RoleBasedAuthorizationInterceptor


1   /*
2     * JBoss, Home of Professional Open Source
3     * Copyright 2005, JBoss Inc., and individual contributors as indicated
4     * by the @authors tag. See the copyright.txt in the distribution for a
5     * full listing of individual contributors.
6     *
7     * This is free software; you can redistribute it and/or modify it
8     * under the terms of the GNU Lesser General Public License as
9     * published by the Free Software Foundation; either version 2.1 of
10    * the License, or (at your option) any later version.
11    *
12    * This software is distributed in the hope that it will be useful,
13    * but WITHOUT ANY WARRANTY; without even the implied warranty of
14    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15    * Lesser General Public License for more details.
16    *
17    * You should have received a copy of the GNU Lesser General Public
18    * License along with this software; if not, write to the Free
19    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21    */
22  package org.jboss.ejb3.security;
23  
24  import java.lang.reflect.Method  ;
25  import java.util.HashSet  ;
26  import java.util.Set  ;
27  import javax.annotation.security.DenyAll;
28  import javax.annotation.security.PermitAll;
29  import javax.annotation.security.RolesAllowed;
30  import javax.ejb.EJBAccessException  ;
31  import org.jboss.aop.joinpoint.Invocation;
32  import org.jboss.aop.joinpoint.MethodInvocation;
33  import org.jboss.ejb3.Container;
34  import org.jboss.ejb3.EJBContainer;
35  import org.jboss.logging.Logger;
36  import org.jboss.security.AnybodyPrincipal;
37  import org.jboss.security.AuthenticationManager;
38  import org.jboss.security.NobodyPrincipal;
39  import org.jboss.security.RealmMapping;
40  import org.jboss.security.SimplePrincipal;
41  
42  /**
43   * The RoleBasedAuthorizationInterceptor checks that the caller principal is
44   * authorized to call a method by verifing that it contains at least one
45   * of the required roled.
46   *
47   * @author <a HREF="bill@jboss.org">Bill Burke</a>
48   * @version $Revision: 55508 $
49   */
50  public final class RoleBasedAuthorizationInterceptor extends org.jboss.aspects.security.RoleBasedAuthorizationInterceptor
51  {
52     private static final Logger log = Logger.getLogger(RoleBasedAuthorizationInterceptor.class);
53     
54     private EJBContainer container;
55     
56     public RoleBasedAuthorizationInterceptor(AuthenticationManager manager, RealmMapping realmMapping, Container container)
57     {
58        super(manager, realmMapping);
59        this.container = (EJBContainer)container;
60     }
61  
62     protected Set   getRoleSet(Invocation invocation)
63     {
64        Method   method = ((MethodInvocation)invocation).getActualMethod();
65  
66        Class  [] classes = new Class  []{DenyAll.class, PermitAll.class, RolesAllowed.class};
67  
68        Object   annotation = container.resolveAnnotation(method, classes);
69        
70        int classIndex = 0;
71        while (annotation == null && classIndex < 3)
72        {
73           annotation = container.resolveAnnotation(classes[classIndex++]);
74        }
75           
76        HashSet   set = new HashSet  ();
77        if (annotation != null)
78        {
79           if (annotation instanceof DenyAll)
80           {
81              set.add(NobodyPrincipal.NOBODY_PRINCIPAL);
82           }
83           else if (annotation instanceof PermitAll)
84           {
85              set.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
86           }
87           else if (annotation instanceof RolesAllowed)
88           {
89              RolesAllowed permissions = (RolesAllowed) annotation;
90              for (int i = 0; i < permissions.value().length; i++)
91              {
92                 set.add(new SimplePrincipal(permissions.value()[i]));
93              }
94           }
95           else
96              set.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
97        }
98        else
99           set.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
100 
101       return set;
102    }
103 
104    public Object   invoke(Invocation invocation) throws Throwable  
105    {
106       try
107       {
108          return super.invoke(invocation);
109       }
110       catch (SecurityException   throwable)
111       {
112          throw new EJBAccessException  ("Authorization failure", throwable);
113       } finally {
114       }
115    }
116 
117 }
118
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags