Package javax.security.jacc

Examples of javax.security.jacc.EJBRoleRefPermission

831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
        if (_logger.isLoggable(Level.FINE)) {
            _logger.entering("EJBSecurityManager", "isCallerInRole", role);

        }
        EJBRoleRefPermission ejbrr = new EJBRoleRefPermission(ejbName, role);
       
        SecurityContext sc;
        if (runAs != null) {
            ComponentInvocation ci = invMgr.getCurrentInvocation();
            sc = (SecurityContext) ci.getOldSecurityContext();
        } else {
            sc = SecurityContext.getCurrent();
        }

        Set principalSet = (sc != null) ? sc.getPrincipalSet() : null;
        ProtectionDomain prdm = getCachedProtectionDomain(principalSet, true);

        String oldContextId = null;
        try {
            // set the policy context in the TLS.
            oldContextId = setPolicyContext(this.contextId);
            ret = policy.implies(prdm, ejbrr);
        } catch (SecurityException se) {
            _logger.log(Level.SEVERE, "jacc_is_caller_in_role_exception", se);
            ret = false;
        } catch (Throwable t) {
            _logger.log(Level.SEVERE, "jacc_is_caller_in_role_exception", t);
            ret = false;
        } finally {
            try {
                resetPolicyContext(oldContextId, this.contextId);
            } catch (Throwable ex) {
                _logger.log(Level.SEVERE, "jacc_policy_context_exception", ex);
                ret = false;
            }
        }

        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine("JACC: isCallerInRole Result: " + ret + " EJBRoleRefPermission (Name) = " + ejbrr.getName() + " (Action) = " + ejbrr.getActions() + " (Codesource) = " + prdm.getCodeSource());
        }

        return ret;
    }
View Full Code Here
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
        assert pc != null;
        List<String> role = new ArrayList<String>();
        String eName = eDescriptor.getName();
        for (RoleReference roleRef : eDescriptor.getRoleReferences()) {
            String rolename = roleRef.getRoleName();
            EJBRoleRefPermission ejbrr =
                    new EJBRoleRefPermission(eName, rolename);
            String rolelink = roleRef.getSecurityRoleLink().getName();

            role.add(rolename);
            pc.addToRole(rolelink, ejbrr);

            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("JACC: Converting role-ref -> " + roleRef.toString() +
                        " to permission with name(" + ejbrr.getName() +
                        ") and actions (" + ejbrr.getActions() +
                        ")" + "mapped to role (" + rolelink + ")");
            }
        }
        /**
         * JACC MR8 add EJBRoleRefPermission for the any authenticated user role '**'
         */
        if (!role.contains("**")) {
            String rolename = "**";
            EJBRoleRefPermission ejbrr =
                    new EJBRoleRefPermission(eName, rolename);
            pc.addToRole(rolename, ejbrr);
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("JACC: adding any authenticated user role-ref " +
                        " to permission with name(" + ejbrr.getName() +
                        ") and actions (" + ejbrr.getActions() +
                        ")" + "mapped to role (" + rolename + ")");
            }
         
        }
    }
View Full Code Here
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
        if (_logger.isLoggable(Level.FINE)) {
            _logger.entering("EJBSecurityManager", "isCallerInRole", role);

        }
        EJBRoleRefPermission ejbrr = new EJBRoleRefPermission(ejbName, role);
       
        SecurityContext sc;
        if (runAs != null) {
            ComponentInvocation ci = invMgr.getCurrentInvocation();
            sc = (SecurityContext) ci.getOldSecurityContext();
        } else {
            sc = SecurityContext.getCurrent();
        }

        Set principalSet = (sc != null) ? sc.getPrincipalSet() : null;
        ProtectionDomain prdm = getCachedProtectionDomain(principalSet, true);

        String oldContextId = null;
        try {
            // set the policy context in the TLS.
            oldContextId = setPolicyContext(this.contextId);
            ret = policy.implies(prdm, ejbrr);
        } catch (SecurityException se) {
            _logger.log(Level.SEVERE, "jacc_is_caller_in_role_exception", se);
            ret = false;
        } catch (Throwable t) {
            _logger.log(Level.SEVERE, "jacc_is_caller_in_role_exception", t);
            ret = false;
        } finally {
            try {
                resetPolicyContext(oldContextId, this.contextId);
            } catch (Throwable ex) {
                _logger.log(Level.SEVERE, "jacc_policy_context_exception", ex);
                ret = false;
            }
        }

        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine("JACC: isCallerInRole Result: " + ret + " EJBRoleRefPermission (Name) = " + ejbrr.getName() + " (Action) = " + ejbrr.getActions() + " (Codesource) = " + prdm.getCodeSource());
        }

        return ret;
    }
View Full Code Here
223
224
225
226
227
228
229
230
231
232
233
        SecurityContext securityContext = threadContext.get(SecurityContext.class);

        try {
            DeploymentInfo deployment = threadContext.getDeploymentInfo();

            securityContext.acc.checkPermission(new EJBRoleRefPermission(deployment.getEjbName(), role));
        } catch (AccessControlException e) {
            return false;
        }
        return true;
    }
View Full Code Here
239
240
241
242
243
244
245
246
247
248
249
            if (roleLinks == null) {
                roleLinks = new Permissions();
                rolePermissions.put(roleLink, roleLinks);

            }
            roleLinks.add(new EJBRoleRefPermission(ejbName, securityRoleRef.roleName));
        }

        /**
         * EJB v2.1 section 21.3.2
         * <p/>
 
View Full Code Here
250
251
252
253
254
255
256
257
258
259
260
            if (roleLinks == null) {
                roleLinks = DelegatePermissionCollection.getPermissionCollection();
                rolePermissions.put(roleLink, roleLinks);

            }
            roleLinks.add(new EJBRoleRefPermission(ejbName, securityRoleRef.roleName));
        }

        /**
         * EJB v2.1 section 21.3.2
         * <p/>
 
View Full Code Here
135
136
137
138
139
140
141
142
143
144
145
   }
  
   private int checkRoleRef(Subject callerSubject, RoleGroup callerRoles)
   {
      //This has to be the EJBRoleRefPermission 
      EJBRoleRefPermission ejbRoleRefPerm = new EJBRoleRefPermission(ejbName,roleName);
      boolean policyDecision = checkWithPolicy(ejbRoleRefPerm, callerSubject, callerRoles);
      if( policyDecision == false )
      {
         String msg = "Denied: "+ejbRoleRefPerm+", caller=" + callerSubject;
         if(trace)
View Full Code Here
187
188
189
190
191
192
193
194
195
196
197
         int len = rolerefs != null ? rolerefs.length : 0;
         for(int i=0; i < len; i++)
         {
             try
            {
               pc.addToRole(rolerefs[i], new EJBRoleRefPermission(ejbName, rolerefs[i]));
            }
            catch (PolicyContextException e)
            {
               throw new RuntimeException(e);
            }
View Full Code Here
225
226
227
228
229
230
231
232
233
234
235
            Context context = (Context) subjectContexts.get(currentSubject);

            assert context != null : "No registered context";

            context.context.checkPermission(new EJBRoleRefPermission(EJBName, role));
        } catch (AccessControlException e) {
            return false;
        }
        return true;
    }
View Full Code Here
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
        boolean rolesetContainsAnyAuthUserRole = roleset.contains(anyAuthUserRole);
        List<Role> role = new ArrayList<Role>();
        String eName = eDescriptor.getName();
        for (RoleReference roleRef : eDescriptor.getRoleReferences()) {
            String rolename = roleRef.getRoleName();
            EJBRoleRefPermission ejbrr =
                    new EJBRoleRefPermission(eName, rolename);
            String rolelink = roleRef.getSecurityRoleLink().getName();

            role.add(new Role(rolename));
            pc.addToRole(rolelink, ejbrr);

            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("JACC: Converting role-ref -> " + roleRef.toString() +
                        " to permission with name(" + ejbrr.getName() +
                        ") and actions (" + ejbrr.getActions() +
                        ")" + "mapped to role (" + rolelink + ")");
            }
        }
        if (_logger.isLoggable(Level.FINE)){
          _logger.log(Level.FINE,"JACC: Converting role-ref: Going through the list of roles not present in RoleRef elements and creating EJBRoleRefPermissions ");
        }
        for (Role r : roleset) {
          if (_logger.isLoggable(Level.FINE)){
            _logger.log(Level.FINE,"JACC: Converting role-ref: Looking at Role =  "+r.getName());
          }
          if (!role.contains(r)) {
            String action = r.getName();
            EJBRoleRefPermission ejbrr = new EJBRoleRefPermission(eName, action);
            pc.addToRole(action, ejbrr);
            if (_logger.isLoggable(Level.FINE)) {
              _logger.fine("JACC: Converting role-ref: Role =  " + r.getName() +
                  " is added as a permission with name(" + ejbrr.getName() +
                  ") and actions (" + ejbrr.getActions() +
                  ")" + "mapped to role (" + action + ")");
            }
          }
        }
        /**
         * JACC MR8 add EJBRoleRefPermission for the any authenticated user role '**'
         */
        if ((!role.contains(anyAuthUserRole)) && !rolesetContainsAnyAuthUserRole) {
            String rolename = anyAuthUserRole.getName();
            EJBRoleRefPermission ejbrr =
                    new EJBRoleRefPermission(eName, rolename);
            pc.addToRole(rolename, ejbrr);
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("JACC: Converting role-ref: Adding any authenticated user role-ref " +
                        " to permission with name(" + ejbrr.getName() +
                        ") and actions (" + ejbrr.getActions() +
                        ")" + "mapped to role (" + rolename + ")");
            }
         
        }
    }
View Full Code Here
TOP

Related Classes of javax.security.jacc.EJBRoleRefPermission

  • com.sun.enterprise.security.application.EJBSecurityManager
  • org.apache.geronimo.openejb.deployment.SecurityBuilder
  • org.apache.geronimo.openejb.GeronimoSecurityService
  • org.apache.geronimo.security.ContextManager
  • org.apache.geronimo.security.util.ConfigurationUtil
  • org.apache.openejb.assembler.classic.JaccPermissionsBuilder
  • org.apache.openejb.core.security.AbstractSecurityService
  • org.apache.openejb.core.security.SecurityServiceImpl
  • org.glassfish.ejb.security.application.EJBSecurityManager
  • org.jboss.as.ejb3.security.EjbJaccConfigurator
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.