[jboss-cvs] JBossAS SVN: r58050 - branches/JEE5_TCK/ejb3/src/main/org/jboss/ejb3/security

[jboss-cvs-commits at lists.jboss.org]

Author: anil.saldhana at jboss.com
Date: 2006-11-03 00:01:42 -0500 (Fri, 03 Nov 2006)
New Revision: 58050

Modified:
   branches/JEE5_TCK/ejb3/src/main/org/jboss/ejb3/security/JaccHelper.java
Log:
EJBTHREE-776:consider RunAsIdentity of caller

Modified: branches/JEE5_TCK/ejb3/src/main/org/jboss/ejb3/security/JaccHelper.java
===================================================================
--- branches/JEE5_TCK/ejb3/src/main/org/jboss/ejb3/security/JaccHelper.java	2006-11-03 05:00:45 UTC (rev 58049)
+++ branches/JEE5_TCK/ejb3/src/main/org/jboss/ejb3/security/JaccHelper.java	2006-11-03 05:01:42 UTC (rev 58050)
@@ -28,6 +28,8 @@
 import java.security.Policy;
 import java.security.Principal;
 import java.security.ProtectionDomain;
+import java.util.ArrayList;
+import java.util.Iterator;
 import java.util.Set;
 
 import javax.annotation.security.DeclareRoles;
@@ -48,6 +50,7 @@
 import org.jboss.ejb3.EJBContainer;
 import org.jboss.logging.Logger;
 import org.jboss.security.RealmMapping; 
+import org.jboss.security.RunAsIdentity;
 
 /**
  * JACC Helper class that created permissions as well as done the checks
@@ -298,22 +301,32 @@
          Policy policy = Policy.getPolicy();
          // Get the caller
          Subject caller = SecurityActions.getContextSubject();
+  
+         RunAsIdentity rai = SecurityActions.peekRunAsIdentity();
 
          Principal[] principals = null;
-         /*if (caller != null)
+         if(rai != null)
          {
-            // Get the caller principals
-            Set principalsSet = caller.getPrincipals();
-            principals = new Principal[principalsSet.size()];
-            principalsSet.toArray(principals);
-         }*/
+            Set runAsRoles = rai.getRunAsRoles();
+            principals = new Principal[runAsRoles.size()];
+            runAsRoles.toArray(principals); 
+         }
+         else
+         {
+            /*if (caller != null)
+            {
+               // Get the caller principals
+               Set principalsSet = caller.getPrincipals();
+               principals = new Principal[principalsSet.size()];
+               principalsSet.toArray(principals);
+            }*/
+            //Get the current roles from the Authorization Manager
+            Principal callerP = SecurityActions.getCallerPrincipal();
+            Set principalSet = realmMapping.getUserRoles(callerP);
+            principals = new Principal[principalSet.size()];
+            principalSet.toArray(principals);
+         } 
          
-         //Get the current roles from the Authorization Manager
-         Principal callerP = SecurityActions.getCallerPrincipal();
-         Set principalSet = realmMapping.getUserRoles(callerP);
-         principals = new Principal[principalSet.size()];
-         principalSet.toArray(principals);
-
          ProtectionDomain pd = new ProtectionDomain(ejbCS, null, null, principals);
          if (policy.implies(pd, methodPerm) == false)
          {