Package com.sun.enterprise.security
Interface SecurityManager
-
public interface SecurityManager
This interface is used by the Container to manage access to EJBs. The container has a reference to an implementation of this interface.- Author:
- Harish Prabandham
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description boolean
authorize(org.glassfish.api.invocation.ComponentInvocation componentInvocation)
void
destroy()
Call this method to clean up all the bookeeping data-structures in the SM.Object
doAsPrivileged(PrivilegedExceptionAction<Object> pea)
Principal
getCallerPrincipal()
Subject
getCurrentSubject()
This will return the subject associated with the current call.Object
invoke(Method beanClassMethod, boolean isLocal, Object bean, Object[] methodParameters)
boolean
isCallerInRole(String role)
void
postInvoke(org.glassfish.api.invocation.ComponentInvocation componentInvocation)
This method is used by the Invocation Manager to remove the run-as identity information that was set up using the preInvokevoid
preInvoke(org.glassfish.api.invocation.ComponentInvocation componentInvocation)
This sets up the security context - if not set and does run-as related login if requiredvoid
resetPolicyContext()
Purge ThreadLocals held by jakarta.security.jacc.PolicyContext
-
-
-
Method Detail
-
authorize
boolean authorize(org.glassfish.api.invocation.ComponentInvocation componentInvocation)
- Parameters:
componentInvocation
- The Invocation object containing the details of the invocation.- Returns:
- true if the client is allowed to invoke the EJB, false otherwise.
-
getCallerPrincipal
Principal getCallerPrincipal()
- Returns:
- The Principal of the client who made the current invocation.
-
isCallerInRole
boolean isCallerInRole(String role)
- Parameters:
The
- EJB developer specified "logical role".- Returns:
- A boolean true/false depending on whether or not the caller has the specified role.
-
preInvoke
void preInvoke(org.glassfish.api.invocation.ComponentInvocation componentInvocation)
This sets up the security context - if not set and does run-as related login if required- Parameters:
componentInvocation
- The Invocation object containing the details of the invocation.
-
invoke
Object invoke(Method beanClassMethod, boolean isLocal, Object bean, Object[] methodParameters) throws Throwable
- Throws:
Throwable
-
postInvoke
void postInvoke(org.glassfish.api.invocation.ComponentInvocation componentInvocation)
This method is used by the Invocation Manager to remove the run-as identity information that was set up using the preInvoke- Parameters:
componentInvocation
- The Invocation object containing the details of the invocation.
-
destroy
void destroy()
Call this method to clean up all the bookeeping data-structures in the SM.
-
getCurrentSubject
Subject getCurrentSubject()
This will return the subject associated with the current call. If the run as subject is in effect. It will return that subject. This is done to support the JACC specification which says if the runas principal is in effect, that principal should be used for making a component call.- Returns:
- Subject the current subject. Null if this is not the runas case
-
resetPolicyContext
void resetPolicyContext()
Purge ThreadLocals held by jakarta.security.jacc.PolicyContext
-
doAsPrivileged
Object doAsPrivileged(PrivilegedExceptionAction<Object> pea) throws Throwable
- Throws:
Throwable
-
-