Package org.glassfish.ejb.security.application

Class EJBSecurityManager

java.lang.Object
org.glassfish.ejb.security.application.EJBSecurityManager
All Implemented Interfaces:
com.sun.enterprise.security.SecurityManager
public final class EJBSecurityManager extends Object implements com.sun.enterprise.security.SecurityManager
This class is used by the Enterprise Beans server to manage security. All the container object only call into this object for managing security. This class cannot be subclassed.

An instance of this class should be created per deployment unit.

Author:
Harpreet Singh, monzillo

  • Constructor Details

  • Method Details

    • getContextID

      public static String getContextID(EjbDescriptor ejbDescriptor)

    • authorize

      public boolean authorize(org.glassfish.api.invocation.ComponentInvocation componentInvocation)
      This method is called by the EJB container to decide whether or not a method specified in the Invocation should be allowed.
      Specified by:
      authorize in interface com.sun.enterprise.security.SecurityManager
      Parameters:
      componentInvocation - invocation object that contains all the details of the invocation.
      Returns:
      A boolean value indicating if the client should be allowed to invoke the EJB.

    • isCallerInRole

      public boolean isCallerInRole(String role)
      This method returns a boolean value indicating whether or not the caller is in the specified role.
      Specified by:
      isCallerInRole in interface com.sun.enterprise.security.SecurityManager
      Parameters:
      role - role name in the form of java.lang.String
      Returns:
      A boolean true/false depending on whether or not the caller has the specified role.

    • preInvoke

      public void preInvoke(org.glassfish.api.invocation.ComponentInvocation invocation)
      This method is used by MDB Container - Invocation Manager to setup the run-as identity information.

      It has to be coupled with the postSetRunAsIdentity method. This method is called for EJB/MDB Containers

      Specified by:
      preInvoke in interface com.sun.enterprise.security.SecurityManager

    • invoke

      public Object invoke(Method beanClassMethod, boolean isLocal, Object bean, Object[] methodParameters) throws Throwable
      This method is similar to the runMethod, except it keeps the semantics same as the one in reflection. On failure, if the exception is caused due to reflection, it returns the InvocationTargetException. This method is called from the containers for ejbTimeout, WebService and MDBs.
      Specified by:
      invoke in interface com.sun.enterprise.security.SecurityManager
      Parameters:
      beanClassMethod - , the bean class method to be invoked
      isLocal - , true if this invocation is through the local EJB view
      bean - the object on which this method is to be invoked in this case the ejb,
      methodParameters - the parameters for the method,
      c - , the container instance can be a null value, where in the container will be queried to find its security manager.
      Returns:
      Object, the result of the execution of the method.
      Throws:
      Throwable

    • postInvoke

      public void postInvoke(org.glassfish.api.invocation.ComponentInvocation invocation)
      This method is used by Message Driven Bean Container to remove the run-as identity information that was set up using the preSetRunAsIdentity method
      Specified by:
      postInvoke in interface com.sun.enterprise.security.SecurityManager

    • getCurrentSubject

      public Subject getCurrentSubject()
      This will return the subject associated with the current call. If the run as subject is in effect. It will return that subject. This is done to support the Authorization specification which says if the runas principal is in effect, that principal should be used for making a component call.
      Specified by:
      getCurrentSubject in interface com.sun.enterprise.security.SecurityManager
      Returns:
      Subject the current subject. Null if this is not the run-as case

    • getCallerPrincipal

      public Principal getCallerPrincipal()
      This method returns the Client Principal who initiated the current Invocation.
      Specified by:
      getCallerPrincipal in interface com.sun.enterprise.security.SecurityManager
      Returns:
      A Principal object of the client who made this invocation. or null if the SecurityContext has not been established by the client.

    • destroy

      public void destroy()
      Specified by:
      destroy in interface com.sun.enterprise.security.SecurityManager

    • doAsPrivileged

      public Object doAsPrivileged(PrivilegedExceptionAction<Object> privilegedAction) throws Throwable
      Specified by:
      doAsPrivileged in interface com.sun.enterprise.security.SecurityManager
      Throws:
      Throwable

    • resetPolicyContext

      public void resetPolicyContext()
      Specified by:
      resetPolicyContext in interface com.sun.enterprise.security.SecurityManager