01: /**
02: *
03: * Licensed to the Apache Software Foundation (ASF) under one or more
04: * contributor license agreements. See the NOTICE file distributed with
05: * this work for additional information regarding copyright ownership.
06: * The ASF licenses this file to You under the Apache License, Version 2.0
07: * (the "License"); you may not use this file except in compliance with
08: * the License. You may obtain a copy of the License at
09: *
10: * http://www.apache.org/licenses/LICENSE-2.0
11: *
12: * Unless required by applicable law or agreed to in writing, software
13: * distributed under the License is distributed on an "AS IS" BASIS,
14: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15: * See the License for the specific language governing permissions and
16: * limitations under the License.
17: */package org.superbiz.servlet;
18:
19: import javax.annotation.Resource;
20: import javax.annotation.security.DeclareRoles;
21: import javax.annotation.security.RolesAllowed;
22: import javax.annotation.security.DenyAll;
23: import javax.ejb.SessionContext;
24: import javax.ejb.Stateless;
25: import java.security.Principal;
26:
27: @Stateless
28: @DeclareRoles({"user","manager","fake"})
29: public class SecureEJB implements SecureEJBLocal {
30: @Resource
31: private SessionContext context;
32:
33: public Principal getCallerPrincipal() {
34: return context.getCallerPrincipal();
35: }
36:
37: public boolean isCallerInRole(String role) {
38: return context.isCallerInRole(role);
39: }
40:
41: @RolesAllowed("user")
42: public void allowUserMethod() {
43: }
44:
45: @RolesAllowed("manager")
46: public void allowManagerMethod() {
47: }
48:
49: @RolesAllowed("fake")
50: public void allowFakeMethod() {
51: }
52:
53: @DenyAll
54: public void denyAllMethod() {
55: }
56:
57: public String toString() {
58: return "SecureEJB[userName=" + getCallerPrincipal() + "]";
59: }
60: }
|