package org.jboss.ejb.plugins;

import java.security.CodeSource;
import java.security.Policy;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.jacc.EJBMethodPermission;
import org.jboss.ejb.Container;
import org.jboss.invocation.Invocation;

/* loaded from: input_file:WORLDS-INF/lib/jboss-4.0.2.jar:org/jboss/ejb/plugins/JaccAuthorizationInterceptor.class */
public class JaccAuthorizationInterceptor extends AbstractInterceptor {
    private Policy policy;
    private String ejbName;
    private CodeSource ejbCS;

    @Override // org.jboss.ejb.plugins.AbstractInterceptor, org.jboss.ejb.ContainerPlugin
    public void setContainer(Container container) {
        super.setContainer(container);
        if (container != null) {
            this.ejbName = container.getBeanMetaData().getEjbName();
            this.ejbCS = container.getBeanClass().getProtectionDomain().getCodeSource();
        }
        this.policy = Policy.getPolicy();
    }

    @Override // org.jboss.ejb.plugins.AbstractInterceptor
    public void start() throws Exception {
        super.start();
    }

    @Override // org.jboss.ejb.plugins.AbstractInterceptor, org.jboss.ejb.Interceptor
    public Object invokeHome(Invocation invocation) throws Exception {
        checkSecurityAssociation(invocation);
        return getNext().invokeHome(invocation);
    }

    @Override // org.jboss.ejb.plugins.AbstractInterceptor, org.jboss.ejb.Interceptor
    public Object invoke(Invocation invocation) throws Exception {
        checkSecurityAssociation(invocation);
        return getNext().invoke(invocation);
    }

    private void checkSecurityAssociation(Invocation invocation) throws Exception {
        EJBMethodPermission eJBMethodPermission = new EJBMethodPermission(this.ejbName, invocation.getType().toInterfaceString(), invocation.getMethod());
        Subject contextSubject = SecurityActions.getContextSubject();
        Principal[] principalArr = null;
        if (contextSubject != null) {
            Set<Principal> principals = contextSubject.getPrincipals();
            principalArr = new Principal[principals.size()];
            principals.toArray(principalArr);
        }
        if (!this.policy.implies(new ProtectionDomain(this.ejbCS, null, null, principalArr), eJBMethodPermission)) {
            throw new SecurityException(new StringBuffer().append("Denied: ").append(eJBMethodPermission).append(", caller=").append(contextSubject).toString());
        }
    }
}
