[jboss-cvs] jbosssx/src/main/org/jboss/security/authorization/modules/ejb ...
Anil Saldhana
anil.saldhana at jboss.com
Tue Jul 25 12:59:40 EDT 2006
User: asaldhana
Date: 06/07/25 12:59:40
Modified: src/main/org/jboss/security/authorization/modules/ejb
EJBJACCPolicyModuleDelegate.java
EJBXACMLPolicyModuleHelper.java
Log:
JBAS-3374: Use the base class logger plus rolerefchecks
Revision Changes Path
1.2 +39 -9 jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: EJBJACCPolicyModuleDelegate.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- EJBJACCPolicyModuleDelegate.java 17 Jul 2006 17:17:30 -0000 1.1
+++ EJBJACCPolicyModuleDelegate.java 25 Jul 2006 16:59:40 -0000 1.2
@@ -31,6 +31,7 @@
import javax.security.auth.Subject;
import javax.security.jacc.EJBMethodPermission;
+import javax.security.jacc.EJBRoleRefPermission;
import org.jboss.logging.Logger;
import org.jboss.security.authorization.AuthorizationContext;
@@ -40,26 +41,30 @@
import org.jboss.security.authorization.modules.AuthorizationModuleHelper;
-//$Id: EJBJACCPolicyModuleDelegate.java,v 1.1 2006/07/17 17:17:30 asaldhana Exp $
+//$Id: EJBJACCPolicyModuleDelegate.java,v 1.2 2006/07/25 16:59:40 asaldhana Exp $
/**
* Authorization Module delegate that deals with the authorization decisions
* for the EJB Layer
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @since Jul 6, 2006
- * @version $Revision: 1.1 $
+ * @version $Revision: 1.2 $
*/
public class EJBJACCPolicyModuleDelegate extends AuthorizationModuleHelper
{
- private static Logger log = Logger.getLogger(EJBJACCPolicyModuleDelegate.class);
- private boolean trace = log.isTraceEnabled();
-
- private PolicyRegistration authzManager = null;
private String ejbName = null;
private Method ejbMethod = null;
private Subject callerSubject = null;
private String methodInterface = null;
private CodeSource ejbCS = null;
+ private String roleName = null;
+ private Boolean roleRefCheck = Boolean.FALSE;
+
+ public EJBJACCPolicyModuleDelegate()
+ {
+ log = Logger.getLogger(getClass());
+ trace = log.isTraceEnabled();
+ }
/**
* @see AuthorizationModuleHelper#authorize(Resource)
@@ -82,6 +87,11 @@
this.ejbMethod = (Method)map.get(ResourceKeys.EJB_METHOD);
this.ejbName = (String)map.get(ResourceKeys.EJB_NAME);
this.methodInterface = (String)map.get(ResourceKeys.EJB_METHODINTERFACE);
+ this.roleName = (String)map.get(ResourceKeys.ROLENAME);
+ this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK);
+ if(this.roleRefCheck == Boolean.TRUE)
+ return checkRoleRef();
+ else
return process();
}
@@ -123,4 +133,24 @@
}
return policyDecision ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
}
+
+ private int checkRoleRef()
+ {
+ boolean allowed = false;
+
+ //This has to be the EJBRoleRefPermission
+ EJBRoleRefPermission ejbRoleRefPerm = new EJBRoleRefPermission(ejbName,roleName);
+ Principal[] principals = null;
+ if( this.callerSubject != null )
+ {
+ // Get the caller principals
+ Set principalsSet = callerSubject.getPrincipals();
+ principals = new Principal[principalsSet.size()];
+ principalsSet.toArray(principals);
+ }
+ ProtectionDomain pd = new ProtectionDomain (ejbCS, null, null, principals);
+ allowed = Policy.getPolicy().implies(pd, ejbRoleRefPerm);
+
+ return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
+ }
}
1.2 +9 -7 jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleHelper.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: EJBXACMLPolicyModuleHelper.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleHelper.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- EJBXACMLPolicyModuleHelper.java 7 Jul 2006 16:50:00 -0000 1.1
+++ EJBXACMLPolicyModuleHelper.java 25 Jul 2006 16:59:40 -0000 1.2
@@ -36,25 +36,27 @@
import com.sun.xacml.Policy;
import com.sun.xacml.ctx.RequestCtx;
-//$Id: EJBXACMLPolicyModuleHelper.java,v 1.1 2006/07/07 16:50:00 asaldhana Exp $
+//$Id: EJBXACMLPolicyModuleHelper.java,v 1.2 2006/07/25 16:59:40 asaldhana Exp $
/**
* Authorization Module Delegate that deals with the authorization decisions
* for the EJB Layer
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @since Jul 6, 2006
- * @version $Revision: 1.1 $
+ * @version $Revision: 1.2 $
*/
public class EJBXACMLPolicyModuleHelper extends AuthorizationModuleHelper
{
- private static Logger log = Logger.getLogger(EJBXACMLPolicyModuleHelper.class);
- private boolean trace = log.isTraceEnabled();
-
- private PolicyRegistration authzManager = null;
private String ejbName = null;
private Method ejbMethod = null;
private Principal principal = null;
+ public EJBXACMLPolicyModuleHelper()
+ {
+ log = Logger.getLogger(getClass());
+ trace = log.isTraceEnabled();
+ }
+
/**
* @see AuthorizationModuleHelper#authorize(Resource)
*/
More information about the jboss-cvs-commits
mailing list