Class EJBSecurityManager
java.lang.Object
org.glassfish.ejb.security.application.EJBSecurityManager
- All Implemented Interfaces:
com.sun.enterprise.security.SecurityManager
public final class EJBSecurityManager
extends Object
implements com.sun.enterprise.security.SecurityManager
This class is used by the Enterprise Beans server to manage security. All the container object only call into this object for managing
security. This class cannot be subclassed.
An instance of this class should be created per deployment unit.
- Author:
- Harpreet Singh, monzillo
-
Constructor Summary
ConstructorsConstructorDescriptionEJBSecurityManager(EjbDescriptor ejbDescriptor, org.glassfish.api.invocation.InvocationManager invMgr, EJBSecurityManagerFactory ejbSecurityManagerFactory) -
Method Summary
Modifier and TypeMethodDescriptionbooleanauthorize(org.glassfish.api.invocation.ComponentInvocation componentInvocation) This method is called by the EJB container to decide whether or not a method specified in the Invocation should be allowed.voiddestroy()This method returns the Client Principal who initiated the current Invocation.static StringgetContextID(EjbDescriptor ejbDescriptor) This will return the subject associated with the current call.This method is similar to the runMethod, except it keeps the semantics same as the one in reflection.booleanisCallerInRole(String role) This method returns a boolean value indicating whether or not the caller is in the specified role.voidpostInvoke(org.glassfish.api.invocation.ComponentInvocation invocation) This method is used by Message Driven Bean Container to remove the run-as identity information that was set up using the preSetRunAsIdentity methodvoidpreInvoke(org.glassfish.api.invocation.ComponentInvocation invocation) This method is used by MDB Container - Invocation Manager to setup the run-as identity information.void
-
Constructor Details
-
EJBSecurityManager
public EJBSecurityManager(EjbDescriptor ejbDescriptor, org.glassfish.api.invocation.InvocationManager invMgr, EJBSecurityManagerFactory ejbSecurityManagerFactory) throws Exception - Throws:
Exception
-
-
Method Details
-
getContextID
-
authorize
public boolean authorize(org.glassfish.api.invocation.ComponentInvocation componentInvocation) This method is called by the EJB container to decide whether or not a method specified in the Invocation should be allowed.- Specified by:
authorizein interfacecom.sun.enterprise.security.SecurityManager- Parameters:
componentInvocation- invocation object that contains all the details of the invocation.- Returns:
- A boolean value indicating if the client should be allowed to invoke the EJB.
-
isCallerInRole
This method returns a boolean value indicating whether or not the caller is in the specified role.- Specified by:
isCallerInRolein interfacecom.sun.enterprise.security.SecurityManager- Parameters:
role- role name in the form of java.lang.String- Returns:
- A boolean true/false depending on whether or not the caller has the specified role.
-
preInvoke
public void preInvoke(org.glassfish.api.invocation.ComponentInvocation invocation) This method is used by MDB Container - Invocation Manager to setup the run-as identity information.It has to be coupled with the postSetRunAsIdentity method. This method is called for EJB/MDB Containers
- Specified by:
preInvokein interfacecom.sun.enterprise.security.SecurityManager
-
invoke
public Object invoke(Object bean, Method beanClassMethod, Object[] methodParameters) throws Throwable This method is similar to the runMethod, except it keeps the semantics same as the one in reflection. On failure, if the exception is caused due to reflection, it returns the InvocationTargetException. This method is called from the containers for ejbTimeout, WebService and MDBs.- Specified by:
invokein interfacecom.sun.enterprise.security.SecurityManager- Parameters:
bean- the object on which this method is to be invoked in this case the ejb,beanClassMethod- , the bean class method to be invokedmethodParameters- the parameters for the method,- Returns:
- Object, the result of the execution of the method.
- Throws:
Throwable
-
postInvoke
public void postInvoke(org.glassfish.api.invocation.ComponentInvocation invocation) This method is used by Message Driven Bean Container to remove the run-as identity information that was set up using the preSetRunAsIdentity method- Specified by:
postInvokein interfacecom.sun.enterprise.security.SecurityManager
-
getCurrentSubject
This will return the subject associated with the current call. If the run as subject is in effect. It will return that subject. This is done to support the Authorization specification which says if the runas principal is in effect, that principal should be used for making a component call.- Specified by:
getCurrentSubjectin interfacecom.sun.enterprise.security.SecurityManager- Returns:
- Subject the current subject. Null if this is not the run-as case
-
getCallerPrincipal
This method returns the Client Principal who initiated the current Invocation.- Specified by:
getCallerPrincipalin interfacecom.sun.enterprise.security.SecurityManager- Returns:
- A Principal object of the client who made this invocation. or null if the SecurityContext has not been established by the client.
-
destroy
public void destroy()- Specified by:
destroyin interfacecom.sun.enterprise.security.SecurityManager
-
resetPolicyContext
public void resetPolicyContext()- Specified by:
resetPolicyContextin interfacecom.sun.enterprise.security.SecurityManager
-