package org.jboss.ejb3.security;

import java.lang.reflect.Method;
import java.security.CodeSource;
import javax.security.jacc.EJBMethodPermission;
import org.jboss.aop.advice.Interceptor;
import org.jboss.aop.joinpoint.Invocation;
import org.jboss.aop.joinpoint.MethodInvocation;
import org.jboss.remoting.InvokerLocator;
import org.jboss.security.RealmMapping;

/* loaded from: input_file:org/jboss/ejb3/security/JaccAuthorizationInterceptor.class */
public class JaccAuthorizationInterceptor implements Interceptor {
    public static final String JACC = "JACC";
    public static final String CTX = "ctx";
    private String ejbName;
    private CodeSource ejbCS;
    private RealmMapping realmMapping;

    public JaccAuthorizationInterceptor(String str, CodeSource codeSource) {
        this.ejbName = str;
        this.ejbCS = codeSource;
    }

    public String getName() {
        return "JaccAuthorizationInterceptor";
    }

    public void setRealmMapping(RealmMapping realmMapping) {
        this.realmMapping = realmMapping;
    }

    public Object invoke(Invocation invocation) throws Throwable {
        try {
            checkSecurityAssociation((MethodInvocation) invocation);
            return invocation.invokeNext();
        } catch (ClassCastException e) {
            throw new RuntimeException("Jacc authorization is only available for method invocations", e);
        }
    }

    private void checkSecurityAssociation(MethodInvocation methodInvocation) throws Throwable {
        SecurityActions.setContextID((String) methodInvocation.getMetaData(JACC, CTX));
        Method method = methodInvocation.getMethod();
        EJBMethodPermission eJBMethodPermission = new EJBMethodPermission(this.ejbName, ((InvokerLocator) methodInvocation.getMetaData("REMOTING", "INVOKER_LOCATOR")) != null ? "Remote" : "Local", method);
        if (this.realmMapping != null) {
            JaccHelper.checkPermission(this.ejbCS, eJBMethodPermission, this.realmMapping);
        }
    }
}
