private void validateResource(Resource resource) { if(resource == null) throw new IllegalArgumentException("resource is null"); if(resource.getMap() == null) throw new IllegalArgumentException("resource has null context map"); }
/** * Authorize the Resource * @param resource * @return AuthorizationContext.PERMIT or AuthorizationContext.DENY * @throws AuthorizationException */ public int authorize(final Resource resource) throws AuthorizationException { return this.authorize(resource, this.authenticatedSubject, (RoleGroup) resource.getMap().get( ResourceKeys.SECURITY_CONTEXT_ROLES)); }
/** * Authorize the Resource * @param resource * @return AuthorizationContext.PERMIT or AuthorizationContext.DENY * @throws AuthorizationException */ public int authorize(final Resource resource) throws AuthorizationException { return this.authorize(resource, this.authenticatedSubject, (RoleGroup)resource.getMap().get(ResourceKeys.SECURITY_CONTEXT_ROLES)); }
private void validateResource(Resource resource) { if(resource == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("resource"); if(resource.getMap() == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("resource.contextMap"); }
protected void authorizationAudit(String level, Resource resource, Exception e) { if(securityContext.getAuditManager() == null) return; Map<String, Object> contextualMap = resource.getMap(); Map<String,Object> auditContextMap = new HashMap<String,Object>(contextualMap.size() + 3); auditContextMap.putAll(contextualMap); auditContextMap.put("Resource:", resource); auditContextMap.put("Action", "authorization"); if (e != null) { //Authorization Exception stacktrace is huge. Scale it down //as the original stack trace can be seen in server.log (if needed) String exceptionMessage = e != null ? e.getLocalizedMessage() : ""; auditContextMap.put("Exception:", exceptionMessage); } if (e instanceof AuthorizationException) { // changing level of audit, since in case of AuthorizationException it is FAILURE audit(AuditLevel.FAILURE, auditContextMap, null); } else { audit(level, auditContextMap, null); } }
protected void authorizationAudit(String level, Resource resource, Exception e) { if(securityContext.getAuditManager() == null) return; Map<String, Object> contextualMap = resource.getMap(); Map<String,Object> auditContextMap = new HashMap<String,Object>(contextualMap.size() + 3); auditContextMap.putAll(contextualMap); auditContextMap.put("Resource:", resource); auditContextMap.put("Action", "authorization"); if (e != null) { //Authorization Exception stacktrace is huge. Scale it down //as the original stack trace can be seen in server.log (if needed) String exceptionMessage = e != null ? e.getLocalizedMessage() : ""; auditContextMap.put("Exception:", exceptionMessage); } if (e instanceof AuthorizationException) { // changing level of audit, since in case of AuthorizationException it is FAILURE audit(AuditLevel.FAILURE, auditContextMap, null); } else { audit(level, auditContextMap, null); } }
protected void authorizationAudit(String level, Resource resource, Exception e) { if(securityContext.getAuditManager() == null) return; Map<String, Object> contextualMap = resource.getMap(); Map<String,Object> auditContextMap = new HashMap<String,Object>(contextualMap.size() + 3); auditContextMap.putAll(contextualMap); auditContextMap.put("Resource:", resource); auditContextMap.put("Action", "authorization"); if (e != null) { //Authorization Exception stacktrace is huge. Scale it down //as the original stack trace can be seen in server.log (if needed) String exceptionMessage = e != null ? e.getLocalizedMessage() : ""; auditContextMap.put("Exception:", exceptionMessage); } if (e instanceof AuthorizationException) { // changing level of audit, since in case of AuthorizationException it is FAILURE audit(AuditLevel.FAILURE, auditContextMap, null); } else { audit(level, auditContextMap, null); } }
Map<String,Object> map = resource.getMap(); if(map == null) throw new IllegalStateException("Map from the Resource is null");
/** * <p> * Retrieves the ACL that is to be used to perform authorization decisions on the specified resource. If an ACL * for the specified resource can be located by the strategy, this will be the returned ACL. On the other hand, * if no ACL can be located for the resource then the method verifies if the {@code checkParentACL} property has * been set: * <ol> * <li>if {@code checkParentACL} is true, then check if the resource has a parent resource and try to locate an * ACL for the parent resource recursively. The idea here is that child resources "inherit" the permissions from * the parent resources (instead of providing an ACL that would be a copy of the parent ACL).</li> * <li>if {@code checkParentACL} is false, then {@code null} is returned.</li> * </ol> * * </p> * * @param resource the {@code Resource} that is the target of the authorization decision. * @return the {@code ACL} that is to be used to perform authorization decisions on the resource; {@code null} if * no ACL can be found for the specified resource. */ private ACL retrieveACL(Resource resource) { ACL acl = this.strategy.getACL(resource); if (acl == null && this.checkParentACL) { Resource parent = (Resource) resource.getMap().get(ResourceKeys.PARENT_RESOURCE); if (parent != null) acl = retrieveACL(parent); } return acl; }
/** * <p> * Retrieves the ACL that is to be used to perform authorization decisions on the specified resource. If an ACL * for the specified resource can be located by the strategy, this will be the returned ACL. On the other hand, * if no ACL can be located for the resource then the method verifies if the {@code checkParentACL} property has * been set: * <ol> * <li>if {@code checkParentACL} is true, then check if the resource has a parent resource and try to locate an * ACL for the parent resource recursively. The idea here is that child resources "inherit" the permissions from * the parent resources (instead of providing an ACL that would be a copy of the parent ACL).</li> * <li>if {@code checkParentACL} is false, then {@code null} is returned.</li> * </ol> * * </p> * * @param resource the {@code Resource} that is the target of the authorization decision. * @return the {@code ACL} that is to be used to perform authorization decisions on the resource; {@code null} if * no ACL can be found for the specified resource. */ private ACL retrieveACL(Resource resource) { ACL acl = this.strategy.getACL(resource); if (acl == null && this.checkParentACL) { Resource parent = (Resource) resource.getMap().get(ResourceKeys.PARENT_RESOURCE); if (parent != null) acl = retrieveACL(parent); } return acl; }
/** * @see AuthorizationModuleDelegate#authorize(Resource) */ public int authorize(Resource resource, Subject callerSubject, RoleGroup role) { if(resource instanceof EJBResource == false) throw new IllegalArgumentException("resource is not an EJBResource"); EJBResource ejbResource = (EJBResource) resource; //Get the context map Map<String,Object> map = resource.getMap(); if(map == null) throw new IllegalStateException("Map from the Resource is null"); this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION); this.ejbCS = ejbResource.getCodeSource(); this.ejbMethod = ejbResource.getEjbMethod(); this.ejbName = ejbResource.getEjbName(); this.methodInterface = ejbResource.getEjbMethodInterface(); //isCallerInRole checks this.roleName = (String)map.get(ResourceKeys.ROLENAME); this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK); if(this.roleRefCheck == Boolean.TRUE) return checkRoleRef(callerSubject, role); else return process(callerSubject, role); }
Map<String,Object> map = resource.getMap(); if(map == null) throw new IllegalStateException("Map from the Resource is null");
Map<String,Object> map = resource.getMap(); if(map == null) throw PicketBoxMessages.MESSAGES.invalidNullProperty("resourceMap");
Map<String,Object> map = resource.getMap(); if(map == null) throw new IllegalStateException("Map from the Resource is null");
Map<String,Object> map = resource.getMap(); if(map == null) throw new IllegalStateException("Map from the Resource is null");
Map<String,Object> map = resource.getMap(); if(map == null) throw PicketBoxMessages.MESSAGES.invalidNullProperty("resourceMap");
Resource parent = (Resource) resource.getMap().get(ResourceKeys.PARENT_RESOURCE); if (parent != null) return getInitialPermissions(parent, identityName);
Resource parent = (Resource) resource.getMap().get(ResourceKeys.PARENT_RESOURCE); if (parent != null) return getInitialPermissions(parent, identityName);
Map<String,Object> map = resource.getMap(); if(map == null) throw PicketBoxMessages.MESSAGES.invalidNullProperty("resourceMap");
Map<String,Object> map = resource.getMap(); if(map == null) throw PicketBoxMessages.MESSAGES.invalidNullProperty("resourceMap");