[jboss-cvs] jbosssx/src/main/org/jboss/security/authorization/modules/ejb ...

Anil Saldhana anil.saldhana at jboss.com
Mon Jul 17 13:17:30 EDT 2006 

  User: asaldhana
  Date: 06/07/17 13:17:30

  Added:       src/main/org/jboss/security/authorization/modules/ejb 
                        EJBJACCPolicyModuleDelegate.java
  Log:
  JBAS-3374: Delegate for the JACC module for the ejb layer
  
  Revision  Changes    Path
  1.1      date: 2006/07/17 17:17:30;  author: asaldhana;  state: Exp;jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java
  
  Index: EJBJACCPolicyModuleDelegate.java
  ===================================================================
  /*
    * JBoss, Home of Professional Open Source
    * Copyright 2005, JBoss Inc., and individual contributors as indicated
    * by the @authors tag. See the copyright.txt in the distribution for a
    * full listing of individual contributors.
    *
    * This is free software; you can redistribute it and/or modify it
    * under the terms of the GNU Lesser General Public License as
    * published by the Free Software Foundation; either version 2.1 of
    * the License, or (at your option) any later version.
    *
    * This software is distributed in the hope that it will be useful,
    * but WITHOUT ANY WARRANTY; without even the implied warranty of
    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
    * Lesser General Public License for more details.
    *
    * You should have received a copy of the GNU Lesser General Public
    * License along with this software; if not, write to the Free
    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
    */
  package org.jboss.security.authorization.modules.ejb;
  
  import java.lang.reflect.Method;
  import java.security.CodeSource;
  import java.security.Policy;
  import java.security.Principal;
  import java.security.ProtectionDomain;
  import java.util.Map;
  import java.util.Set;
  
  import javax.security.auth.Subject;
  import javax.security.jacc.EJBMethodPermission;
  
  import org.jboss.logging.Logger;
  import org.jboss.security.authorization.AuthorizationContext;
  import org.jboss.security.authorization.PolicyRegistration;
  import org.jboss.security.authorization.Resource;
  import org.jboss.security.authorization.ResourceKeys;
  import org.jboss.security.authorization.modules.AuthorizationModuleHelper;
   
  
  //$Id: EJBJACCPolicyModuleDelegate.java,v 1.1 2006/07/17 17:17:30 asaldhana Exp $
  
  /**
   *  Authorization Module delegate that deals with the authorization decisions
   *  for the EJB Layer
   *  @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
   *  @since  Jul 6, 2006 
   *  @version $Revision: 1.1 $
   */
  public class EJBJACCPolicyModuleDelegate extends AuthorizationModuleHelper
  { 
     private static Logger log = Logger.getLogger(EJBJACCPolicyModuleDelegate.class);
     private boolean trace = log.isTraceEnabled();
     
     private PolicyRegistration authzManager = null;
     private String ejbName = null;
     private Method ejbMethod = null; 
     private Subject callerSubject = null;
     private String methodInterface = null;
     private CodeSource ejbCS = null;
     
     /**
      * @see AuthorizationModuleHelper#authorize(Resource)
      */
     public int authorize(Resource resource)
     {
        //Get the contextual map
        Map map = resource.getMap();
        if(map == null)
           throw new IllegalStateException("Map from the Resource is null");
      
        if(map.size() == 0)
           throw new IllegalStateException("Map from the Resource is size zero"); 
        PolicyRegistration pr = (PolicyRegistration)map.get("authorizationManager");
        if(pr != null)
          this.authzManager = pr;
        //Populate local variables from the resource
        this.callerSubject = (Subject)map.get(ResourceKeys.CALLER_SUBJECT);
        this.ejbCS = (CodeSource)map.get(ResourceKeys.EJB_CODESOURCE);
        this.ejbMethod = (Method)map.get(ResourceKeys.EJB_METHOD); 
        this.ejbName = (String)map.get(ResourceKeys.EJB_NAME); 
        this.methodInterface = (String)map.get(ResourceKeys.EJB_METHODINTERFACE);
        return process();
     }
  
     /**
      * @see AuthorizationModuleHelper#setPolicyRegistrationManager(PolicyRegistration)
      */
     public void setPolicyRegistrationManager(PolicyRegistration authzM)
     {  
        this.authzManager =  authzM;
     }
     
     //Private Methods
     /**
      * Process the request
      * @param request
      * @param sc
      * @return
      */
     private int process() 
     {  
        EJBMethodPermission methodPerm = 
           new EJBMethodPermission(ejbName, methodInterface, ejbMethod); 
        Principal[] principals = null;
        if( callerSubject != null )
        {
           // Get the caller principals
           Set principalsSet = callerSubject.getPrincipals();
           principals = new Principal[principalsSet.size()];
           principalsSet.toArray(principals);      
        }
        ProtectionDomain pd = new ProtectionDomain (ejbCS, null, null, principals);
        Policy policy = Policy.getPolicy();
        boolean policyDecision = policy.implies(pd, methodPerm);
        if( policyDecision == false )
        {
           String msg = "Denied: "+methodPerm+", caller=" + callerSubject;
           if(trace)
              log.trace("EJB Jacc Delegate:"+msg);  
        }  
        return policyDecision ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
     } 
  }

More information about the jboss-cvs-commits mailing list