Package javax.security.jacc

Examples of javax.security.jacc.EJBMethodPermission


            //TODO: fixme
            String methodInterface = null;
            //TODO: fixme
            String[] methodParams = null;

            EJBMethodPermission permission = new EJBMethodPermission(ejbName, methodName, methodInterface, methodParams);
            methodSecurityInfo.setPermission(permission);
        }

        return securityInfo;
    }
View Full Code Here


        // TODO : cache ejbName/methodSignature to avoid creation of a new
        // EJBMethodPermission each time
        // See JACC 4.12

        // TODO: Fix Remote/Local method-itf parameter. (set to "" for now)
        EJBMethodPermission ejbMethodPermission = new EJBMethodPermission(invocationContext.getFactory().getBeanInfo().getName(),
                "", invocationContext.getMethod());

        return ejbMethodPermission;
    }
View Full Code Here

  
   
  
   private void checkUncheckedPermissions(Permissions p)
   {
      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "findByPrimaryKey,Home")));
      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "create,Home")));
      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "getEJBMetaData,Home")));
      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "remove,Home,java.lang.Object")));
      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "remove,Home,javax.ejb.Handle")));
      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "getHomeHandle,Home")));
      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "getPrimaryKey,Remote")));
      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "getEJBHome,Remote")));
      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "getArg2,Remote")));
      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "accessJACCSession_getCallerName,Remote")));
      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "remove,Remote")));
      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "isIdentical,Remote")));
      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "getHandle,Remote")));
     
      assertTrue(p.implies(new EJBMethodPermission("JACCSession", "create,Home")));
      assertTrue(p.implies(new EJBMethodPermission("JACCSession", "remove,Home,java.lang.Object")));
      assertTrue(p.implies(new EJBMethodPermission("JACCSession", "remove,Home,javax.ejb.Handle")));
      assertTrue(p.implies(new EJBMethodPermission("JACCSession", "getEJBMetaData,Home")));
      assertTrue(p.implies(new EJBMethodPermission("JACCSession", "getHomeHandle,Home")));
      assertTrue(p.implies(new EJBMethodPermission("JACCSession", "getEJBHome,Remote")));
      assertTrue(p.implies(new EJBMethodPermission("JACCSession", "getPrimaryKey,Remote")));
      assertTrue(p.implies(new EJBMethodPermission("JACCSession", "remove,Remote")));
      assertTrue(p.implies(new EJBMethodPermission("JACCSession", "isIdentical,Remote")));
      assertTrue(p.implies(new EJBMethodPermission("JACCSession", "getCallerName,Remote")));
      assertTrue(p.implies(new EJBMethodPermission("JACCSession", "getHandle,Remote")));
      assertTrue(p.implies(new EJBMethodPermission("JACCSession", "getArg2,Remote")));
   }
View Full Code Here

      assertTrue(p.implies(new EJBMethodPermission("JACCSession", "getArg2,Remote")));
   }
  
   private void checkExcludedPermissions(Permissions p)
   {
      assertTrue(p.implies(new EJBMethodPermission("JACCSession", "getArg3,Remote")));
      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "getArg3,Remote")));
   }  
View Full Code Here

      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "getArg3,Remote")));
   }  
  
   private void checkAddToRoleForAdministrator(Permissions p)
   {
      assertTrue(p.implies(new EJBMethodPermission("JACCSession", "getArg1,Remote")));
      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "getArg1,Remote")));
   }
View Full Code Here

      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "getArg1,Remote")));
   }
  
   private void checkAddToRoleForEmployee(Permissions p)
   {
      assertTrue(p.implies(new EJBMethodPermission("JACCSession", "getArg1,Remote")));
      assertTrue(p.implies(new EJBMethodPermission("JACCEntity", "getArg1,Remote")));
   }
View Full Code Here

                  String methodName = mmd.getMethodName();
                  if (methodName != null && methodName.equals("*"))
                     methodName = null;
                  MethodInterfaceType miType = mmd.getMethodIntf();
                  String iface = miType != null ? miType.name() : null;
                  EJBMethodPermission p = new EJBMethodPermission(mmd.getEjbName(), methodName, iface, params);
                  if (perm.getUnchecked() != null)
                  {
                     pc.addToUncheckedPolicy(p);
                  }
                  else
                  {
                     Set<String> roles = perm.getRoles();
                     Iterator riter = roles.iterator();
                     while (riter.hasNext())
                     {
                        String role = (String) riter.next();
                        pc.addToRole(role, p);
                     }
                  }
               }
         }

      // Process the exclude-list MethodMetaData
      ExcludeListMetaData excluded = bean.getExcludeList();
      if (excluded != null)
      {
         MethodsMetaData methods = excluded.getMethods();
         if (methods != null)
            for (org.jboss.metadata.ejb.spec.MethodMetaData mmd : methods)
            {
               String[] params =
               {};
               if (mmd.getMethodParams() != null)
                  params = mmd.getMethodParams().toArray(params);
               else
                  params = null;
               String methodName = mmd.getMethodName();
               if (methodName != null && methodName.equals("*"))
                  methodName = null;
               MethodInterfaceType miType = mmd.getMethodIntf();
               String iface = miType != null ? miType.name() : null;
               EJBMethodPermission p = new EJBMethodPermission(mmd.getEjbName(), methodName, iface, params);
               pc.addToExcludedPolicy(p);
            }
      }

      // Process the security-role-ref SecurityRoleRefMetaData
      SecurityRoleRefsMetaData refs = bean.getSecurityRoleRefs();
      if (refs != null)
         for (org.jboss.metadata.javaee.spec.SecurityRoleRefMetaData ref : refs)
         {
            EJBRoleRefPermission p = new EJBRoleRefPermission(bean.getEjbName(), ref.getRoleName());
            pc.addToRole(ref.getRoleLink(), p);
         }

      /* Special handling of stateful session bean getEJBObject due how the
      stateful session handles acquire the proxy by sending an invocation to
      the ejb container.
       */
      if (bean.isSession())
      {
         JBossSessionBeanMetaData smd = (JBossSessionBeanMetaData) bean;
         if (smd.isStateful())
         {
            EJBMethodPermission p = new EJBMethodPermission(bean.getEjbName(), "getEJBObject", "Home", null);
            pc.addToUncheckedPolicy(p);
         }
      }
   }
View Full Code Here

            Class[] params = methods[m].getParameterTypes();
            // See if there is a method-permission
            if (bean.hasMethodPermission(methodName, params, type))
               continue;
            // Create a permission for the missing method-permission
            EJBMethodPermission p = new EJBMethodPermission(ejbName, type.toInterfaceString(), methods[m]);
            if (exclude)
               pc.addToExcludedPolicy(p);
            else
               pc.addToUncheckedPolicy(p);
         }
View Full Code Here

                } else {
                    methodParams = null;
                }

                // create the permission object
                EJBMethodPermission permission = new EJBMethodPermission(ejbName, methodName, methodIntf, methodParams);
                notAssigned = cullPermissions(notAssigned, permission);

                // if this is unchecked, mark it as unchecked; otherwise assign the roles
                if (unchecked) {
                    uncheckedPermissions.add(permission);
                } else {
                    for (String roleName : roleNames) {
                        Permissions permissions = (Permissions) rolePermissions.get(roleName);
                        if (permissions == null) {
                            permissions = new Permissions();
                            rolePermissions.put(roleName, permissions);
                        }
                        permissions.add(permission);
                    }
                }
            }

        }

        /**
         * JACC v1.0 section 3.1.5.2
         */
        for (MethodInfo method : ejbJar.excludeList) {
            if (!ejbName.equals(method.ejbName)) {
                continue;
            }

            // method name
            String methodName = method.methodName;
            // method interface
            String methodIntf = method.methodIntf;

            // method parameters
            String[] methodParams;
            if (method.methodParams != null) {
                List<String> paramList = method.methodParams;
                methodParams = paramList.toArray(new String[paramList.size()]);
            } else {
                methodParams = null;
            }

            // create the permission object
            EJBMethodPermission permission = new EJBMethodPermission(ejbName, methodName, methodIntf, methodParams);

            excludedPermissions.add(permission);
            notAssigned = cullPermissions(notAssigned, permission);
        }

View Full Code Here

     *          in case a class could not be found
     */
    public void addPossibleEjbMethodPermissions(Permissions permissions, String ejbName, String methodInterface, Class clazz) throws OpenEJBException {
        if (clazz == null) return;
        for (java.lang.reflect.Method method : clazz.getMethods()) {
            permissions.add(new EJBMethodPermission(ejbName, methodInterface, method));
        }
    }
View Full Code Here

TOP

Related Classes of javax.security.jacc.EJBMethodPermission

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.