1 /* 2 * The contents of this file are subject to the terms 3 * of the Common Development and Distribution License 4 * (the License). You may not use this file except in 5 * compliance with the License. 6 * 7 * You can obtain a copy of the license at 8 * https://glassfish.dev.java.net/public/CDDLv1.0.html or 9 * glassfish/bootstrap/legal/CDDLv1.0.txt. 10 * See the License for the specific language governing 11 * permissions and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL 14 * Header Notice in each file and include the License file 15 * at glassfish/bootstrap/legal/CDDLv1.0.txt. 16 * If applicable, add the following below the CDDL Header, 17 * with the fields enclosed by brackets [] replaced by 18 * you own identifying information: 19 * "Portions Copyrighted [year] [name of copyright owner]" 20 * 21 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 22 */ 23 package com.sun.enterprise; 24 25 import java.security.Principal; 26 import java.security.PrivilegedExceptionAction; 27 import java.lang.reflect.Method; 28 import com.sun.ejb.*; 29 import javax.security.auth.Subject; 30 import com.sun.enterprise.security.CachedPermission; 31 32 /** 33 * This interface is used by the Container to manage access to EJBs. 34 * The container has a reference to an implementation of this 35 * interface. 36 * @author Harish Prabandham 37 */ 38 public interface SecurityManager { 39 40 /** 41 * @param The Invocation object containing the details of the invocation. 42 * @return true if the client is allowed to invoke the EJB, false otherwise. 43 */ 44 public boolean authorize(Invocation inv); 45 46 /** 47 * @return The Principal of the client who made the current 48 * invocation. 49 */ 50 public Principal getCallerPrincipal(); 51 52 /** 53 * @return A boolean true/false depending on whether or not the caller 54 * has the specified role. 55 * @param The EJB developer specified "logical role". 56 */ 57 public boolean isCallerInRole(String role); 58 59 60 /** This sets up the security context - if not set 61 * and does run-as related login if required 62 * @param ComponentInvocation 63 */ 64 public void preInvoke (ComponentInvocation inv); 65 66 /** 67 * This method is used by the Invocation Manager to remove 68 * the run-as identity information that was set up using the 69 * preInvoke 70 * @param ComponentInvocation 71 */ 72 public void postInvoke (ComponentInvocation inv); 73 74 /** 75 * Call this method to clean up all the bookeeping 76 * data-structures in the SM. 77 */ 78 public void destroy(); 79 80 /** 81 * This will return the subject associated with the current 82 * call. If the run as subject is in effect. It will return that 83 * subject. This is done to support the JACC specification which says 84 * if the runas principal is in effect, that principal should be used 85 * for making a component call. 86 * @return Subject the current subject. Null if this is not the 87 * runas case 88 */ 89 public Subject getCurrentSubject(); 90 91 /* This method is used by SecurityUtil runMethod to run the 92 * action as the subject encapsulated in the cuurent 93 * SecurityContext. 94 */ 95 96 public Object doAsPrivileged(PrivilegedExceptionAction pea) 97 throws Throwable; 98 99 } 100