/** * <p> * Returns the method roles as a set of {@code Principal} instances. All roles specified in the method-permissions or * via {@code RolesAllowed} for this method are wrapped by a {@code SimplePrincipal}. If the method has been added to * the exclude-list or annotated with {@code DenyAll}, a NOBODY_PRINCIPAL is returned. If the method has been added * to the unchecked list or annotated with {@code PermitAll}, an ANYBODY_PRINCIPAL is returned. * </p> * * @return the constructed set of role principals. */ protected Set<Principal> getMethodRolesAsPrincipals() { Set<Principal> methodRoles = new HashSet<Principal>(); if (this.ejbMethodSecurityMetaData.isDenyAll()) methodRoles.add(NobodyPrincipal.NOBODY_PRINCIPAL); else if (this.ejbMethodSecurityMetaData.isPermitAll()) methodRoles.add(AnybodyPrincipal.ANYBODY_PRINCIPAL); else { for (String role : this.ejbMethodSecurityMetaData.getRolesAllowed()) methodRoles.add(new SimplePrincipal(role)); } return methodRoles; }
public static EJBMethodSecurityAttribute rolesAllowed(final Set<String> roles) { return new EJBMethodSecurityAttribute(false, false, roles); }
@Override protected void handleAnnotations(final DeploymentUnit deploymentUnit, final EEApplicationClasses applicationClasses, final DeploymentReflectionIndex deploymentReflectionIndex, final Class<?> componentClass, final EJBComponentDescription description) throws DeploymentUnitProcessingException { final RuntimeAnnotationInformation<Boolean> permitData = MethodAnnotationAggregator.runtimeAnnotationInformation(componentClass, applicationClasses, deploymentReflectionIndex, PermitAll.class); for (Map.Entry<String, List<Boolean>> entry : permitData.getClassAnnotations().entrySet()) { description.getAnnotationMethodPermissions().setAttribute(null, entry.getKey(), EJBMethodSecurityAttribute.permitAll()); } for (Map.Entry<Method, List<Boolean>> entry : permitData.getMethodAnnotations().entrySet()) { final Method method = entry.getKey(); description.getAnnotationMethodPermissions().setAttribute(null, EJBMethodSecurityAttribute.permitAll(), method.getDeclaringClass().getName(), method.getName(), MethodInfoHelper.getCanonicalParameterTypes(method)); } final RuntimeAnnotationInformation<String[]> data = MethodAnnotationAggregator.runtimeAnnotationInformation(componentClass, applicationClasses, deploymentReflectionIndex, RolesAllowed.class); for (Map.Entry<String, List<String[]>> entry : data.getClassAnnotations().entrySet()) { description.getAnnotationMethodPermissions().setAttribute(null, entry.getKey(), EJBMethodSecurityAttribute.rolesAllowed(new HashSet<String>(Arrays.<String>asList(entry.getValue().get(0))))); } for (Map.Entry<Method, List<String[]>> entry : data.getMethodAnnotations().entrySet()) { final Method method = entry.getKey(); description.getAnnotationMethodPermissions().setAttribute(null, EJBMethodSecurityAttribute.rolesAllowed(new HashSet<String>(Arrays.<String>asList(entry.getValue().get(0)))), method.getDeclaringClass().getName(), method.getName(), MethodInfoHelper.getCanonicalParameterTypes(method)); } final RuntimeAnnotationInformation<Boolean> denyData = MethodAnnotationAggregator.runtimeAnnotationInformation(componentClass, applicationClasses, deploymentReflectionIndex, DenyAll.class); for (Map.Entry<String, List<Boolean>> entry : denyData.getClassAnnotations().entrySet()) { description.getAnnotationMethodPermissions().setAttribute(null, entry.getKey(), EJBMethodSecurityAttribute.denyAll()); } for (Map.Entry<Method, List<Boolean>> entry : denyData.getMethodAnnotations().entrySet()) { final Method method = entry.getKey(); description.getAnnotationMethodPermissions().setAttribute(null, EJBMethodSecurityAttribute.denyAll(), method.getDeclaringClass().getName(), method.getName(), MethodInfoHelper.getCanonicalParameterTypes(method)); } }
private EJBMethodSecurityAttribute mergeExistingRoles(EJBMethodSecurityAttribute ejbMethodSecurityMetaData, final EJBMethodSecurityAttribute existingRoles) { if (existingRoles != null && !existingRoles.getRolesAllowed().isEmpty()) { final Set<String> roles = new HashSet<String>(existingRoles.getRolesAllowed()); roles.addAll(ejbMethodSecurityMetaData.getRolesAllowed()); ejbMethodSecurityMetaData = EJBMethodSecurityAttribute.rolesAllowed(roles); } return ejbMethodSecurityMetaData; } }
!ejbMethodSecurityMetaData.isDenyAll() && !ejbMethodSecurityMetaData.isPermitAll()) { rolesAllowed.addAll(attr.getRolesAllowed()); ejbMethodSecurityMetaData = EJBMethodSecurityAttribute.rolesAllowed(rolesAllowed); if (ejbMethodSecurityMetaData.isPermitAll()) { if (ejbMethodSecurityMetaData.isDenyAll()) { authorizationInterceptor = RolesAllowedInterceptor.DENY_ALL; } else { authorizationInterceptor = new JaccInterceptor(viewClassName, viewMethod); } else { authorizationInterceptor = new RolesAllowedInterceptor(ejbMethodSecurityMetaData.getRolesAllowed());
@Override public Set<String> getRolesAllowed() { return att.getRolesAllowed(); } };
@Override public boolean isPermitAll() { return att.isPermitAll(); }
@Override public boolean isDenyAll() { return att.isDenyAll(); }
ejbMethodSecurityMetaData = EJBMethodSecurityAttribute.permitAll(); } else { ejbMethodSecurityMetaData = EJBMethodSecurityAttribute.rolesAllowed(methodPermissionMetaData.getRoles());
private void handleExcludeMethods(final EJBComponentDescription componentDescription, final ExcludeListMetaData excludeList) { for (final MethodMetaData method : excludeList.getMethods()) { final String methodName = method.getMethodName(); final MethodIntf defaultMethodIntf = (componentDescription instanceof MessageDrivenComponentDescription) ? MethodIntf.MESSAGE_ENDPOINT : MethodIntf.BEAN; final MethodIntf methodIntf = this.getMethodIntf(method.getMethodIntf(), defaultMethodIntf); if (methodName.equals("*")) { componentDescription.getDescriptorMethodPermissions().setAttribute(methodIntf, null, EJBMethodSecurityAttribute.denyAll()); } else { final MethodParametersMetaData methodParams = method.getMethodParams(); // update the session bean description with the tx attribute info if (methodParams == null) { componentDescription.getDescriptorMethodPermissions().setAttribute(methodIntf, EJBMethodSecurityAttribute.denyAll(), methodName); } else { componentDescription.getDescriptorMethodPermissions().setAttribute(methodIntf, EJBMethodSecurityAttribute.denyAll(), null, methodName, this.getMethodParams(methodParams)); } } } }
!ejbMethodSecurityMetaData.isDenyAll() && !ejbMethodSecurityMetaData.isPermitAll()) { rolesAllowed.addAll(attr.getRolesAllowed()); ejbMethodSecurityMetaData = EJBMethodSecurityAttribute.rolesAllowed(rolesAllowed);
private EJBMethodSecurityAttribute mergeExistingRoles(EJBMethodSecurityAttribute ejbMethodSecurityMetaData, final EJBMethodSecurityAttribute existingRoles) { if (existingRoles != null && !existingRoles.getRolesAllowed().isEmpty()) { final Set<String> roles = new HashSet<String>(existingRoles.getRolesAllowed()); roles.addAll(ejbMethodSecurityMetaData.getRolesAllowed()); ejbMethodSecurityMetaData = EJBMethodSecurityAttribute.rolesAllowed(roles); } return ejbMethodSecurityMetaData; } }
@Override public Set<String> getRolesAllowed() { return att.getRolesAllowed(); } };
@Override public boolean isPermitAll() { return att.isPermitAll(); }
@Override public boolean isDenyAll() { return att.isDenyAll(); }
if (viewMethodSecurityAttributesServiceBuilder != null) { viewMethodSecurityAttributesServiceBuilder.addMethodSecurityMetadata(viewMethod, EJBMethodSecurityAttribute.denyAll()); viewConfiguration.addViewInterceptor(viewMethod, new ImmediateInterceptorFactory(RolesAllowedInterceptor.DENY_ALL), InterceptorOrder.View.EJB_SECURITY_AUTHORIZATION_INTERCEPTOR); } else { final Interceptor authorizationInterceptor = new AuthorizationInterceptor(EJBMethodSecurityAttribute.denyAll(), viewClassName, viewMethod, contextID); viewConfiguration.addViewInterceptor(viewMethod, new ImmediateInterceptorFactory(authorizationInterceptor), InterceptorOrder.View.EJB_SECURITY_AUTHORIZATION_INTERCEPTOR);
final EJBMethodPermission permission = new EJBMethodPermission(description.getEJBName(), methodIdentifier.getName(), interfaceType.name(), methodIdentifier.getParameterTypes()); if (ejbMethodSecurityMetaData.isPermitAll()) { ejbJaccConfig.addPermit(permission); if (ejbMethodSecurityMetaData.isDenyAll()) { ejbJaccConfig.addDeny(permission); for (String role : ejbMethodSecurityMetaData.getRolesAllowed()) { ejbJaccConfig.addRole(role, permission);
@Override protected void handleAnnotations(final DeploymentUnit deploymentUnit, final EEApplicationClasses applicationClasses, final DeploymentReflectionIndex deploymentReflectionIndex, final Class<?> componentClass, final EJBComponentDescription description) throws DeploymentUnitProcessingException { final RuntimeAnnotationInformation<Boolean> permitData = MethodAnnotationAggregator.runtimeAnnotationInformation(componentClass, applicationClasses, deploymentReflectionIndex, PermitAll.class); for (Map.Entry<String, List<Boolean>> entry : permitData.getClassAnnotations().entrySet()) { description.getAnnotationMethodPermissions().setAttribute(null, entry.getKey(), EJBMethodSecurityAttribute.permitAll()); } for (Map.Entry<Method, List<Boolean>> entry : permitData.getMethodAnnotations().entrySet()) { final Method method = entry.getKey(); final MethodIdentifier identifier = MethodIdentifier.getIdentifierForMethod(method); description.getAnnotationMethodPermissions().setAttribute(null, EJBMethodSecurityAttribute.permitAll(), method.getDeclaringClass().getName(), method.getName(), identifier.getParameterTypes()); } final RuntimeAnnotationInformation<String[]> data = MethodAnnotationAggregator.runtimeAnnotationInformation(componentClass, applicationClasses, deploymentReflectionIndex, RolesAllowed.class); for (Map.Entry<String, List<String[]>> entry : data.getClassAnnotations().entrySet()) { description.getAnnotationMethodPermissions().setAttribute(null, entry.getKey(), EJBMethodSecurityAttribute.rolesAllowed(new HashSet<String>(Arrays.<String>asList(entry.getValue().get(0))))); } for (Map.Entry<Method, List<String[]>> entry : data.getMethodAnnotations().entrySet()) { final Method method = entry.getKey(); final MethodIdentifier identifier = MethodIdentifier.getIdentifierForMethod(method); description.getAnnotationMethodPermissions().setAttribute(null, EJBMethodSecurityAttribute.rolesAllowed(new HashSet<String>(Arrays.<String>asList(entry.getValue().get(0)))), method.getDeclaringClass().getName(), method.getName(), identifier.getParameterTypes()); } final RuntimeAnnotationInformation<Boolean> denyData = MethodAnnotationAggregator.runtimeAnnotationInformation(componentClass, applicationClasses, deploymentReflectionIndex, DenyAll.class); for (Map.Entry<String, List<Boolean>> entry : denyData.getClassAnnotations().entrySet()) { description.getAnnotationMethodPermissions().setAttribute(null, entry.getKey(), EJBMethodSecurityAttribute.denyAll()); } for (Map.Entry<Method, List<Boolean>> entry : denyData.getMethodAnnotations().entrySet()) { final Method method = entry.getKey(); final MethodIdentifier identifier = MethodIdentifier.getIdentifierForMethod(method); description.getAnnotationMethodPermissions().setAttribute(null, EJBMethodSecurityAttribute.denyAll(), method.getDeclaringClass().getName(), method.getName(), identifier.getParameterTypes()); } }
for (final Method viewMethod : methodsWithoutExplicitSecurityConfiguration) { final Interceptor authorizationInterceptor = new AuthorizationInterceptor(EJBMethodSecurityAttribute.denyAll(), viewClassName, viewMethod, contextID); viewConfiguration.addViewInterceptor(viewMethod, new ImmediateInterceptorFactory(authorizationInterceptor), InterceptorOrder.View.EJB_SECURITY_AUTHORIZATION_INTERCEPTOR);
public static EJBMethodSecurityAttribute rolesAllowed(final Set<String> roles) { return new EJBMethodSecurityAttribute(false, false, roles); }