protected AllowedMethodsInformation(boolean beanManagedTransaction) { this.beanManagedTransaction = beanManagedTransaction; final Set<DeniedMethodKey> denied = new HashSet<DeniedMethodKey>(); add(denied, InvocationType.SET_ENTITY_CONTEXT, MethodType.TIMER_SERVICE_METHOD); add(denied, InvocationType.SET_ENTITY_CONTEXT, MethodType.TIMER_SERVICE_METHOD); add(denied, InvocationType.SET_ENTITY_CONTEXT, MethodType.GET_PRIMARY_KEY); add(denied, InvocationType.SET_ENTITY_CONTEXT, MethodType.GET_TIMER_SERVICE); add(denied, InvocationType.SET_ENTITY_CONTEXT, MethodType.IS_CALLER_IN_ROLE); add(denied, InvocationType.SET_ENTITY_CONTEXT, MethodType.GET_CALLER_PRINCIPLE); add(denied, InvocationType.HOME_METHOD, MethodType.TIMER_SERVICE_METHOD); add(denied, InvocationType.HOME_METHOD, MethodType.GET_PRIMARY_KEY); add(denied, InvocationType.ENTITY_EJB_CREATE, MethodType.TIMER_SERVICE_METHOD); add(denied, InvocationType.ENTITY_EJB_CREATE, MethodType.GET_PRIMARY_KEY); setup(denied); this.denied = Collections.unmodifiableSet(denied); final Set<DeniedSyncMethodKey> deniedSync = new HashSet<DeniedSyncMethodKey>(); add(deniedSync, CurrentSynchronizationCallback.CallbackType.AFTER_COMPLETION, MethodType.TIMER_SERVICE_METHOD); add(deniedSync, CurrentSynchronizationCallback.CallbackType.AFTER_COMPLETION, MethodType.GET_ROLLBACK_ONLY); add(deniedSync, CurrentSynchronizationCallback.CallbackType.AFTER_COMPLETION, MethodType.SET_ROLLBACK_ONLY); this.deniedSyncMethods = Collections.unmodifiableSet(deniedSync); }
@Override public void authorizeAccess() { AllowedMethodsInformation.checkAllowed(MethodType.GET_USER_TRANSACTION); } };
protected void realCheckPermission(MethodType methodType, InvocationType invocationType) { checkTransactionSync(methodType); if (invocationType != null) { if (denied.contains(new DeniedMethodKey(invocationType, methodType))) { throwException(methodType, invocationType); } } if (invocationType != InvocationType.CONCURRENT_CONTEXT && !beanManagedTransaction && methodType == MethodType.GET_USER_TRANSACTION) { throw EjbLogger.ROOT_LOGGER.unauthorizedAccessToUserTransaction(); } }
@Override protected void setup(Set<DeniedMethodKey> denied) { super.setup(denied); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.GET_EJB_LOCAL_OBJECT); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.GET_EJB_OBJECT); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.GET_CALLER_PRINCIPLE); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.IS_CALLER_IN_ROLE); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.GET_USER_TRANSACTION); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.GET_TIMER_SERVICE); } }
/** * transaction sync is not affected by the current invocation, as multiple ejb methods may be invoked from afterCompletion */ private void checkTransactionSync(MethodType methodType) { //first we have to check the synchronization status //as the sync is not affected by the current invocation final CurrentSynchronizationCallback.CallbackType currentSync = CurrentSynchronizationCallback.get(); if (currentSync != null) { if (deniedSyncMethods.contains(new DeniedSyncMethodKey(currentSync, methodType))) { throwException(methodType, currentSync); } } }
/** * Checks that the current method */ public static void checkAllowed(final MethodType methodType) { final InterceptorContext context = CurrentInvocationContext.get(); if (context == null) { return; } final Component component = context.getPrivateData(Component.class); if (!(component instanceof EJBComponent)) { return; } final InvocationType invocationType = context.getPrivateData(InvocationType.class); ((EJBComponent) component).getAllowedMethodsInformation().realCheckPermission(methodType, invocationType); }
@Override protected void setup(Set<DeniedMethodKey> denied) { super.setup(denied); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.GET_CALLER_PRINCIPLE); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.IS_CALLER_IN_ROLE); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.GET_USER_TRANSACTION); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.GET_TIMER_SERVICE); add(denied, InvocationType.POST_CONSTRUCT, MethodType.GET_CALLER_PRINCIPLE); add(denied, InvocationType.PRE_DESTROY, MethodType.GET_CALLER_PRINCIPLE); add(denied, InvocationType.POST_CONSTRUCT, MethodType.IS_CALLER_IN_ROLE); add(denied, InvocationType.PRE_DESTROY, MethodType.IS_CALLER_IN_ROLE); } }
/** * transaction sync is not affected by the current invocation, as multiple ejb methods may be invoked from afterCompletion */ private void checkTransactionSync(MethodType methodType) { //first we have to check the synchronization status //as the sync is not affected by the current invocation final CurrentSynchronizationCallback.CallbackType currentSync = CurrentSynchronizationCallback.get(); if (currentSync != null) { if (deniedSyncMethods.contains(new DeniedSyncMethodKey(currentSync, methodType))) { throwException(methodType, currentSync); } } }
/** * Checks that the current method */ public static void checkAllowed(final MethodType methodType) { final InterceptorContext context = CurrentInvocationContext.get(); if (context == null) { return; } final Component component = context.getPrivateData(Component.class); if (!(component instanceof EJBComponent)) { return; } final InvocationType invocationType = context.getPrivateData(InvocationType.class); ((EJBComponent) component).getAllowedMethodsInformation().realCheckPermission(methodType, invocationType); }
@Override public boolean getRollbackOnly() throws IllegalStateException { AllowedMethodsInformation.checkAllowed(MethodType.GET_ROLLBACK_ONLY); return super.getRollbackOnly(); } }
protected void realCheckPermission(MethodType methodType, InvocationType invocationType) { checkTransactionSync(methodType); if (invocationType != null) { if (denied.contains(new DeniedMethodKey(invocationType, methodType))) { throwException(methodType, invocationType); } } }
protected AllowedMethodsInformation() { final Set<DeniedMethodKey> denied = new HashSet<DeniedMethodKey>(); add(denied, InvocationType.SET_ENTITY_CONTEXT, MethodType.TIMER_SERVICE_METHOD); add(denied, InvocationType.SET_ENTITY_CONTEXT, MethodType.TIMER_SERVICE_METHOD); add(denied, InvocationType.SET_ENTITY_CONTEXT, MethodType.GET_PRIMARY_KEY); add(denied, InvocationType.SET_ENTITY_CONTEXT, MethodType.GET_TIMER_SERVICE); add(denied, InvocationType.SET_ENTITY_CONTEXT, MethodType.IS_CALLER_IN_ROLE); add(denied, InvocationType.SET_ENTITY_CONTEXT, MethodType.GET_CALLER_PRINCIPLE); add(denied, InvocationType.HOME_METHOD, MethodType.TIMER_SERVICE_METHOD); add(denied, InvocationType.HOME_METHOD, MethodType.GET_PRIMARY_KEY); add(denied, InvocationType.ENTITY_EJB_CREATE, MethodType.TIMER_SERVICE_METHOD); add(denied, InvocationType.ENTITY_EJB_CREATE, MethodType.GET_PRIMARY_KEY); setup(denied); this.denied = Collections.unmodifiableSet(denied); final Set<DeniedSyncMethodKey> deniedSync = new HashSet<DeniedSyncMethodKey>(); add(deniedSync, CurrentSynchronizationCallback.CallbackType.AFTER_COMPLETION, MethodType.TIMER_SERVICE_METHOD); add(deniedSync, CurrentSynchronizationCallback.CallbackType.AFTER_COMPLETION, MethodType.GET_ROLLBACK_ONLY); add(deniedSync, CurrentSynchronizationCallback.CallbackType.AFTER_COMPLETION, MethodType.SET_ROLLBACK_ONLY); this.deniedSyncMethods = Collections.unmodifiableSet(deniedSync); }
@Override protected void setup(Set<DeniedMethodKey> denied) { super.setup(denied); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.GET_EJB_LOCAL_OBJECT); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.GET_EJB_OBJECT); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.GET_CALLER_PRINCIPLE); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.IS_CALLER_IN_ROLE); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.GET_USER_TRANSACTION); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.GET_TIMER_SERVICE); } }
@Override public void setRollbackOnly() throws IllegalStateException { AllowedMethodsInformation.checkAllowed(MethodType.SET_ROLLBACK_ONLY); super.setRollbackOnly(); }
@Override protected void setup(Set<DeniedMethodKey> denied) { super.setup(denied); add(denied, InvocationType.FINDER_METHOD, MethodType.TIMER_SERVICE_METHOD); add(denied, InvocationType.FINDER_METHOD, MethodType.GET_PRIMARY_KEY); add(denied, InvocationType.FINDER_METHOD, MethodType.GET_TIMER_SERVICE); add(denied, InvocationType.ENTITY_EJB_ACTIVATE, MethodType.GET_CALLER_PRINCIPLE); add(denied, InvocationType.ENTITY_EJB_ACTIVATE, MethodType.IS_CALLER_IN_ROLE); add(denied, InvocationType.ENTITY_EJB_PASSIVATE, MethodType.GET_CALLER_PRINCIPLE); add(denied, InvocationType.ENTITY_EJB_PASSIVATE, MethodType.IS_CALLER_IN_ROLE); }
@Override public TimerService getTimerService() throws IllegalStateException { AllowedMethodsInformation.checkAllowed(MethodType.GET_TIMER_SERVICE); if (stateful) { throw EjbLogger.ROOT_LOGGER.notAllowedFromStatefulBeans("getTimerService()"); } return super.getTimerService(); }
@Override protected void setup(Set<DeniedMethodKey> denied) { super.setup(denied); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.GET_CALLER_PRINCIPLE); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.IS_CALLER_IN_ROLE); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.GET_USER_TRANSACTION); add(denied, InvocationType.DEPENDENCY_INJECTION, MethodType.GET_TIMER_SERVICE); add(denied, InvocationType.POST_CONSTRUCT, MethodType.GET_CALLER_PRINCIPLE); add(denied, InvocationType.PRE_DESTROY, MethodType.GET_CALLER_PRINCIPLE); add(denied, InvocationType.POST_CONSTRUCT, MethodType.IS_CALLER_IN_ROLE); add(denied, InvocationType.PRE_DESTROY, MethodType.IS_CALLER_IN_ROLE); } }
public Principal getCallerPrincipal() { AllowedMethodsInformation.checkAllowed(MethodType.GET_CALLER_PRINCIPLE); // per invocation return instance.getComponent().getCallerPrincipal(); }
@Override public UserTransaction getUserTransaction() throws IllegalStateException { AllowedMethodsInformation.checkAllowed(MethodType.GET_USER_TRANSACTION); return getComponent().getUserTransaction(); }
public UserTransaction getUserTransaction() throws IllegalStateException { AllowedMethodsInformation.checkAllowed(MethodType.GET_USER_TRANSACTION); return getComponent().getUserTransaction(); }