| java.lang.Object org.ow2.easybeans.security.permissions.AbsPermissionManager org.ow2.easybeans.security.permissions.PermissionManager
Method Summary | |
public boolean | checkSecurity(EasyBeansInvocationContext invocationContext, boolean runAsBean) Checks the security for the given invocation context.
Parameters: invocationContext - the context to check. Parameters: runAsBean - if true, the bean is a run-as bean. | public boolean | isCallerInRole(String ejbName, String roleName, boolean inRunAs) Test if the caller has a given role. | protected void | translateEjbExcludeList(ISecurityInfo securityInfo) 3.1.5.2 Translating the EJB exclude-list
An EJBMethodPermission object must be created for each method element
occurring in the exclude-list element of the deployment descriptor. | protected void | translateEjbMethodPermission(ISecurityInfo securityInfo) 3.1.5.1 Translating EJB method-permission Elements
For each method element of each method-permission element, an
EJBMethodPermission object translated from the method element must be
added to the policy statements of the PolicyConfiguration object. | public void | translateEjbSecurityRoleRef(IBeanInfo beanInfo, ISecurityInfo securityInfo) 3.1.5.3 Translating EJB security-role-ref Elements
For each security-role-ref element appearing in the deployment
descriptor, a corresponding EJBRoleRefPermission must be created. | public void | translateMetadata() 3.1.5 Translating EJB Deployment Descriptors
A reference to a PolicyConfiguration object must be obtained by calling
the getPolicyConfiguration method on the PolicyConfigurationFactory
implementation class of the provider configured into the container. |
checkSecurity | public boolean checkSecurity(EasyBeansInvocationContext invocationContext, boolean runAsBean)(Code) | | Checks the security for the given invocation context.
Parameters: invocationContext - the context to check. Parameters: runAsBean - if true, the bean is a run-as bean. true if the access has been granted, else false. |
isCallerInRole | public boolean isCallerInRole(String ejbName, String roleName, boolean inRunAs)(Code) | | Test if the caller has a given role. EJBRoleRefPermission object must be
created with ejbName and actions equal to roleName
See section 4.3.2 of JACC
Parameters: ejbName - The name of the EJB on wich look role Parameters: roleName - The name of the security role. The role must be one ofthe security-role-ref that is defined in the deploymentdescriptor. Parameters: inRunAs - bean calling this method is running in run-as mode or not ? True if the caller has the specified role. |
translateEjbExcludeList | protected void translateEjbExcludeList(ISecurityInfo securityInfo) throws PermissionManagerException(Code) | | 3.1.5.2 Translating the EJB exclude-list
An EJBMethodPermission object must be created for each method element
occurring in the exclude-list element of the deployment descriptor. The
name and actions of each EJBMethodPermission must be established as
described in Section 3.1.5.1, Translating EJB method-permission Elements.
The deployment tools must use the addToExcludedPolicy method to add the
EJBMethodPermission objects resulting from the translation of the
exclude-list to the excluded policy statements of the PolicyConfiguration
object.
Parameters: securityInfo - the security info for a given bean. throws: PermissionManagerException - if permissions can't be set |
translateEjbMethodPermission | protected void translateEjbMethodPermission(ISecurityInfo securityInfo) throws PermissionManagerException(Code) | | 3.1.5.1 Translating EJB method-permission Elements
For each method element of each method-permission element, an
EJBMethodPermission object translated from the method element must be
added to the policy statements of the PolicyConfiguration object. The
name of each such EJBMethodPermission object must be the ejb-name from
the corresponding method element, and the actions must be established by
translating the method element into a method specification according to
the methodSpec syntax defined in the documentation of the
EJBMethodPermission class. The actions translation must preserve the
degree of specificity with respect to method-name, method-intf, and
method-params inherent in the method element. If the method-permission
element contains the unchecked element, then the deployment tools must
call the addToUncheckedPolicy method to add the permissions resulting
from the translation to the PolicyConfiguration object. Alternatively, if
the method-permission element contains one or more role-name elements,
then the deployment tools must call the addToRole method to add the
permissions resulting from the translation to the corresponding roles of
the PolicyConfiguration object.
Parameters: securityInfo - the security info for a given bean. throws: PermissionManagerException - if permissions can't be set |
translateEjbSecurityRoleRef | public void translateEjbSecurityRoleRef(IBeanInfo beanInfo, ISecurityInfo securityInfo) throws PermissionManagerException(Code) | | 3.1.5.3 Translating EJB security-role-ref Elements
For each security-role-ref element appearing in the deployment
descriptor, a corresponding EJBRoleRefPermission must be created. The
name of each EJBRoleRefPermission must be obtained as described for
EJBMethodPermission objects. The actions used to construct the permission
must be the value of the role-name (that is the reference), appearing in
the security-role-ref. The deployment tools must call the addToRole
method on the PolicyConfiguration object to add a policy statement
corresponding to the EJBRoleRefPermission to the role identified in the
rolelink appearing in the security-role-ref.
Parameters: beanInfo - info about the bean. Parameters: securityInfo - the security info for a given bean. throws: PermissionManagerException - if permissions can't be set |
translateMetadata | public void translateMetadata() throws PermissionManagerException(Code) | | 3.1.5 Translating EJB Deployment Descriptors
A reference to a PolicyConfiguration object must be obtained by calling
the getPolicyConfiguration method on the PolicyConfigurationFactory
implementation class of the provider configured into the container. The
policy context identifier used in the call to getPolicyConfiguration must
be a String that satisfies the requirements described in Section 3.1.4,
EJB Policy Context Identifiers, on page 28. The value true must be passed
as the second parameter in the call to getPolicyConfiguration to ensure
that any and all policy statements are removed from the policy context
associated with the returned PolicyConfiguration. The method-permission,
exclude-list, and security-role-ref elements appearing in the deployment
descriptor must be translated into permissions and added to the
PolicyConfiguration object to yield an equivalent translation as that
defined in the following sections and such that every EJB method for
which the container performs pre-dispatch access decisions is implied by
at least one permission resulting from the translation.
throws: PermissionManagerException - if permissions can't be set |
|
|