geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Field <jfi...@gopivotal.com>
Subject JACC PolicyContextHandlers
Date Fri, 14 Jun 2013 16:13:11 GMT
Hi all,

I have a question about using the PolicyContextHandler for EJB policy
enforcement.

I am using Geronimo 3 and I have an application with a requirement to make
an access control decision on an EJB method invocation, based upon the
values of the EJB method arguments.

I have attempted to access the EJB method arguments from within the
implies() method of the GeronimoPolicy class,
i.e. org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicy.java

Inside the implies() method of this class (after the declarative-based
principal permission checks) I am doing:


                        ThreadData threadData =
ContextManager.getThreadData();
                        EnterpriseBean aBean = threadData.getBean();

...however the result is that the value of aBean is null.

I also tried:

           PolicyContextHandler aPCH = (PolicyContextHandler)
PolicyContext.getContext("javax.ejb.EnterpriseBean");

But this also returned null.

Curious as to why this was not populated, so I searched the code base and
this failed to identify any caller invoking the corresponding push, i.e.  a
call to PolicyContextHandlerEnterpriseBean.pushContextData()

Note that I am able to successfully access the servlet context using

                        ThreadData threadData =
ContextManager.getThreadData();
                        HttpServletRequest aRequest =
threadData.getRequest();

 And in a search of the code I do see that both Jetty and Tomcat containers
are indeed making use of the pushContextData() method.

So, I am wondering whether this EJB context is available.  Am I doing
something incorrectly here?, Or, perhaps this is just not yet implemented
on the OpenEJB container?

Any help appreciated.

Thanks,
John

-- 

John P. Field | Security Architect | Pivotal

*[image: cid:332B1A9B-BFB1-42CC-8C13-5949BB4B8266]*
*goPivotal.com <http://www.goPivotal.com>*

Mime
View raw message