if (realmMapping == null)
{
throw new SecurityException("Role mapping manager has not been set");
}
SecurityContext sc = SecurityActions.getSecurityContext();
EJBAuthenticationHelper helper = SecurityHelperFactory.getEJBAuthenticationHelper(sc);
boolean isTrusted = containsTrustableRunAs(sc) || helper.isTrusted();
if (!isTrusted)
{
// Check the security info from the method invocation
Subject subject = new Subject();
if (SecurityActions.isValid(helper, subject, m.getName()) == false)
{
// Notify authentication observer
if (authenticationObserver != null)
authenticationObserver.authenticationFailed();
// Else throw a generic SecurityException
String msg = "Authentication exception, principal=" + principal;
throw new SecurityException(msg);
}
else
{
SecurityActions.pushSubjectContext(principal, credential, subject);
if (trace)
{
log.trace("Authenticated principal=" + principal + " in security domain=" + sc.getSecurityDomain());
}
}
}
else
{
// Duplicate the current subject context on the stack since
//SecurityActions.dupSubjectContext();
SecurityActions.pushRunAsIdentity(callerRunAsIdentity);
}
Method ejbMethod = mi.getMethod();
// Ignore internal container calls
if (ejbMethod == null)
return;
// Get the caller
Subject caller = SecurityActions.getContextSubject();
if (caller == null)
throw new IllegalStateException("Authenticated User. But caller subject is null");
//Establish the deployment rolename-principalset custom mapping(if available)
SecurityRolesAssociation.setSecurityRoles(this.deploymentRoles);
boolean isAuthorized = false;
Set<Principal> methodRoles = container.getMethodPermissions(ejbMethod, mi.getType());
SecurityContext currentSC = SecurityActions.getSecurityContext();
if (SecurityActions.getSecurityManagement(currentSC) == null)
SecurityActions.setSecurityManagement(currentSC, securityManagement);
AbstractEJBAuthorizationHelper authorizationHelper = SecurityHelperFactory.getEJBAuthorizationHelper(sc);
authorizationHelper.setPolicyRegistration(container.getPolicyRegistration());