Search in sources :

Example 6 with EJBAccessException

use of jakarta.ejb.EJBAccessException in project tomee by apache.

the class RunAsServlet method doGet.

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    response.setContentType("text/plain");
    ServletOutputStream out = response.getOutputStream();
    out.println("Servlet");
    Principal principal = request.getUserPrincipal();
    if (principal != null) {
        out.println("Servlet.getUserPrincipal()=" + principal + " [" + principal.getName() + "]");
    } else {
        out.println("Servlet.getUserPrincipal()=<null>");
    }
    out.println("Servlet.isCallerInRole(\"user\")=" + request.isUserInRole("user"));
    out.println("Servlet.isCallerInRole(\"manager\")=" + request.isUserInRole("manager"));
    out.println("Servlet.isCallerInRole(\"fake\")=" + request.isUserInRole("fake"));
    out.println();
    out.println("@EJB=" + secureEJBLocal);
    if (secureEJBLocal != null) {
        principal = secureEJBLocal.getCallerPrincipal();
        if (principal != null) {
            out.println("@EJB.getCallerPrincipal()=" + principal + " [" + principal.getName() + "]");
        } else {
            out.println("@EJB.getCallerPrincipal()=<null>");
        }
        out.println("@EJB.isCallerInRole(\"user\")=" + secureEJBLocal.isCallerInRole("user"));
        out.println("@EJB.isCallerInRole(\"manager\")=" + secureEJBLocal.isCallerInRole("manager"));
        out.println("@EJB.isCallerInRole(\"fake\")=" + secureEJBLocal.isCallerInRole("fake"));
        try {
            secureEJBLocal.allowUserMethod();
            out.println("@EJB.allowUserMethod() ALLOWED");
        } catch (EJBAccessException e) {
            out.println("@EJB.allowUserMethod() DENIED");
        }
        try {
            secureEJBLocal.allowManagerMethod();
            out.println("@EJB.allowManagerMethod() ALLOWED");
        } catch (EJBAccessException e) {
            out.println("@EJB.allowManagerMethod() DENIED");
        }
        try {
            secureEJBLocal.allowFakeMethod();
            out.println("@EJB.allowFakeMethod() ALLOWED");
        } catch (EJBAccessException e) {
            out.println("@EJB.allowFakeMethod() DENIED");
        }
        try {
            secureEJBLocal.denyAllMethod();
            out.println("@EJB.denyAllMethod() ALLOWED");
        } catch (EJBAccessException e) {
            out.println("@EJB.denyAllMethod() DENIED");
        }
    }
    out.println();
}
Also used : ServletOutputStream(jakarta.servlet.ServletOutputStream) Principal(java.security.Principal) EJBAccessException(jakarta.ejb.EJBAccessException)

Example 7 with EJBAccessException

use of jakarta.ejb.EJBAccessException in project tomee by apache.

the class MovieTest method testAsEmployee.

@Test
public void testAsEmployee() throws Exception {
    final Context context = getContext("eddie", "jump");
    try {
        movies.addMovie(new Movie("Quentin Tarantino", "Reservoir Dogs", 1992));
        movies.addMovie(new Movie("Joel Coen", "Fargo", 1996));
        movies.addMovie(new Movie("Joel Coen", "The Big Lebowski", 1998));
        List<Movie> list = movies.getMovies();
        Assert.assertEquals("List.size()", 3, list.size());
        for (Movie movie : list) {
            try {
                movies.deleteMovie(movie);
                Assert.fail("Employees should not be allowed to delete");
            } catch (EJBAccessException e) {
            // Good, Employees cannot delete things
            }
        }
        // The list should still be three movies long
        Assert.assertEquals("Movies.getMovies()", 3, movies.getMovies().size());
    } finally {
        context.close();
    }
}
Also used : InitialContext(javax.naming.InitialContext) Context(javax.naming.Context) EJBAccessException(jakarta.ejb.EJBAccessException) Test(org.junit.Test)

Example 8 with EJBAccessException

use of jakarta.ejb.EJBAccessException in project tomee by apache.

the class ContractTest method missingCredentials.

@Test
public void missingCredentials() throws NamingException {
    try {
        hi(new Properties() {

            {
                setProperty(Context.INITIAL_CONTEXT_FACTORY, RemoteInitialContextFactory.class.getName());
                setProperty(Context.PROVIDER_URL, String.format("http://localhost:%s/tomee/ejb", base.getPort()));
            }
        });
        fail();
    } catch (final EJBAccessException eae) {
    // no-op
    }
}
Also used : Properties(java.util.Properties) EJBAccessException(jakarta.ejb.EJBAccessException) Test(org.junit.Test)

Example 9 with EJBAccessException

use of jakarta.ejb.EJBAccessException in project tomee by apache.

the class CmpContainer method invoke.

@Override
public Object invoke(final Object deployID, InterfaceType type, final Class callInterface, final Method callMethod, final Object[] args, final Object primKey) throws OpenEJBException {
    final BeanContext beanContext = this.getBeanContext(deployID);
    if (beanContext == null) {
        throw new OpenEJBException("Deployment does not exist in this container. Deployment(id='" + deployID + "'), Container(id='" + containerID + "')");
    }
    // Use the backup way to determine call type if null was supplied.
    if (type == null) {
        type = beanContext.getInterfaceType(callInterface);
    }
    final ThreadContext callContext = new ThreadContext(beanContext, primKey);
    final ThreadContext oldCallContext = ThreadContext.enter(callContext);
    try {
        final boolean authorized = securityService.isCallerAuthorized(callMethod, type);
        if (!authorized) {
            throw new ApplicationException(new EJBAccessException("Unauthorized Access by Principal Denied"));
        }
        final Class declaringClass = callMethod.getDeclaringClass();
        final String methodName = callMethod.getName();
        if (EJBHome.class.isAssignableFrom(declaringClass) || EJBLocalHome.class.isAssignableFrom(declaringClass)) {
            if (declaringClass != EJBHome.class && declaringClass != EJBLocalHome.class) {
                if (methodName.startsWith("create")) {
                    return createEJBObject(callMethod, args, callContext, type);
                } else if (methodName.equals("findByPrimaryKey")) {
                    return findByPrimaryKey(callMethod, args, callContext, type);
                } else if (methodName.startsWith("find")) {
                    return findEJBObject(callMethod, args, callContext, type);
                } else {
                    return homeMethod(callMethod, args, callContext, type);
                }
            } else if (methodName.equals("remove")) {
                removeEJBObject(callMethod, callContext, type);
                return null;
            }
        } else if ((EJBObject.class == declaringClass || EJBLocalObject.class == declaringClass) && methodName.equals("remove")) {
            removeEJBObject(callMethod, callContext, type);
            return null;
        }
        // business method
        callContext.setCurrentOperation(Operation.BUSINESS);
        final Method runMethod = beanContext.getMatchingBeanMethod(callMethod);
        callContext.set(Method.class, runMethod);
        return businessMethod(callMethod, runMethod, args, callContext, type);
    } finally {
        ThreadContext.exit(oldCallContext);
    }
}
Also used : BeanContext(org.apache.openejb.BeanContext) OpenEJBException(org.apache.openejb.OpenEJBException) EjbTransactionUtil.handleApplicationException(org.apache.openejb.core.transaction.EjbTransactionUtil.handleApplicationException) ApplicationException(org.apache.openejb.ApplicationException) EJBHome(jakarta.ejb.EJBHome) ThreadContext(org.apache.openejb.core.ThreadContext) Method(java.lang.reflect.Method) EJBAccessException(jakarta.ejb.EJBAccessException) EJBLocalHome(jakarta.ejb.EJBLocalHome)

Example 10 with EJBAccessException

use of jakarta.ejb.EJBAccessException in project tomee by apache.

the class StatefulSecurityPermissionsTest method test.

public void test() throws Exception {
    System.setProperty(javax.naming.Context.INITIAL_CONTEXT_FACTORY, InitContextFactory.class.getName());
    final Assembler assembler = new Assembler();
    final ConfigurationFactory config = new ConfigurationFactory();
    assembler.createProxyFactory(config.configureService(ProxyFactoryInfo.class));
    assembler.createTransactionManager(config.configureService(TransactionServiceInfo.class));
    final SecurityServiceInfo securityServiceInfo = config.configureService(SecurityServiceInfo.class);
    securityServiceInfo.className = TestSecurityService.class.getName();
    assembler.createSecurityService(securityServiceInfo);
    final TestSecurityService securityService = (TestSecurityService) SystemInstance.get().getComponent(SecurityService.class);
    securityService.login("foo", "Jazz", "Rock", "Reggae", "HipHop");
    final EjbJar ejbJar = new EjbJar();
    ejbJar.addEnterpriseBean(new StatefulBean(Color.class));
    final List<MethodPermission> permissions = ejbJar.getAssemblyDescriptor().getMethodPermission();
    permissions.add(new MethodPermission("*", "Color", "*", "Foo"));
    permissions.add(new MethodPermission("*", "Color", "create").setUnchecked());
    permissions.add(new MethodPermission("*", "Color", "ejbCreate").setUnchecked());
    final EjbJarInfo ejbJarInfo = config.configureApplication(ejbJar);
    assembler.createApplication(ejbJarInfo);
    final InitialContext context = new InitialContext();
    {
        final ColorLocal color = (ColorLocal) context.lookup("ColorLocal");
        assertEquals("Jazz", color.color());
        try {
            color.color((Object) null);
        } catch (final EJBAccessException e) {
            assertEquals("Excluded", actual.get());
        }
        assertEquals("Rock", color.color((String) null));
        assertEquals("Unchecked", color.color((Boolean) null));
        assertEquals("Reggae", color.color((Integer) null));
    }
}
Also used : StatefulBean(org.apache.openejb.jee.StatefulBean) InitContextFactory(org.apache.openejb.core.ivm.naming.InitContextFactory) MethodPermission(org.apache.openejb.jee.MethodPermission) InitialContext(javax.naming.InitialContext) EJBAccessException(jakarta.ejb.EJBAccessException) ProxyFactoryInfo(org.apache.openejb.assembler.classic.ProxyFactoryInfo) TransactionServiceInfo(org.apache.openejb.assembler.classic.TransactionServiceInfo) SecurityService(org.apache.openejb.spi.SecurityService) AbstractSecurityService(org.apache.openejb.core.security.AbstractSecurityService) ConfigurationFactory(org.apache.openejb.config.ConfigurationFactory) EJBLocalObject(jakarta.ejb.EJBLocalObject) EJBObject(jakarta.ejb.EJBObject) Assembler(org.apache.openejb.assembler.classic.Assembler) SecurityServiceInfo(org.apache.openejb.assembler.classic.SecurityServiceInfo) EjbJarInfo(org.apache.openejb.assembler.classic.EjbJarInfo) EjbJar(org.apache.openejb.jee.EjbJar)

Aggregations

EJBAccessException (jakarta.ejb.EJBAccessException)11 OpenEJBException (org.apache.openejb.OpenEJBException)5 ApplicationException (org.apache.openejb.ApplicationException)4 EJBHome (jakarta.ejb.EJBHome)3 EJBLocalHome (jakarta.ejb.EJBLocalHome)3 EJBLocalObject (jakarta.ejb.EJBLocalObject)3 EJBObject (jakarta.ejb.EJBObject)3 Method (java.lang.reflect.Method)3 BeanContext (org.apache.openejb.BeanContext)3 ThreadContext (org.apache.openejb.core.ThreadContext)3 EjbTransactionUtil.handleApplicationException (org.apache.openejb.core.transaction.EjbTransactionUtil.handleApplicationException)3 AccessLocalException (jakarta.ejb.AccessLocalException)2 ServletOutputStream (jakarta.servlet.ServletOutputStream)2 AccessException (java.rmi.AccessException)2 RemoteException (java.rmi.RemoteException)2 Principal (java.security.Principal)2 InitialContext (javax.naming.InitialContext)2 InvalidateReferenceException (org.apache.openejb.InvalidateReferenceException)2 OpenEJBRuntimeException (org.apache.openejb.OpenEJBRuntimeException)2 SystemException (org.apache.openejb.SystemException)2