private void checkAuthorization(Method callMethod, InterfaceType interfaceType)
throws ApplicationException {
boolean authorized = securityService.isCallerAuthorized(callMethod, interfaceType);
if (!authorized) {
throw new ApplicationException(
new EJBAccessException("Unauthorized Access by Principal Denied"));
}
}
public void enter() {
final Thread thread = Thread.currentThread();
final ClassLoader oldCl = thread.getContextClassLoader();
thread.setContextClassLoader(loader);
final Object threadState;
if (associate) {
//noinspection unchecked
try {
SECURITY_SERVICE.associate(securityServiceState);
} catch (final LoginException e) {
throw new IllegalStateException(e);
}
threadState = null;
} else {
threadState = SECURITY_SERVICE.currentState();
SECURITY_SERVICE.setState(securityServiceState);
}
final ThreadContext oldCtx;
if (threadContext != null) {
final ThreadContext newContext = new ThreadContext(threadContext);
newContext.set(Context.class, this);
if (securityContext != null) {
newContext.set(
AbstractSecurityService.ProvidedSecurityContext.class,
new AbstractSecurityService.ProvidedSecurityContext(securityContext));
}
oldCtx = ThreadContext.enter(newContext);
} else {
oldCtx = null;
}
currentContext = new Context(associate, threadState, securityContext, oldCtx, oldCl);
/* propagation of CDI context seems wrong
if (cdiState != null) {
contextService.restoreState(cdiState);
}
*/
}
public void exit() {
if (currentContext.threadContext != null) {
ThreadContext.exit(currentContext.threadContext);
}
if (!associate) {
SECURITY_SERVICE.setState(currentContext.securityServiceState);
} else {
SECURITY_SERVICE.disassociate();
}
/* propagation of CDI context seems wrong
if (currentContext.cdiState != null) {
contextService.restoreState(currentContext.cdiState);
contextService.removeThreadLocals();
}
*/
Thread.currentThread().setContextClassLoader(currentContext.loader);
currentContext = null;
}
public CUTask(final Object task) {
super(task);
Object stateTmp = SECURITY_SERVICE.currentState();
final boolean associate;
if (stateTmp == null) {
stateTmp = ClientSecurity.getIdentity();
associate = stateTmp != null;
} else {
associate = false;
}
final ThreadContext threadContext = ThreadContext.getThreadContext();
initialContext =
new Context(
associate,
stateTmp,
threadContext == null
? null
: threadContext.get(AbstractSecurityService.SecurityContext.class),
threadContext,
Thread.currentThread().getContextClassLoader());
}
@Override
public Object invoke(
final Object deployID,
InterfaceType type,
final Class callInterface,
final Method callMethod,
final Object[] args,
final Object primKey)
throws OpenEJBException {
final BeanContext beanContext = this.getBeanContext(deployID);
if (beanContext == null) {
throw new OpenEJBException(
"Deployment does not exist in this container. Deployment(id='"
+ deployID
+ "'), Container(id='"
+ containerID
+ "')");
}
// Use the backup way to determine call type if null was supplied.
if (type == null) {
type = beanContext.getInterfaceType(callInterface);
}
final ThreadContext callContext = new ThreadContext(beanContext, primKey);
final ThreadContext oldCallContext = ThreadContext.enter(callContext);
try {
final boolean authorized = securityService.isCallerAuthorized(callMethod, type);
if (!authorized) {
throw new ApplicationException(
new EJBAccessException("Unauthorized Access by Principal Denied"));
}
final Class declaringClass = callMethod.getDeclaringClass();
final String methodName = callMethod.getName();
if (EJBHome.class.isAssignableFrom(declaringClass)
|| EJBLocalHome.class.isAssignableFrom(declaringClass)) {
if (declaringClass != EJBHome.class && declaringClass != EJBLocalHome.class) {
if (methodName.startsWith("create")) {
return createEJBObject(callMethod, args, callContext, type);
} else if (methodName.equals("findByPrimaryKey")) {
return findByPrimaryKey(callMethod, args, callContext, type);
} else if (methodName.startsWith("find")) {
return findEJBObject(callMethod, args, callContext, type);
} else {
return homeMethod(callMethod, args, callContext, type);
}
} else if (methodName.equals("remove")) {
removeEJBObject(callMethod, callContext, type);
return null;
}
} else if ((EJBObject.class == declaringClass || EJBLocalObject.class == declaringClass)
&& methodName.equals("remove")) {
removeEJBObject(callMethod, callContext, type);
return null;
}
// business method
callContext.setCurrentOperation(Operation.BUSINESS);
final Method runMethod = beanContext.getMatchingBeanMethod(callMethod);
callContext.set(Method.class, runMethod);
return businessMethod(callMethod, runMethod, args, callContext, type);
} finally {
ThreadContext.exit(oldCallContext);
}
}
