<assembly-descriptor> <security-role> <description> This role includes the employees of the enterprise who are allowed to access the employee self-service application. This role is allowed only to access his/her own information. </description> <role-name>employee</role-name> </security-role> <security-role> <description> This role includes the employees of the human resources department. The role is allowed to view and update all employee records. </description> <role-name>hr-department</role-name> </security-role> <security-role> <description> This role includes the employees of the payroll department. The role is allowed to view and update the payroll entry for any employee. </description> <role-name>payroll-department</role-name> </security-role> ... </assembly-descriptor>
<method-permission> <role-name>employee</role-name> <method> <ejb-name>EmployeeService</ejb-name> <method-name>*</method-name> </method> </method-permission> <method-permission> <role-name>employee</role-name> <method> <ejb-name>AardvarkPayroll</ejb-name> <method-name>findByPrimaryKey</method-name> </method> <method> <ejb-name>AardvarkPayroll</ejb-name> <method-name>getEmployeeInfo</method-name> </method> <method> <ejb-name>AardvarkPayroll</ejb-name> <method-name>updateEmployeeInfo</method-name> </method> </method-permission> <method-permission> <role-name>admin</role-name> <method> <ejb-name>EmployeeServiceAdmin</ejb-name> <method-name>*</method-name> </method> </method-permission>
<enterprise-beans> ... <entity> <ejb-name>AardvarkPayroll</ejb-name> <ejb-class>com.aardvark.payroll.PayrollBean</ejb-class> ... <security-role-ref> <description> This role should be assigned to the employees of the payroll department. Members of this role have access to anyone's payroll record. The role has been linked to the payroll-department role. </description> <role-name>payroll</role-name> <role-link>payroll-department</role-link> </security-role-ref> ... </entity> ... </enterprise-beans>
<jboss> <!-- use the jboss default "other" security domain --> <security-domain>java:/jaas/other</security-domain> <enterprise-beans> <entity> <ejb-name>TradingAccount</ejb-name> <!-- Specify the proxy class to be used to protect this entity --> <security-proxy>com.mkeym.customsec.ejb. TradingAccountSecurityProxy</security-proxy> ... </entity> </enterprise-beans> ... </jboss>
public class TradingAccountSecurityProxy implements org.jboss.security.SecurityProxy { private Category _log = Category.getInstance(getClass().getName()); private ThreadLocal _ctx = new ThreadLocal(); // ... init and invokeHome methods removed public void setEJBContext(EJBContext ctx) { _log.info("setEJBContext " + ctx); _ctx.set(ctx); } public void invoke(Method m, Object[] args, Object bean) throws SecurityException { if (!(bean instanceof TradingAccountBean)) throw new SecurityException("Invalid bean instance for security proxy"); EJBContext ctx = (EJBContext)_ctx.get(); String caller = ctx.getCallerPrincipal().getName(); TradingAccountBean account = (TradingAccountBean)bean; String operation = m.getName(); _log.info("invoke " + operation + " called by " + caller); // The implementation of the defined policies. if (operation.equals("buy") || operation.equals("sell")) { int qty = ((Integer)args[1]).intValue(); // 1. A trader can only buy or sell shares through her own account. if (!account.getAccountId().equals(caller)) { _log.warn("method " + operation + " called on account " + account.getAccountId() + " by invalid user " + caller); throw new SecurityException("caller is not the account owner"); } // 2. A single transaction must have a value // less than or equal to 50 million. int value = qty * 100; // In our kid-on example all the // shares cost 100. if (value > 5e7) { _log.warn(operation + " invoked with too high transaction value: " + value); throw new SecurityException("transaction value is too large"); } // 3. An account balance cannot exceed 100 million or go below -100 // million. int newBalance = account.getBalance() + (operation.equals ("sell") ? value : -value); if (Math.abs(newBalance) >= 1e8) { _log.warn(operation + " would exceed bounds on account balance: " + newBalance); throw new SecurityException("balance exceeded"); } } } }