use of org.wildfly.security.authz.Roles in project wildfly by wildfly.
the class RolesAllowedInterceptor method processInvocation.
public Object processInvocation(final InterceptorContext context) throws Exception {
final Component component = context.getPrivateData(Component.class);
if (!(component instanceof EJBComponent)) {
throw EjbLogger.ROOT_LOGGER.unexpectedComponent(component, EJBComponent.class);
}
final Iterator<String> iterator = rolesAllowed.iterator();
if (iterator.hasNext()) {
final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class);
final SecurityIdentity identity = securityDomain.getCurrentSecurityIdentity();
final Roles ejbRoles = identity.getRoles("ejb", true);
do {
final String role = iterator.next();
if (ejbRoles.contains(role) || (role.equals("**") && !identity.isAnonymous())) {
return context.proceed();
}
} while (iterator.hasNext());
}
throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(context.getMethod(), ((EJBComponent) component).getComponentName());
}
use of org.wildfly.security.authz.Roles in project wildfly by wildfly.
the class EJBComponent method checkCallerSecurityIdentityRole.
private boolean checkCallerSecurityIdentityRole(String roleName) {
final SecurityIdentity identity = getCallerSecurityIdentity();
if ("**".equals(roleName)) {
return !identity.isAnonymous();
}
Roles roles = identity.getRoles("ejb", true);
if (roles.contains(roleName)) {
return true;
}
if (securityMetaData.getSecurityRoleLinks() != null) {
Collection<String> linked = securityMetaData.getSecurityRoleLinks().get(roleName);
if (linked != null) {
for (String role : roles) {
if (linked.contains(role)) {
return true;
}
}
}
}
return false;
}
Aggregations