public boolean authorize(ComponentInvocation compInv) {
if (!(compInv instanceof EjbInvocation)) {
return false;
}
EjbInvocation inv = (EjbInvocation) compInv; //FIXME: Param type should be EjbInvocation
if (inv.getAuth() != null) {
return inv.getAuth().booleanValue();
}
boolean ret = false;
CachedPermission cp = null;
Permission ejbmp = null;
if (inv.invocationInfo == null || inv.invocationInfo.cachedPermission == null) {
ejbmp = new EJBMethodPermission(ejbName, inv.getMethodInterface(), inv.method);
cp = new CachedPermissionImpl(uncheckedMethodPermissionCache, ejbmp);
if (inv.invocationInfo != null) {
inv.invocationInfo.cachedPermission = cp;
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("JACC: permission initialized in InvocationInfo: EJBMethodPermission (Name) = " + ejbmp.getName() + " (Action) = " + ejbmp.getActions());
}
}
} else {
cp = inv.invocationInfo.cachedPermission;
ejbmp = cp.getPermission();
}
String caller = null;
SecurityContext sc = null;
pcHandlerImpl.getHandlerData().setInvocation(inv);
ret = cp.checkPermission();
if (!ret) {
sc = SecurityContext.getCurrent();
Set principalSet = sc.getPrincipalSet();
ProtectionDomain prdm = getCachedProtectionDomain(principalSet, true);
try {
// set the policy context in the TLS.
String oldContextId = setPolicyContext(this.contextId);
try {
ret = policy.implies(prdm, ejbmp);
} catch (SecurityException se) {
_logger.log(Level.SEVERE, "jacc_access_exception", se);
ret = false;
} catch (Throwable t) {
_logger.log(Level.SEVERE, "jacc_access_exception", t);
ret = false;
} finally {
resetPolicyContext(oldContextId, this.contextId);
}
} catch (Throwable t) {
_logger.log(Level.SEVERE, "jacc_policy_context_exception", t);
ret = false;
}
}
inv.setAuth((ret) ? Boolean.TRUE : Boolean.FALSE);
if (auditManager.isAuditOn()) {
if (sc == null) {
sc = SecurityContext.getCurrent();
}
caller = sc.getCallerPrincipal().getName();
auditManager.ejbInvocation(caller, ejbName, inv.method.toString(), ret);
}
if (ret && inv.isWebService && !inv.isPreInvokeDone()) {
preInvoke(inv);
}
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("JACC: Access Control Decision Result: " + ret + " EJBMethodPermission (Name) = " + ejbmp.getName() + " (Action) = " + ejbmp.getActions() + " (Caller) = " + caller);