[jboss-svn-commits] JBL Code SVN: r21460 - in labs/jbossesb/workspace/dbevenius/security/product: rosetta/tests/src/org/jboss/internal/soa/esb/services/security and 1 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Tue Aug 12 07:34:44 EDT 2008
Author: beve
Date: 2008-08-12 07:34:44 -0400 (Tue, 12 Aug 2008)
New Revision: 21460
Modified:
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/SimpleSLSB.java
Log:
Added support for runAs so that the role is propagated to the appserver.
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java 2008-08-12 09:18:47 UTC (rev 21459)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java 2008-08-12 11:34:44 UTC (rev 21460)
@@ -32,6 +32,7 @@
import org.apache.log4j.Logger;
import org.jboss.internal.soa.esb.assertion.AssertArgument;
+import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityAssociation;
import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.common.Configuration;
@@ -111,6 +112,7 @@
AssertArgument.isNotNull(config, "config");
LoginContext loginContext;
+ final String runAs = config.getRunAs();
try
{
final EsbCallbackHandler callbackHandler = createCallbackHandler(config, authRequest);
@@ -129,7 +131,7 @@
loginContext.login();
// add a runAs group if specified
- addRunAs(config, securityContext.getSubject());
+ addRunAs(runAs, securityContext.getSubject());
}
catch (final LoginException e)
{
@@ -137,7 +139,15 @@
}
final Subject subject = securityContext.getSubject();
- SecurityAssociation.pushSubjectContext(subject, getPrincipal(subject), null);
+ final Principal principal = getPrincipal(subject);
+ // associate the subject with jboss security
+ SecurityAssociation.pushSubjectContext(subject, principal, subject.getPublicCredentials());
+
+ // associate the runAs role with jboss security
+ if ( runAs != null )
+ {
+ SecurityAssociation.pushRunAsIdentity(new RunAsIdentity(runAs, principal.getName()));
+ }
}
private Principal getPrincipal( final Subject subject)
@@ -155,8 +165,14 @@
*/
public boolean isCallerInRole( final Subject subject, final Principal role)
{
- return subject.getPrincipals().contains(role);
- }
+ Set<java.security.acl.Group> principals = subject.getPrincipals(java.security.acl.Group.class);
+ for (java.security.acl.Group group : principals)
+ {
+ if ( group.isMember(role) )
+ return true;
+ }
+ return false;
+ }
/**
*
@@ -267,9 +283,8 @@
}
}
- private void addRunAs( final SecurityConfig config, final Subject subject )
+ private void addRunAs( final String runAs, final Subject subject )
{
- final String runAs = config.getRunAs();
if ( runAs != null )
{
final Role runAsRole = new Role(runAs);
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java 2008-08-12 09:18:47 UTC (rev 21459)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java 2008-08-12 11:34:44 UTC (rev 21460)
@@ -118,8 +118,6 @@
SecurityConfig configInfo = SecurityConfig.createSecurityInfo(roleName, null, "SuccessfulLogin", null);
SecurityContext context = new SecurityContext(subject);
service.authenticate(configInfo, context, null);
- Subject subject = new Subject();
- subject.getPrincipals().add(new Role(roleName));
assertTrue( service.isCallerInRole(subject, new Role(roleName)));
}
Modified: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/SimpleSLSB.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/SimpleSLSB.java 2008-08-12 09:18:47 UTC (rev 21459)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/SimpleSLSB.java 2008-08-12 11:34:44 UTC (rev 21460)
@@ -30,6 +30,7 @@
@Stateless
@SecurityDomain("OpenSSOLogin")
+ at DeclareRoles("adminRole")
public class SimpleSLSB implements SimpleRemote
{
@Resource SessionContext ctx;
More information about the jboss-svn-commits
mailing list