Search in sources :

Example 41 with EJBAccessException

use of javax.ejb.EJBAccessException in project tomee by apache.

the class CmpContainer method invoke.

@Override
public Object invoke(final Object deployID, InterfaceType type, final Class callInterface, final Method callMethod, final Object[] args, final Object primKey) throws OpenEJBException {
    final BeanContext beanContext = this.getBeanContext(deployID);
    if (beanContext == null) {
        throw new OpenEJBException("Deployment does not exist in this container. Deployment(id='" + deployID + "'), Container(id='" + containerID + "')");
    }
    // Use the backup way to determine call type if null was supplied.
    if (type == null) {
        type = beanContext.getInterfaceType(callInterface);
    }
    final ThreadContext callContext = new ThreadContext(beanContext, primKey);
    final ThreadContext oldCallContext = ThreadContext.enter(callContext);
    try {
        final boolean authorized = securityService.isCallerAuthorized(callMethod, type);
        if (!authorized) {
            throw new ApplicationException(new EJBAccessException("Unauthorized Access by Principal Denied"));
        }
        final Class declaringClass = callMethod.getDeclaringClass();
        final String methodName = callMethod.getName();
        if (EJBHome.class.isAssignableFrom(declaringClass) || EJBLocalHome.class.isAssignableFrom(declaringClass)) {
            if (declaringClass != EJBHome.class && declaringClass != EJBLocalHome.class) {
                if (methodName.startsWith("create")) {
                    return createEJBObject(callMethod, args, callContext, type);
                } else if (methodName.equals("findByPrimaryKey")) {
                    return findByPrimaryKey(callMethod, args, callContext, type);
                } else if (methodName.startsWith("find")) {
                    return findEJBObject(callMethod, args, callContext, type);
                } else {
                    return homeMethod(callMethod, args, callContext, type);
                }
            } else if (methodName.equals("remove")) {
                removeEJBObject(callMethod, callContext, type);
                return null;
            }
        } else if ((EJBObject.class == declaringClass || EJBLocalObject.class == declaringClass) && methodName.equals("remove")) {
            removeEJBObject(callMethod, callContext, type);
            return null;
        }
        // business method
        callContext.setCurrentOperation(Operation.BUSINESS);
        final Method runMethod = beanContext.getMatchingBeanMethod(callMethod);
        callContext.set(Method.class, runMethod);
        return businessMethod(callMethod, runMethod, args, callContext, type);
    } finally {
        ThreadContext.exit(oldCallContext);
    }
}
Also used : BeanContext(org.apache.openejb.BeanContext) OpenEJBException(org.apache.openejb.OpenEJBException) EjbTransactionUtil.handleApplicationException(org.apache.openejb.core.transaction.EjbTransactionUtil.handleApplicationException) ApplicationException(org.apache.openejb.ApplicationException) EJBHome(javax.ejb.EJBHome) ThreadContext(org.apache.openejb.core.ThreadContext) Method(java.lang.reflect.Method) EJBAccessException(javax.ejb.EJBAccessException) EJBLocalHome(javax.ejb.EJBLocalHome)

Example 42 with EJBAccessException

use of javax.ejb.EJBAccessException in project tomee by apache.

the class SecureServlet method doGet.

protected void doGet(final HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    response.setContentType("text/plain");
    final ServletOutputStream out = response.getOutputStream();
    out.println("Servlet");
    Principal principal = request.getUserPrincipal();
    if (principal != null) {
        out.println("Servlet.getUserPrincipal()=" + principal + " [" + principal.getName() + "]");
    } else {
        out.println("Servlet.getUserPrincipal()=<null>");
    }
    out.println("Servlet.isCallerInRole(\"user\")=" + request.isUserInRole("user"));
    out.println("Servlet.isCallerInRole(\"manager\")=" + request.isUserInRole("manager"));
    out.println("Servlet.isCallerInRole(\"fake\")=" + request.isUserInRole("fake"));
    out.println();
    out.println("@EJB=" + secureEJBLocal);
    if (secureEJBLocal != null) {
        principal = secureEJBLocal.getCallerPrincipal();
        if (principal != null) {
            out.println("@EJB.getCallerPrincipal()=" + principal + " [" + principal.getName() + "]");
        } else {
            out.println("@EJB.getCallerPrincipal()=<null>");
        }
        out.println("@EJB.isCallerInRole(\"user\")=" + secureEJBLocal.isCallerInRole("user"));
        out.println("@EJB.isCallerInRole(\"manager\")=" + secureEJBLocal.isCallerInRole("manager"));
        out.println("@EJB.isCallerInRole(\"fake\")=" + secureEJBLocal.isCallerInRole("fake"));
        try {
            secureEJBLocal.allowUserMethod();
            out.println("@EJB.allowUserMethod() ALLOWED");
        } catch (EJBAccessException e) {
            out.println("@EJB.allowUserMethod() DENIED");
        }
        try {
            secureEJBLocal.allowManagerMethod();
            out.println("@EJB.allowManagerMethod() ALLOWED");
        } catch (EJBAccessException e) {
            out.println("@EJB.allowManagerMethod() DENIED");
        }
        try {
            secureEJBLocal.allowFakeMethod();
            out.println("@EJB.allowFakeMethod() ALLOWED");
        } catch (final EJBAccessException e) {
            out.println("@EJB.allowFakeMethod() DENIED");
        }
        try {
            secureEJBLocal.denyAllMethod();
            out.println("@EJB.denyAllMethod() ALLOWED");
        } catch (EJBAccessException e) {
            out.println("@EJB.denyAllMethod() DENIED");
        }
    }
    out.println();
}
Also used : ServletOutputStream(javax.servlet.ServletOutputStream) Principal(java.security.Principal) EJBAccessException(javax.ejb.EJBAccessException)

Aggregations

EJBAccessException (javax.ejb.EJBAccessException)42 Test (org.junit.Test)26 LoginContext (javax.security.auth.login.LoginContext)16 Context (javax.naming.Context)11 InitialContext (javax.naming.InitialContext)11 OpenEJBException (org.apache.openejb.OpenEJBException)5 Principal (java.security.Principal)4 NamingException (javax.naming.NamingException)4 ApplicationException (org.apache.openejb.ApplicationException)4 IOException (java.io.IOException)3 Method (java.lang.reflect.Method)3 Properties (java.util.Properties)3 EJBHome (javax.ejb.EJBHome)3 EJBLocalHome (javax.ejb.EJBLocalHome)3 EJBLocalObject (javax.ejb.EJBLocalObject)3 EJBObject (javax.ejb.EJBObject)3 LoginException (javax.security.auth.login.LoginException)3 ServletException (javax.servlet.ServletException)3 BeanContext (org.apache.openejb.BeanContext)3 ThreadContext (org.apache.openejb.core.ThreadContext)3