Main Page | Packages | Class Hierarchy | Class List | File List | Class Members | Related Pages | Search for 

org.objectweb.jonas_ejb.container.PermissionManager Class Reference

List of all members.

Public Member Functions

 PermissionManager (DeploymentDesc ejbDeploymentDesc, String contextId) throws PermissionManagerException
void translateEjbDeploymentDescriptor () throws PermissionManagerException
void translateEjbSecurityRoleRef () throws PermissionManagerException
boolean checkSecurity (String ejbName, EJBInvocation ejbInv, boolean inRunAs)
boolean isCallerInRole (String ejbName, String roleName, boolean inRunAs)

Protected Member Functions

void translateEjbMethodPermission () throws PermissionManagerException
void translateEjbExcludeList () throws PermissionManagerException
void resetDeploymentDesc ()

Detailed Description

Defines a PermissionManager class which will manage JACC permissions for an ejbjar
Author:
Florent Benoit

Definition at line 66 of file PermissionManager.java.

Constructor & Destructor Documentation

org.objectweb.jonas_ejb.container.PermissionManager.PermissionManager DeploymentDesc  ejbDeploymentDesc,
String  contextId
throws PermissionManagerException
 

Default Constructor

Parameters:
ejbDeploymentDesc EJB deployment Descriptor
contextId context ID used for PolicyContext
Exceptions:
PermissionManagerException if permissions can't be set

Definition at line 79 of file PermissionManager.java.

Member Function Documentation

boolean org.objectweb.jonas_ejb.container.PermissionManager.checkSecurity String  ejbName,
EJBInvocation  ejbInv,
boolean  inRunAs
 

Check the security for a given EJB signature method and for an EJB

Parameters:
ejbName name of the EJB
ejbInv object containing security signature of the method, args of method, etc
inRunAs bean calling this method is running in run-as mode or not ?
Returns:
true if access to specific method is granted, else false.

Definition at line 225 of file PermissionManager.java.

References org.objectweb.jonas_ejb.lib.EJBInvocation.arguments, org.objectweb.jonas_ejb.lib.EJBInvocation.bean, org.objectweb.security.context.SecurityContext.getCallerPrincipalRoles(), org.objectweb.security.context.SecurityCurrent.getSecurityContext(), org.objectweb.jonas_ejb.lib.EJBInvocation.methodPermissionSignature, org.objectweb.security.context.SecurityContext.peekRunAsPrincipalRoles(), org.objectweb.security.context.SecurityContext.peekRunAsRole(), org.objectweb.jonas.security.jacc.JPolicyContextHandlerData.setEjbArguments(), and org.objectweb.jonas.security.jacc.JPolicyContextHandlerData.setProcessingBean().

Referenced by org.objectweb.jonas_ejb.container.JContainer.checkSecurity().

Here is the call graph for this function:

boolean org.objectweb.jonas_ejb.container.PermissionManager.isCallerInRole String  ejbName,
String  roleName,
boolean  inRunAs
 

Test if the caller has a given role. EJBRoleRefPermission object must be created with ejbName and actions equal to roleName

See also:
section 4.3.2 of JACC
Parameters:
ejbName The name of the EJB on wich look role
roleName The name of the security role. The role must be one of the security-role-ref that is defined in the deployment descriptor.
inRunAs bean calling this method is running in run-as mode or not ?
Returns:
True if the caller has the specified role.

Definition at line 307 of file PermissionManager.java.

References org.objectweb.security.context.SecurityContext.getCallerPrincipalRoles(), and org.objectweb.security.context.SecurityCurrent.getSecurityContext().

Referenced by org.objectweb.jonas_ejb.container.JContext.isCallerInRole().

Here is the call graph for this function:

void org.objectweb.jonas_ejb.container.PermissionManager.resetDeploymentDesc  )  [protected]
 

Reset Deployment Descriptor

Definition at line 350 of file PermissionManager.java.

void org.objectweb.jonas_ejb.container.PermissionManager.translateEjbDeploymentDescriptor  )  throws PermissionManagerException
 

3.1.5 Translating EJB Deployment Descriptors A reference to a PolicyConfiguration object must be obtained by calling the getPolicyConfiguration method on the PolicyConfigurationFactory implementation class of the provider configured into the container. The policy context identifier used in the call to getPolicyConfiguration must be a String that satisfies the requirements described in Section 3.1.4, EJB Policy Context Identifiers, on page 28. The value true must be passed as the second parameter in the call to getPolicyConfiguration to ensure that any and all policy statements are removed from the policy context associated with the returned PolicyConfiguration. The method-permission, exclude-list, and security-role-ref elements appearing in the deployment descriptor must be translated into permissions and added to the PolicyConfiguration object to yield an equivalent translation as that defined in the following sections and such that every EJB method for which the container performs pre-dispatch access decisions is implied by at least one permission resulting from the translation.

Exceptions:
PermissionManagerException if permissions can't be set

Definition at line 103 of file PermissionManager.java.

References org.objectweb.jonas_ejb.container.PermissionManager.translateEjbExcludeList(), org.objectweb.jonas_ejb.container.PermissionManager.translateEjbMethodPermission(), and org.objectweb.jonas_ejb.container.PermissionManager.translateEjbSecurityRoleRef().

Referenced by org.objectweb.jonas.container.EJBServiceImpl.createContainer().

Here is the call graph for this function:

void org.objectweb.jonas_ejb.container.PermissionManager.translateEjbExcludeList  )  throws PermissionManagerException [protected]
 

3.1.5.2 Translating the EJB exclude-list An EJBMethodPermission object must be created for each method element occurring in the exclude-list element of the deployment descriptor. The name and actions of each EJBMethodPermission must be established as described in Section 3.1.5.1, Translating EJB method-permission Elements. The deployment tools must use the addToExcludedPolicy method to add the EJBMethodPermission objects resulting from the translation of the exclude-list to the excluded policy statements of the PolicyConfiguration object.

Exceptions:
PermissionManagerException if permissions can't be set

Definition at line 167 of file PermissionManager.java.

References org.objectweb.jonas_ejb.deployment.api.CommonMethodDesc.getEJBMethodPermissions(), and org.objectweb.jonas_ejb.deployment.api.DeploymentDesc.getExcludeListDesc().

Referenced by org.objectweb.jonas_ejb.container.PermissionManager.translateEjbDeploymentDescriptor().

Here is the call graph for this function:

void org.objectweb.jonas_ejb.container.PermissionManager.translateEjbMethodPermission  )  throws PermissionManagerException [protected]
 

3.1.5.1 Translating EJB method-permission Elements For each method element of each method-permission element, an EJBMethodPermission object translated from the method element must be added to the policy statements of the PolicyConfiguration object. The name of each such EJBMethodPermission object must be the ejb-name from the corresponding method element, and the actions must be established by translating the method element into a method specification according to the methodSpec syntax defined in the documentation of the EJBMethodPermission class. The actions translation must preserve the degree of specificity with respect to method-name, method-intf, and method-params inherent in the method element. If the method-permission element contains the unchecked element, then the deployment tools must call the addToUncheckedPolicy method to add the permissions resulting from the translation to the PolicyConfiguration object. Alternatively, if the method-permission element contains one or more role-name elements, then the deployment tools must call the addToRole method to add the permissions resulting from the translation to the corresponding roles of the PolicyConfiguration object.

Exceptions:
PermissionManagerException if permissions can't be set

Definition at line 130 of file PermissionManager.java.

References org.objectweb.jonas_ejb.deployment.api.CommonMethodDesc.getEJBMethodPermissions(), org.objectweb.jonas_ejb.deployment.api.DeploymentDesc.getMethodPermissionsDescList(), org.objectweb.jonas_ejb.deployment.api.MethodPermissionDesc.getRoleNameList(), and org.objectweb.jonas_ejb.deployment.api.MethodPermissionDesc.isUnchecked().

Referenced by org.objectweb.jonas_ejb.container.PermissionManager.translateEjbDeploymentDescriptor().

Here is the call graph for this function:

void org.objectweb.jonas_ejb.container.PermissionManager.translateEjbSecurityRoleRef  )  throws PermissionManagerException
 

3.1.5.3 Translating EJB security-role-ref Elements For each security-role-ref element appearing in the deployment descriptor, a corresponding EJBRoleRefPermission must be created. The name of each EJBRoleRefPermission must be obtained as described for EJBMethodPermission objects. The actions used to construct the permission must be the value of the role-name (that is the reference), appearing in the security-role-ref. The deployment tools must call the addToRole method on the PolicyConfiguration object to add a policy statement corresponding to the EJBRoleRefPermission to the role identified in the rolelink appearing in the security-role-ref.

Exceptions:
PermissionManagerException if permissions can't be set

Definition at line 194 of file PermissionManager.java.

References org.objectweb.jonas_ejb.deployment.api.DeploymentDesc.getBeanDescIterator(), org.objectweb.jonas_lib.deployment.api.SecurityRoleRefDesc.getEJBRoleRefPermission(), org.objectweb.jonas_lib.deployment.api.SecurityRoleRefDesc.getRoleLink(), and org.objectweb.jonas_ejb.deployment.api.BeanDesc.getSecurityRoleRefDescList().

Referenced by org.objectweb.jonas_ejb.container.PermissionManager.translateEjbDeploymentDescriptor().

Here is the call graph for this function:

The documentation for this class was generated from the following file:
Generated on Tue Feb 15 15:10:55 2005 for JOnAS by  doxygen 1.3.9.1