[jboss-cvs] JBossAS SVN: r58442 - trunk/tomcat/src/main/org/jboss/web/tomcat/security
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Nov 16 01:28:16 EST 2006
Author: anil.saldhana at jboss.com
Date: 2006-11-16 01:28:15 -0500 (Thu, 16 Nov 2006)
New Revision: 58442
Modified:
trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccContextValve.java
Log:
merge from JEE_TCK branch -r 57088:HEAD
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2006-11-16 06:27:24 UTC (rev 58441)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2006-11-16 06:28:15 UTC (rev 58442)
@@ -114,6 +114,11 @@
/** Should Security Audit be done **/
protected boolean enableAudit = true;
+ /** Should RealmBase Authorization decision be considered or not?
+ * false - consider, true - do not consider
+ */
+ protected boolean ignoreBaseDecision = false;
+
/**
* Set the class name of the CertificatePrincipal used for mapping X509 cert
* chains to a Princpal.
@@ -160,14 +165,18 @@
{
this.enableAudit = enableAudit;
}
+
+ public void setIgnoreBaseDecision(boolean ignoreBaseDecision)
+ {
+ this.ignoreBaseDecision = ignoreBaseDecision;
+ }
-
//*************************************************************************
// Realm.Authenticate Methods
//*************************************************************************
- /**
+/**
* Return the Principal associated with the specified chain of X509 client
* certificates. If there is none, return <code>null</code>.
*
@@ -470,8 +479,9 @@
activeRequest.set(getServletName(servlet));
}
- boolean baseDecision = super.hasResourcePermission(request,response,
- securityConstraints, context);
+ boolean baseDecision = ignoreBaseDecision ? true :
+ super.hasResourcePermission(request,response,
+ securityConstraints, context);
Subject caller = this.establishSubjectContext(request.getPrincipal());
@@ -486,7 +496,7 @@
boolean authzDecision = (permit == AuthorizationContext.PERMIT);
boolean finalDecision = baseDecision && authzDecision;
if(trace)
- log.trace("RealmBase says:" + baseDecision +
+ log.trace("hasResourcePerm:RealmBase says:" + baseDecision +
"::Authz framework says:" + authzDecision + ":final=" + finalDecision);
if( finalDecision == false )
{
@@ -534,7 +544,7 @@
}
}
- boolean baseDecision = super.hasRole(principal, role);
+ boolean baseDecision = ignoreBaseDecision ? true : super.hasRole(principal, role);
Map map = new HashMap();
map.put(ResourceKeys.ROLENAME, roleName);
map.put(ResourceKeys.HASROLE_PRINCIPAL, principal);
@@ -545,7 +555,7 @@
boolean authzDecision = (permit == AuthorizationContext.PERMIT);
boolean finalDecision = baseDecision && authzDecision;
if(trace)
- log.trace("RealmBase says:" + baseDecision +
+ log.trace("hasRole:RealmBase says:" + baseDecision +
"::Authz framework says:" + authzDecision + ":final=" + finalDecision);
return finalDecision;
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccContextValve.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccContextValve.java 2006-11-16 06:27:24 UTC (rev 58441)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccContextValve.java 2006-11-16 06:28:15 UTC (rev 58442)
@@ -23,6 +23,8 @@
import java.io.IOException;
import java.security.CodeSource;
+import java.util.Map;
+
import javax.security.jacc.PolicyContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -31,6 +33,8 @@
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
import org.jboss.logging.Logger;
+import org.jboss.metadata.WebMetaData;
+import org.jboss.security.SecurityRolesAssociation;
/**
* A Valve that sets the JACC context id and HttpServletRequest policy
@@ -49,14 +53,16 @@
private String contextID;
/** The web app deployment code source */
private CodeSource warCS;
+ private WebMetaData metaData;
private boolean trace;
- public JaccContextValve(String contextID, CodeSource cs)
+ public JaccContextValve(WebMetaData wmd, CodeSource cs)
{
- this.contextID = contextID;
+ this.metaData = wmd;
+ this.contextID = metaData.getJaccContextID();
this.warCS = cs;
this.trace = log.isTraceEnabled();
- }
+ }
public void invoke(Request request, Response response)
throws IOException, ServletException
@@ -64,6 +70,12 @@
activeCS.set(warCS);
HttpServletRequest httpRequest = (HttpServletRequest) request.getRequest();
+ //Set the customized rolename-principalset mapping in jboss-app.xml
+ Map principalToRoleSetMap = metaData.getPrincipalVersusRolesMap();
+ SecurityRolesAssociation.setSecurityRoles(principalToRoleSetMap);
+ if(trace)
+ log.trace("MetaData:"+metaData+":principalToRoleSetMap"+principalToRoleSetMap);
+
try
{
// Set the JACC context id
@@ -77,7 +89,7 @@
{
SecurityAssociationActions.clear();
activeCS.set(null);
+ SecurityRolesAssociation.setSecurityRoles(null);
}
- }
-
+ }
}
More information about the jboss-cvs-commits
mailing list