| java.lang.Object
 org.objectweb.jonas_lib.security.AbsPermissionManager
org.objectweb.jonas_ejb.container.PermissionManager
| PermissionManager | | public class PermissionManager extends AbsPermissionManager (Code) | | Defines a PermissionManager class which will manage JACC permissions for an
ejbjar
author:
Florent Benoit |
| Method Summary | |
| public boolean | checkSecurity(String ejbName, EJBInvocation ejbInv, boolean inRunAs)
| | public boolean | isCallerInRole(String ejbName, String roleName, boolean inRunAs)
Test if the caller has a given role. | | protected void | resetDeploymentDesc()
| | public void | translateEjbDeploymentDescriptor()
3.1.5 Translating EJB Deployment Descriptors A reference to a
PolicyConfiguration object must be obtained by calling the
getPolicyConfiguration method on the PolicyConfigurationFactory
implementation class of the provider configured into the container. | | protected void | translateEjbExcludeList()
3.1.5.2 Translating the EJB exclude-list An EJBMethodPermission object
must be created for each method element occurring in the exclude-list
element of the deployment descriptor. | | protected void | translateEjbMethodPermission()
3.1.5.1 Translating EJB method-permission Elements For each method
element of each method-permission element, an EJBMethodPermission object
translated from the method element must be added to the policy statements
of the PolicyConfiguration object. | | public void | translateEjbSecurityRoleRef()
3.1.5.3 Translating EJB security-role-ref Elements For each
security-role-ref element appearing in the deployment descriptor, a
corresponding EJBRoleRefPermission must be created. |
| checkSecurity | | public boolean checkSecurity(String ejbName, EJBInvocation ejbInv, boolean inRunAs)(Code) | | Check the security for a given EJB signature method and for an EJB
Parameters:
ejbName - name of the EJB
Parameters:
ejbInv - object containing security signature of the method, args ofmethod, etc
Parameters:
inRunAs - bean calling this method is running in run-as mode or not ? true if access to specific method is granted, else false. |
| isCallerInRole | | public boolean isCallerInRole(String ejbName, String roleName, boolean inRunAs)(Code) | | Test if the caller has a given role. EJBRoleRefPermission object must be
created with ejbName and actions equal to roleName
See Also: section
See Also: 4.3.2 of JACC
Parameters:
ejbName - The name of the EJB on wich look role
Parameters:
roleName - The name of the security role. The role must be one ofthe security-role-ref that is defined in the deploymentdescriptor.
Parameters:
inRunAs - bean calling this method is running in run-as mode or not ? True if the caller has the specified role. |
| resetDeploymentDesc | | protected void resetDeploymentDesc()(Code) | | Reset Deployment Descriptor
|
| translateEjbDeploymentDescriptor | | public void translateEjbDeploymentDescriptor() throws PermissionManagerException(Code) | | 3.1.5 Translating EJB Deployment Descriptors A reference to a
PolicyConfiguration object must be obtained by calling the
getPolicyConfiguration method on the PolicyConfigurationFactory
implementation class of the provider configured into the container. The
policy context identifier used in the call to getPolicyConfiguration must
be a String that satisfies the requirements described in Section 3.1.4,
EJB Policy Context Identifiers, on page 28. The value true must be passed
as the second parameter in the call to getPolicyConfiguration to ensure
that any and all policy statements are removed from the policy context
associated with the returned PolicyConfiguration. The method-permission,
exclude-list, and security-role-ref elements appearing in the deployment
descriptor must be translated into permissions and added to the
PolicyConfiguration object to yield an equivalent translation as that
defined in the following sections and such that every EJB method for
which the container performs pre-dispatch access decisions is implied by
at least one permission resulting from the translation.
throws:
PermissionManagerException - if permissions can't be set |
| translateEjbExcludeList | | protected void translateEjbExcludeList() throws PermissionManagerException(Code) | | 3.1.5.2 Translating the EJB exclude-list An EJBMethodPermission object
must be created for each method element occurring in the exclude-list
element of the deployment descriptor. The name and actions of each
EJBMethodPermission must be established as described in Section 3.1.5.1,
Translating EJB method-permission Elements. The deployment tools must use
the addToExcludedPolicy method to add the EJBMethodPermission objects
resulting from the translation of the exclude-list to the excluded policy
statements of the PolicyConfiguration object.
throws:
PermissionManagerException - if permissions can't be set |
| translateEjbMethodPermission | | protected void translateEjbMethodPermission() throws PermissionManagerException(Code) | | 3.1.5.1 Translating EJB method-permission Elements For each method
element of each method-permission element, an EJBMethodPermission object
translated from the method element must be added to the policy statements
of the PolicyConfiguration object. The name of each such
EJBMethodPermission object must be the ejb-name from the corresponding
method element, and the actions must be established by translating the
method element into a method specification according to the methodSpec
syntax defined in the documentation of the EJBMethodPermission class. The
actions translation must preserve the degree of specificity with respect
to method-name, method-intf, and method-params inherent in the method
element. If the method-permission element contains the unchecked element,
then the deployment tools must call the addToUncheckedPolicy method to
add the permissions resulting from the translation to the
PolicyConfiguration object. Alternatively, if the method-permission
element contains one or more role-name elements, then the deployment
tools must call the addToRole method to add the permissions resulting
from the translation to the corresponding roles of the
PolicyConfiguration object.
throws:
PermissionManagerException - if permissions can't be set |
| translateEjbSecurityRoleRef | | public void translateEjbSecurityRoleRef() throws PermissionManagerException(Code) | | 3.1.5.3 Translating EJB security-role-ref Elements For each
security-role-ref element appearing in the deployment descriptor, a
corresponding EJBRoleRefPermission must be created. The name of each
EJBRoleRefPermission must be obtained as described for
EJBMethodPermission objects. The actions used to construct the permission
must be the value of the role-name (that is the reference), appearing in
the security-role-ref. The deployment tools must call the addToRole
method on the PolicyConfiguration object to add a policy statement
corresponding to the EJBRoleRefPermission to the role identified in the
rolelink appearing in the security-role-ref.
throws:
PermissionManagerException - if permissions can't be set |
|
|