@Override public Object processInvocation(final InterceptorContext context) throws Exception { if ((context.getMethod().getName().equals("equals")) || context.getMethod().getName().equals("isIdentical")) { final Object other = context.getParameters()[0]; if (other == null) { return false; } final Class<?> proxyType = componentView.getProxyClass(); return proxyType.isAssignableFrom(other.getClass()); } else if (context.getMethod().getName().equals("hashCode")) { //use the identity of the component view as a hash code return componentView.hashCode(); } else { return context.proceed(); } } }
@Override public ProtectionDomain run() { if (!securityManager.authorize(ejbComponent.getComponentName(), componentView.getProxyClass().getProtectionDomain().getCodeSource(), methodIntfType.name(), AuthorizationInterceptor.this.viewMethod, AuthorizationInterceptor.this.getMethodRolesAsPrincipals(), AuthorizationInterceptor.this.contextID)) { throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(invokedMethod,ejbComponent.getComponentName()); } return null; } });
@Override public Object processInvocation(final InterceptorContext context) throws Exception { if (context.getMethod().getName().equals("equals") || context.getMethod().getName().equals("isIdentical")) { final Object other = context.getParameters()[0]; final ComponentView componentView = context.getPrivateData(ComponentView.class); final Class<?> proxyType = componentView.getProxyClass(); final SessionID sessionId = context.getPrivateData(SessionID.class); if( proxyType.isAssignableFrom(other.getClass())) { //now we know that this is an ejb for the correct component view //as digging out the session id from the proxy object is not really //a viable option, we invoke equals() for the other instance with a //SessionIdHolder as the other side return other.equals(new SessionIdHolder(sessionId)); } else if(other instanceof SessionIdHolder) { return sessionId.equals( ((SessionIdHolder)other).sessionId); } else { return false; } } else if (context.getMethod().getName().equals("hashCode")) { final SessionID sessionId = context.getPrivateData(SessionID.class); //use the identity of the component view as a hash code return sessionId.hashCode(); } else { return context.proceed(); } }
private void hasPermission(EJBComponent ejbComponent, ComponentView componentView, Method method, SecurityIdentity securityIdentity) { MethodInterfaceType methodIntfType = getMethodInterfaceType(componentView.getPrivateData(MethodIntf.class)); EJBMethodPermission permission = createEjbMethodPermission(method, ejbComponent, methodIntfType); ProtectionDomain domain = new ProtectionDomain (componentView.getProxyClass().getProtectionDomain().getCodeSource(), null, null, getGrantedRoles(securityIdentity)); Policy policy = WildFlySecurityManager.isChecking() ? doPrivileged((PrivilegedAction<Policy>) Policy::getPolicy) : Policy.getPolicy(); if (!policy.implies(domain, permission)) { throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(method,ejbComponent.getComponentName()); } }
if (!securityManager.authorize(ejbComponent.getComponentName(), componentView.getProxyClass().getProtectionDomain().getCodeSource(), methodIntfType.name(), this.viewMethod, this.getMethodRolesAsPrincipals(), this.contextID)) { throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(invokedMethod,ejbComponent.getComponentName());
@Override public Object processInvocation(final InterceptorContext context) throws Exception { if ((context.getMethod().getName().equals("equals")) || context.getMethod().getName().equals("isIdentical")) { final Object other = context.getParameters()[0]; if (other == null) { return false; } final Class<?> proxyType = componentView.getProxyClass(); return proxyType.isAssignableFrom(other.getClass()); } else if (context.getMethod().getName().equals("hashCode")) { //use the identity of the component view as a hash code return componentView.hashCode(); } else { return context.proceed(); } } }
@Override public Object processInvocation(final InterceptorContext context) throws Exception { if (context.getMethod().getName().equals("equals") || context.getMethod().getName().equals("isIdentical")) { final Object other = context.getParameters()[0]; final Class<?> proxyType = componentView.getProxyClass(); if( proxyType.isAssignableFrom(other.getClass())) { //now we know that this is an ejb for the correct component view //as digging out the session id from the proxy object is not really //a viable option, we invoke equals() for the other instance with a //SessionIdHolder as the other side return other.equals(new SessionIdHolder(sessionIdReference.get())); } else if(other instanceof SessionIdHolder) { return sessionIdReference.get().equals( ((SessionIdHolder)other).sessionId); } else { return false; } } else if (context.getMethod().getName().equals("hashCode")) { //use the identity of the component view as a hash code return sessionIdReference.get().hashCode(); } else { return context.proceed(); } }
public Object processInvocation(final InterceptorContext context) throws Exception { final Object primaryKey = context.getPrivateData(EntityBeanComponent.PRIMARY_KEY_CONTEXT_KEY); if (context.getMethod().getName().equals("equals") && context.getParameters().length == 1 && context.getMethod().getParameterTypes()[0] == Object.class) { final Object other = context.getParameters()[0]; final Class<?> proxyType = componentView.getProxyClass(); if( proxyType.isAssignableFrom(other.getClass())) { //now we know that this is an ejb for the correct component view //as digging out the session id from the proxy object is not really //a viable option, we invoke equals() for the other instance with a //PrimaryKeyHolder as the other side return other.equals(new PrimaryKeyHolder(primaryKey)); } else if(other instanceof PrimaryKeyHolder) { return primaryKey.equals(((PrimaryKeyHolder) other).primaryKey); } else { return false; } } else if (context.getMethod().getName().equals("hashCode")) { //use the identity of the component view as a hash code return primaryKey.hashCode(); } else { return context.proceed(); } } }
@Override public Object processInvocation(InterceptorContext context) throws Exception { final Component component = context.getPrivateData(Component.class); if (component instanceof EJBComponent == false) { throw MESSAGES.unexpectedComponent(component,EJBComponent.class); } final Method invokedMethod = context.getMethod(); final ComponentView componentView = context.getPrivateData(ComponentView.class); final String viewClassOfInvokedMethod = componentView.getViewClass().getName(); // shouldn't really happen if the interceptor was setup correctly. But let's be safe and do a check if (!this.viewClassName.equals(viewClassOfInvokedMethod) || !this.viewMethod.equals(invokedMethod)) { throw MESSAGES.failProcessInvocation(this.getClass().getName(), invokedMethod,viewClassOfInvokedMethod, viewMethod, viewClassName); } final EJBComponent ejbComponent = (EJBComponent) component; final ServerSecurityManager securityManager = ejbComponent.getSecurityManager(); final MethodInterfaceType methodIntfType = this.getMethodInterfaceType(componentView.getPrivateData(MethodIntf.class)); // set the JACC contextID before calling the security manager. final String previousContextID = setContextID(this.contextID); try { if (!securityManager.authorize(ejbComponent.getComponentName(), componentView.getProxyClass().getProtectionDomain().getCodeSource(), methodIntfType.name(), this.viewMethod, this.getMethodRolesAsPrincipals(), this.contextID)) throw MESSAGES.invocationOfMethodNotAllowed(invokedMethod,ejbComponent.getComponentName()); } finally { // reset the previous JACC contextID. setContextID(previousContextID); } // successful authorization, let the invocation proceed return context.proceed(); }