Class EJBSecurityManager
- java.lang.Object
-
- org.glassfish.ejb.security.application.EJBSecurityManager
-
- All Implemented Interfaces:
SecurityManager
public final class EJBSecurityManager extends Object implements SecurityManager
This class is used by the EJB server to manage security. All the container object only call into this object for managing security. This class cannot be subclassed. An instance of this class should be created per deployment unit.- Author:
- Harpreet Singh, monzillo
-
-
Constructor Summary
Constructors Constructor Description EJBSecurityManager(EjbDescriptor ejbDescriptor, InvocationManager invocationManager, EJBSecurityManagerFactory fact)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
authorize(ComponentInvocation componentInvocation)
This method is called by the EJB container to decide whether or not a method specified in the Invocation should be allowed.void
destroy()
Call this method to clean up all the bookeeping data-structures in the SM.Object
doAsPrivileged(PrivilegedExceptionAction pea)
This method is used by SecurityUtil runMethod to run the action as the subject encapsulated in the cuurent SecurityContext.Principal
getCallerPrincipal()
This method returns the Client Principal who initiated the current Invocation.static String
getContextID(EjbDescriptor ejbDescriptor)
Subject
getCurrentSubject()
This will return the subject associated with the current call.boolean
getUsesCallerIdentity()
Object
invoke(Method beanClassMethod, boolean isLocal, Object beanObject, Object[] parameters)
This method is similiar to the runMethod, except it keeps the semantics same as the one in reflection.boolean
isCallerInRole(String role)
This method returns a boolean value indicating whether or not the caller is in the specified role.void
loadPolicyConfiguration(EjbDescriptor ejbDescriptor)
void
postInvoke(ComponentInvocation inv)
This method is used by Message Driven Bean Container to remove the run-as identity information that was set up using the preSetRunAsIdentity methodvoid
preInvoke(ComponentInvocation inv)
This method is used by MDB Container - Invocation Manager to setup the run-as identity information.void
resetPolicyContext()
Purge ThreadLocals held by jakarta.security.jacc.PolicyContextObject
runMethod(Method beanClassMethod, Object beanObject, Object[] parameters)
Runs a business method of an EJB within the bean's policy context.
-
-
-
Constructor Detail
-
EJBSecurityManager
public EJBSecurityManager(EjbDescriptor ejbDescriptor, InvocationManager invocationManager, EJBSecurityManagerFactory fact) throws Exception
- Throws:
Exception
-
-
Method Detail
-
getContextID
public static String getContextID(EjbDescriptor ejbDescriptor)
-
preInvoke
public void preInvoke(ComponentInvocation inv)
This method is used by MDB Container - Invocation Manager to setup the run-as identity information. It has to be coupled with the postSetRunAsIdentity method. This method is called for EJB/MDB Containers- Specified by:
preInvoke
in interfaceSecurityManager
-
postInvoke
public void postInvoke(ComponentInvocation inv)
This method is used by Message Driven Bean Container to remove the run-as identity information that was set up using the preSetRunAsIdentity method- Specified by:
postInvoke
in interfaceSecurityManager
-
getUsesCallerIdentity
public boolean getUsesCallerIdentity()
-
loadPolicyConfiguration
public void loadPolicyConfiguration(EjbDescriptor ejbDescriptor) throws Exception
- Throws:
Exception
-
authorize
public boolean authorize(ComponentInvocation componentInvocation)
This method is called by the EJB container to decide whether or not a method specified in the Invocation should be allowed.- Specified by:
authorize
in interfaceSecurityManager
- Parameters:
componentInvocation
- invocation object that contains all the details of the invocation.- Returns:
- A boolean value indicating if the client should be allowed to invoke the EJB.
-
isCallerInRole
public boolean isCallerInRole(String role)
This method returns a boolean value indicating whether or not the caller is in the specified role.- Specified by:
isCallerInRole
in interfaceSecurityManager
- Parameters:
role
- role name in the form of java.lang.String- Returns:
- A boolean true/false depending on whether or not the caller has the specified role.
-
invoke
public Object invoke(Method beanClassMethod, boolean isLocal, Object beanObject, Object[] parameters) throws Throwable
This method is similiar to the runMethod, except it keeps the semantics same as the one in reflection. On failure, if the exception is caused due to reflection, it returns the InvocationTargetException. This method is called from the containers for ejbTimeout, WebService and MDBs.- Specified by:
invoke
in interfaceSecurityManager
- Parameters:
beanClassMethod
- , the bean class method to be invokedisLocal
- , true if this invocation is through the local EJB viewbeanObject
- the object on which this method is to be invoked in this case the ejb,parameters
- the parameters for the method,c
- , the container instance can be a null value, where in the container will be queried to find its security manager.- Returns:
- Object, the result of the execution of the method.
- Throws:
Throwable
-
resetPolicyContext
public void resetPolicyContext()
Description copied from interface:SecurityManager
Purge ThreadLocals held by jakarta.security.jacc.PolicyContext- Specified by:
resetPolicyContext
in interfaceSecurityManager
-
getCallerPrincipal
public Principal getCallerPrincipal()
This method returns the Client Principal who initiated the current Invocation.- Specified by:
getCallerPrincipal
in interfaceSecurityManager
- Returns:
- A Principal object of the client who made this invocation. or null if the SecurityContext has not been established by the client.
-
destroy
public void destroy()
Description copied from interface:SecurityManager
Call this method to clean up all the bookeeping data-structures in the SM.- Specified by:
destroy
in interfaceSecurityManager
-
getCurrentSubject
public Subject getCurrentSubject()
This will return the subject associated with the current call. If the run as subject is in effect. It will return that subject. This is done to support the JACC specification which says if the runas principal is in effect, that principal should be used for making a component call.- Specified by:
getCurrentSubject
in interfaceSecurityManager
- Returns:
- Subject the current subject. Null if this is not the run-as case
-
doAsPrivileged
public Object doAsPrivileged(PrivilegedExceptionAction pea) throws Throwable
Description copied from interface:SecurityManager
This method is used by SecurityUtil runMethod to run the action as the subject encapsulated in the cuurent SecurityContext.- Specified by:
doAsPrivileged
in interfaceSecurityManager
- Throws:
Throwable
-
runMethod
public Object runMethod(Method beanClassMethod, Object beanObject, Object[] parameters) throws Throwable
Runs a business method of an EJB within the bean's policy context. The original policy context is restored after method execution. This method should only be used by com.sun.enterprise.security.SecurityUtil.- Parameters:
beanClassMethod
- the EJB business methodbeanObject
- the EJB bean instanceparameters
- parameters passed to beanClassMethod- Returns:
- return value from beanClassMethod
- Throws:
InvocationTargetException
- if the underlying method throws an exceptionThrowable
- other throwables in other cases
-
-