use of com.sun.enterprise.security.ee.CachedPermissionImpl in project Payara by payara.
the class WebSecurityManager method initialise.
private void initialise(String appName) throws PolicyContextException {
getPolicyFactory();
CODEBASE = removeSpaces(CONTEXT_ID);
// V3:Commented if(VirtualServer.ADMIN_VS.equals(getVirtualServers(appName))){
if (Constants.ADMIN_VS.equals(getVirtualServers(appName))) {
LoginConfiguration lgConf = wbd.getLoginConfiguration();
if (lgConf != null) {
String realmName = lgConf.getRealmName();
SunWebApp sunDes = wbd.getSunDescriptor();
if (sunDes != null) {
SecurityRoleMapping[] srms = sunDes.getSecurityRoleMapping();
if (srms != null) {
for (SecurityRoleMapping srm : srms) {
String[] principals = srm.getPrincipalName();
if (principals != null) {
for (String principal : principals) {
wsmf.ADMIN_PRINCIPAL.put(realmName + principal, new PrincipalImpl(principal));
}
}
for (String group : srm.getGroupNames()) {
wsmf.ADMIN_GROUP.put(realmName + group, new Group(group));
}
}
}
SecurityRoleAssignment[] sras = sunDes.getSecurityRoleAssignments();
if (sras != null) {
for (SecurityRoleAssignment sra : sras) {
List<String> principals = sra.getPrincipalNames();
if (sra.isExternallyDefined()) {
wsmf.ADMIN_GROUP.put(realmName + sra.getRoleName(), new Group(sra.getRoleName()));
continue;
}
for (String principal : principals) {
wsmf.ADMIN_PRINCIPAL.put(realmName + principal, new PrincipalImpl(principal));
}
}
}
}
}
}
// will require stuff in hash format for reference later on.
try {
java.net.URI uri = null;
try {
if (logger.isLoggable(Level.FINE))
logger.log(Level.FINE, "[Web-Security] Creating a Codebase URI with = {0}", CODEBASE);
uri = new java.net.URI("file:///" + CODEBASE);
if (uri != null) {
codesource = new CodeSource(new URL(uri.toString()), (java.security.cert.Certificate[]) null);
}
} catch (java.net.URISyntaxException use) {
// manually create the URL
logger.log(Level.FINE, "[Web-Security] Error Creating URI ", use);
throw new RuntimeException(use);
}
} catch (java.net.MalformedURLException mue) {
logger.log(Level.SEVERE, "[Web-Security] Exception while getting the CodeSource", mue);
throw new RuntimeException(mue);
}
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "[Web-Security] Context id (id under which WEB component in application will be created) = {0}", CONTEXT_ID);
logger.log(Level.FINE, "[Web-Security] Codebase (module id for web component) {0}", CODEBASE);
}
loadPolicyConfiguration();
if (uncheckedPermissionCache == null) {
if (register) {
uncheckedPermissionCache = PermissionCacheFactory.createPermissionCache(this.CONTEXT_ID, codesource, protoPerms, null);
allResourcesCP = new CachedPermissionImpl(uncheckedPermissionCache, allResources);
allConnectionsCP = new CachedPermissionImpl(uncheckedPermissionCache, allConnections);
}
} else {
uncheckedPermissionCache.reset();
}
}
use of com.sun.enterprise.security.ee.CachedPermissionImpl in project Payara by payara.
the class EJBSecurityManager method authorize.
/**
* This method is called by the EJB container to decide whether or not
* a method specified in the Invocation should be allowed.
*
* @param compInv invocation object that contains all the details of the
* invocation.
* @return A boolean value indicating if the client should be allowed
* to invoke the EJB.
*/
public boolean authorize(ComponentInvocation compInv) {
if (!(compInv instanceof EjbInvocation)) {
return false;
}
// FIXME: Param type should be EjbInvocation
EjbInvocation inv = (EjbInvocation) compInv;
if (inv.getAuth() != null) {
return inv.getAuth().booleanValue();
}
boolean ret = false;
CachedPermission cp = null;
Permission ejbmp = null;
if (inv.invocationInfo == null || inv.invocationInfo.cachedPermission == null) {
ejbmp = new EJBMethodPermission(ejbName, inv.getMethodInterface(), inv.method);
cp = new CachedPermissionImpl(uncheckedMethodPermissionCache, ejbmp);
if (inv.invocationInfo != null) {
inv.invocationInfo.cachedPermission = cp;
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("JACC: permission initialized in InvocationInfo: EJBMethodPermission (Name) = " + ejbmp.getName() + " (Action) = " + ejbmp.getActions());
}
}
} else {
cp = inv.invocationInfo.cachedPermission;
ejbmp = cp.getPermission();
}
String caller = null;
SecurityContext sc = null;
pcHandlerImpl.getHandlerData().setInvocation(inv);
ret = cp.checkPermission();
if (!ret) {
sc = SecurityContext.getCurrent();
Set principalSet = sc.getPrincipalSet();
ProtectionDomain prdm = getCachedProtectionDomain(principalSet, true);
try {
// set the policy context in the TLS.
String oldContextId = setPolicyContext(this.contextId);
try {
ret = policy.implies(prdm, ejbmp);
} catch (SecurityException se) {
_logger.log(Level.SEVERE, "jacc_access_exception", se);
ret = false;
} catch (Throwable t) {
_logger.log(Level.SEVERE, "jacc_access_exception", t);
ret = false;
} finally {
resetPolicyContext(oldContextId, this.contextId);
}
} catch (Throwable t) {
_logger.log(Level.SEVERE, "jacc_policy_context_exception", t);
ret = false;
}
}
inv.setAuth((ret) ? Boolean.TRUE : Boolean.FALSE);
if (auditManager.isAuditOn()) {
if (sc == null) {
sc = SecurityContext.getCurrent();
}
caller = sc.getCallerPrincipal().getName();
auditManager.ejbInvocation(caller, ejbName, inv.method.toString(), ret);
}
if (ret && inv.isWebService && !inv.isPreInvokeDone()) {
preInvoke(inv);
}
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("JACC: Access Control Decision Result: " + ret + " EJBMethodPermission (Name) = " + ejbmp.getName() + " (Action) = " + ejbmp.getActions() + " (Caller) = " + caller);
}
return ret;
}
use of com.sun.enterprise.security.ee.CachedPermissionImpl in project Payara by payara.
the class J2EESecurityManager method enablePermissionCache.
public synchronized void enablePermissionCache(PermissionCache c) {
if (c != null) {
cache = c;
connectPerm = new CachedPermissionImpl(cache, new SocketPermission("*", "connect"));
cacheEnabled = true;
}
}
Aggregations