Example 1 with MethodInterfaceType
use of org.jboss.metadata.ejb.spec.MethodInterfaceType in project wildfly by wildfly.
the class AuthorizationInterceptor method processInvocation.
@Override
public Object processInvocation(InterceptorContext context) throws Exception {
final Component component = context.getPrivateData(Component.class);
if (component instanceof EJBComponent == false) {
throw EjbLogger.ROOT_LOGGER.unexpectedComponent(component, EJBComponent.class);
}
final Method invokedMethod = context.getMethod();
final ComponentView componentView = context.getPrivateData(ComponentView.class);
final String viewClassOfInvokedMethod = componentView.getViewClass().getName();
// shouldn't really happen if the interceptor was setup correctly. But let's be safe and do a check
if (!this.viewClassName.equals(viewClassOfInvokedMethod) || !this.viewMethod.equals(invokedMethod)) {
throw EjbLogger.ROOT_LOGGER.failProcessInvocation(this.getClass().getName(), invokedMethod, viewClassOfInvokedMethod, viewMethod, viewClassName);
}
final EJBComponent ejbComponent = (EJBComponent) component;
final ServerSecurityManager securityManager = ejbComponent.getSecurityManager();
final MethodInterfaceType methodIntfType = this.getMethodInterfaceType(componentView.getPrivateData(MethodIntf.class));
// set the JACC contextID before calling the security manager.
final String previousContextID = setContextID(this.contextID);
try {
if (WildFlySecurityManager.isChecking()) {
try {
AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
@Override
public ProtectionDomain run() {
if (!securityManager.authorize(ejbComponent.getComponentName(), componentView.getProxyClass().getProtectionDomain().getCodeSource(), methodIntfType.name(), AuthorizationInterceptor.this.viewMethod, AuthorizationInterceptor.this.getMethodRolesAsPrincipals(), AuthorizationInterceptor.this.contextID)) {
throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(invokedMethod, ejbComponent.getComponentName());
}
return null;
}
});
} catch (PrivilegedActionException e) {
throw e.getException();
}
} else {
if (!securityManager.authorize(ejbComponent.getComponentName(), componentView.getProxyClass().getProtectionDomain().getCodeSource(), methodIntfType.name(), this.viewMethod, this.getMethodRolesAsPrincipals(), this.contextID)) {
throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(invokedMethod, ejbComponent.getComponentName());
}
}
// successful authorization, let the invocation proceed
return context.proceed();
} finally {
// reset the previous JACC contextID.
setContextID(previousContextID);
}
}
Also used :
ProtectionDomain(java.security.ProtectionDomain)
PrivilegedActionException(java.security.PrivilegedActionException)
Method(java.lang.reflect.Method)
EJBComponent(org.jboss.as.ejb3.component.EJBComponent)
MethodIntf(org.jboss.as.ejb3.component.MethodIntf)
ComponentView(org.jboss.as.ee.component.ComponentView)
ServerSecurityManager(org.jboss.as.core.security.ServerSecurityManager)
EJBComponent(org.jboss.as.ejb3.component.EJBComponent)
Component(org.jboss.as.ee.component.Component)
MethodInterfaceType(org.jboss.metadata.ejb.spec.MethodInterfaceType)
Example 2 with MethodInterfaceType
use of org.jboss.metadata.ejb.spec.MethodInterfaceType in project wildfly by wildfly.
the class EjbJaccConfigurator method createPermissions.
protected boolean createPermissions(final EjbJaccConfig ejbJaccConfig, final EJBComponentDescription description, final EJBViewConfiguration ejbViewConfiguration, final Method viewMethod, final DeploymentReflectionIndex index, final ApplicableMethodInformation<EJBMethodSecurityAttribute> permissions) {
MethodIdentifier methodIdentifier = MethodIdentifier.getIdentifierForMethod(viewMethod);
EJBMethodSecurityAttribute ejbMethodSecurityMetaData = permissions.getViewAttribute(ejbViewConfiguration.getMethodIntf(), viewMethod);
//if this is null we try with the corresponding bean method.
if (ejbMethodSecurityMetaData == null) {
ejbMethodSecurityMetaData = permissions.getViewAttribute(MethodIntf.BEAN, viewMethod);
}
final Method classMethod = ClassReflectionIndexUtil.findMethod(index, ejbViewConfiguration.getComponentConfiguration().getComponentClass(), viewMethod);
if (ejbMethodSecurityMetaData == null) {
if (classMethod != null) {
methodIdentifier = MethodIdentifier.getIdentifierForMethod(classMethod);
//if this is null we try with the corresponding bean method.
ejbMethodSecurityMetaData = permissions.getAttribute(ejbViewConfiguration.getMethodIntf(), classMethod);
if (ejbMethodSecurityMetaData == null) {
ejbMethodSecurityMetaData = permissions.getAttribute(MethodIntf.BEAN, classMethod);
}
}
}
// check if any security metadata was defined for the method.
if (ejbMethodSecurityMetaData != null) {
final MethodInterfaceType interfaceType = this.getMethodInterfaceType(ejbViewConfiguration.getMethodIntf());
final EJBMethodPermission permission = new EJBMethodPermission(description.getEJBName(), methodIdentifier.getName(), interfaceType.name(), methodIdentifier.getParameterTypes());
if (ejbMethodSecurityMetaData.isPermitAll()) {
ejbJaccConfig.addPermit(permission);
}
if (ejbMethodSecurityMetaData.isDenyAll()) {
ejbJaccConfig.addDeny(permission);
}
for (String role : ejbMethodSecurityMetaData.getRolesAllowed()) {
ejbJaccConfig.addRole(role, permission);
}
return true;
}
return false;
}
Also used :
MethodIdentifier(org.jboss.invocation.proxy.MethodIdentifier)
Method(java.lang.reflect.Method)
EJBMethodPermission(javax.security.jacc.EJBMethodPermission)
MethodInterfaceType(org.jboss.metadata.ejb.spec.MethodInterfaceType)
Example 3 with MethodInterfaceType
use of org.jboss.metadata.ejb.spec.MethodInterfaceType in project wildfly by wildfly.
the class JaccInterceptor method hasPermission.
private void hasPermission(EJBComponent ejbComponent, ComponentView componentView, Method method, SecurityIdentity securityIdentity) {
MethodInterfaceType methodIntfType = getMethodInterfaceType(componentView.getPrivateData(MethodIntf.class));
EJBMethodPermission permission = createEjbMethodPermission(method, ejbComponent, methodIntfType);
ProtectionDomain domain = new ProtectionDomain(componentView.getProxyClass().getProtectionDomain().getCodeSource(), null, null, getGrantedRoles(securityIdentity));
Policy policy = WildFlySecurityManager.isChecking() ? doPrivileged((PrivilegedAction<Policy>) Policy::getPolicy) : Policy.getPolicy();
if (!policy.implies(domain, permission)) {
throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(method, ejbComponent.getComponentName());
}
}
Also used :
Policy(java.security.Policy)
ProtectionDomain(java.security.ProtectionDomain)
PrivilegedAction(java.security.PrivilegedAction)
EJBMethodPermission(javax.security.jacc.EJBMethodPermission)
MethodInterfaceType(org.jboss.metadata.ejb.spec.MethodInterfaceType)
MethodIntf(org.jboss.as.ejb3.component.MethodIntf)
Aggregations
MethodInterfaceType (org.jboss.metadata.ejb.spec.MethodInterfaceType)3
Method (java.lang.reflect.Method)2
ProtectionDomain (java.security.ProtectionDomain)2
EJBMethodPermission (javax.security.jacc.EJBMethodPermission)2
MethodIntf (org.jboss.as.ejb3.component.MethodIntf)2
Policy (java.security.Policy)1
PrivilegedAction (java.security.PrivilegedAction)1
PrivilegedActionException (java.security.PrivilegedActionException)1
ServerSecurityManager (org.jboss.as.core.security.ServerSecurityManager)1
Component (org.jboss.as.ee.component.Component)1
ComponentView (org.jboss.as.ee.component.ComponentView)1
EJBComponent (org.jboss.as.ejb3.component.EJBComponent)1
MethodIdentifier (org.jboss.invocation.proxy.MethodIdentifier)1
