Example 1 with CachedPermissionImpl
use of com.sun.enterprise.security.jacc.cache.CachedPermissionImpl in project Payara by payara.
the class EJBSecurityManager method authorize.
/**
* This method is called by the EJB container to decide whether or not a method specified in the Invocation should be
* allowed.
*
* @param componentInvocation invocation object that contains all the details of the invocation.
* @return A boolean value indicating if the client should be allowed to invoke the EJB.
*/
@Override
public boolean authorize(ComponentInvocation componentInvocation) {
if (!(componentInvocation instanceof EjbInvocation)) {
return false;
}
// FIXME: Param type should be EjbInvocation
EjbInvocation ejbInvocation = (EjbInvocation) componentInvocation;
if (ejbInvocation.getAuth() != null) {
return ejbInvocation.getAuth().booleanValue();
}
boolean isAuthorized = false;
CachedPermission cachedPermission = null;
Permission permission = null;
if (ejbInvocation.invocationInfo == null || ejbInvocation.invocationInfo.cachedPermission == null) {
permission = new EJBMethodPermission(ejbName, ejbInvocation.getMethodInterface(), ejbInvocation.method);
cachedPermission = new CachedPermissionImpl(uncheckedMethodPermissionCache, permission);
if (ejbInvocation.invocationInfo != null) {
ejbInvocation.invocationInfo.cachedPermission = cachedPermission;
if (_logger.isLoggable(FINE)) {
_logger.fine("JACC: permission initialized in InvocationInfo: EJBMethodPermission (Name) = " + permission.getName() + " (Action) = " + permission.getActions());
}
}
} else {
cachedPermission = ejbInvocation.invocationInfo.cachedPermission;
permission = cachedPermission.getPermission();
}
String caller = null;
SecurityContext securityContext = null;
pcHandlerImpl.getHandlerData().setInvocation(ejbInvocation);
isAuthorized = cachedPermission.checkPermission();
if (!isAuthorized) {
securityContext = SecurityContext.getCurrent();
try {
// Set the policy context in the TLS.
String oldContextId = setPolicyContext(contextId);
try {
isAuthorized = policy.implies(getCachedProtectionDomain(securityContext.getPrincipalSet(), true), permission);
} catch (Throwable t) {
_logger.log(SEVERE, "jacc_access_exception", t);
isAuthorized = false;
} finally {
resetPolicyContext(oldContextId, contextId);
}
} catch (Throwable t) {
_logger.log(SEVERE, "jacc_policy_context_exception", t);
isAuthorized = false;
}
}
ejbInvocation.setAuth(isAuthorized);
if (auditManager.isAuditOn()) {
if (securityContext == null) {
securityContext = SecurityContext.getCurrent();
}
caller = securityContext.getCallerPrincipal().getName();
auditManager.ejbInvocation(caller, ejbName, ejbInvocation.method.toString(), isAuthorized);
}
if (isAuthorized && ejbInvocation.isWebService && !ejbInvocation.isPreInvokeDone()) {
preInvoke(ejbInvocation);
}
if (_logger.isLoggable(FINE)) {
_logger.fine("JACC: Access Control Decision Result: " + isAuthorized + " EJBMethodPermission (Name) = " + permission.getName() + " (Action) = " + permission.getActions() + " (Caller) = " + caller);
}
return isAuthorized;
}
Also used :
EjbInvocation(com.sun.ejb.EjbInvocation)
CachedPermission(com.sun.enterprise.security.jacc.cache.CachedPermission)
CachedPermissionImpl(com.sun.enterprise.security.jacc.cache.CachedPermissionImpl)
CachedPermission(com.sun.enterprise.security.jacc.cache.CachedPermission)
SecurityContext(com.sun.enterprise.security.SecurityContext)
Example 2 with CachedPermissionImpl
use of com.sun.enterprise.security.jacc.cache.CachedPermissionImpl in project Payara by payara.
the class JaccWebAuthorizationManager method initialise.
/**
* Initialise this class and specifically load permissions into the JACC Policy Configuration.
*
* @param appName
* @throws PolicyContextException
*/
private void initialise(String appName) throws PolicyContextException {
logger.finest(() -> String.format("initialise(appName=%s)", appName));
getPolicyFactory();
CODEBASE = removeSpaces(CONTEXT_ID);
if (ADMIN_VS.equals(getVirtualServers(appName))) {
LoginConfiguration loginConfiguration = webBundleDescriptor.getLoginConfiguration();
if (loginConfiguration != null) {
String realmName = loginConfiguration.getRealmName();
// Process mappings from sun-web.xml
SunWebApp sunDes = webBundleDescriptor.getSunDescriptor();
if (sunDes != null) {
SecurityRoleMapping[] roleMappings = sunDes.getSecurityRoleMapping();
if (roleMappings != null) {
for (SecurityRoleMapping roleMapping : roleMappings) {
for (String principal : roleMapping.getPrincipalName()) {
webSecurityManagerFactory.addAdminPrincipal(principal, realmName, new PrincipalImpl(principal));
}
for (String group : roleMapping.getGroupNames()) {
webSecurityManagerFactory.addAdminGroup(group, realmName, new Group(group));
}
}
}
SecurityRoleAssignment[] roleAssignments = sunDes.getSecurityRoleAssignments();
if (roleAssignments != null) {
for (SecurityRoleAssignment roleAssignment : roleAssignments) {
if (roleAssignment.isExternallyDefined()) {
webSecurityManagerFactory.addAdminGroup(roleAssignment.getRoleName(), realmName, new Group(roleAssignment.getRoleName()));
continue;
}
for (String principal : roleAssignment.getPrincipalNames()) {
webSecurityManagerFactory.addAdminPrincipal(principal, realmName, new PrincipalImpl(principal));
}
}
}
}
}
}
// Will require stuff in hash format for reference later on.
try {
try {
logger.log(FINE, "[Web-Security] Creating a Codebase URI with = {0}", CODEBASE);
URI uri = new URI("file:///" + CODEBASE);
if (uri != null) {
codesource = new CodeSource(new URL(uri.toString()), (Certificate[]) null);
}
} catch (URISyntaxException use) {
// Manually create the URL
logger.log(FINE, "[Web-Security] Error Creating URI ", use);
throw new RuntimeException(use);
}
} catch (MalformedURLException mue) {
logger.log(SEVERE, "[Web-Security] Exception while getting the CodeSource", mue);
throw new RuntimeException(mue);
}
logger.log(FINE, "[Web-Security] Context id (id under which WEB component in application will be created) = {0}", CONTEXT_ID);
logger.log(FINE, "[Web-Security] Codebase (module id for web component) {0}", CODEBASE);
// Generate permissions and store these into the JACC policyConfiguration
// The JACC Policy (to which we delegate) will use these permissions later to make authorization decisions.
loadPermissionsInToPolicyConfiguration();
if (uncheckedPermissionCache == null) {
if (register) {
uncheckedPermissionCache = PermissionCacheFactory.createPermissionCache(CONTEXT_ID, codesource, protoPerms, null);
allResourcesCachedPermission = new CachedPermissionImpl(uncheckedPermissionCache, allResources);
allConnectionsCachedPermission = new CachedPermissionImpl(uncheckedPermissionCache, allConnections);
}
} else {
uncheckedPermissionCache.reset();
}
}
Also used :
SunWebApp(com.sun.enterprise.deployment.runtime.web.SunWebApp)
Group(org.glassfish.security.common.Group)
MalformedURLException(java.net.MalformedURLException)
SecurityRoleMapping(com.sun.enterprise.deployment.runtime.common.SecurityRoleMapping)
LoginConfiguration(com.sun.enterprise.deployment.web.LoginConfiguration)
URISyntaxException(java.net.URISyntaxException)
CodeSource(java.security.CodeSource)
URI(java.net.URI)
URL(java.net.URL)
CachedPermissionImpl(com.sun.enterprise.security.jacc.cache.CachedPermissionImpl)
PrincipalImpl(org.glassfish.security.common.PrincipalImpl)
SecurityRoleAssignment(com.sun.enterprise.deployment.runtime.common.wls.SecurityRoleAssignment)
Example 3 with CachedPermissionImpl
use of com.sun.enterprise.security.jacc.cache.CachedPermissionImpl in project Payara by payara.
the class J2EESecurityManager method enablePermissionCache.
public synchronized void enablePermissionCache(PermissionCache c) {
if (c != null) {
cache = c;
connectPerm = new CachedPermissionImpl(cache, new SocketPermission("*", "connect"));
cacheEnabled = true;
}
}
Also used :
CachedPermissionImpl(com.sun.enterprise.security.jacc.cache.CachedPermissionImpl)
SocketPermission(java.net.SocketPermission)
Aggregations
CachedPermissionImpl (com.sun.enterprise.security.jacc.cache.CachedPermissionImpl)3
EjbInvocation (com.sun.ejb.EjbInvocation)1
SecurityRoleMapping (com.sun.enterprise.deployment.runtime.common.SecurityRoleMapping)1
SecurityRoleAssignment (com.sun.enterprise.deployment.runtime.common.wls.SecurityRoleAssignment)1
SunWebApp (com.sun.enterprise.deployment.runtime.web.SunWebApp)1
LoginConfiguration (com.sun.enterprise.deployment.web.LoginConfiguration)1
SecurityContext (com.sun.enterprise.security.SecurityContext)1
CachedPermission (com.sun.enterprise.security.jacc.cache.CachedPermission)1
MalformedURLException (java.net.MalformedURLException)1
SocketPermission (java.net.SocketPermission)1
URI (java.net.URI)1
URISyntaxException (java.net.URISyntaxException)1
URL (java.net.URL)1
CodeSource (java.security.CodeSource)1
Group (org.glassfish.security.common.Group)1
PrincipalImpl (org.glassfish.security.common.PrincipalImpl)1
