Hi,
I noticed that JBoss' JACCAuthorizationManager only passes the role principals (if any) into a JACC module, as per the following code:
// create a protection domain with the user roles (or account principal if no roles are found)
final Map<String, Set<String>> principalVersusRolesMap = deployment.getDeploymentInfo().getPrincipalVersusRolesMap();
final Principal[] principals = this.getPrincipals(account, principalVersusRolesMap);
final CodeSource codeSource = servletInfo.getServletClass().getProtectionDomain().getCodeSource();
final ProtectionDomain protectionDomain = new ProtectionDomain(codeSource, null, null, principals);
If there happen to be no roles, then and only then is the caller principal passed to the JACC module.
I wonder if there was any specific idea here. The comment explicitly indicates this, so it doesn't just seem a bug. But this is quite, unusual, and also a bit confusing for a JACC module to work with.
As far as I know, no other server does this (at least GF, Payara, Geronimo, JEUS and TomEE don't do this). You always see all the principals from the Subject being passed in.
A JACC module can work around this by obtaining the subject directly using "PolicyContext.getContext("javax.security.auth.Subject.container")", but still wondering why JBoss doesn't just pass all principals here.
Any insight would be appreciated.
Kind regards,
Arjan Tijms