User: oconnor
Date: 00/08/06 14:36:01
Modified: src/main/org/jboss/ejb/plugins SecurityInterceptor.java
Log:
Changes to introduce a skeleton security system.
Revision Changes Path
1.4 +60 -19 jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
Index: SecurityInterceptor.java
===================================================================
RCS file:
/products/cvs/ejboss/jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- SecurityInterceptor.java 2000/06/16 13:10:23 1.3
+++ SecurityInterceptor.java 2000/08/06 21:36:00 1.4
@@ -11,6 +11,8 @@
import java.util.Map;
import java.util.HashMap;
import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.Set;
import javax.ejb.Handle;
import javax.ejb.HomeHandle;
@@ -30,29 +32,39 @@
import org.jboss.logging.Log;
+import org.jboss.system.EJBSecurityManager;
+import org.jboss.system.RealmMapping;
+
+import com.dreambean.ejx.ejb.AssemblyDescriptor;
+
+
/**
- * <description>
- *
+ * <description>
+ *
* @see <related>
* @author Rickard �berg ([EMAIL PROTECTED])
- * @version $Revision: 1.3 $
+ * @version $Revision: 1.4 $
*/
public class SecurityInterceptor
extends AbstractInterceptor
{
// Constants -----------------------------------------------------
-
+
// Attributes ----------------------------------------------------
protected Container container;
-
+ protected EJBSecurityManager securityManager;
+ protected RealmMapping realmMapping;
+
// Static --------------------------------------------------------
// Constructors --------------------------------------------------
-
+
// Public --------------------------------------------------------
- public void setContainer(Container container)
- {
- this.container = container;
+ public void setContainer(Container container)
+ {
+ this.container = container;
+ securityManager = container.getSecurityManager();
+ realmMapping = container.getRealmMapping();
}
public Container getContainer()
@@ -70,29 +82,58 @@
public Object invokeHome(MethodInvocation mi)
throws Exception
{
- // TODO security checks
-
+ if (!(mi.getPrincipal() == null)) // for now, security is optional
+ {
+ if (!securityManager.isValid( mi.getPrincipal(), mi.getCredential() ))
+ {
+ // should log illegal access
+ throw new java.rmi.RemoteException("Authentication exception");
+ }
+
+ Set methodPermissions = container.getMethodPermissions( mi.getMethod(),
true );
+ if (!realmMapping.doesUserHaveRole( mi.getPrincipal(), methodPermissions ))
+ {
+ // should log illegal access
+ throw new java.rmi.RemoteException("Illegal access exception");
+ }
+ }
+
return getNext().invokeHome(mi);
}
/**
- * This method does invocation interpositioning of tx and security,
+ * This method does invocation interpositioning of tx and security,
* retrieves the instance from an object table, and invokes the method
* on the particular instance
*
- * @param id
- * @param m
- * @param args
- * @return
- * @exception Exception
+ * @param id
+ * @param m
+ * @param args
+ * @return
+ * @exception Exception
*/
public Object invoke(MethodInvocation mi)
throws Exception
{
- // TODO security checks
+ if (!(mi.getPrincipal() == null)) // for now, security is optional
+ {
+ if (!securityManager.isValid( mi.getPrincipal(), mi.getCredential() ))
+ {
+ // should log illegal access
+ throw new java.rmi.RemoteException("Authentication exception");
+ }
+
+ Set methodPermissions = container.getMethodPermissions( mi.getMethod(),
false );
+ if (!realmMapping.doesUserHaveRole( mi.getPrincipal(), methodPermissions ))
+ {
+ // should log illegal access
+ throw new java.rmi.RemoteException("Illegal access exception");
+ }
+ }
+
return getNext().invoke(mi);
}
-
+
// Private -------------------------------------------------------
}
