Search in sources :

Example 1 with CORBAObjectPermission

use of com.sun.enterprise.security.CORBAObjectPermission in project Payara by payara.

the class SecurityContextUtil method authorizeCORBA.

// return true if authorization succeeds, false otherwise.
private boolean authorizeCORBA(byte[] objectId, String method) throws Exception {
    ProtocolManager protocolManager = orbHelper.getProtocolManager();
    // is on a callback object in the client VM.
    if (protocolManager == null) {
        return true;
    }
    // Check if target is an EJB
    if (protocolManager.getEjbDescriptor(objectId) != null) {
        // an EJB object
        return true;
    }
    // Create a ProtectionDomain for principal on current thread.
    ProtectionDomain principalsDomain = createPrincipalDomain(getPrincipalArray(com.sun.enterprise.security.SecurityContext.getCurrent()));
    // Create the permission we want to check for
    CORBAObjectPermission permission = new CORBAObjectPermission("*", method);
    // Check if policy gives principal the permissions
    boolean result = policy.implies(principalsDomain, permission);
    if (_logger.isLoggable(FINE)) {
        _logger.log(FINE, "CORBA Object permission evaluation result=" + result + " for method=" + method);
    }
    return result;
}
Also used : ProtectionDomain(java.security.ProtectionDomain) ProtocolManager(org.glassfish.enterprise.iiop.api.ProtocolManager) CORBAObjectPermission(com.sun.enterprise.security.CORBAObjectPermission)

Aggregations

CORBAObjectPermission (com.sun.enterprise.security.CORBAObjectPermission)1 ProtectionDomain (java.security.ProtectionDomain)1 ProtocolManager (org.glassfish.enterprise.iiop.api.ProtocolManager)1