KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > ejb3 > security > JaccAuthorizationInterceptor


1 /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10   * the License, or (at your option) any later version.
11   *
12   * This software is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this software; if not, write to the Free
19   * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21   */
22 package org.jboss.ejb3.security;
23
24 import java.lang.reflect.Method JavaDoc;
25 import java.security.CodeSource JavaDoc;
26 import javax.security.jacc.EJBMethodPermission JavaDoc;
27 import org.jboss.aop.advice.Interceptor;
28 import org.jboss.aop.joinpoint.Invocation;
29 import org.jboss.aop.joinpoint.MethodInvocation;
30 import org.jboss.aspects.remoting.InvokeRemoteInterceptor;
31 import org.jboss.remoting.InvokerLocator;
32
33
34 /**
35  * This interceptor is where the JACC authorization is performed.
36  *
37  * @author <a HREF="mailto:Scott.Stark@jboss.org">Scott Stark</a>.
38  * @version $Revision$
39  */
40 public class JaccAuthorizationInterceptor implements Interceptor
41 {
42    public static final String JavaDoc JACC = "JACC";
43    public static final String JavaDoc CTX = "ctx";
44
45    private String JavaDoc ejbName;
46    private CodeSource JavaDoc ejbCS;
47
48    public JaccAuthorizationInterceptor(String JavaDoc ejbName, CodeSource JavaDoc cs)
49    {
50       this.ejbName = ejbName;
51       this.ejbCS = cs;
52    }
53
54    public String JavaDoc getName()
55    {
56       return "JaccAuthorizationInterceptor";
57    }
58
59    public Object JavaDoc invoke(Invocation inv) throws Throwable JavaDoc
60    {
61       try
62       {
63          checkSecurityAssociation((MethodInvocation) inv);
64          return inv.invokeNext();
65       }
66       catch (ClassCastException JavaDoc e)
67       {
68          throw new RuntimeException JavaDoc("Jacc authorization is only available for method invocations", e);
69       }
70    }
71
72    /**
73     * Authorize the caller's access to the method invocation
74     */
75    private void checkSecurityAssociation(MethodInvocation mi) throws Throwable JavaDoc
76    {
77       String JavaDoc contextID = (String JavaDoc) mi.getMetaData(JACC, CTX);
78       SecurityActions.setContextID(contextID);
79       
80       
81       //EJBArgsPolicyContextHandler.setArgs(mi.getArguments());
82
83       //Set custom JACC policy handlers - Following used in EJB 2, but just seems to be ignored
84 //BeanMetaDataPolicyContextHandler.setMetaData(null);
85
86       Method JavaDoc m = mi.getMethod();
87
88       InvokerLocator locator = (InvokerLocator) mi.getMetaData(InvokeRemoteInterceptor.REMOTING, InvokeRemoteInterceptor.INVOKER_LOCATOR);
89
90       String JavaDoc iface = (locator != null) ? "Remote" : "Local";
91
92       EJBMethodPermission JavaDoc methodPerm = new EJBMethodPermission JavaDoc(ejbName, iface, m);
93       JaccHelper.checkPermission(ejbCS, methodPerm);
94       /*// Get the caller
95       Subject caller = SecurityActions.getContextSubject();
96
97       Principal[] principals = null;
98       if( caller != null )
99       {
100          // Get the caller principals
101          Set principalsSet = caller.getPrincipals();
102          principals = new Principal[principalsSet.size()];
103          principalsSet.toArray(principals);
104       }
105
106       ProtectionDomain pd = new ProtectionDomain (ejbCS, null, null, principals);
107       if( policy.implies(pd, methodPerm) == false )
108       {
109          String msg = "Denied: "+methodPerm+", caller=" + caller;
110          SecurityException e = new SecurityException(msg);
111          throw e;
112       }*/
113    }
114 }
115
Popular Tags