User: oconnor
Date: 00/08/21 11:11:46
Modified: src/main/org/jboss/ejb/plugins SecurityInterceptor.java
Log:
Security propagates from calls made within an EJB.
Revision Changes Path
1.5 +36 -30 jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
Index: SecurityInterceptor.java
===================================================================
RCS file:
/products/cvs/ejboss/jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SecurityInterceptor.java 2000/08/06 21:36:00 1.4
+++ SecurityInterceptor.java 2000/08/21 18:11:46 1.5
@@ -34,6 +34,7 @@
import org.jboss.system.EJBSecurityManager;
import org.jboss.system.RealmMapping;
+import org.jboss.system.SecurityAssociation;
import com.dreambean.ejx.ejb.AssemblyDescriptor;
@@ -43,7 +44,8 @@
*
* @see <related>
* @author Rickard �berg ([EMAIL PROTECTED])
- * @version $Revision: 1.4 $
+ * @author <a href="mailto:[EMAIL PROTECTED]">Daniel O'Connor</a>.
+ * @version $Revision: 1.5 $
*/
public class SecurityInterceptor
extends AbstractInterceptor
@@ -78,26 +80,45 @@
{
super.start();
}
-
- public Object invokeHome(MethodInvocation mi)
- throws Exception
+
+ private void checkSecurityAssociation( MethodInvocation mi, boolean home)
+ throws Exception
{
- if (!(mi.getPrincipal() == null)) // for now, security is optional
+ Principal principal = SecurityAssociation.getPrincipal();
+ Object credential = SecurityAssociation.getCredential();
+ if (principal == null)
{
- if (!securityManager.isValid( mi.getPrincipal(), mi.getCredential() ))
+ principal = mi.getPrincipal();
+ credential = mi.getCredential();
+ if (!(principal == null)) // for now, security is optional
{
- // should log illegal access
- throw new java.rmi.RemoteException("Authentication exception");
+ if (!securityManager.isValid( principal, credential ))
+ {
+ // should log illegal access
+ throw new java.rmi.RemoteException("Authentication exception");
+ }
+ else
+ {
+ SecurityAssociation.setPrincipal( principal );
+ SecurityAssociation.setCredential( credential );
+ }
}
+ else
+ return; // security not enabled
+ }
+ Set methodPermissions = container.getMethodPermissions( mi.getMethod(), home
);
- Set methodPermissions = container.getMethodPermissions( mi.getMethod(),
true );
- if (!realmMapping.doesUserHaveRole( mi.getPrincipal(), methodPermissions ))
- {
- // should log illegal access
- throw new java.rmi.RemoteException("Illegal access exception");
- }
+ if (!realmMapping.doesUserHaveRole( principal, methodPermissions ))
+ {
+ // should log illegal access
+ throw new java.rmi.RemoteException("Illegal access exception");
}
+ }
+ public Object invokeHome(MethodInvocation mi)
+ throws Exception
+ {
+ checkSecurityAssociation( mi, true );
return getNext().invokeHome(mi);
}
@@ -115,22 +136,7 @@
public Object invoke(MethodInvocation mi)
throws Exception
{
- if (!(mi.getPrincipal() == null)) // for now, security is optional
- {
- if (!securityManager.isValid( mi.getPrincipal(), mi.getCredential() ))
- {
- // should log illegal access
- throw new java.rmi.RemoteException("Authentication exception");
- }
-
- Set methodPermissions = container.getMethodPermissions( mi.getMethod(),
false );
- if (!realmMapping.doesUserHaveRole( mi.getPrincipal(), methodPermissions ))
- {
- // should log illegal access
- throw new java.rmi.RemoteException("Illegal access exception");
- }
- }
-
+ checkSecurityAssociation( mi, false );
return getNext().invoke(mi);
}
