FileDocCategorySizeDatePackage
RoleBasedAuthorizationInterceptor.javaAPI DocJBoss 4.2.14094Fri Jul 13 20:53:52 BST 2007org.jboss.ejb3.security

RoleBasedAuthorizationInterceptor

public final class RoleBasedAuthorizationInterceptor extends org.jboss.aspects.security.RoleBasedAuthorizationInterceptor
The RoleBasedAuthorizationInterceptor checks that the caller principal is authorized to call a method by verifing that it contains at least one of the required roled.
author
Bill Burke
version
$Revision: 62545 $

Fields Summary
private static final Logger
log
private org.jboss.ejb3.EJBContainer
container
Constructors Summary
public RoleBasedAuthorizationInterceptor(org.jboss.security.AuthenticationManager manager, org.jboss.security.RealmMapping realmMapping, org.jboss.ejb3.Container container)

   
         
   
      super(manager, realmMapping);
      this.container = (EJBContainer)container;
Methods Summary
protected java.util.SetgetRoleSet(org.jboss.aop.joinpoint.Invocation invocation)

      Method method = ((MethodInvocation)invocation).getActualMethod();

      Class[] classes = new Class[]{DenyAll.class, PermitAll.class, RolesAllowed.class};

      Object annotation = container.resolveAnnotation(method, classes);
      
      int classIndex = 0;
      while (annotation == null && classIndex < 3)
      {
         annotation = container.resolveAnnotation(classes[classIndex++]);
      }
         
      HashSet set = new HashSet();
      if (annotation != null)
      {
         if (annotation instanceof DenyAll)
         {
            set.add(NobodyPrincipal.NOBODY_PRINCIPAL);
         }
         else if (annotation instanceof PermitAll)
         {
            set.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
         }
         else if (annotation instanceof RolesAllowed)
         {
            RolesAllowed permissions = (RolesAllowed) annotation;
            for (int i = 0; i < permissions.value().length; i++)
            {
               set.add(new SimplePrincipal(permissions.value()[i]));
            }
         }
         else
            set.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
      }
      else
         set.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);

      return set;
public java.lang.Objectinvoke(org.jboss.aop.joinpoint.Invocation invocation)

      try
      {
         return super.invoke(invocation);
      }
      catch (SecurityException throwable)
      {
         log.debug("Authorization failure", throwable);
         throw new EJBAccessException("Authorization failure");
      } finally {
      }