FileDocCategorySizeDatePackage
JaccAuthorizationInterceptor.javaAPI DocJBoss 4.2.14138Fri Jul 13 20:53:52 BST 2007org.jboss.ejb3.security

JaccAuthorizationInterceptor

public class JaccAuthorizationInterceptor extends Object implements org.jboss.aop.advice.Interceptor
This interceptor is where the JACC authorization is performed.
author
Scott Stark.
version
$Revision$

(Omit source code)

Fields Summary
public static final String
JACC
public static final String
CTX
private String
ejbName
private CodeSource
ejbCS
private org.jboss.security.RealmMapping
realmMapping
Constructors Summary
public JaccAuthorizationInterceptor(String ejbName, CodeSource cs)


       
   
      this.ejbName = ejbName;
      this.ejbCS = cs;
Methods Summary
private voidcheckSecurityAssociation(org.jboss.aop.joinpoint.MethodInvocation mi)
Authorize the caller's access to the method invocation

      String contextID = (String) mi.getMetaData(JACC, CTX);
      SecurityActions.setContextID(contextID);
      
      
      //EJBArgsPolicyContextHandler.setArgs(mi.getArguments());

      //Set custom JACC policy handlers - Following used in EJB 2, but just seems to be ignored
      //BeanMetaDataPolicyContextHandler.setMetaData(null);

      Method m = mi.getMethod();

      InvokerLocator locator = (InvokerLocator) mi.getMetaData(InvokeRemoteInterceptor.REMOTING, InvokeRemoteInterceptor.INVOKER_LOCATOR);

      String iface = (locator != null) ? "Remote" : "Local";

      EJBMethodPermission methodPerm = new EJBMethodPermission(ejbName, iface, m);
      if(realmMapping != null)
      { 
         JaccHelper.checkPermission(ejbCS, methodPerm,realmMapping);  
      }
      /*// Get the caller
      Subject caller = SecurityActions.getContextSubject(); 

      Principal[] principals = null;
      if( caller != null )
      {
         // Get the caller principals
         Set principalsSet = caller.getPrincipals();
         principals = new Principal[principalsSet.size()];
         principalsSet.toArray(principals);      
      }

      ProtectionDomain pd = new ProtectionDomain (ejbCS, null, null, principals);
      if( policy.implies(pd, methodPerm) == false )
      {
         String msg = "Denied: "+methodPerm+", caller=" + caller;
         SecurityException e = new SecurityException(msg);
         throw e;
      }*/
public java.lang.StringgetName()

      return "JaccAuthorizationInterceptor";
public java.lang.Objectinvoke(org.jboss.aop.joinpoint.Invocation inv)

      try
      {
         checkSecurityAssociation((MethodInvocation) inv);
         return inv.invokeNext();
      }
      catch (ClassCastException e)
      {
         throw new RuntimeException("Jacc authorization is only available for method invocations", e);
      }
public voidsetRealmMapping(org.jboss.security.RealmMapping ssm)

      this.realmMapping = ssm;