14 Jun 2013 18:13
JACC PolicyContextHandlers
Hi all,
ThreadData threadData = ContextManager.getThreadData();
PolicyContextHandler aPCH = (PolicyContextHandler) PolicyContext.getContext("javax.ejb.EnterpriseBean");
--
I have a question about using the PolicyContextHandler for EJB policy enforcement.
I am using Geronimo 3 and I have an application with a requirement to make an access control decision on an EJB method invocation, based upon the values of the EJB method arguments.
I have attempted to access the EJB method arguments from within the implies() method of the GeronimoPolicy class, i.e. org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicy.java
Inside the implies() method of this class (after the declarative-based principal permission checks) I am doing:
ThreadData threadData = ContextManager.getThreadData();
EnterpriseBean aBean = threadData.getBean();
...however the result is that the value of aBean is null.
...however the result is that the value of aBean is null.
I also tried:
PolicyContextHandler aPCH = (PolicyContextHandler) PolicyContext.getContext("javax.ejb.EnterpriseBean");
But this also returned null.
Curious as to why this was not populated, so I searched the code base and this failed to identify any caller invoking the corresponding push, i.e. a call to PolicyContextHandlerEnterpriseBean.pushContextData()
Note that I am able to successfully access the servlet context using
ThreadData threadData = ContextManager.getThreadData();
HttpServletRequest aRequest = threadData.getRequest(); And in a search of the code I do see that both Jetty and Tomcat containers are indeed making use of the pushContextData() method.
So, I am wondering whether this EJB context is available. Am I doing something incorrectly here?, Or, perhaps this is just not yet implemented on the OpenEJB container?
Any help appreciated.
Thanks,
John
RSS Feed