Example 1 with CachedPermission
use of com.sun.enterprise.security.jacc.cache.CachedPermission in project Payara by payara.
the class EJBSecurityManager method authorize.
/**
* This method is called by the EJB container to decide whether or not a method specified in the Invocation should be
* allowed.
*
* @param componentInvocation invocation object that contains all the details of the invocation.
* @return A boolean value indicating if the client should be allowed to invoke the EJB.
*/
@Override
public boolean authorize(ComponentInvocation componentInvocation) {
if (!(componentInvocation instanceof EjbInvocation)) {
return false;
}
// FIXME: Param type should be EjbInvocation
EjbInvocation ejbInvocation = (EjbInvocation) componentInvocation;
if (ejbInvocation.getAuth() != null) {
return ejbInvocation.getAuth().booleanValue();
}
boolean isAuthorized = false;
CachedPermission cachedPermission = null;
Permission permission = null;
if (ejbInvocation.invocationInfo == null || ejbInvocation.invocationInfo.cachedPermission == null) {
permission = new EJBMethodPermission(ejbName, ejbInvocation.getMethodInterface(), ejbInvocation.method);
cachedPermission = new CachedPermissionImpl(uncheckedMethodPermissionCache, permission);
if (ejbInvocation.invocationInfo != null) {
ejbInvocation.invocationInfo.cachedPermission = cachedPermission;
if (_logger.isLoggable(FINE)) {
_logger.fine("JACC: permission initialized in InvocationInfo: EJBMethodPermission (Name) = " + permission.getName() + " (Action) = " + permission.getActions());
}
}
} else {
cachedPermission = ejbInvocation.invocationInfo.cachedPermission;
permission = cachedPermission.getPermission();
}
String caller = null;
SecurityContext securityContext = null;
pcHandlerImpl.getHandlerData().setInvocation(ejbInvocation);
isAuthorized = cachedPermission.checkPermission();
if (!isAuthorized) {
securityContext = SecurityContext.getCurrent();
try {
// Set the policy context in the TLS.
String oldContextId = setPolicyContext(contextId);
try {
isAuthorized = policy.implies(getCachedProtectionDomain(securityContext.getPrincipalSet(), true), permission);
} catch (Throwable t) {
_logger.log(SEVERE, "jacc_access_exception", t);
isAuthorized = false;
} finally {
resetPolicyContext(oldContextId, contextId);
}
} catch (Throwable t) {
_logger.log(SEVERE, "jacc_policy_context_exception", t);
isAuthorized = false;
}
}
ejbInvocation.setAuth(isAuthorized);
if (auditManager.isAuditOn()) {
if (securityContext == null) {
securityContext = SecurityContext.getCurrent();
}
caller = securityContext.getCallerPrincipal().getName();
auditManager.ejbInvocation(caller, ejbName, ejbInvocation.method.toString(), isAuthorized);
}
if (isAuthorized && ejbInvocation.isWebService && !ejbInvocation.isPreInvokeDone()) {
preInvoke(ejbInvocation);
}
if (_logger.isLoggable(FINE)) {
_logger.fine("JACC: Access Control Decision Result: " + isAuthorized + " EJBMethodPermission (Name) = " + permission.getName() + " (Action) = " + permission.getActions() + " (Caller) = " + caller);
}
return isAuthorized;
}
Also used :
EjbInvocation(com.sun.ejb.EjbInvocation)
CachedPermission(com.sun.enterprise.security.jacc.cache.CachedPermission)
CachedPermissionImpl(com.sun.enterprise.security.jacc.cache.CachedPermissionImpl)
CachedPermission(com.sun.enterprise.security.jacc.cache.CachedPermission)
SecurityContext(com.sun.enterprise.security.SecurityContext)
Aggregations
EjbInvocation (com.sun.ejb.EjbInvocation)1
SecurityContext (com.sun.enterprise.security.SecurityContext)1
CachedPermission (com.sun.enterprise.security.jacc.cache.CachedPermission)1
CachedPermissionImpl (com.sun.enterprise.security.jacc.cache.CachedPermissionImpl)1
