org.rhq.enterprise.server.authz
Class RequiredPermissionsInterceptor

java.lang.Object
  org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor

public class RequiredPermissionsInterceptor
extends Object

An EJB3 interceptor that checks to ensure a given Subject has all of the global permissions that are specified via the RequiredPermissions annotation on the method to be invoked. If the method being invoked is not annotated with RequiredPermissions or it has an empty list of permissions, this interceptor passes the security check immediately. Otherwise, the method must have a Subject as its first parameter - that Subject will be checked to see if it has all the permissions required. If it does not, or if there is no Subject as the method's first parameter, this interceptor throws an exception and does not allow the method to be invoked.

Author:

John Mazzitelli

Constructor Summary

RequiredPermissionsInterceptor()

Method Summary

Object

checkRequiredPermissions(javax.interceptor.InvocationContext invocation_context) Checks to ensure the method can be invoked.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RequiredPermissionsInterceptor

public RequiredPermissionsInterceptor()

Method Detail

checkRequiredPermissions

public Object checkRequiredPermissions(javax.interceptor.InvocationContext invocation_context)
                                throws Exception

Checks to ensure the method can be invoked.

Parameters:

invocation_context - the invocation context

Returns:

the results of the invocation

Throws:

Exception - if an error occurred further down the interceptor stack

PermissionException - if the security check fails