Example 1 with CachedPermission
use of com.sun.enterprise.security.ee.CachedPermission in project Payara by payara.
the class EJBSecurityManager method authorize.
/**
* This method is called by the EJB container to decide whether or not
* a method specified in the Invocation should be allowed.
*
* @param compInv invocation object that contains all the details of the
* invocation.
* @return A boolean value indicating if the client should be allowed
* to invoke the EJB.
*/
public boolean authorize(ComponentInvocation compInv) {
if (!(compInv instanceof EjbInvocation)) {
return false;
}
// FIXME: Param type should be EjbInvocation
EjbInvocation inv = (EjbInvocation) compInv;
if (inv.getAuth() != null) {
return inv.getAuth().booleanValue();
}
boolean ret = false;
CachedPermission cp = null;
Permission ejbmp = null;
if (inv.invocationInfo == null || inv.invocationInfo.cachedPermission == null) {
ejbmp = new EJBMethodPermission(ejbName, inv.getMethodInterface(), inv.method);
cp = new CachedPermissionImpl(uncheckedMethodPermissionCache, ejbmp);
if (inv.invocationInfo != null) {
inv.invocationInfo.cachedPermission = cp;
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("JACC: permission initialized in InvocationInfo: EJBMethodPermission (Name) = " + ejbmp.getName() + " (Action) = " + ejbmp.getActions());
}
}
} else {
cp = inv.invocationInfo.cachedPermission;
ejbmp = cp.getPermission();
}
String caller = null;
SecurityContext sc = null;
pcHandlerImpl.getHandlerData().setInvocation(inv);
ret = cp.checkPermission();
if (!ret) {
sc = SecurityContext.getCurrent();
Set principalSet = sc.getPrincipalSet();
ProtectionDomain prdm = getCachedProtectionDomain(principalSet, true);
try {
// set the policy context in the TLS.
String oldContextId = setPolicyContext(this.contextId);
try {
ret = policy.implies(prdm, ejbmp);
} catch (SecurityException se) {
_logger.log(Level.SEVERE, "jacc_access_exception", se);
ret = false;
} catch (Throwable t) {
_logger.log(Level.SEVERE, "jacc_access_exception", t);
ret = false;
} finally {
resetPolicyContext(oldContextId, this.contextId);
}
} catch (Throwable t) {
_logger.log(Level.SEVERE, "jacc_policy_context_exception", t);
ret = false;
}
}
inv.setAuth((ret) ? Boolean.TRUE : Boolean.FALSE);
if (auditManager.isAuditOn()) {
if (sc == null) {
sc = SecurityContext.getCurrent();
}
caller = sc.getCallerPrincipal().getName();
auditManager.ejbInvocation(caller, ejbName, inv.method.toString(), ret);
}
if (ret && inv.isWebService && !inv.isPreInvokeDone()) {
preInvoke(inv);
}
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("JACC: Access Control Decision Result: " + ret + " EJBMethodPermission (Name) = " + ejbmp.getName() + " (Action) = " + ejbmp.getActions() + " (Caller) = " + caller);
}
return ret;
}
Also used :
ProtectionDomain(java.security.ProtectionDomain)
EjbInvocation(com.sun.ejb.EjbInvocation)
CachedPermission(com.sun.enterprise.security.ee.CachedPermission)
CachedPermissionImpl(com.sun.enterprise.security.ee.CachedPermissionImpl)
Set(java.util.Set)
HashSet(java.util.HashSet)
EJBMethodPermission(javax.security.jacc.EJBMethodPermission)
EJBRoleRefPermission(javax.security.jacc.EJBRoleRefPermission)
Permission(java.security.Permission)
MethodPermission(com.sun.enterprise.deployment.MethodPermission)
CachedPermission(com.sun.enterprise.security.ee.CachedPermission)
SecurityContext(com.sun.enterprise.security.SecurityContext)
EJBMethodPermission(javax.security.jacc.EJBMethodPermission)
Aggregations
EjbInvocation (com.sun.ejb.EjbInvocation)1
MethodPermission (com.sun.enterprise.deployment.MethodPermission)1
SecurityContext (com.sun.enterprise.security.SecurityContext)1
CachedPermission (com.sun.enterprise.security.ee.CachedPermission)1
CachedPermissionImpl (com.sun.enterprise.security.ee.CachedPermissionImpl)1
Permission (java.security.Permission)1
ProtectionDomain (java.security.ProtectionDomain)1
HashSet (java.util.HashSet)1
Set (java.util.Set)1
EJBMethodPermission (javax.security.jacc.EJBMethodPermission)1
EJBRoleRefPermission (javax.security.jacc.EJBRoleRefPermission)1
