Пример #1
0
 private boolean checkModificationAccessBySlot(String productID) throws OntologyErrorException {
   return DefaultSecurityManager.getInstance()
       .checkPersonCanModifyEntity(
           DefaultSecurityManager.getInstance().getParentProcess(productID),
           DefaultSecurityManager.getInstance()
               .getUserID(sessionCoontext.getCallerPrincipal().getName()));
 }
Пример #2
0
 /**
  * Gets the caller authorization.
  *
  * @param methodname not null methodname.
  * @param classname not null classname.
  * @return {@link Authorization}.
  * @throws OntologyErrorException if an error occurs in ontology back end
  */
 private Authorization getCallerAuthorization(String methodname, String classname)
     throws OntologyErrorException {
   return DefaultSecurityManager.getInstance()
       .createAuthorization(
           organizationEntity.getUser(sessionCoontext.getCallerPrincipal().getName()).getID(),
           methodname,
           classname);
 }
Пример #3
0
  /**
   * This checks every not administrator caller if he can change the process model. <br>
   * this returns true if the process (in this context call) can be changed from the caller.
   *
   * @param parameters the method parameter.
   * @return true if the caller can change the process.
   * @throws OntologyErrorException if an error occurs in ontology back end
   */
  private boolean checkNotAdminUser(Object[] parameters) throws OntologyErrorException {

    String modelID = (String) parameters[0];
    LOG.debug("checkNotAdminUser PARAM[0]   " + modelID);
    return DefaultSecurityManager.getInstance()
        .checkPersonCanModifyEntity(
            modelID,
            organizationEntity.getUser(sessionCoontext.getCallerPrincipal().getName()).getID());
  }
Пример #4
0
 /**
  * {@inheritDoc}
  *
  * @see
  *     org.prowim.services.interceptors.SecurityInterceptor#onMethodCall(javax.interceptor.InvocationContext)
  */
 @AroundInvoke
 public Object onMethodCall(InvocationContext context) throws Exception {
   Object[] params = context.getParameters();
   for (int i = 0; i < params.length; i++) {
     LOG.debug("PARAM :   " + i + "  " + params[i]);
   }
   LOG.debug("Invoking class: " + context.getMethod().getDeclaringClass().getSimpleName());
   LOG.debug("Invoking method: " + context.getMethod().getName());
   System.out.println("CALLER PRINCIPAL   " + sessionCoontext.getCallerPrincipal());
   if (!intercept(
       context.getMethod().getName(),
       context.getMethod().getDeclaringClass().getSimpleName(),
       params)) {
     LOG.debug(
         "BeansSecurityInterceptor:  allow call method < "
             + context.getMethod().getDeclaringClass().getSimpleName()
             + "#"
             + context.getMethod().getName()
             + " >");
     if (context.getMethod().getName().equals("createObject")) {
       Object returnedObject = context.proceed();
       if (returnedObject != null) {
         if (params[0].equals("model")) {
           DefaultSecurityManager.getInstance()
               .setUserCanModifyEntity(
                   (String) returnedObject,
                   DefaultSecurityManager.getInstance()
                       .getUserID(sessionCoontext.getCallerPrincipal().getName()));
         }
       }
       return returnedObject;
     } else {
       return context.proceed();
     }
   } else {
     throw new IllegalStateException(
         "No Permission to call this method for user. " + sessionCoontext.getCallerPrincipal());
   }
 }