org.objectweb.easybeans.api
Interface EZBPermissionManager

All Known Implementing Classes:
PermissionManager

public interface EZBPermissionManager

Class that is linked to an EasyBeans factory and manages the check of the security.

Author:
Florent Benoit

Method Summary
 boolean checkSecurity(EasyBeansInvocationContext invocationContext, boolean runAsBean)
          Checks the security for the given invocation context.
 void commit()
          Commit the Policy Configuration.
 boolean isCallerInRole(java.lang.String ejbName, java.lang.String roleName, boolean inRunAs)
          Test if the caller has a given role.
 void translateMetadata()
          3.1.5 Translating EJB Deployment Descriptors
A reference to a PolicyConfiguration object must be obtained by calling the getPolicyConfiguration method on the PolicyConfigurationFactory implementation class of the provider configured into the container.
 

Method Detail

checkSecurity

boolean checkSecurity(EasyBeansInvocationContext invocationContext,
                      boolean runAsBean)
Checks the security for the given invocation context.

Parameters:
invocationContext - the context to check.
runAsBean - if true, the bean is a run-as bean.
Returns:
true if the access has been granted, else false.

isCallerInRole

boolean isCallerInRole(java.lang.String ejbName,
                       java.lang.String roleName,
                       boolean inRunAs)
Test if the caller has a given role. EJBRoleRefPermission object must be created with ejbName and actions equal to roleName
See section 4.3.2 of JACC

Parameters:
ejbName - The name of the EJB on wich look role
roleName - The name of the security role. The role must be one of the security-role-ref that is defined in the deployment descriptor.
inRunAs - bean calling this method is running in run-as mode or not ?
Returns:
True if the caller has the specified role.

translateMetadata

void translateMetadata()
                       throws PermissionManagerException
3.1.5 Translating EJB Deployment Descriptors
A reference to a PolicyConfiguration object must be obtained by calling the getPolicyConfiguration method on the PolicyConfigurationFactory implementation class of the provider configured into the container. The policy context identifier used in the call to getPolicyConfiguration must be a String that satisfies the requirements described in Section 3.1.4, EJB Policy Context Identifiers, on page 28. The value true must be passed as the second parameter in the call to getPolicyConfiguration to ensure that any and all policy statements are removed from the policy context associated with the returned PolicyConfiguration. The method-permission, exclude-list, and security-role-ref elements appearing in the deployment descriptor must be translated into permissions and added to the PolicyConfiguration object to yield an equivalent translation as that defined in the following sections and such that every EJB method for which the container performs pre-dispatch access decisions is implied by at least one permission resulting from the translation.

Throws:
PermissionManagerException - if permissions can't be set

commit

void commit()
            throws PermissionManagerException
Commit the Policy Configuration.

Throws:
PermissionManagerException - if commit can't be done