Package org.jboss.security.authorization.resources

Examples of org.jboss.security.authorization.resources.EJBResource


      }

      public int authorize(Resource resource, Subject subject, RoleGroup role) throws AuthorizationException
      {
         log.debug("authorize " + resource + " " + subject + " " + role);
         EJBResource ejbResource = (EJBResource) resource;
         RoleGroup methodRoles = ejbResource.getEjbMethodRoles();
         if(methodRoles == null)
            return AuthorizationContext.PERMIT;
         if(methodRoles.containsRole(SimpleRole.ANYBODY_ROLE))
            return AuthorizationContext.PERMIT;
         if (subject != null)
         {
            for(Principal p : subject.getPrincipals())
            {
               // TODO: not really true, but for the moment lets assume that the principal is also the role
               Role myRole = new SimpleRole(p.getName());
               if(methodRoles.containsRole(myRole))
                  return AuthorizationContext.PERMIT;
            }
         }
         if (ejbResource.getCallerRunAsIdentity() != null)
         {
            if (((RunAsIdentity) ejbResource.getCallerRunAsIdentity()).getRunAsRolesAsRoleGroup().containsAtleastOneRole(methodRoles))
               return AuthorizationContext.PERMIT;
         }
         return AuthorizationContext.DENY;
      }
View Full Code Here


        final SecurityContext securityContext = doPrivileged(securityContext());
        if (securityContext == null) {
            return false;
        }

        final EJBResource resource = new EJBResource(new HashMap<String, Object>());
        resource.setEjbName(ejbName);
        resource.setPolicyContextID(policyContextID);
        resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs());
        resource.setCallerSubject(securityContext.getUtil().getSubject());
        Principal userPrincipal = securityContext.getUtil().getUserPrincipal();
        resource.setPrincipal(userPrincipal);
        if (roleLinks != null) {
            final Set<SecurityRoleRef> roleRefs = new HashSet<SecurityRoleRef>();
            for (String key : roleLinks.keySet()) {
                Collection<String> values = roleLinks.get(key);
                if (values != null) {
                    for (String value : values)
                        roleRefs.add(new SecurityRoleRef(key, value));
                }
            }
            resource.setSecurityRoleReferences(roleRefs);
        }

        Map<String, Set<String>> previousRolesAssociationMap = null;
        try {
            // ensure the security roles association contains the incoming principal x roles map.
View Full Code Here

        final SecurityContext securityContext = doPrivileged(securityContext());
        if (securityContext == null) {
            return false;
        }

        EJBResource resource = new EJBResource(new HashMap<String, Object>());
        resource.setEjbName(ejbName);
        resource.setEjbMethod(ejbMethod);
        resource.setEjbMethodInterface(ejbMethodIntf);
        resource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles));
        resource.setCodeSource(ejbCodeSource);
        resource.setPolicyContextID(contextID);
        resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs());
        resource.setCallerSubject(securityContext.getUtil().getSubject());
        Principal userPrincipal = securityContext.getUtil().getUserPrincipal();
        resource.setPrincipal(userPrincipal);

        try {
            AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext);
            return helper.authorize(resource);
        } catch (Exception e) {
View Full Code Here

        final SecurityContext securityContext = doPrivileged(securityContext());
        if (securityContext == null) {
            return false;
        }

        EJBResource resource = new EJBResource(new HashMap<String, Object>());
        resource.setEjbName(ejbName);
        resource.setEjbMethod(ejbMethod);
        resource.setEjbMethodInterface(ejbMethodIntf);
        resource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles));
        resource.setCodeSource(ejbCodeSource);
        resource.setPolicyContextID(contextID);
        resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs());
        resource.setCallerSubject(securityContext.getUtil().getSubject());
        Principal userPrincipal = securityContext.getUtil().getUserPrincipal();
        resource.setPrincipal(userPrincipal);

        try {
            AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext);
            return helper.authorize(resource);
        }
View Full Code Here

   public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
   {
      if(resource instanceof EJBResource == false)
         throw new IllegalArgumentException("resource is not an EJBResource");
     
      EJBResource ejbResource = (EJBResource) resource;
     
      //Get the context map
      Map<String,Object> map = resource.getMap();
      if(map == null)
         throw new IllegalStateException("Map from the Resource is null");
   
      /*AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
      if(am == null)
         throw new IllegalStateException("Authorization Manager is null");
      if(am instanceof PolicyRegistration)
         this.policyRegistration = (PolicyRegistration) am;
      */
      this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
     
      this.ejbCS = ejbResource.getCodeSource();
      this.ejbMethod = ejbResource.getEjbMethod();
      this.ejbName = ejbResource.getEjbName();
      this.methodInterface = ejbResource.getEjbMethodInterface();
     
      this.roleName = (String)map.get(ResourceKeys.ROLENAME);
      //Get the Security Context Roles
      /*if(am != null)
      {
View Full Code Here

   public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
   {
      if(resource instanceof EJBResource == false)
         throw new IllegalArgumentException("resource is not an EJBResource");
     
      EJBResource ejbResource = (EJBResource) resource;
     
      //Get the context map
      Map<String,Object> map = resource.getMap();
      if(map == null)
         throw new IllegalStateException("Map from the Resource is null");

      this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION)
      if(this.policyRegistration == null)
         throw new IllegalStateException("Policy Registration passed is null");
     
      this.ejbName = ejbResource.getEjbName();
      this.ejbMethod = ejbResource.getEjbMethod();
      this.principal = ejbResource.getPrincipal();
      this.policyContextID = ejbResource.getPolicyContextID();
      if(policyContextID == null)
         throw new IllegalStateException("Context ID is null");
     
      Boolean roleRefCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK));
      if(roleRefCheck)
View Full Code Here

   public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
   {
      if(resource instanceof EJBResource == false)
         throw new IllegalArgumentException("resource is not an EJBResource");
     
      EJBResource ejbResource = (EJBResource) resource;
     
      //Get the context map
      Map<String,Object> map = resource.getMap();
      if(map == null)
         throw new IllegalStateException("Map from the Resource is null");

      /*AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
      if(am == null)
         throw new IllegalStateException("Authorization Manager is null");
      if(am instanceof PolicyRegistration)
         this.policyRegistration = (PolicyRegistration) am;  */
     
      this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
     
      this.roleName = (String)map.get(ResourceKeys.ROLENAME);
      this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK);
     
      this.callerRunAs = ejbResource.getCallerRunAsIdentity();
      this.ejbMethod = ejbResource.getEjbMethod();
      this.ejbName = ejbResource.getEjbName();
      this.ejbPrincipal = ejbResource.getPrincipal();
      this.methodInterface = ejbResource.getEjbMethodInterface();
      this.methodRoles = ejbResource.getEjbMethodRoles();
      this.securityRoleReferences = ejbResource.getSecurityRoleReferences();
     
      if(this.roleRefCheck == Boolean.TRUE)
         return checkRoleRef(role);
      else
         return process(role);
View Full Code Here

         log.error("Error getting Policy Registration",e);
      }
     
      map.put(ResourceKeys.POLICY_REGISTRATION, this.policyRegistration);
    
      EJBResource ejbResource = new EJBResource(map);
      ejbResource.setEjbVersion(version);
      ejbResource.setPolicyContextID(contextID);
      ejbResource.setCallerRunAsIdentity(callerRunAs);
      ejbResource.setEjbName(ejbName);
      ejbResource.setEjbMethod(ejbMethod);
      ejbResource.setPrincipal(ejbPrincipal);
      ejbResource.setEjbMethodInterface(invocationInterfaceString);
      ejbResource.setCodeSource(ejbCS);
      ejbResource.setCallerRunAsIdentity(callerRunAs);
      ejbResource.setCallerSubject(callerSubject);
      ejbResource.setEjbMethodRoles(methodRoles);
     
      SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
      RoleGroup callerRoles = am.getSubjectRoles(callerSubject, sch);
     
      boolean isAuthorized = false;
View Full Code Here

      map.put(ResourceKeys.POLICY_REGISTRATION, this.policyRegistration);
     
      map.put(ResourceKeys.ROLENAME, roleName);
      map.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
     
      EJBResource ejbResource = new EJBResource(map);
      ejbResource.setPolicyContextID(contextID);
     
      RunAs callerRunAs = SecurityActions.getIncomingRunAs(securityContext);
     
      ejbResource.setEjbVersion(version);
      ejbResource.setEjbName(ejbName);
      ejbResource.setPrincipal(ejbPrincipal);
      ejbResource.setCallerRunAsIdentity(callerRunAs);
      ejbResource.setSecurityRoleReferences(securityRoleRefs);
      ejbResource.setEnforceEJBRestrictions(enforceEJBRestrictions);
     
      ejbResource.setCallerSubject(callerSubject);
      SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
      RoleGroup callerRoles = am.getSubjectRoles(callerSubject, sch);
     
      try
      {
View Full Code Here

   public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
   {
      if(resource instanceof EJBResource == false)
         throw new IllegalArgumentException("resource is not an EJBResource");
     
      EJBResource ejbResource = (EJBResource) resource;
     
      //Get the context map
      Map<String,Object> map = resource.getMap();
      if(map == null)
         throw new IllegalStateException("Map from the Resource is null");

      this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION)
      if(this.policyRegistration == null)
         throw new IllegalStateException("Policy Registration passed is null");

      this.callerRunAs = ejbResource.getCallerRunAsIdentity();
      this.ejbName = ejbResource.getEjbName();
      this.ejbMethod = ejbResource.getEjbMethod();
      this.ejbPrincipal = ejbResource.getPrincipal();
      this.policyContextID = ejbResource.getPolicyContextID();
      if(policyContextID == null)
         throw new IllegalStateException("Context ID is null");
     
      this.securityRoleReferences = ejbResource.getSecurityRoleReferences();
     
      //isCallerInRole checks
      this.roleName = (String)map.get(ResourceKeys.ROLENAME);
     
      Boolean roleRefCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK));
View Full Code Here

TOP

Related Classes of org.jboss.security.authorization.resources.EJBResource

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.