authorizationInterceptor = new AuthorizationInterceptor(ejbMethodSecurityMetaData, viewClassName, viewMethod, contextID);
final MethodInterfaceType methodIntfType = this.getMethodInterfaceType(componentView.getPrivateData(MethodIntf.class)); final String previousContextID = setContextID(this.contextID); try { if(WildFlySecurityManager.isChecking()) { methodIntfType.name(), this.viewMethod, this.getMethodRolesAsPrincipals(), this.contextID)) { throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(invokedMethod,ejbComponent.getComponentName()); setContextID(previousContextID);
@Override public ProtectionDomain run() { if (!securityManager.authorize(ejbComponent.getComponentName(), componentView.getProxyClass().getProtectionDomain().getCodeSource(), methodIntfType.name(), AuthorizationInterceptor.this.viewMethod, AuthorizationInterceptor.this.getMethodRolesAsPrincipals(), AuthorizationInterceptor.this.contextID)) { throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(invokedMethod,ejbComponent.getComponentName()); } return null; } });
@Override public Object processInvocation(InterceptorContext context) throws Exception { final Component component = context.getPrivateData(Component.class); if (component instanceof EJBComponent == false) { throw MESSAGES.unexpectedComponent(component,EJBComponent.class); } final Method invokedMethod = context.getMethod(); final ComponentView componentView = context.getPrivateData(ComponentView.class); final String viewClassOfInvokedMethod = componentView.getViewClass().getName(); // shouldn't really happen if the interceptor was setup correctly. But let's be safe and do a check if (!this.viewClassName.equals(viewClassOfInvokedMethod) || !this.viewMethod.equals(invokedMethod)) { throw MESSAGES.failProcessInvocation(this.getClass().getName(), invokedMethod,viewClassOfInvokedMethod, viewMethod, viewClassName); } final EJBComponent ejbComponent = (EJBComponent) component; final ServerSecurityManager securityManager = ejbComponent.getSecurityManager(); final MethodInterfaceType methodIntfType = this.getMethodInterfaceType(componentView.getPrivateData(MethodIntf.class)); // set the JACC contextID before calling the security manager. final String previousContextID = setContextID(this.contextID); try { if (!securityManager.authorize(ejbComponent.getComponentName(), componentView.getProxyClass().getProtectionDomain().getCodeSource(), methodIntfType.name(), this.viewMethod, this.getMethodRolesAsPrincipals(), this.contextID)) throw MESSAGES.invocationOfMethodNotAllowed(invokedMethod,ejbComponent.getComponentName()); } finally { // reset the previous JACC contextID. setContextID(previousContextID); } // successful authorization, let the invocation proceed return context.proceed(); }
OkHttpClient httpClient = new OkHttpClient(); httpClient.interceptors().add(new TokenExpiredInterceptor()); mRestAdapter = new RestAdapter.Builder() .setEndpoint(API_ENDPOINT) .setClient(new OkClient(httpClient)) .setLogLevel(BuildConfig.DEBUG ? RestAdapter.LogLevel.FULL : RestAdapter.LogLevel.NONE) .setRequestInterceptor(new AuthorizationInterceptor()) .build();
viewConfiguration.addViewInterceptor(viewMethod, new ImmediateInterceptorFactory(RolesAllowedInterceptor.DENY_ALL), InterceptorOrder.View.EJB_SECURITY_AUTHORIZATION_INTERCEPTOR); } else { final Interceptor authorizationInterceptor = new AuthorizationInterceptor(EJBMethodSecurityAttribute.denyAll(), viewClassName, viewMethod, contextID); viewConfiguration.addViewInterceptor(viewMethod, new ImmediateInterceptorFactory(authorizationInterceptor), InterceptorOrder.View.EJB_SECURITY_AUTHORIZATION_INTERCEPTOR);
@EnableWebMvc @Configuration public class InterceptorRegistry extends WebMvcConfigurerAdapter { @Override public void addInterceptors(org.springframework.web.servlet.config.annotation.InterceptorRegistry registry) { registry.addInterceptor(new InternalAccessInterceptor()); registry.addInterceptor(new AuthorizationInterceptor()); } }
final Interceptor authorizationInterceptor = new AuthorizationInterceptor(ejbMethodSecurityMetaData, viewClassName, viewMethod, contextID); viewConfiguration.addViewInterceptor(viewMethod, new ImmediateInterceptorFactory(authorizationInterceptor), InterceptorOrder.View.EJB_SECURITY_AUTHORIZATION_INTERCEPTOR); return true;
for (final Method viewMethod : methodsWithoutExplicitSecurityConfiguration) { final Interceptor authorizationInterceptor = new AuthorizationInterceptor(EJBMethodSecurityAttribute.denyAll(), viewClassName, viewMethod, contextID); viewConfiguration.addViewInterceptor(viewMethod, new ImmediateInterceptorFactory(authorizationInterceptor), InterceptorOrder.View.EJB_SECURITY_AUTHORIZATION_INTERCEPTOR);