001: /**
002: * EasyBeans
003: * Copyright (C) 2006 Bull S.A.S.
004: * Contact: easybeans@ow2.org
005: *
006: * This library is free software; you can redistribute it and/or
007: * modify it under the terms of the GNU Lesser General Public
008: * License as published by the Free Software Foundation; either
009: * version 2.1 of the License, or any later version.
010: *
011: * This library is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * Lesser General Public License for more details.
015: *
016: * You should have received a copy of the GNU Lesser General Public
017: * License along with this library; if not, write to the Free Software
018: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
019: * USA
020: *
021: * --------------------------------------------------------------------------
022: * $Id: SecurityInfoHelper.java 1970 2007-10-16 11:49:25Z benoitf $
023: * --------------------------------------------------------------------------
024: */package org.ow2.easybeans.container.info.security;
025:
026: import java.util.Collection;
027: import java.util.List;
028:
029: import javax.security.jacc.EJBMethodPermission;
030:
031: import org.ow2.easybeans.api.bean.info.IMethodSecurityInfo;
032: import org.ow2.easybeans.api.bean.info.ISecurityInfo;
033: import org.ow2.easybeans.deployment.annotations.metadata.ClassAnnotationMetadata;
034: import org.ow2.easybeans.deployment.annotations.metadata.MethodAnnotationMetadata;
035:
036: /**
037: * Class that creates the runtime security info from the bean metadata.
038: * @author Florent Benoit
039: */
040: public final class SecurityInfoHelper {
041:
042: /**
043: * Utility class, no public constructor.
044: */
045: private SecurityInfoHelper() {
046:
047: }
048:
049: /**
050: * Extract security info from the bean's metadata.
051: * @param bean the metadata of the current bean.
052: * @return the security info.
053: */
054: public static ISecurityInfo getSecurityInfo(
055: final ClassAnnotationMetadata bean) {
056: ISecurityInfo securityInfo = new SecurityInfo();
057:
058: // Add each declared role
059: securityInfo.setDeclaredRole(bean.getDeclareRoles());
060:
061: // Sets the run-as role.
062: String runAsRole = bean.getRunAs();
063: if (runAsRole != null) {
064: securityInfo.setRunAsRole(runAsRole);
065: }
066:
067: // For each business method, add info.
068: Collection<MethodAnnotationMetadata> methods = bean
069: .getMethodAnnotationMetadataCollection();
070: // No methods, break now
071: if (methods == null) {
072: return securityInfo;
073: }
074:
075: for (MethodAnnotationMetadata method : methods) {
076: // Match only business method
077: if (!method.isBusinessMethod()) {
078: continue;
079: }
080:
081: IMethodSecurityInfo methodSecurityInfo = new MethodSecurityInfo();
082: securityInfo.addMethodSecurityInfo(methodSecurityInfo);
083:
084: // Set meta-info
085: methodSecurityInfo.setExcluded(method.hasDenyAll());
086: methodSecurityInfo.setUnchecked(method.hasPermitAll());
087: List<String> roles = method.getRolesAllowed();
088: if (roles != null) {
089: for (String role : roles) {
090: methodSecurityInfo.addRole(role);
091: }
092: }
093:
094: // Build permission
095: String ejbName = bean.getJCommonBean().getName();
096: String methodName = method.getMethodName();
097: //TODO: fixme
098: String methodInterface = null;
099: //TODO: fixme
100: String[] methodParams = null;
101:
102: EJBMethodPermission permission = new EJBMethodPermission(
103: ejbName, methodName, methodInterface, methodParams);
104: methodSecurityInfo.setPermission(permission);
105: }
106:
107: return securityInfo;
108: }
109: }
|