org.objectweb.jonas.web.lib
Class PermissionManager

java.lang.Object
  extended byorg.objectweb.jonas_lib.security.AbsPermissionManager
      extended byorg.objectweb.jonas.web.lib.PermissionManager

public class PermissionManager
extends AbsPermissionManager

Defines a PermissionManager class which will manage JACC permissions for a web-app

Author:
Florent Benoit

Field Summary
 
Fields inherited from class org.objectweb.jonas_lib.security.AbsPermissionManager
contextId, policy, policyConfiguration
 
Constructor Summary
PermissionManager(WebContainerDeploymentDesc webContainerDeploymentDesc, java.lang.String contextId)
          Default Constructor
 
Method Summary
 boolean checkWebResourcePermission(javax.servlet.http.HttpServletRequest request, java.lang.String[] roles)
          Check the security for a given HttpServletReauest
 boolean checkWebRoleRefPermission(java.lang.String servletName, java.lang.String[] roles, java.lang.String roleName)
          Check the security for a given HttpServletReauest
 boolean checkWebUserDataPermission(javax.servlet.http.HttpServletRequest request, java.lang.String[] roles)
          Check the security for a given HttpServletReauest
protected  void resetDeploymentDesc()
          Reset Deployment Descriptor
protected  void translateSecurityConstraintElements()
          3.1.3.1 Translating security-constraint elements The paragraphs of this section describe the translation of security-constraints into WebResourcePermission and WebUserDataPermission objects constructed using qualified URL pattern names.
 void translateServletDeploymentDescriptor()
          3.1.3.Translating Servlet Deployment Descriptors A reference to a PolicyConfiguration object must be obtained by calling the getPolicyConfiguration method on the PolicyConfigurationFactory implementation class of the provider configured into the container.
protected  void translateServletSecurityRoleRef()
          3.1.3.2 Translating Servlet security-role-ref Elements For each security-role-ref appearing in the deployment descriptor a corresponding WebRoleRefPermission must be added to the corresponding role.
 
Methods inherited from class org.objectweb.jonas_lib.security.AbsPermissionManager
commit, delete
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PermissionManager

public PermissionManager(WebContainerDeploymentDesc webContainerDeploymentDesc,
                         java.lang.String contextId)
                  throws PermissionManagerException
Default Constructor

Parameters:
webContainerDeploymentDesc - EJB deployment Descriptor
contextId - context ID used for PolicyContext
Throws:
PermissionManagerException - if permissions can't be set
Method Detail

translateServletDeploymentDescriptor

public void translateServletDeploymentDescriptor()
                                          throws PermissionManagerException
3.1.3.Translating Servlet Deployment Descriptors A reference to a PolicyConfiguration object must be obtained by calling the getPolicyConfiguration method on the PolicyConfigurationFactory implementation class of the provider configured into the container. The policy context identifier used in the call to the getPolicyConfiguration method must be a String composed as described in Section 3.1.2, Servlet Policy Context Identifiers, on page 19. The value true must be passed as the second parameter in the call to getPolicyConfiguration to ensure that any and all policy statements are removed from the policy context associated with the returned PolicyConfiguration. The security-constraint and securityrole-ref elements in the deployment descriptor must be translated into permissions and added to the PolicyConfiguration object as defined in the following sections.

Throws:
PermissionManagerException - if permissions can't be set

translateSecurityConstraintElements

protected void translateSecurityConstraintElements()
                                            throws PermissionManagerException
3.1.3.1 Translating security-constraint elements The paragraphs of this section describe the translation of security-constraints into WebResourcePermission and WebUserDataPermission objects constructed using qualified URL pattern names. In the exceptional case, as defined in Qualified URL Pattern Names, where a pattern is made irrelevant by a qualifying pattern, the permission instantiations that would result from the translation of the pattern, as described below, must not be performed. Otherwise, the translation of URL patterns in security constraints must yield an equivalent translation to the translation that would result from following the instructions in the remainder of this section. [...]

Throws:
PermissionManagerException - if permissions can't be set

translateServletSecurityRoleRef

protected void translateServletSecurityRoleRef()
                                        throws PermissionManagerException
3.1.3.2 Translating Servlet security-role-ref Elements For each security-role-ref appearing in the deployment descriptor a corresponding WebRoleRefPermission must be added to the corresponding role. The name of the WebRoleRefPermission must be the servlet-name in whose context the security-role-ref is defined. The actions of the WebRoleRefPermission must be the value of the role-name (that is the reference), appearing in the security-role-ref. The deployment tools must call the addToRole method on the PolicyConfiguration object to add the WebRoleRefPermission object resulting from the translation to the role identified in the role-link appearing in the security-role-ref. Additional WebRoleRefPermission objects must be added to the PolicyConfiguration as follows. For each servlet element in the deployment descriptor a WebRoleRefPermission must be added to each security-role whose name does not appear as the role-name in a security-role-ref within the servlet element. The name of each such WebRoleRefPermission must be the servlet-name of the corresponding servlet element. The actions (that is, reference) of each such WebRoleRefPermission must be the corresponding (non-appearing) role-name. The resulting permissions must be added to the corresponding roles by calling the addToRole method on the PolicyConfiguration object.

Throws:
PermissionManagerException - if permissions can't be set

checkWebUserDataPermission

public boolean checkWebUserDataPermission(javax.servlet.http.HttpServletRequest request,
                                          java.lang.String[] roles)
Check the security for a given HttpServletReauest


checkWebResourcePermission

public boolean checkWebResourcePermission(javax.servlet.http.HttpServletRequest request,
                                          java.lang.String[] roles)
Check the security for a given HttpServletReauest


checkWebRoleRefPermission

public boolean checkWebRoleRefPermission(java.lang.String servletName,
                                         java.lang.String[] roles,
                                         java.lang.String roleName)
Check the security for a given HttpServletReauest


resetDeploymentDesc

protected void resetDeploymentDesc()
Reset Deployment Descriptor

Specified by:
resetDeploymentDesc in class AbsPermissionManager