[jboss-cvs] JBossAS SVN: r58839 - trunk/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates

Mon Dec 4 13:08:17 EST 2006

Author: anil.saldhana at jboss.com
Date: 2006-12-04 13:08:16 -0500 (Mon, 04 Dec 2006)
New Revision: 58839

Modified:
   trunk/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebJACCPolicyModuleDelegate.java
Log:
merge fro JEE_TCK branch -r 57088:HEAD

Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebJACCPolicyModuleDelegate.java
===================================================================

--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebJACCPolicyModuleDelegate.java	2006-12-04 14:40:50 UTC (rev 58838)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebJACCPolicyModuleDelegate.java	2006-12-04 18:08:16 UTC (rev 58839)
@@ -41,6 +41,7 @@
 import org.apache.catalina.connector.Response;
 import org.apache.catalina.deploy.SecurityConstraint;
 import org.jboss.logging.Logger;
+import org.jboss.security.AuthorizationManager;
 import org.jboss.security.authorization.AuthorizationContext;
 import org.jboss.security.authorization.PolicyRegistration;
 import org.jboss.security.authorization.Resource;
@@ -61,6 +62,7 @@
 public class WebJACCPolicyModuleDelegate extends AuthorizationModuleDelegate
 {   
    private Policy policy = Policy.getPolicy();
+   private AuthorizationManager authorizationManager;
 
    public WebJACCPolicyModuleDelegate()
    {  
@@ -80,6 +82,11 @@
 
       if(map.size() == 0)
          throw new IllegalStateException("Map from the Resource is size zero");
+      //Get the Authorization Manager
+      authorizationManager = (AuthorizationManager)map.get(ResourceKeys.AUTHORIZATION_MANAGER);
+      if(authorizationManager == null)
+         throw new IllegalStateException("Authorization Manager is null");
+      
       //Get the Catalina Request Object
       Request request = (Request)map.get(ResourceKeys.WEB_REQUEST);
       Response response = (Response)map.get(ResourceKeys.WEB_RESPONSE);
@@ -163,6 +170,7 @@
    {  
       // Get the caller principals, its null if there is no caller
       Principal[] principals = null;
+      /*
       if( caller != null )
       {
          if( trace )
@@ -170,7 +178,17 @@
          Set principalsSet = caller.getPrincipals();
          principals = new Principal[principalsSet.size()];
          principalsSet.toArray(principals);
+      }*/
+      
+      //Previously we relied on principals in the subject. Now we use
+      //the security context roles
+      if(authorizationManager != null)
+      { 
+         Set<Principal> roleset = authorizationManager.getUserRoles(requestPrincpal);
+         principals = new Principal[roleset.size()];
+         roleset.toArray(principals); 
       }
+      
       return checkSecurityAssociation(perm, principals);
    }
    
@@ -235,7 +253,7 @@
    }
 
    /**
-    * Perform hasRole check
+    * Perform hasRole check 
     * @param principal
     * @param role
     * @param roles


