Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * JBoss, Home of Professional Open Source.
   * Copyright 2011, Red Hat, Inc., and individual contributors
   * as indicated by the @author tags. See the copyright.txt file in the
   * distribution for a full listing of individual contributors.
   *
   * This is free software; you can redistribute it and/or modify it
   * under the terms of the GNU Lesser General Public License as
   * published by the Free Software Foundation; either version 2.1 of
  * the License, or (at your option) any later version.
  *
  * This software is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
  * License along with this software; if not, write to the Free
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
 
 package org.jboss.as.ejb3.security;
 
 
 import java.util.Set;

Holds security metadata of a method corresponding to a EJB's view.

For security metadata that's applicable at EJB component level (for ex: security domain) take a look at EJBSecurityMetaData

User: Jaikiran Pai

 
 public class EJBMethodSecurityMetaData {

    
True if access to the method is denied for all roles
 
     private final boolean denyAll;

    
True if access to the method is permitted for all roles
 
     private final boolean permitAll;

    
Set of roles allowed to access the method.
 
     private final Set<StringrolesAllowed;

    

Parameters:
componentConfiguration The component configuration of a EJB
viewClassName The view class name
viewMethod The view method
 
     public EJBMethodSecurityMetaData(final ComponentConfiguration componentConfigurationfinal String viewClassNamefinal Method viewMethod) {
         if (componentConfiguration.getComponentDescription() instanceof EJBComponentDescription == false) {
             throw new IllegalArgumentException(componentConfiguration.getComponentName() + " is not an EJB component");
         }
         final EJBComponentDescription ejbComponentDescription = (EJBComponentDescriptioncomponentConfiguration.getComponentDescription();
 
         // process @DenyAll/exclude-list
         this. = this.isAccessDenied(componentConfigurationviewClassNameviewMethod);
         // process @PermitAll list
         this. = this.isPermitAll(componentConfigurationviewClassNameviewMethod);
         // process @RolesAllowed/method-permission
         this. = Collections.unmodifiableSet(this.getRolesAllowed(componentConfigurationviewClassNameviewMethod));
 
     }

    
Returns true if access to the method corresponding to this EJBMethodSecurityMetaData is denied for all roles. Else returns false

Returns:
 
     public boolean isAccessDenied() {
         return this.;
     }

    
Returns true if access to the method corresponding to this EJBMethodSecurityMetaData is permitted for all roles. Else returns false.

Returns:
 
     public boolean isPermitAll() {
         return this.;
     }

    
Returns a set of roles which are allowed to access the method corresponding to this EJBMethodSecurityMetaData. The returned set may be empty if there's no specific role assigned to the method.

Returns:
    public Set<StringgetRolesAllowed() {
        return this.;
    }
    private boolean isAccessDenied(final ComponentConfiguration componentConfigurationfinal String viewClassNamefinal Method viewMethod) {
        final EJBComponentDescription ejbComponentDescription = (EJBComponentDescriptioncomponentConfiguration.getComponentDescription();
        // find the component method corresponding to this view method
        final Method componentMethod = this.findComponentMethod(componentConfigurationviewMethod);
        final EJBMethodIdentifier ejbMethodIdentifier = EJBMethodIdentifier.fromMethod(componentMethod);
        final Set<StringrolesAllowed = ejbComponentDescription.getRolesAllowed(viewClassNameejbMethodIdentifier);
        final boolean methodMarkedForDenyAll = this.isMethodMarkedForDenyAll(ejbComponentDescriptionviewClassNameejbMethodIdentifier);
        final boolean methodMarkedForPermitAll = this.isMethodMarkedForPermitAll(ejbComponentDescriptionviewClassNameejbMethodIdentifier);
        if (methodMarkedForDenyAll) {
            // make sure the method isn't marked for @PermitAll
            if (methodMarkedForPermitAll) {
                throw new IllegalStateException("Method " + componentMethod + " for view " + viewClassName + " shouldn't be " +
                        "marked for both @PemitAll and @DenyAll at the same time");
            }
            // make sure @RolesAllowed isn't applied to the method explicitly
            if (!rolesAllowed.isEmpty()) {
                throw new IllegalStateException("Method " + componentMethod + " for view " + viewClassName + " shouldn't be " +
                        "marked for both @RolesAllowed and @DenyAll at the same time");
            }
            // only @DenyAll is applied on the method, so return true
            return true;
        }
        // check on class level for @DenyAll *only* if the method isn't marked with @PermitAll and @RolesAllowed (in which case,
        // it doesn't qualify for @DenyAll)
        if (!rolesAllowed.isEmpty()) {
            return false;
        }
        if (methodMarkedForPermitAll) {
            return false;
        }
        final Class<?> declaringClass = componentMethod.getDeclaringClass();
        if (ejbComponentDescription.isDenyAllApplicableToClass(viewClassNamedeclaringClass.getName())) {
            return true;
        }
        return false;
    }
    private boolean isPermitAll(final ComponentConfiguration componentConfigurationfinal String viewClassNamefinal Method viewMethod) {
        final EJBComponentDescription ejbComponentDescription = (EJBComponentDescriptioncomponentConfiguration.getComponentDescription();
        // find the component method corresponding to this view method
        final Method componentMethod = this.findComponentMethod(componentConfigurationviewMethod);
        final EJBMethodIdentifier ejbMethodIdentifier = EJBMethodIdentifier.fromMethod(componentMethod);
        final Set<StringrolesAllowed = ejbComponentDescription.getRolesAllowed(viewClassNameejbMethodIdentifier);
        final boolean methodMarkedForDenyAll = this.isMethodMarkedForDenyAll(ejbComponentDescriptionviewClassNameejbMethodIdentifier);
        final boolean methodMarkedForPermitAll = this.isMethodMarkedForPermitAll(ejbComponentDescriptionviewClassNameejbMethodIdentifier);
        if (methodMarkedForPermitAll) {
            // make sure the method isn't marked for @DenyAll
            if (methodMarkedForDenyAll) {
                throw new IllegalStateException("Method " + componentMethod + " for view " + viewClassName + " shouldn't be " +
                        "marked for both @PemitAll and @DenyAll at the same time");
            }
            // make sure @RolesAllowed isn't applied to the method explicitly
            if (!rolesAllowed.isEmpty()) {
                throw new IllegalStateException("Method " + componentMethod + " for view " + viewClassName + " shouldn't be " +
                        "marked for both @RolesAllowed and @PermitAll at the same time");
            }
            // only @PermitAll is applied on the method, so return true
            return true;
        }
        // check on class level for @PermitAll *only* if the method isn't marked with @DenyAll and @RolesAllowed (in which case,
        // it doesn't qualify for @PermitAll)
        if (!rolesAllowed.isEmpty()) {
            return false;
        }
        if (methodMarkedForPermitAll) {
            return false;
        }
        final Class<?> declaringClass = componentMethod.getDeclaringClass();
        if (ejbComponentDescription.isPermitAllApplicableToClass(viewClassNamedeclaringClass.getName())) {
            return true;
        }
        return false;
    }
    private Set<StringgetRolesAllowed(final ComponentConfiguration componentConfigurationfinal String viewClassNamefinal Method viewMethod) {
        final EJBComponentDescription ejbComponentDescription = (EJBComponentDescriptioncomponentConfiguration.getComponentDescription();
        // find the component method corresponding to this view method
        final Method componentMethod = this.findComponentMethod(componentConfigurationviewMethod);
        final EJBMethodIdentifier ejbMethodIdentifier = EJBMethodIdentifier.fromMethod(componentMethod);
        final Set<StringrolesAllowed = ejbComponentDescription.getRolesAllowed(viewClassNameejbMethodIdentifier);
        final boolean methodMarkedForDenyAll = this.isMethodMarkedForDenyAll(ejbComponentDescriptionviewClassNameejbMethodIdentifier);
        final boolean methodMarkedForPermitAll = this.isMethodMarkedForPermitAll(ejbComponentDescriptionviewClassNameejbMethodIdentifier);
        if (!rolesAllowed.isEmpty()) {
            return rolesAllowed;
        }
        // check on class level for @RolesAllowed *only* if the method isn't marked with @DenyAll and @PermitAll (in which case,
        // it doesn't qualify for @RolesAllowed)
        if (methodMarkedForDenyAll) {
            return Collections.emptySet();
        }
        if (methodMarkedForPermitAll) {
            return Collections.emptySet();
        }
        final Class<?> declaringClass = componentMethod.getDeclaringClass();
        final Set<StringclassLevelRolesAllowed = ejbComponentDescription.getRolesAllowedForClass(viewClassNamedeclaringClass.getName());
        if (!classLevelRolesAllowed.isEmpty()) {
            return classLevelRolesAllowed;
        }
        return Collections.emptySet();
    }
    private boolean isMethodMarkedForDenyAll(final EJBComponentDescription ejbComponentDescriptionfinal String viewClassNamefinal EJBMethodIdentifier ejbMethodIdentifier) {
        Collection<EJBMethodIdentifierdenyAllMethodsForView = ejbComponentDescription.getDenyAllMethodsForView(viewClassName);
        return denyAllMethodsForView.contains(ejbMethodIdentifier);
    }
    private boolean isMethodMarkedForPermitAll(final EJBComponentDescription ejbComponentDescriptionfinal String viewClassNamefinal EJBMethodIdentifier ejbMethodIdentifier) {
        Collection<EJBMethodIdentifierpermitAllMethodsForView = ejbComponentDescription.getPermitAllMethodsForView(viewClassName);
        return permitAllMethodsForView.contains(ejbMethodIdentifier);
    }
    private Method findComponentMethod(final ComponentConfiguration componentConfigurationfinal Method viewMethod) {
        final Class<?> componentClass = componentConfiguration.getComponentClass();
        try {
            return componentClass.getMethod(viewMethod.getName(), viewMethod.getParameterTypes());
        } catch (NoSuchMethodException e) {
            throw new RuntimeException("Method named " + viewMethod.getName() + " with params " + viewMethod.getParameterTypes()
                    + " not found on component class " + componentClass);
        }
    }
New to GrepCode? Check out our FAQ X