Author: bdaw Date: 2008-04-18 03:02:38 -0400 (Fri, 18 Apr 2008) New Revision: 10633 Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java Log: JBPORTAL-1990 - cache cms admin user, and use user roles cached in JACC layer Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java =================================================================== --- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java 2008-04-18 01:14:30 UTC (rev 10632) +++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java 2008-04-18 07:02:38 UTC (rev 10633) @@ -42,11 +42,16 @@ import org.jboss.portal.security.spi.provider.PermissionFactory; import org.jboss.portal.security.spi.provider.PermissionRepository; import org.jboss.portal.security.spi.provider.SecurityConfigurationException; +import org.jboss.portal.security.impl.jacc.JACCPortalPrincipal; +import javax.security.auth.Subject; +import javax.security.jacc.PolicyContext; +import javax.security.jacc.PolicyContextException; import java.util.Collection; import java.util.HashSet; import java.util.Iterator; import java.util.Set; +import java.security.Principal; /** * Created on : Jan 23, 2007 @@ -64,6 +69,8 @@ private String cmsRootUserName = null; + private User adminUser = null; + /** * */ @@ -213,23 +220,30 @@ */ public User getRoot() { - Session session = Tools.getOpenSession(); - Transaction tx = session.beginTransaction(); - try + + if (adminUser == null) { - User cmsRoot = this.userModule.findUserByUserName(this.cmsRootUserName); - tx.commit(); - return cmsRoot; + Session session = Tools.getOpenSession(); + Transaction tx = session.beginTransaction(); + try + { + adminUser = this.userModule.findUserByUserName(this.cmsRootUserName); + tx.commit(); + } + catch(Exception e) + { + tx.rollback(); + throw new RuntimeException(e); + } + finally + { + Tools.closeSession(session); + } } - catch(Exception e) - { - tx.rollback(); - throw new RuntimeException(e); - } - finally - { - Tools.closeSession(session); - } + + return adminUser; + + } /** @@ -435,17 +449,21 @@ } else { + + // in the case of LDAP use the IdentityModule // now find permissions for all the roles that this user belongs to - Set belongedRoles = this.membershipModule.getRoles(this.userModule - .findUserByUserName(userId)); + //Set belongedRoles = this.membershipModule.getRoles(this.userModule + // .findUserByUserName(userId)); + + Set belongedRoles = getCurrentRoles(); + if (belongedRoles != null) { for (Iterator itr = belongedRoles.iterator(); itr.hasNext();) { - Role role = (Role)itr.next(); - Collection rolePermissions = this.findPermissionsByRole(role - .getName()); + String role = (String)itr.next(); + Collection rolePermissions = this.findPermissionsByRole(role); if (rolePermissions != null && !rolePermissions.isEmpty()) { permissions.addAll(rolePermissions); @@ -543,4 +561,39 @@ return permissions; } + + private Set getCurrentRoles() throws PolicyContextException + { + Set<String> roles = new HashSet<String>(); + + // Get the current authenticated subject through the JACC contract + Subject subject = (Subject)PolicyContext.getContext("javax.security.auth.Subject.container"); + + if (subject != null) + { + Set tmp = subject.getPrincipals(JACCPortalPrincipal.class); + JACCPortalPrincipal pp = null; + for (Iterator i = tmp.iterator(); i.hasNext();) + { + pp = (JACCPortalPrincipal)i.next(); + if (pp != null) + { + break; + } + } + if (pp == null) + { + pp = new JACCPortalPrincipal(subject); + tmp.add(pp); + + // Lazy create all the permission containers for the given role names + for (Iterator i = pp.getRoles().iterator(); i.hasNext();) + { + Principal role = (Principal)i.next(); + roles.add(role.getName()); + } + } + } + return roles; + } }