use of javax.ejb.EJBAccessException in project tomee by apache.
the class CmpContainer method invoke.
@Override
public Object invoke(final Object deployID, InterfaceType type, final Class callInterface, final Method callMethod, final Object[] args, final Object primKey) throws OpenEJBException {
final BeanContext beanContext = this.getBeanContext(deployID);
if (beanContext == null) {
throw new OpenEJBException("Deployment does not exist in this container. Deployment(id='" + deployID + "'), Container(id='" + containerID + "')");
}
// Use the backup way to determine call type if null was supplied.
if (type == null) {
type = beanContext.getInterfaceType(callInterface);
}
final ThreadContext callContext = new ThreadContext(beanContext, primKey);
final ThreadContext oldCallContext = ThreadContext.enter(callContext);
try {
final boolean authorized = securityService.isCallerAuthorized(callMethod, type);
if (!authorized) {
throw new ApplicationException(new EJBAccessException("Unauthorized Access by Principal Denied"));
}
final Class declaringClass = callMethod.getDeclaringClass();
final String methodName = callMethod.getName();
if (EJBHome.class.isAssignableFrom(declaringClass) || EJBLocalHome.class.isAssignableFrom(declaringClass)) {
if (declaringClass != EJBHome.class && declaringClass != EJBLocalHome.class) {
if (methodName.startsWith("create")) {
return createEJBObject(callMethod, args, callContext, type);
} else if (methodName.equals("findByPrimaryKey")) {
return findByPrimaryKey(callMethod, args, callContext, type);
} else if (methodName.startsWith("find")) {
return findEJBObject(callMethod, args, callContext, type);
} else {
return homeMethod(callMethod, args, callContext, type);
}
} else if (methodName.equals("remove")) {
removeEJBObject(callMethod, callContext, type);
return null;
}
} else if ((EJBObject.class == declaringClass || EJBLocalObject.class == declaringClass) && methodName.equals("remove")) {
removeEJBObject(callMethod, callContext, type);
return null;
}
// business method
callContext.setCurrentOperation(Operation.BUSINESS);
final Method runMethod = beanContext.getMatchingBeanMethod(callMethod);
callContext.set(Method.class, runMethod);
return businessMethod(callMethod, runMethod, args, callContext, type);
} finally {
ThreadContext.exit(oldCallContext);
}
}
use of javax.ejb.EJBAccessException in project tomee by apache.
the class SecureServlet method doGet.
protected void doGet(final HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/plain");
final ServletOutputStream out = response.getOutputStream();
out.println("Servlet");
Principal principal = request.getUserPrincipal();
if (principal != null) {
out.println("Servlet.getUserPrincipal()=" + principal + " [" + principal.getName() + "]");
} else {
out.println("Servlet.getUserPrincipal()=<null>");
}
out.println("Servlet.isCallerInRole(\"user\")=" + request.isUserInRole("user"));
out.println("Servlet.isCallerInRole(\"manager\")=" + request.isUserInRole("manager"));
out.println("Servlet.isCallerInRole(\"fake\")=" + request.isUserInRole("fake"));
out.println();
out.println("@EJB=" + secureEJBLocal);
if (secureEJBLocal != null) {
principal = secureEJBLocal.getCallerPrincipal();
if (principal != null) {
out.println("@EJB.getCallerPrincipal()=" + principal + " [" + principal.getName() + "]");
} else {
out.println("@EJB.getCallerPrincipal()=<null>");
}
out.println("@EJB.isCallerInRole(\"user\")=" + secureEJBLocal.isCallerInRole("user"));
out.println("@EJB.isCallerInRole(\"manager\")=" + secureEJBLocal.isCallerInRole("manager"));
out.println("@EJB.isCallerInRole(\"fake\")=" + secureEJBLocal.isCallerInRole("fake"));
try {
secureEJBLocal.allowUserMethod();
out.println("@EJB.allowUserMethod() ALLOWED");
} catch (EJBAccessException e) {
out.println("@EJB.allowUserMethod() DENIED");
}
try {
secureEJBLocal.allowManagerMethod();
out.println("@EJB.allowManagerMethod() ALLOWED");
} catch (EJBAccessException e) {
out.println("@EJB.allowManagerMethod() DENIED");
}
try {
secureEJBLocal.allowFakeMethod();
out.println("@EJB.allowFakeMethod() ALLOWED");
} catch (final EJBAccessException e) {
out.println("@EJB.allowFakeMethod() DENIED");
}
try {
secureEJBLocal.denyAllMethod();
out.println("@EJB.denyAllMethod() ALLOWED");
} catch (EJBAccessException e) {
out.println("@EJB.denyAllMethod() DENIED");
}
}
out.println();
}
Aggregations