[jboss-cvs] JBossAS SVN: r67970 - trunk/ejb3/src/main/org/jboss/ejb3.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Dec 5 18:24:09 EST 2007
Author: anil.saldhana at jboss.com
Date: 2007-12-05 18:24:09 -0500 (Wed, 05 Dec 2007)
New Revision: 67970
Modified:
trunk/ejb3/src/main/org/jboss/ejb3/EJBContextImpl.java
Log:
handle programmatic sec checks with no sec ctx
Modified: trunk/ejb3/src/main/org/jboss/ejb3/EJBContextImpl.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/EJBContextImpl.java 2007-12-05 23:23:30 UTC (rev 67969)
+++ trunk/ejb3/src/main/org/jboss/ejb3/EJBContextImpl.java 2007-12-05 23:24:09 UTC (rev 67970)
@@ -23,6 +23,7 @@
import java.security.Identity;
import java.security.Principal;
+import java.security.PrivilegedActionException;
import java.util.Collection;
import java.util.HashSet;
import java.util.Properties;
@@ -150,15 +151,27 @@
{
if(beanPrincipal == null)
{
+ EJBContainer ec = (EJBContainer) container;
+
Principal callerPrincipal = null;
RealmMapping rm = container.getSecurityManager(RealmMapping.class);
SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- EJBAuthorizationHelper helper = new EJBAuthorizationHelper(sc);
+ if(sc == null)
+ {
+ SecurityDomain domain =(SecurityDomain)ec.resolveAnnotation(SecurityDomain.class);
+ String unauth = domain.unauthenticatedPrincipal();
+ if(unauth != null && unauth.length() > 0)
+ if(domain.unauthenticatedPrincipal() != null)
+ callerPrincipal = new SimplePrincipal(unauth);
+ }
+ else
+ {
+ EJBAuthorizationHelper helper = new EJBAuthorizationHelper(sc);
+ callerPrincipal = helper.getCallerPrincipal(rm);
+ }
- callerPrincipal = helper.getCallerPrincipal(rm);
-
if(callerPrincipal == null)
{
//try the incoming principal
@@ -169,7 +182,6 @@
if(callerPrincipal == null)
{
- EJBContainer ec = (EJBContainer) container;
SecurityDomain domain =(SecurityDomain)ec.resolveAnnotation(SecurityDomain.class);
String unauth = domain.unauthenticatedPrincipal();
if(unauth != null && unauth.length() > 0)
@@ -196,6 +208,19 @@
public boolean isCallerInRole(String roleName)
{
EJBContainer ejbc = (EJBContainer)container;
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc == null)
+ {
+ SecurityDomain domain =(SecurityDomain)ejbc.resolveAnnotation(SecurityDomain.class);
+ try
+ {
+ sc = SecurityActions.createSecurityContext(domain.value());
+ }
+ catch (PrivilegedActionException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
// TODO: this is to slow
Set<SecurityRoleRefMetaData> roleRefs = new HashSet<SecurityRoleRefMetaData>();
JBossEnterpriseBeanMetaData eb = ejbc.getXml();
@@ -213,7 +238,6 @@
srset.add(new SecurityRoleRef(srmd.getRoleName(),srmd.getRoleLink(),null));
}
Principal principal = getCallerPrincipal();
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
EJBAuthorizationHelper helper = new EJBAuthorizationHelper(sc);
return helper.isCallerInRole(roleName,
ejbc.getEjbName(),
More information about the jboss-cvs-commits
mailing list