[jboss-cvs] JBossAS SVN: r59065 - trunk/ejb3/src/main/org/jboss/ejb3

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Fri Dec 15 16:14:52 EST 2006 

Author: anil.saldhana at jboss.com
Date: 2006-12-15 16:14:51 -0500 (Fri, 15 Dec 2006)
New Revision: 59065

Modified:
   trunk/ejb3/src/main/org/jboss/ejb3/BaseSessionContext.java
Log:
EJBTHREE-808: isCallerInRoleChecks should include security role references

Modified: trunk/ejb3/src/main/org/jboss/ejb3/BaseSessionContext.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/BaseSessionContext.java	2006-12-15 21:13:34 UTC (rev 59064)
+++ trunk/ejb3/src/main/org/jboss/ejb3/BaseSessionContext.java	2006-12-15 21:14:51 UTC (rev 59065)
@@ -27,7 +27,8 @@
 import java.io.ObjectOutput; 
 import java.security.Identity;
 import java.security.Principal;
-import java.util.HashSet;
+import java.util.HashSet; 
+import java.util.List;
 import java.util.Properties;
 import javax.ejb.EJBException;
 import javax.ejb.EJBHome;
@@ -46,11 +47,12 @@
 import javax.transaction.UserTransaction;
 import javax.xml.rpc.handler.MessageContext;
 import org.jboss.annotation.security.SecurityDomain;
-import org.jboss.aop.Advisor;
+import org.jboss.aop.Advisor; 
 import org.jboss.ejb3.security.SecurityDomainManager;
 import org.jboss.ejb3.tx.TxUtil;
 import org.jboss.ejb3.tx.UserTransactionImpl;
-import org.jboss.logging.Logger;
+import org.jboss.logging.Logger; 
+import org.jboss.metadata.SecurityRoleRefMetaData;
 import org.jboss.security.RealmMapping;
 import org.jboss.security.RunAsIdentity;
 import org.jboss.security.SecurityAssociation;
@@ -205,6 +207,19 @@
                       + "Check that a security-domain has been set for the application.";
          throw new IllegalStateException(msg);
       }
+      
+      //Ensure that you go through the security role references that may be configured
+      EJBContainer ejbc = (EJBContainer)container;
+      if(ejbc.getXml() != null)
+      {
+         List<SecurityRoleRefMetaData> securityRoleRefs = ejbc.getXml().getSecurityRoleReferences();
+         for(SecurityRoleRefMetaData srmd: securityRoleRefs)
+         {
+            String rname = srmd.getName(); 
+            if(roleName.equals(rname))
+               roleName = srmd.getLink();
+         } 
+      } 
 
       HashSet set = new HashSet();
       set.add(new SimplePrincipal(roleName));

More information about the jboss-cvs-commits mailing list