KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > objectweb > easybeans > security > interceptors > AccessInterceptor


1 /**
2  * EasyBeans
3  * Copyright (C) 2006 Bull S.A.S.
4  * Contact: easybeans@objectweb.org
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
19  * USA
20  *
21  * --------------------------------------------------------------------------
22  * $Id: AccessInterceptor.java 1121 2006-09-27 08:51:06Z benoitf $
23  * --------------------------------------------------------------------------
24  */
25
26 package org.objectweb.easybeans.security.interceptors;
27
28 import java.util.Arrays JavaDoc;
29
30 import javax.ejb.EJBAccessException JavaDoc;
31 import javax.security.jacc.PolicyContext JavaDoc;
32
33 import org.objectweb.easybeans.api.EZBPermissionManager;
34 import org.objectweb.easybeans.api.EasyBeansInterceptor;
35 import org.objectweb.easybeans.api.EasyBeansInvocationContext;
36 import org.objectweb.easybeans.security.propagation.context.SecurityCurrent;
37
38
39 /**
40  * This interceptor checks that the role is allowed to call the given method.
41  * @author Florent Benoit
42  */
43 public class AccessInterceptor implements EasyBeansInterceptor {
44
45
46     /**
47      * Grant access to the given method by checking roles.
48      * @param invocationContext context with useful attributes on the current
49      * invocation
50      * @return result of the next invocation (to chain interceptors)
51      * @throws Exception if interceptor fails
52      */
53     public Object JavaDoc intercept(final EasyBeansInvocationContext invocationContext) throws Exception JavaDoc {
54         String JavaDoc oldContextId = PolicyContext.getContextID();
55         boolean accessGranted = true;
56         boolean runAsBean = invocationContext.getFactory().getBeanInfo().getSecurityInfo().getRunAsRole() != null;
57         try {
58             EZBPermissionManager permissionManager = invocationContext.getFactory().getContainer().getPermissionManager();
59             if (permissionManager != null) {
60                 accessGranted = permissionManager.checkSecurity(invocationContext, runAsBean);
61             }
62         } finally {
63             PolicyContext.setContextID(oldContextId);
64         }
65         if (!accessGranted) {
66             StringBuffer JavaDoc errMsg = new StringBuffer JavaDoc("Access Denied on bean '");
67             errMsg.append(invocationContext.getFactory().getBeanInfo().getName());
68             errMsg.append("' contained in the URL '");
69             errMsg.append(invocationContext.getFactory().getContainer().getArchive());
70             errMsg.append("'. ");
71             errMsg.append(" Method = '");
72             errMsg.append(invocationContext.getMethod());
73             errMsg.append("'. ");
74             errMsg.append("Current caller's principal is '");
75             errMsg.append(SecurityCurrent.getCurrent().getSecurityContext().getCallerPrincipal(runAsBean));
76             errMsg.append("' with roles '");
77             errMsg.append(Arrays.asList(SecurityCurrent.getCurrent().getSecurityContext().getCallerRoles(runAsBean)));
78             errMsg.append("'.");
79             throw new EJBAccessException JavaDoc(errMsg.toString());
80         }
81
82         return invocationContext.proceed();
83     }
84
85 }
86
Popular Tags