1 25 26 package org.objectweb.easybeans.security.interceptors; 27 28 import java.util.Arrays ; 29 30 import javax.ejb.EJBAccessException ; 31 import javax.security.jacc.PolicyContext ; 32 33 import org.objectweb.easybeans.api.EZBPermissionManager; 34 import org.objectweb.easybeans.api.EasyBeansInterceptor; 35 import org.objectweb.easybeans.api.EasyBeansInvocationContext; 36 import org.objectweb.easybeans.security.propagation.context.SecurityCurrent; 37 38 39 43 public class AccessInterceptor implements EasyBeansInterceptor { 44 45 46 53 public Object intercept(final EasyBeansInvocationContext invocationContext) throws Exception { 54 String oldContextId = PolicyContext.getContextID(); 55 boolean accessGranted = true; 56 boolean runAsBean = invocationContext.getFactory().getBeanInfo().getSecurityInfo().getRunAsRole() != null; 57 try { 58 EZBPermissionManager permissionManager = invocationContext.getFactory().getContainer().getPermissionManager(); 59 if (permissionManager != null) { 60 accessGranted = permissionManager.checkSecurity(invocationContext, runAsBean); 61 } 62 } finally { 63 PolicyContext.setContextID(oldContextId); 64 } 65 if (!accessGranted) { 66 StringBuffer errMsg = new StringBuffer ("Access Denied on bean '"); 67 errMsg.append(invocationContext.getFactory().getBeanInfo().getName()); 68 errMsg.append("' contained in the URL '"); 69 errMsg.append(invocationContext.getFactory().getContainer().getArchive()); 70 errMsg.append("'. "); 71 errMsg.append(" Method = '"); 72 errMsg.append(invocationContext.getMethod()); 73 errMsg.append("'. "); 74 errMsg.append("Current caller's principal is '"); 75 errMsg.append(SecurityCurrent.getCurrent().getSecurityContext().getCallerPrincipal(runAsBean)); 76 errMsg.append("' with roles '"); 77 errMsg.append(Arrays.asList(SecurityCurrent.getCurrent().getSecurityContext().getCallerRoles(runAsBean))); 78 errMsg.append("'."); 79 throw new EJBAccessException (errMsg.toString()); 80 } 81 82 return invocationContext.proceed(); 83 } 84 85 } 86 | Popular Tags |