public boolean authorize(String ejbName, CodeSource ejbCodeSource, String ejbMethodIntf, Method ejbMethod, Set<Principal> methodRoles, String contextID) { final SecurityContext securityContext = doPrivileged(securityContext()); if (securityContext == null) { return false; } EJBResource resource = new EJBResource(new HashMap<String, Object>()); resource.setEjbName(ejbName); resource.setEjbMethod(ejbMethod); resource.setEjbMethodInterface(ejbMethodIntf); resource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles)); resource.setCodeSource(ejbCodeSource); resource.setPolicyContextID(contextID); resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs()); resource.setCallerSubject(securityContext.getUtil().getSubject()); Principal userPrincipal = securityContext.getUtil().getUserPrincipal(); resource.setPrincipal(userPrincipal); try { AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext); return helper.authorize(resource); } catch (Exception e) { throw new RuntimeException(e); } }
final EJBResource resource = new EJBResource(new HashMap<String, Object>()); resource.setEjbName(ejbName); resource.setPolicyContextID(policyContextID); resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs()); resource.setCallerSubject(securityContext.getUtil().getSubject()); Principal userPrincipal = securityContext.getUtil().getUserPrincipal(); resource.setPrincipal(userPrincipal); if (roleLinks != null) { final Set<SecurityRoleRef> roleRefs = new HashSet<SecurityRoleRef>(); resource.setSecurityRoleReferences(roleRefs);
public String toString() { StringBuffer buf = new StringBuffer(); buf.append("[").append(getClass().getName()).append(":contextMap=").append(map). append(",canonicalRequestURI=").append(this.canonicalRequestURI); /** Audit the request based on the audit flag */ if(!auditFlag.contains("off")) buf.append(",request=").append(deriveUsefulInfo()). append(",CodeSource=").append(this.codeSource). append("]"); return buf.toString(); }
this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK); this.callerRunAs = ejbResource.getCallerRunAsIdentity(); this.ejbMethod = ejbResource.getEjbMethod(); this.ejbName = ejbResource.getEjbName(); this.ejbPrincipal = ejbResource.getPrincipal(); this.methodInterface = ejbResource.getEjbMethodInterface(); this.methodRoles = ejbResource.getEjbMethodRoles(); this.securityRoleReferences = ejbResource.getSecurityRoleReferences(); this.ejbRestrictions = ejbResource.isEnforceEJBRestrictions();
throw new IllegalStateException("Policy Registration passed is null"); this.callerRunAs = ejbResource.getCallerRunAsIdentity(); this.ejbName = ejbResource.getEjbName(); this.ejbMethod = ejbResource.getEjbMethod(); this.ejbPrincipal = ejbResource.getPrincipal(); this.policyContextID = ejbResource.getPolicyContextID(); if(policyContextID == null) throw new IllegalStateException("Context ID is null"); this.securityRoleReferences = ejbResource.getSecurityRoleReferences();
/** * @see AuthorizationModuleDelegate#authorize(Resource) */ public int authorize(Resource resource, Subject callerSubject, RoleGroup role) { if(resource instanceof EJBResource == false) throw new IllegalArgumentException("resource is not an EJBResource"); EJBResource ejbResource = (EJBResource) resource; //Get the context map Map<String,Object> map = resource.getMap(); if(map == null) throw new IllegalStateException("Map from the Resource is null"); this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION); this.ejbCS = ejbResource.getCodeSource(); this.ejbMethod = ejbResource.getEjbMethod(); this.ejbName = ejbResource.getEjbName(); this.methodInterface = ejbResource.getEjbMethodInterface(); //isCallerInRole checks this.roleName = (String)map.get(ResourceKeys.ROLENAME); this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK); if(this.roleRefCheck == Boolean.TRUE) return checkRoleRef(callerSubject, role); else return process(callerSubject, role); }
request = (HttpServletRequest) webResource.getServletRequest(); webCS = webResource.getCodeSource(); this.canonicalRequestURI = webResource.getCanonicalRequestURI(); String servletName = webResource.getServletName(); Boolean resourceCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.RESOURCE_PERM_CHECK)); Boolean userDataCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.USERDATA_PERM_CHECK));
/** * Validate that the EJBResource has all the parameters to make a decision * @param ejbResource */ private void validateEJBResource( EJBResource ejbResource ) throws MissingArgumentsException { if( ejbResource.getEjbName() == null ) throw PicketBoxMessages.MESSAGES.invalidNullArgument("ejbName"); if( ejbResource.getEjbMethod() == null ) throw PicketBoxMessages.MESSAGES.invalidNullArgument("ejbMethod"); if( ejbResource.getCodeSource() == null ) throw PicketBoxMessages.MESSAGES.invalidNullArgument("ejbCodeSource"); if( ejbResource.getPolicyContextID() == null ) throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextID"); if( ejbResource.getCallerSubject() == null && ejbResource.getCallerRunAsIdentity() == null) throw new MissingArgumentsException(PicketBoxMessages.MESSAGES.missingCallerInfoMessage()); }
if( ejbResource.getEjbName() == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("ejbName"); if( ejbResource.getPolicyContextID() == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextID"); Subject callerSubject = ejbResource.getCallerSubject(); ejbResource.add( ResourceKeys.POLICY_REGISTRATION, this.policyRegistration ); ejbResource.add( ResourceKeys.ROLENAME, roleName ); ejbResource.add( ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
throw new IllegalStateException("Map from the Resource is size zero"); HttpServletRequest request = (HttpServletRequest)webResource.getServletRequest(); this.policyContextID = webResource.getPolicyContextID();
map.put("catalina.context", context); map.put("authorizationManager",authzManager); WebResource resource = new WebResource(map); try
Subject callerSubject = ejbResource.getCallerSubject(); ejbResource.add( ResourceKeys.POLICY_REGISTRATION, this.policyRegistration ); SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler( this.securityContext ); RoleGroup callerRoles = am.getSubjectRoles( callerSubject, sch );
public boolean authorize(String ejbName, CodeSource ejbCodeSource, String ejbMethodIntf, Method ejbMethod, Set<Principal> methodRoles, String contextID) { final SecurityContext securityContext = doPrivileged(securityContext()); if (securityContext == null) { return false; } EJBResource resource = new EJBResource(new HashMap<String, Object>()); resource.setEjbName(ejbName); resource.setEjbMethod(ejbMethod); resource.setEjbMethodInterface(ejbMethodIntf); resource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles)); resource.setCodeSource(ejbCodeSource); resource.setPolicyContextID(contextID); resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs()); resource.setCallerSubject(securityContext.getUtil().getSubject()); Principal userPrincipal = securityContext.getUtil().getUserPrincipal(); resource.setPrincipal(userPrincipal); try { AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext); return helper.authorize(resource); } catch (Exception e) { throw new RuntimeException(e); } }
this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK); this.callerRunAs = ejbResource.getCallerRunAsIdentity(); this.ejbMethod = ejbResource.getEjbMethod(); this.ejbName = ejbResource.getEjbName(); this.ejbPrincipal = ejbResource.getPrincipal(); this.methodInterface = ejbResource.getEjbMethodInterface(); this.methodRoles = ejbResource.getEjbMethodRoles(); this.securityRoleReferences = ejbResource.getSecurityRoleReferences(); this.ejbRestrictions = ejbResource.isEnforceEJBRestrictions();
throw PicketBoxMessages.MESSAGES.invalidNullProperty(ResourceKeys.POLICY_REGISTRATION); this.callerRunAs = ejbResource.getCallerRunAsIdentity(); this.ejbName = ejbResource.getEjbName(); this.ejbMethod = ejbResource.getEjbMethod(); this.ejbPrincipal = ejbResource.getPrincipal(); this.policyContextID = ejbResource.getPolicyContextID(); if(policyContextID == null) throw PicketBoxMessages.MESSAGES.invalidNullProperty("contextID"); this.securityRoleReferences = ejbResource.getSecurityRoleReferences();
this.ejbCS = ejbResource.getCodeSource(); this.ejbMethod = ejbResource.getEjbMethod(); this.ejbName = ejbResource.getEjbName(); this.methodInterface = ejbResource.getEjbMethodInterface(); RunAs runAs = ejbResource.getCallerRunAsIdentity(); if (runAs instanceof RunAsIdentity) this.callerRunAs = RunAsIdentity.class.cast(runAs);
request = (HttpServletRequest) webResource.getServletRequest(); webCS = webResource.getCodeSource(); this.canonicalRequestURI = webResource.getCanonicalRequestURI(); String servletName = webResource.getServletName(); Boolean resourceCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.RESOURCE_PERM_CHECK)); Boolean userDataCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.USERDATA_PERM_CHECK));
throw PicketBoxMessages.MESSAGES.invalidNullProperty("resourceMap"); HttpServletRequest request = (HttpServletRequest)webResource.getServletRequest(); this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION); if(this.policyRegistration == null) throw PicketBoxMessages.MESSAGES.invalidNullProperty("policyRegistration"); this.policyContextID = webResource.getPolicyContextID();
public String toString() { StringBuffer buf = new StringBuffer(); buf.append("[").append(getClass().getName()).append(":contextMap=").append(map). append(",canonicalRequestURI=").append(this.canonicalRequestURI); /** Audit the request based on the audit flag */ if(!auditFlag.contains("off")) buf.append(",request=").append(deriveUsefulInfo()). append(",CodeSource=").append(this.codeSource). append("]"); return buf.toString(); }
public boolean authorize(String ejbName, CodeSource ejbCodeSource, String ejbMethodIntf, Method ejbMethod, Set<Principal> methodRoles, String contextID) { final SecurityContext securityContext = doPrivileged(securityContext()); if (securityContext == null) { return false; } EJBResource resource = new EJBResource(new HashMap<String, Object>()); resource.setEjbName(ejbName); resource.setEjbMethod(ejbMethod); resource.setEjbMethodInterface(ejbMethodIntf); resource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles)); resource.setCodeSource(ejbCodeSource); resource.setPolicyContextID(contextID); resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs()); resource.setCallerSubject(securityContext.getUtil().getSubject()); Principal userPrincipal = securityContext.getUtil().getUserPrincipal(); resource.setPrincipal(userPrincipal); try { AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext); return helper.authorize(resource); } catch (Exception e) { throw new RuntimeException(e); } }