use of com.sun.enterprise.security.CORBAObjectPermission in project Payara by payara.
the class SecurityContextUtil method authorizeCORBA.
// return true if authorization succeeds, false otherwise.
private boolean authorizeCORBA(byte[] objectId, String method) throws Exception {
ProtocolManager protocolManager = orbHelper.getProtocolManager();
// is on a callback object in the client VM.
if (protocolManager == null) {
return true;
}
// Check if target is an EJB
if (protocolManager.getEjbDescriptor(objectId) != null) {
// an EJB object
return true;
}
// Create a ProtectionDomain for principal on current thread.
ProtectionDomain principalsDomain = createPrincipalDomain(getPrincipalArray(com.sun.enterprise.security.SecurityContext.getCurrent()));
// Create the permission we want to check for
CORBAObjectPermission permission = new CORBAObjectPermission("*", method);
// Check if policy gives principal the permissions
boolean result = policy.implies(principalsDomain, permission);
if (_logger.isLoggable(FINE)) {
_logger.log(FINE, "CORBA Object permission evaluation result=" + result + " for method=" + method);
}
return result;
}
Aggregations