01: /**
02: * EasyBeans
03: * Copyright (C) 2006 Bull S.A.S.
04: * Contact: easybeans@ow2.org
05: *
06: * This library is free software; you can redistribute it and/or
07: * modify it under the terms of the GNU Lesser General Public
08: * License as published by the Free Software Foundation; either
09: * version 2.1 of the License, or any later version.
10: *
11: * This library is distributed in the hope that it will be useful,
12: * but WITHOUT ANY WARRANTY; without even the implied warranty of
13: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14: * Lesser General Public License for more details.
15: *
16: * You should have received a copy of the GNU Lesser General Public
17: * License along with this library; if not, write to the Free Software
18: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
19: * USA
20: *
21: * --------------------------------------------------------------------------
22: * $Id: EZBPermissionManager.java 1970 2007-10-16 11:49:25Z benoitf $
23: * --------------------------------------------------------------------------
24: */package org.ow2.easybeans.api;
25:
26: /**
27: * Class that is linked to an EasyBeans factory and manages the check of the
28: * security.
29: * @author Florent Benoit
30: */
31: public interface EZBPermissionManager {
32:
33: /**
34: * Checks the security for the given invocation context.
35: * @param invocationContext the context to check.
36: * @param runAsBean if true, the bean is a run-as bean.
37: * @return true if the access has been granted, else false.
38: */
39: boolean checkSecurity(
40: final EasyBeansInvocationContext invocationContext,
41: boolean runAsBean);
42:
43: /**
44: * Test if the caller has a given role. EJBRoleRefPermission object must be
45: * created with ejbName and actions equal to roleName<br/>
46: * See section 4.3.2 of JACC
47: * @param ejbName The name of the EJB on wich look role
48: * @param roleName The name of the security role. The role must be one of
49: * the security-role-ref that is defined in the deployment
50: * descriptor.
51: * @param inRunAs bean calling this method is running in run-as mode or not ?
52: * @return True if the caller has the specified role.
53: */
54: boolean isCallerInRole(final String ejbName, final String roleName,
55: final boolean inRunAs);
56:
57: /**
58: * 3.1.5 Translating EJB Deployment Descriptors<br>
59: * A reference to a PolicyConfiguration object must be obtained by calling
60: * the getPolicyConfiguration method on the PolicyConfigurationFactory
61: * implementation class of the provider configured into the container. The
62: * policy context identifier used in the call to getPolicyConfiguration must
63: * be a String that satisfies the requirements described in Section 3.1.4,
64: * EJB Policy Context Identifiers, on page 28. The value true must be passed
65: * as the second parameter in the call to getPolicyConfiguration to ensure
66: * that any and all policy statements are removed from the policy context
67: * associated with the returned PolicyConfiguration. The method-permission,
68: * exclude-list, and security-role-ref elements appearing in the deployment
69: * descriptor must be translated into permissions and added to the
70: * PolicyConfiguration object to yield an equivalent translation as that
71: * defined in the following sections and such that every EJB method for
72: * which the container performs pre-dispatch access decisions is implied by
73: * at least one permission resulting from the translation.
74: * @throws PermissionManagerException if permissions can't be set
75: */
76: void translateMetadata() throws PermissionManagerException;
77:
78: /**
79: * Commit the Policy Configuration.
80: * @throws PermissionManagerException if commit can't be done
81: */
82: void commit() throws PermissionManagerException;
83:
84: }
|