[jboss-cvs] JBossAS SVN: r80949 - projects/security/security-spi/trunk/spi/src/main/org/jboss/security.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Nov 13 15:31:17 EST 2008
Author: anil.saldhana at jboss.com
Date: 2008-11-13 15:31:16 -0500 (Thu, 13 Nov 2008)
New Revision: 80949
Modified:
projects/security/security-spi/trunk/spi/src/main/org/jboss/security/SecurityContextAssociation.java
Log:
SECURITY-323: add perm checks
Modified: projects/security/security-spi/trunk/spi/src/main/org/jboss/security/SecurityContextAssociation.java
===================================================================
--- projects/security/security-spi/trunk/spi/src/main/org/jboss/security/SecurityContextAssociation.java 2008-11-13 20:12:26 UTC (rev 80948)
+++ projects/security/security-spi/trunk/spi/src/main/org/jboss/security/SecurityContextAssociation.java 2008-11-13 20:31:16 UTC (rev 80949)
@@ -42,6 +42,15 @@
private static SecurityContext securityContext = null;
+ private static RuntimePermission SetSecurityContextPermission =
+ new RuntimePermission("org.jboss.security.setSecurityContext");
+
+ private static RuntimePermission GetSecurityContextPermission =
+ new RuntimePermission("org.jboss.security.getSecurityContext");
+
+ private static RuntimePermission ClearSecurityContextPermission =
+ new RuntimePermission("org.jboss.security.clearSecurityContext");
+
/**
* Flag to indicate whether threads that are spawned inherit the security context from parent
* Set this to false if you do not want inheritance. By default the context is inherited.
@@ -88,6 +97,10 @@
public static void setSecurityContext(SecurityContext sc)
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(SetSecurityContextPermission);
+
if(!SERVER)
securityContext = sc;
else
@@ -101,6 +114,10 @@
public static SecurityContext getSecurityContext()
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(GetSecurityContextPermission);
+
if(!SERVER)
return securityContext;
@@ -109,6 +126,10 @@
public static void clearSecurityContext()
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(ClearSecurityContextPermission);
+
if(!SERVER)
securityContext = null;
else
More information about the jboss-cvs-commits
mailing list