Public Member Functions | |
PermissionManager (DeploymentDesc ejbDeploymentDesc, String contextId) throws PermissionManagerException | |
void | translateEjbDeploymentDescriptor () throws PermissionManagerException |
void | translateEjbSecurityRoleRef () throws PermissionManagerException |
boolean | checkSecurity (String ejbName, EJBInvocation ejbInv, boolean inRunAs) |
boolean | isCallerInRole (String ejbName, String roleName, boolean inRunAs) |
Protected Member Functions | |
void | translateEjbMethodPermission () throws PermissionManagerException |
void | translateEjbExcludeList () throws PermissionManagerException |
void | resetDeploymentDesc () |
Definition at line 66 of file PermissionManager.java.
|
Default Constructor
Definition at line 79 of file PermissionManager.java. |
|
Here is the call graph for this function:
|
Test if the caller has a given role. EJBRoleRefPermission object must be created with ejbName and actions equal to roleName
Definition at line 307 of file PermissionManager.java. References org.objectweb.security.context.SecurityContext.getCallerPrincipalRoles(), and org.objectweb.security.context.SecurityCurrent.getSecurityContext(). Referenced by org.objectweb.jonas_ejb.container.JContext.isCallerInRole(). |
Here is the call graph for this function:
|
Reset Deployment Descriptor Definition at line 350 of file PermissionManager.java. |
|
3.1.5 Translating EJB Deployment Descriptors A reference to a PolicyConfiguration object must be obtained by calling the getPolicyConfiguration method on the PolicyConfigurationFactory implementation class of the provider configured into the container. The policy context identifier used in the call to getPolicyConfiguration must be a String that satisfies the requirements described in Section 3.1.4, EJB Policy Context Identifiers, on page 28. The value true must be passed as the second parameter in the call to getPolicyConfiguration to ensure that any and all policy statements are removed from the policy context associated with the returned PolicyConfiguration. The method-permission, exclude-list, and security-role-ref elements appearing in the deployment descriptor must be translated into permissions and added to the PolicyConfiguration object to yield an equivalent translation as that defined in the following sections and such that every EJB method for which the container performs pre-dispatch access decisions is implied by at least one permission resulting from the translation.
Definition at line 103 of file PermissionManager.java. References org.objectweb.jonas_ejb.container.PermissionManager.translateEjbExcludeList(), org.objectweb.jonas_ejb.container.PermissionManager.translateEjbMethodPermission(), and org.objectweb.jonas_ejb.container.PermissionManager.translateEjbSecurityRoleRef(). Referenced by org.objectweb.jonas.container.EJBServiceImpl.createContainer(). |
Here is the call graph for this function:
|
3.1.5.2 Translating the EJB exclude-list An EJBMethodPermission object must be created for each method element occurring in the exclude-list element of the deployment descriptor. The name and actions of each EJBMethodPermission must be established as described in Section 3.1.5.1, Translating EJB method-permission Elements. The deployment tools must use the addToExcludedPolicy method to add the EJBMethodPermission objects resulting from the translation of the exclude-list to the excluded policy statements of the PolicyConfiguration object.
Definition at line 167 of file PermissionManager.java. References org.objectweb.jonas_ejb.deployment.api.CommonMethodDesc.getEJBMethodPermissions(), and org.objectweb.jonas_ejb.deployment.api.DeploymentDesc.getExcludeListDesc(). Referenced by org.objectweb.jonas_ejb.container.PermissionManager.translateEjbDeploymentDescriptor(). |
Here is the call graph for this function:
|
3.1.5.1 Translating EJB method-permission Elements For each method element of each method-permission element, an EJBMethodPermission object translated from the method element must be added to the policy statements of the PolicyConfiguration object. The name of each such EJBMethodPermission object must be the ejb-name from the corresponding method element, and the actions must be established by translating the method element into a method specification according to the methodSpec syntax defined in the documentation of the EJBMethodPermission class. The actions translation must preserve the degree of specificity with respect to method-name, method-intf, and method-params inherent in the method element. If the method-permission element contains the unchecked element, then the deployment tools must call the addToUncheckedPolicy method to add the permissions resulting from the translation to the PolicyConfiguration object. Alternatively, if the method-permission element contains one or more role-name elements, then the deployment tools must call the addToRole method to add the permissions resulting from the translation to the corresponding roles of the PolicyConfiguration object.
Definition at line 130 of file PermissionManager.java. References org.objectweb.jonas_ejb.deployment.api.CommonMethodDesc.getEJBMethodPermissions(), org.objectweb.jonas_ejb.deployment.api.DeploymentDesc.getMethodPermissionsDescList(), org.objectweb.jonas_ejb.deployment.api.MethodPermissionDesc.getRoleNameList(), and org.objectweb.jonas_ejb.deployment.api.MethodPermissionDesc.isUnchecked(). Referenced by org.objectweb.jonas_ejb.container.PermissionManager.translateEjbDeploymentDescriptor(). |
Here is the call graph for this function:
|
3.1.5.3 Translating EJB security-role-ref Elements For each security-role-ref element appearing in the deployment descriptor, a corresponding EJBRoleRefPermission must be created. The name of each EJBRoleRefPermission must be obtained as described for EJBMethodPermission objects. The actions used to construct the permission must be the value of the role-name (that is the reference), appearing in the security-role-ref. The deployment tools must call the addToRole method on the PolicyConfiguration object to add a policy statement corresponding to the EJBRoleRefPermission to the role identified in the rolelink appearing in the security-role-ref.
Definition at line 194 of file PermissionManager.java. References org.objectweb.jonas_ejb.deployment.api.DeploymentDesc.getBeanDescIterator(), org.objectweb.jonas_lib.deployment.api.SecurityRoleRefDesc.getEJBRoleRefPermission(), org.objectweb.jonas_lib.deployment.api.SecurityRoleRefDesc.getRoleLink(), and org.objectweb.jonas_ejb.deployment.api.BeanDesc.getSecurityRoleRefDescList(). Referenced by org.objectweb.jonas_ejb.container.PermissionManager.translateEjbDeploymentDescriptor(). |
Here is the call graph for this function: