private void validateResource(Resource resource) { if(resource == null) throw new IllegalArgumentException("resource is null"); if(resource.getMap() == null) throw new IllegalArgumentException("resource has null context map"); }
/** * Subclasses can use this method to leave the authorization * decision to the delegate configured */ protected int invokeDelegate(Resource resource) { int authorizationDecision = AuthorizationContext.DENY; ResourceType layer = resource.getLayer(); String delegateStr = (String)delegateMap.get(layer); if(delegateStr == null) throw new IllegalStateException("Delegate is missing for layer="+layer); AuthorizationModuleDelegate delegate = null; try { delegate = getDelegate(delegateStr); authorizationDecision = delegate.authorize(resource,this.subject, this.role); } catch(Exception e) { log.debug("Error with delegate:",e); IllegalStateException ise = new IllegalStateException(e.getLocalizedMessage()); ise.initCause(e); throw ise; } return authorizationDecision; }
/** * Authorize the Resource * @param resource * @return AuthorizationContext.PERMIT or AuthorizationContext.DENY * @throws AuthorizationException */ public int authorize(final Resource resource) throws AuthorizationException { return this.authorize(resource, this.authenticatedSubject, (RoleGroup) resource.getMap().get( ResourceKeys.SECURITY_CONTEXT_ROLES)); }
private ACLInfo getACLInfo(String domainName, Resource resource) { ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy(domainName); if (aPolicy == null) { if (trace) log.trace("Application Policy not obtained for domain=" + domainName + ". Trying to obtain the App policy for the default domain of the layer:"); aPolicy = SecurityConfiguration.getApplicationPolicy(resource.getLayer().name()); } if (aPolicy == null) throw new IllegalStateException("Application Policy is null for domain:" + domainName); return aPolicy.getAclInfo(); }
/** * Authorize the Resource * @param resource * @return AuthorizationContext.PERMIT or AuthorizationContext.DENY * @throws AuthorizationException */ public int authorize(final Resource resource) throws AuthorizationException { return this.authorize(resource, this.authenticatedSubject, (RoleGroup)resource.getMap().get(ResourceKeys.SECURITY_CONTEXT_ROLES)); }
/** * Subclasses can use this method to leave the authorization * decision to the delegate configured */ protected int invokeDelegate(Resource resource) { int authorizationDecision = AuthorizationContext.DENY; ResourceType layer = resource.getLayer(); String delegateStr = (String)delegateMap.get(layer); if(delegateStr == null) throw PicketBoxMessages.MESSAGES.missingDelegateForLayer(layer != null ? layer.toString() : null); AuthorizationModuleDelegate delegate = null; try { delegate = getDelegate(delegateStr); authorizationDecision = delegate.authorize(resource,this.subject, this.role); } catch(Exception e) { IllegalStateException ise = new IllegalStateException(e.getLocalizedMessage()); ise.initCause(e); throw ise; } return authorizationDecision; }
private void validateResource(Resource resource) { if(resource == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("resource"); if(resource.getMap() == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("resource.contextMap"); }
private AuthorizationInfo getAuthorizationInfo(String domainName, Resource resource) ResourceType layer = resource.getLayer();
protected void authorizationAudit(String level, Resource resource, Exception e) { if(securityContext.getAuditManager() == null) return; Map<String, Object> contextualMap = resource.getMap(); Map<String,Object> auditContextMap = new HashMap<String,Object>(contextualMap.size() + 3); auditContextMap.putAll(contextualMap); auditContextMap.put("Resource:", resource); auditContextMap.put("Action", "authorization"); if (e != null) { //Authorization Exception stacktrace is huge. Scale it down //as the original stack trace can be seen in server.log (if needed) String exceptionMessage = e != null ? e.getLocalizedMessage() : ""; auditContextMap.put("Exception:", exceptionMessage); } if (e instanceof AuthorizationException) { // changing level of audit, since in case of AuthorizationException it is FAILURE audit(AuditLevel.FAILURE, auditContextMap, null); } else { audit(level, auditContextMap, null); } }
private AuthorizationInfo getAuthorizationInfo(String domainName, Resource resource) { ResourceType layer = resource.getLayer(); //Check if an instance of ApplicationPolicy is available if (this.applicationPolicy != null) return applicationPolicy.getAuthorizationInfo(); ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy(domainName); if (aPolicy == null) { if (layer == ResourceType.EJB) aPolicy = SecurityConfiguration.getApplicationPolicy(EJB); else if (layer == ResourceType.WEB) aPolicy = SecurityConfiguration.getApplicationPolicy(WEB); } if (aPolicy == null) throw PicketBoxMessages.MESSAGES.failedToObtainApplicationPolicy(domainName); AuthorizationInfo ai = aPolicy.getAuthorizationInfo(); if (ai == null) return getAuthorizationInfo(layer); else return aPolicy.getAuthorizationInfo(); }
protected void authorizationAudit(String level, Resource resource, Exception e) { if(securityContext.getAuditManager() == null) return; Map<String, Object> contextualMap = resource.getMap(); Map<String,Object> auditContextMap = new HashMap<String,Object>(contextualMap.size() + 3); auditContextMap.putAll(contextualMap); auditContextMap.put("Resource:", resource); auditContextMap.put("Action", "authorization"); if (e != null) { //Authorization Exception stacktrace is huge. Scale it down //as the original stack trace can be seen in server.log (if needed) String exceptionMessage = e != null ? e.getLocalizedMessage() : ""; auditContextMap.put("Exception:", exceptionMessage); } if (e instanceof AuthorizationException) { // changing level of audit, since in case of AuthorizationException it is FAILURE audit(AuditLevel.FAILURE, auditContextMap, null); } else { audit(level, auditContextMap, null); } }
protected void authorizationAudit(String level, Resource resource, Exception e) { if(securityContext.getAuditManager() == null) return; Map<String, Object> contextualMap = resource.getMap(); Map<String,Object> auditContextMap = new HashMap<String,Object>(contextualMap.size() + 3); auditContextMap.putAll(contextualMap); auditContextMap.put("Resource:", resource); auditContextMap.put("Action", "authorization"); if (e != null) { //Authorization Exception stacktrace is huge. Scale it down //as the original stack trace can be seen in server.log (if needed) String exceptionMessage = e != null ? e.getLocalizedMessage() : ""; auditContextMap.put("Exception:", exceptionMessage); } if (e instanceof AuthorizationException) { // changing level of audit, since in case of AuthorizationException it is FAILURE audit(AuditLevel.FAILURE, auditContextMap, null); } else { audit(level, auditContextMap, null); } }
Map<String,Object> map = resource.getMap(); if(map == null) throw new IllegalStateException("Map from the Resource is null");
/** * <p> * Retrieves the ACL that is to be used to perform authorization decisions on the specified resource. If an ACL * for the specified resource can be located by the strategy, this will be the returned ACL. On the other hand, * if no ACL can be located for the resource then the method verifies if the {@code checkParentACL} property has * been set: * <ol> * <li>if {@code checkParentACL} is true, then check if the resource has a parent resource and try to locate an * ACL for the parent resource recursively. The idea here is that child resources "inherit" the permissions from * the parent resources (instead of providing an ACL that would be a copy of the parent ACL).</li> * <li>if {@code checkParentACL} is false, then {@code null} is returned.</li> * </ol> * * </p> * * @param resource the {@code Resource} that is the target of the authorization decision. * @return the {@code ACL} that is to be used to perform authorization decisions on the resource; {@code null} if * no ACL can be found for the specified resource. */ private ACL retrieveACL(Resource resource) { ACL acl = this.strategy.getACL(resource); if (acl == null && this.checkParentACL) { Resource parent = (Resource) resource.getMap().get(ResourceKeys.PARENT_RESOURCE); if (parent != null) acl = retrieveACL(parent); } return acl; }
/** * <p> * Retrieves the ACL that is to be used to perform authorization decisions on the specified resource. If an ACL * for the specified resource can be located by the strategy, this will be the returned ACL. On the other hand, * if no ACL can be located for the resource then the method verifies if the {@code checkParentACL} property has * been set: * <ol> * <li>if {@code checkParentACL} is true, then check if the resource has a parent resource and try to locate an * ACL for the parent resource recursively. The idea here is that child resources "inherit" the permissions from * the parent resources (instead of providing an ACL that would be a copy of the parent ACL).</li> * <li>if {@code checkParentACL} is false, then {@code null} is returned.</li> * </ol> * * </p> * * @param resource the {@code Resource} that is the target of the authorization decision. * @return the {@code ACL} that is to be used to perform authorization decisions on the resource; {@code null} if * no ACL can be found for the specified resource. */ private ACL retrieveACL(Resource resource) { ACL acl = this.strategy.getACL(resource); if (acl == null && this.checkParentACL) { Resource parent = (Resource) resource.getMap().get(ResourceKeys.PARENT_RESOURCE); if (parent != null) acl = retrieveACL(parent); } return acl; }
/** * @see AuthorizationModuleDelegate#authorize(Resource) */ public int authorize(Resource resource, Subject callerSubject, RoleGroup role) { if(resource instanceof EJBResource == false) throw new IllegalArgumentException("resource is not an EJBResource"); EJBResource ejbResource = (EJBResource) resource; //Get the context map Map<String,Object> map = resource.getMap(); if(map == null) throw new IllegalStateException("Map from the Resource is null"); this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION); this.ejbCS = ejbResource.getCodeSource(); this.ejbMethod = ejbResource.getEjbMethod(); this.ejbName = ejbResource.getEjbName(); this.methodInterface = ejbResource.getEjbMethodInterface(); //isCallerInRole checks this.roleName = (String)map.get(ResourceKeys.ROLENAME); this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK); if(this.roleRefCheck == Boolean.TRUE) return checkRoleRef(callerSubject, role); else return process(callerSubject, role); }
Map<String,Object> map = resource.getMap(); if(map == null) throw new IllegalStateException("Map from the Resource is null");
Map<String,Object> map = resource.getMap(); if(map == null) throw PicketBoxMessages.MESSAGES.invalidNullProperty("resourceMap");
Map<String,Object> map = resource.getMap(); if(map == null) throw new IllegalStateException("Map from the Resource is null");
Map<String,Object> map = resource.getMap(); if(map == null) throw new IllegalStateException("Map from the Resource is null");