Package com.sun.enterprise.security
Interface SecurityManager
-
- All Known Implementing Classes:
EJBSecurityManager
public interface SecurityManager
This interface is used by the Container to manage access to EJBs. The container has a reference to an implementation of this interface.- Author:
- Harish Prabandham
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description boolean
authorize(ComponentInvocation inv)
void
destroy()
Call this method to clean up all the bookeeping data-structures in the SM.Object
doAsPrivileged(PrivilegedExceptionAction pea)
This method is used by SecurityUtil runMethod to run the action as the subject encapsulated in the cuurent SecurityContext.Principal
getCallerPrincipal()
Subject
getCurrentSubject()
This will return the subject associated with the current call.Object
invoke(Method beanClassMethod, boolean isLocal, Object o, Object[] oa)
boolean
isCallerInRole(String role)
void
postInvoke(ComponentInvocation inv)
This method is used by the Invocation Manager to remove the run-as identity information that was set up using the preInvokevoid
preInvoke(ComponentInvocation inv)
This sets up the security context - if not set and does run-as related login if requiredvoid
resetPolicyContext()
Purge ThreadLocals held by jakarta.security.jacc.PolicyContext
-
-
-
Method Detail
-
authorize
boolean authorize(ComponentInvocation inv)
- Parameters:
The
- Invocation object containing the details of the invocation.- Returns:
- true if the client is allowed to invoke the EJB, false otherwise.
-
getCallerPrincipal
Principal getCallerPrincipal()
- Returns:
- The Principal of the client who made the current invocation.
-
isCallerInRole
boolean isCallerInRole(String role)
- Parameters:
The
- EJB developer specified "logical role".- Returns:
- A boolean true/false depending on whether or not the caller has the specified role.
-
preInvoke
void preInvoke(ComponentInvocation inv)
This sets up the security context - if not set and does run-as related login if required- Parameters:
ComponentInvocation
-
-
postInvoke
void postInvoke(ComponentInvocation inv)
This method is used by the Invocation Manager to remove the run-as identity information that was set up using the preInvoke- Parameters:
ComponentInvocation
-
-
destroy
void destroy()
Call this method to clean up all the bookeeping data-structures in the SM.
-
getCurrentSubject
Subject getCurrentSubject()
This will return the subject associated with the current call. If the run as subject is in effect. It will return that subject. This is done to support the JACC specification which says if the runas principal is in effect, that principal should be used for making a component call.- Returns:
- Subject the current subject. Null if this is not the runas case
-
resetPolicyContext
void resetPolicyContext()
Purge ThreadLocals held by jakarta.security.jacc.PolicyContext
-
doAsPrivileged
Object doAsPrivileged(PrivilegedExceptionAction pea) throws Throwable
This method is used by SecurityUtil runMethod to run the action as the subject encapsulated in the cuurent SecurityContext.- Throws:
Throwable
-
-