principals = new Principal[principalsSet.size()];
         principalsSet.toArray(principals);      
      }

      ProtectionDomain pd = new ProtectionDomain (ejbCS, null, null, principals);
      if( policy.implies(pd, methodPerm) == false )
      {
         String msg = "Denied: "+methodPerm+", caller=" + caller;
         SecurityException e = new SecurityException(msg);
         throw e;
      }*/
public java.lang.StringgetName()

      return "JaccAuthorizationInterceptor";
public java.lang.Objectinvoke(org.jboss.aop.joinpoint.Invocation inv)

      try
      {
         checkSecurityAssociation((MethodInvocation) inv);
         return inv.invokeNext();
      }
      catch (ClassCastException e)
      {
         throw new RuntimeException("Jacc authorization is only available for method invocations", e);
      }
public voidsetRealmMapping(org.jboss.security.RealmMapping ssm)

      this.realmMapping = ssm;