private EJBMethodPermission createEjbMethodPermission(Method invokedMethod, EJBComponent ejbComponent, MethodInterfaceType methodIntfType) { return new EJBMethodPermission(ejbComponent.getComponentName(), methodIntfType.name(), invokedMethod); }
/** * Returns the hash code value for this EJBMethodPermission. The properties * of the returned hash code must be as follows: <p> * <ul> * <li> During the lifetime of a Java application, the hashCode method * must return the same integer value every time it is called on a * EJBMethodPermission object. The value returned by hashCode for a * particular EJBMethodPermission need not remain consistent from * one execution of an application to another. * <li> If two EJBMethodPermission objects are equal according to the * equals method, then calling the hashCode method on each of the two * Permission objects must produce the same integer result (within an * application). * </ul> * <P> * @return the integer hash code value for this object. */ public int hashCode() { if (hashCodeValue == 0) { String hashInput; String actions = this.getActions(); if (actions == null) hashInput = this.getName(); else hashInput = this.getName() + " " + actions; hashCodeValue = hashInput.hashCode(); } return this.hashCodeValue; }
public boolean onPreUpdate(PreUpdateEvent event) { EJBMethodPermission updatePermission = new EJBMethodPermission( event.getPersister().getEntityName(), HibernatePermission.UPDATE ); log.debug( "checking update permission on: " + updatePermission.getName() ); AccessController.checkPermission(updatePermission); return super.onPreUpdate(event); } }
/** * Gets a string that represents the signature of a method * * @param ejbName * name of the ejb * @param method * Method on which the signature is required * @return string that represents the signature of a method */ public static String getSignature(String ejbName, Method method) { Class clazz = method.getDeclaringClass(); String methItf = ""; if (javax.ejb.EJBHome.class.isAssignableFrom(clazz)) { methItf = "Home"; } else if (javax.ejb.EJBObject.class.isAssignableFrom(clazz)) { methItf = "Remote"; } else if (javax.ejb.EJBLocalHome.class.isAssignableFrom(clazz)) { methItf = "LocalHome"; } else if (javax.ejb.EJBLocalObject.class.isAssignableFrom(clazz)) { methItf = "Local"; } else if (java.rmi.Remote.class.isAssignableFrom(clazz)) { methItf = "ServiceEndpoint"; } return new EJBMethodPermission(ejbName, methItf, method).getActions(); } }
private void writeObject(ObjectOutputStream oos) throws IOException { ObjectOutputStream.PutField fields = oos.putFields(); fields.put("actions", this.getActions()); oos.writeFields(); } }
/** * Process the request * @param callerSubject * @param role * @return */ private int process(Subject callerSubject, Role role) { EJBMethodPermission methodPerm = new EJBMethodPermission(ejbName, methodInterface, ejbMethod); boolean policyDecision = checkWithPolicy(methodPerm, callerSubject, role); if( policyDecision == false && PicketBoxLogger.LOGGER.isDebugEnabled() ) { PicketBoxLogger.LOGGER.debugJACCDeniedAccess(methodPerm.toString(), callerSubject, role != null ? role.toString() : null); } return policyDecision ? AuthorizationContext.PERMIT : AuthorizationContext.DENY; }
/** Creates a new EJBMethodPermission with name corresponding to the EJBName * and actions composed from methodInterface, and the Method object. * * A container uses this constructor prior to checking if a caller has * permission to call the method of an EJB. * * @param ejbName - the ejb-name of the target EJB * @param methodInterface - A string that may be used to specify the EJB * interface to which the permission pertains. A value of null or "", * indicates that the permission pertains to all methods that match the other * parameters of the permission specification without consideration of the * interface they occur on. * @param method - an instance of the Java.lang.reflect.Method class * corresponding to the method that the container is trying to determine * whether the caller has permission to access. This value must not be null. */ public EJBMethodPermission(String ejbName, String methodInterface, Method method) { this(ejbName, method.getName(), methodInterface, convertParameters(method.getParameterTypes())); }
/** * Returns the hash code value for this EJBMethodPermission. The properties * of the returned hash code must be as follows: <p> * <ul> * <li> During the lifetime of a Java application, the hashCode method * must return the same integer value every time it is called on a * EJBMethodPermission object. The value returned by hashCode for a * particular EJBMethodPermission need not remain consistent from * one execution of an application to another. * <li> If two EJBMethodPermission objects are equal according to the * equals method, then calling the hashCode method on each of the two * Permission objects must produce the same integer result (within an * application). * </ul> * <P> * @return the integer hash code value for this object. */ public int hashCode() { if (hashCodeValue == 0) { String hashInput; String actions = this.getActions(); if (actions == null) hashInput = this.getName(); else hashInput = this.getName() + " " + actions; hashCodeValue = hashInput.hashCode(); } return this.hashCodeValue; }
public void onPreLoad(PreLoadEvent event) { EJBMethodPermission loadPermission = new EJBMethodPermission( event.getPersister().getEntityName(), HibernatePermission.READ ); log.debug( "checking load permission on: " + loadPermission.getName() ); AccessController.checkPermission(loadPermission); super.onPreLoad(event); } }
/** * Gets a string that represents the signature of a method * * @param ejbName * name of the ejb * @param method * Method on which the signature is required * @return string that represents the signature of a method */ public static String getSignature(String ejbName, Method method) { Class clazz = method.getDeclaringClass(); String methItf = ""; if (javax.ejb.EJBHome.class.isAssignableFrom(clazz)) { methItf = "Home"; } else if (javax.ejb.EJBObject.class.isAssignableFrom(clazz)) { methItf = "Remote"; } else if (javax.ejb.EJBLocalHome.class.isAssignableFrom(clazz)) { methItf = "LocalHome"; } else if (javax.ejb.EJBLocalObject.class.isAssignableFrom(clazz)) { methItf = "Local"; } else if (java.rmi.Remote.class.isAssignableFrom(clazz)) { methItf = "ServiceEndpoint"; } return new EJBMethodPermission(ejbName, methItf, method).getActions(); } }
private void writeObject(ObjectOutputStream oos) throws IOException { ObjectOutputStream.PutField fields = oos.putFields(); fields.put("actions",this.getActions()); oos.writeFields(); } }
/** Creates a new EJBMethodPermission with name corresponding to the EJBName * and actions composed from methodInterface, and the Method object. * * A container uses this constructor prior to checking if a caller has * permission to call the method of an EJB. * * @param ejbName - the ejb-name of the target EJB * @param methodInterface - A string that may be used to specify the EJB * interface to which the permission pertains. A value of null or "", * indicates that the permission pertains to all methods that match the other * parameters of the permission specification without consideration of the * interface they occur on. * @param method - an instance of the Java.lang.reflect.Method class * corresponding to the method that the container is trying to determine * whether the caller has permission to access. This value must not be null. */ public EJBMethodPermission(String ejbName, String methodInterface, Method method) { this(ejbName, method.getName(), methodInterface, convertParameters(method.getParameterTypes())); }
private void doPermissionCheckInContext(PermissionCheckEntityInformation entityInformation, PermissibleAction action) { final Policy policy = Policy.getPolicy(); final Principal[] principals = getCallerPrincipals(); final CodeSource codeSource = entityInformation.getEntity().getClass().getProtectionDomain().getCodeSource(); final ProtectionDomain pd = new ProtectionDomain( codeSource, null, null, principals ); // the action is known as 'method name' in JACC final EJBMethodPermission jaccPermission = new EJBMethodPermission( entityInformation.getEntityName(), action.getImpliedActions()[0], null, null ); if ( ! policy.implies( pd, jaccPermission) ) { throw new SecurityException( String.format( "JACC denied permission to [%s.%s] for [%s]", entityInformation.getEntityName(), action.getImpliedActions()[0], join( principals ) ) ); } }
private static Permissions addToUncheckedPermissions(Permissions permissions, MethodPermission mp, EJBMethodPermission ejbmp) { if (mp.isUnchecked()) { if (permissions == null) { permissions = new Permissions(); } permissions.add(ejbmp); if (_logger.isLoggable(Level.FINE)) { _logger.fine("JACC DD conversion: EJBMethodPermission ->(" + ejbmp.getName() + " " + ejbmp.getActions() + ") is (unchecked)"); } } return permissions; }
public boolean onPreDelete(PreDeleteEvent event) { EJBMethodPermission deletePermission = new EJBMethodPermission( event.getPersister().getEntityName(), HibernatePermission.DELETE ); log.debug( "checking delete permission on: " + deletePermission.getName() ); AccessController.checkPermission(deletePermission); return super.onPreDelete(event); } }