Hi all, I have a question about using the PolicyContextHandler for EJB policy enforcement.
I am using Geronimo 3 and I have an application with a requirement to make
an access control decision on an EJB method invocation, based upon the
values of the EJB method arguments.
I have attempted to access the EJB method arguments from within the
implies() method of the GeronimoPolicy class,
i.e. org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicy.java
Inside the implies() method of this class (after the declarative-based
principal permission checks) I am doing:
ThreadData threadData =
ContextManager.getThreadData();
EnterpriseBean aBean = threadData.getBean();
...however the result is that the value of aBean is null.
I also tried:
PolicyContextHandler aPCH = (PolicyContextHandler)
PolicyContext.getContext("javax.ejb.EnterpriseBean");
But this also returned null.
Curious as to why this was not populated, so I searched the code base and
this failed to identify any caller invoking the corresponding push, i.e. a
call to PolicyContextHandlerEnterpriseBean.pushContextData()
Note that I am able to successfully access the servlet context using
ThreadData threadData =
ContextManager.getThreadData();
HttpServletRequest aRequest =
threadData.getRequest();
And in a search of the code I do see that both Jetty and Tomcat containers
are indeed making use of the pushContextData() method.
So, I am wondering whether this EJB context is available. Am I doing
something incorrectly here?, Or, perhaps this is just not yet implemented
on the OpenEJB container?
Any help appreciated.
Thanks,
John
--
John P. Field | Security Architect | Pivotal
*[image: cid:332B1A9B-BFB1-42CC-8C13-5949BB4B8266]*
*goPivotal.com <http://www.goPivotal.com>*
<<image001.png>>
