[jboss-cvs] JBossAS SVN: r80839 - trunk/messaging/src/main/org/jboss/jms/server/jbosssx.

Wed Nov 12 00:42:36 EST 2008

Author: anil.saldhana at jboss.com
Date: 2008-11-12 00:42:35 -0500 (Wed, 12 Nov 2008)
New Revision: 80839

Modified:
   trunk/messaging/src/main/org/jboss/jms/server/jbosssx/JBossASSecurityMetadataStore.java
Log:
JBAS-5988: privileged block

Modified: trunk/messaging/src/main/org/jboss/jms/server/jbosssx/JBossASSecurityMetadataStore.java
===================================================================

--- trunk/messaging/src/main/org/jboss/jms/server/jbosssx/JBossASSecurityMetadataStore.java	2008-11-12 05:40:19 UTC (rev 80838)
+++ trunk/messaging/src/main/org/jboss/jms/server/jbosssx/JBossASSecurityMetadataStore.java	2008-11-12 05:42:35 UTC (rev 80839)
@@ -21,7 +21,9 @@
  */
 package org.jboss.jms.server.jbosssx;
 
+import java.security.AccessController;
 import java.security.Principal;
+import java.security.PrivilegedAction;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
@@ -222,7 +224,7 @@
       }
    }
 
-   public boolean authorize(String user, Set rolePrincipals, CheckType checkType)
+   public boolean authorize(String user, final Set rolePrincipals, CheckType checkType)
    {
       if (trace)
       {
@@ -236,13 +238,18 @@
          return (checkType.equals(CheckType.READ) || checkType.equals(CheckType.WRITE));
       }
 
-      Principal principal = user == null ? null : new SimplePrincipal(user);
+      final Principal principal = user == null ? null : new SimplePrincipal(user);
       if (securityManagement == null)
          throw new SecurityException("SecurityManagement has not been set");
-      AuthorizationManager authorizationManager = securityManagement.getAuthorizationManager(securityDomain);
+      final AuthorizationManager authorizationManager = securityManagement.getAuthorizationManager(securityDomain);
       if (authorizationManager == null)
          throw new SecurityException("AuthorizationManager is null for domain=" + securityDomain);
-      boolean hasRole = authorizationManager.doesUserHaveRole(principal, rolePrincipals);
+      boolean hasRole = AccessController.doPrivileged(new PrivilegedAction<Boolean>()
+      {
+         public Boolean run()
+         {
+             return authorizationManager.doesUserHaveRole(principal, rolePrincipals);
+         }});
 
       if (trace)
       {


