Author: anil.saldhana(a)jboss.com Date: 2011-04-18 12:37:07 -0400 (Mon, 18 Apr 2011) New Revision: 894 Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java Log: PLFED-178: pass sc to the JBoss Authz Mgr Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2011-04-18 15:54:20 UTC (rev 893) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2011-04-18 16:37:07 UTC (rev 894) @@ -71,6 +71,17 @@ } }); } + + static SecurityContext getSecurityContext() + { + return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() + { + public SecurityContext run() + { + return SecurityContextAssociation.getSecurityContext(); + } + }); + } /** * Get the {@link Subject} from the {@link SecurityContextAssociation} * @return authenticated subject or null Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java 2011-04-18 15:54:20 UTC (rev 893) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java 2011-04-18 16:37:07 UTC (rev 894) @@ -35,7 +35,9 @@ import javax.xml.ws.handler.MessageContext; import org.jboss.security.AuthorizationManager; +import org.jboss.security.SecurityContext; import org.jboss.security.SimplePrincipal; +import org.jboss.security.callbacks.SecurityContextCallbackHandler; import org.jboss.wsf.spi.invocation.SecurityAdaptor; import org.picketlink.identity.federation.core.exceptions.ProcessingException; import org.picketlink.trust.jbossws.util.JBossWSSERoleExtractor; @@ -104,9 +106,11 @@ Set<Principal> expectedRoles = rolesSet(roles); if(!authorizationManager.doesUserHaveRole(principal, expectedRoles )) { + SecurityContext sc = SecurityActions.getSecurityContext(); StringBuilder builder = new StringBuilder("Authorization Failed:Principal="); builder.append(principal).append(":Expected Roles=").append(expectedRoles); - builder.append("::Actual Roles=").append(authorizationManager.getSubjectRoles(subject,null)); + SecurityContextCallbackHandler scbh = new SecurityContextCallbackHandler(sc); + builder.append("::Actual Roles=").append(authorizationManager.getSubjectRoles(subject,scbh)); log.error(builder.toString() ); throw new RuntimeException("Authorization Failed");