package org.apache.openejb.security.internal;

import jakarta.interceptor.AroundInvoke;
import jakarta.interceptor.InvocationContext;
import org.apache.openejb.loader.SystemInstance;
import org.apache.openejb.spi.Assembler;
import org.apache.openejb.spi.SecurityService;

/* loaded from: input_file:lib/openejb-core-9.0.0.jar:org/apache/openejb/security/internal/InternalSecurityInterceptor.class */
public class InternalSecurityInterceptor {
    public static final String OPENEJB_INTERNAL_BEANS_SECURITY_ENABLED = "openejb.internal.beans.security.enabled";
    private static final String[] ROLES = {"openejb-admin", "tomee-admin"};

    @AroundInvoke
    public Object invoke(InvocationContext invocationContext) throws Exception {
        if (SystemInstance.get().isDefaultProfile() || !SystemInstance.get().getOptions().get(OPENEJB_INTERNAL_BEANS_SECURITY_ENABLED, true)) {
            return invocationContext.proceed();
        }
        SecurityService securityService = ((Assembler) SystemInstance.get().getComponent(Assembler.class)).getSecurityService();
        for (String str : ROLES) {
            if (securityService.isCallerInRole(str)) {
                return invocationContext.proceed();
            }
        }
        throw new SecurityException("to invoke this EJB you need to get the right permission");
    }
}
