private void checkAuthorization(Method callMethod, InterfaceType interfaceType)
     throws ApplicationException {
   boolean authorized = securityService.isCallerAuthorized(callMethod, interfaceType);
   if (!authorized) {
     throw new ApplicationException(
         new EJBAccessException("Unauthorized Access by Principal Denied"));
   }
 }
Exemplo n.º 2
0
  @Override
  public Object invoke(
      final Object deployID,
      InterfaceType type,
      final Class callInterface,
      final Method callMethod,
      final Object[] args,
      final Object primKey)
      throws OpenEJBException {
    final BeanContext beanContext = this.getBeanContext(deployID);

    if (beanContext == null) {
      throw new OpenEJBException(
          "Deployment does not exist in this container. Deployment(id='"
              + deployID
              + "'), Container(id='"
              + containerID
              + "')");
    }

    // Use the backup way to determine call type if null was supplied.
    if (type == null) {
      type = beanContext.getInterfaceType(callInterface);
    }

    final ThreadContext callContext = new ThreadContext(beanContext, primKey);

    final ThreadContext oldCallContext = ThreadContext.enter(callContext);
    try {

      final boolean authorized = securityService.isCallerAuthorized(callMethod, type);

      if (!authorized) {
        throw new ApplicationException(
            new EJBAccessException("Unauthorized Access by Principal Denied"));
      }

      final Class declaringClass = callMethod.getDeclaringClass();
      final String methodName = callMethod.getName();

      if (EJBHome.class.isAssignableFrom(declaringClass)
          || EJBLocalHome.class.isAssignableFrom(declaringClass)) {
        if (declaringClass != EJBHome.class && declaringClass != EJBLocalHome.class) {
          if (methodName.startsWith("create")) {
            return createEJBObject(callMethod, args, callContext, type);
          } else if (methodName.equals("findByPrimaryKey")) {
            return findByPrimaryKey(callMethod, args, callContext, type);
          } else if (methodName.startsWith("find")) {
            return findEJBObject(callMethod, args, callContext, type);
          } else {
            return homeMethod(callMethod, args, callContext, type);
          }
        } else if (methodName.equals("remove")) {
          removeEJBObject(callMethod, callContext, type);
          return null;
        }
      } else if ((EJBObject.class == declaringClass || EJBLocalObject.class == declaringClass)
          && methodName.equals("remove")) {
        removeEJBObject(callMethod, callContext, type);
        return null;
      }

      // business method
      callContext.setCurrentOperation(Operation.BUSINESS);
      final Method runMethod = beanContext.getMatchingBeanMethod(callMethod);

      callContext.set(Method.class, runMethod);

      return businessMethod(callMethod, runMethod, args, callContext, type);
    } finally {
      ThreadContext.exit(oldCallContext);
    }
  }