Examples of javax.security.jacc.EJBRoleRefPermission

• javax.security.jacc.EJBRoleRefPermission
  Class for EJB isCallerInRole(String reference) permissions. An EJBRoleRefPermission is a named permission and has actions.

  The name of an EJBRoleRefPermission contains the value of the ejb-name element in the application's deployment descriptor that identifies the EJB in whose context the permission is being evalutated.

  The actions of an EJBRoleRefPermission identifies the role reference to which the permission applies. An EJBRoleRefPermission is checked to determine if the subject is a member of the role identified by the reference. @version $Rev: 54183 $ $Date: 2004-10-09 16:04:29 -0600 (Sat, 09 Oct 2004) $

        // For each role that has been declared
        List<String> declaredRoles = securityInfo.getDeclaredRoles();
        if (declaredRoles != null) {
            for (String role : declaredRoles) {
                try {
                    getPolicyConfiguration().addToRole(role, new EJBRoleRefPermission(beanInfo.getName(), role));
                } catch (PolicyContextException e) {
                    throw new PermissionManagerException("Cannot add to role '" + role + "' an  EJBRoleRefPermission.", e);
                }
            }
        }

        // For each security-role-ref, add an entry
        List<ISecurityRoleRef> securityRoleRefs = securityInfo.getSecurityRoleRefList();
        if (securityRoleRefs != null) {
            for (ISecurityRoleRef securityRoleRef : securityRoleRefs) {
                try {
                    getPolicyConfiguration().addToRole(securityRoleRef.getRoleLink(), new EJBRoleRefPermission(beanInfo.getName(), securityRoleRef.getRoleName()));
                } catch (PolicyContextException e) {
                    throw new PermissionManagerException("Cannot add to role-link'" + securityRoleRef.getRoleLink() + "' the EJBRoleRefPermission build with role-name '" + securityRoleRef.getRoleName() + "'.", e);
                }
            }
        }

        Principal[] principals = SecurityCurrent.getCurrent().getSecurityContext().getCallerRoles(inRunAs);
        ProtectionDomain protectionDomain = new ProtectionDomain(this.codeSource, null, null, principals);

        // TODO :add cache mechanism ?
        // See JACC 4.12
        EJBRoleRefPermission ejbRoleRefPermission = new EJBRoleRefPermission(ejbName, roleName);
        boolean isInRole = getPolicy().implies(protectionDomain, ejbRoleRefPermission);
        return isInRole;

    }

      // Process the security-role-ref SecurityRoleRefMetaData
      SecurityRoleRefsMetaData refs = bean.getSecurityRoleRefs();
      if (refs != null)
         for (org.jboss.metadata.javaee.spec.SecurityRoleRefMetaData ref : refs)
         {
            EJBRoleRefPermission p = new EJBRoleRefPermission(bean.getEjbName(), ref.getRoleName());
            pc.addToRole(ref.getRoleLink(), p);
         }

      /* Special handling of stateful session bean getEJBObject due how the
      stateful session handles acquire the proxy by sending an invocation to

                if (roleLinks == null) {
                    roleLinks = new Permissions();
                    rolePermissions.put(roleLink, roleLinks);

                }
                roleLinks.add(new EJBRoleRefPermission(ejbName, securityRoleRef.getRoleName()));
            }
        }

        /**
         * EJB v2.1 section 21.3.2

            Context context = subjectContexts.get(currentSubject);

            assert context != null : "No registered context";

            context.context.checkPermission(new EJBRoleRefPermission(EJBName, role));
        } catch (AccessControlException e) {
            return false;
        }
        return true;
    }

            if (roleLinks == null) {
                roleLinks = new Permissions();
                rolePermissions.put(roleLink, roleLinks);

            }
            roleLinks.add(new EJBRoleRefPermission(ejbName, securityRoleRef.roleName));
        }

        /**
         * EJB v2.1 section 21.3.2
         * <p/>

            if (roleLinks == null) {
                roleLinks = DelegatePermissionCollection.getPermissionCollection();
                rolePermissions.put(roleLink, roleLinks);

            }
            roleLinks.add(new EJBRoleRefPermission(ejbName, securityRoleRef.roleName));
        }

        /**
         * EJB v2.1 section 21.3.2
         * <p/>

            Context context = (Context) subjectContexts.get(currentCaller.get());

            assert context != null : "No registered context";

            context.context.checkPermission(new EJBRoleRefPermission(EJBName, role));
        } catch (AccessControlException e) {
            return false;
        }
        return true;
    }

        SecurityContext securityContext = threadContext.get(SecurityContext.class);

        try {
            CoreDeploymentInfo deployment = threadContext.getDeploymentInfo();

            securityContext.acc.checkPermission(new EJBRoleRefPermission(deployment.getEjbName(), role));
        } catch (AccessControlException e) {
            return false;
        }
        return true;
    }

            Context context = subjectContexts.get(currentSubject);

            assert context != null : "No registered context";

            context.context.checkPermission(new EJBRoleRefPermission(EJBName, role));
        } catch (AccessControlException e) {
            return false;
        }
        return true;
    }