private void checkAuthorization(Method callMethod, InterfaceType interfaceType)
     throws ApplicationException {
   boolean authorized = securityService.isCallerAuthorized(callMethod, interfaceType);
   if (!authorized) {
     throw new ApplicationException(
         new EJBAccessException("Unauthorized Access by Principal Denied"));
   }
 }
Пример #2
0
    public void enter() {
      final Thread thread = Thread.currentThread();

      final ClassLoader oldCl = thread.getContextClassLoader();
      thread.setContextClassLoader(loader);

      final Object threadState;
      if (associate) {
        //noinspection unchecked
        try {
          SECURITY_SERVICE.associate(securityServiceState);
        } catch (final LoginException e) {
          throw new IllegalStateException(e);
        }
        threadState = null;
      } else {
        threadState = SECURITY_SERVICE.currentState();
        SECURITY_SERVICE.setState(securityServiceState);
      }

      final ThreadContext oldCtx;
      if (threadContext != null) {
        final ThreadContext newContext = new ThreadContext(threadContext);
        newContext.set(Context.class, this);
        if (securityContext != null) {
          newContext.set(
              AbstractSecurityService.ProvidedSecurityContext.class,
              new AbstractSecurityService.ProvidedSecurityContext(securityContext));
        }
        oldCtx = ThreadContext.enter(newContext);
      } else {
        oldCtx = null;
      }

      currentContext = new Context(associate, threadState, securityContext, oldCtx, oldCl);

      /* propagation of CDI context seems wrong
      if (cdiState != null) {
          contextService.restoreState(cdiState);
      }
      */
    }
Пример #3
0
    public void exit() {
      if (currentContext.threadContext != null) {
        ThreadContext.exit(currentContext.threadContext);
      }

      if (!associate) {
        SECURITY_SERVICE.setState(currentContext.securityServiceState);
      } else {
        SECURITY_SERVICE.disassociate();
      }

      /* propagation of CDI context seems wrong
      if (currentContext.cdiState != null) {
          contextService.restoreState(currentContext.cdiState);
          contextService.removeThreadLocals();
      }
      */

      Thread.currentThread().setContextClassLoader(currentContext.loader);
      currentContext = null;
    }
Пример #4
0
  public CUTask(final Object task) {
    super(task);

    Object stateTmp = SECURITY_SERVICE.currentState();
    final boolean associate;
    if (stateTmp == null) {
      stateTmp = ClientSecurity.getIdentity();
      associate = stateTmp != null;
    } else {
      associate = false;
    }
    final ThreadContext threadContext = ThreadContext.getThreadContext();
    initialContext =
        new Context(
            associate,
            stateTmp,
            threadContext == null
                ? null
                : threadContext.get(AbstractSecurityService.SecurityContext.class),
            threadContext,
            Thread.currentThread().getContextClassLoader());
  }
Пример #5
0
  @Override
  public Object invoke(
      final Object deployID,
      InterfaceType type,
      final Class callInterface,
      final Method callMethod,
      final Object[] args,
      final Object primKey)
      throws OpenEJBException {
    final BeanContext beanContext = this.getBeanContext(deployID);

    if (beanContext == null) {
      throw new OpenEJBException(
          "Deployment does not exist in this container. Deployment(id='"
              + deployID
              + "'), Container(id='"
              + containerID
              + "')");
    }

    // Use the backup way to determine call type if null was supplied.
    if (type == null) {
      type = beanContext.getInterfaceType(callInterface);
    }

    final ThreadContext callContext = new ThreadContext(beanContext, primKey);

    final ThreadContext oldCallContext = ThreadContext.enter(callContext);
    try {

      final boolean authorized = securityService.isCallerAuthorized(callMethod, type);

      if (!authorized) {
        throw new ApplicationException(
            new EJBAccessException("Unauthorized Access by Principal Denied"));
      }

      final Class declaringClass = callMethod.getDeclaringClass();
      final String methodName = callMethod.getName();

      if (EJBHome.class.isAssignableFrom(declaringClass)
          || EJBLocalHome.class.isAssignableFrom(declaringClass)) {
        if (declaringClass != EJBHome.class && declaringClass != EJBLocalHome.class) {
          if (methodName.startsWith("create")) {
            return createEJBObject(callMethod, args, callContext, type);
          } else if (methodName.equals("findByPrimaryKey")) {
            return findByPrimaryKey(callMethod, args, callContext, type);
          } else if (methodName.startsWith("find")) {
            return findEJBObject(callMethod, args, callContext, type);
          } else {
            return homeMethod(callMethod, args, callContext, type);
          }
        } else if (methodName.equals("remove")) {
          removeEJBObject(callMethod, callContext, type);
          return null;
        }
      } else if ((EJBObject.class == declaringClass || EJBLocalObject.class == declaringClass)
          && methodName.equals("remove")) {
        removeEJBObject(callMethod, callContext, type);
        return null;
      }

      // business method
      callContext.setCurrentOperation(Operation.BUSINESS);
      final Method runMethod = beanContext.getMatchingBeanMethod(callMethod);

      callContext.set(Method.class, runMethod);

      return businessMethod(callMethod, runMethod, args, callContext, type);
    } finally {
      ThreadContext.exit(oldCallContext);
    }
  }