[jboss-cvs] jboss/src/main/org/jboss/ejb/plugins ...
Anil Saldhana
anil.saldhana at jboss.com
Thu Jul 27 16:17:31 EDT 2006
User: asaldhana
Date: 06/07/27 16:17:31
Modified: src/main/org/jboss/ejb/plugins SecurityInterceptor.java
Log:
JBAS-3374: Get the context caller subject as per the behavior with the split JaasAuthenticationInterceptor and JaccAuthorizationInterceptor
Revision Changes Path
1.59 +34 -9 jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: SecurityInterceptor.java
===================================================================
RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -b -r1.58 -r1.59
--- SecurityInterceptor.java 26 Jul 2006 02:26:10 -0000 1.58
+++ SecurityInterceptor.java 27 Jul 2006 20:17:31 -0000 1.59
@@ -44,6 +44,7 @@
import java.util.Set;
import java.lang.reflect.Method;
import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContextException;
import javax.ejb.TimedObject;
import javax.ejb.Timer;
@@ -55,7 +56,7 @@
* @author <a href="mailto:Scott.Stark at jboss.org">Scott Stark</a>.
* @author <a href="mailto:Thomas.Diesler at jboss.org">Thomas Diesler</a>.
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @version $Revision: 1.58 $
+ * @version $Revision: 1.59 $
*/
public class SecurityInterceptor extends AbstractInterceptor
{
@@ -264,7 +265,7 @@
if( ejbMethod== null )
return;
// Get the caller
- Subject caller = SecurityActions.getContextSubject();
+ Subject caller = getContextCallerSubject();
final HashMap map = new HashMap();
map.put(ResourceKeys.EJB_NAME ,this.ejbName);
@@ -274,7 +275,7 @@
map.put(ResourceKeys.EJB_CODESOURCE, ejbCS);
map.put(ResourceKeys.CALLER_SUBJECT, caller);
map.put(ResourceKeys.AUTHORIZATION_MANAGER,authorizationManager);
- map.put(ResourceKeys.RUNASIDENTITY, SecurityActions.peekRunAsIdentity());
+ map.put(ResourceKeys.RUNASIDENTITY, callerRunAsIdentity);
map.put(ResourceKeys.EJB_METHODROLES, container.getMethodPermissions(ejbMethod, mi.getType()));
EJBResource ejbResource = new EJBResource(map);
boolean isAuthorized = false;
@@ -295,4 +296,28 @@
if(!isAuthorized)
throw new SecurityException(msg);
}
+
+ /**
+ * Context caller subject is used by the Jacc layer. Since the
+ * PolicyContext.getContext(Subject_Key) checks the RunAs threadlocal
+ * stack in the Security Association at a depth of 1, there is a need to
+ * push/pop the current runAsIdentity surrounding the getContextSubject
+ * call on SecurityActions
+ *
+ * @return
+ * @throws PolicyContextException
+ */
+ private Subject getContextCallerSubject() throws PolicyContextException
+ {
+ /**
+ * There is a need for current RunAsIdentity on the stack due to
+ * PolicyContext.getContext(Subject_Key) check at a depth of 1
+ * (Get the same behavior as split JaasAuthenticationInterceptor
+ * and JaccAuthorizationInterceptor)
+ */
+ SecurityActions.pushRunAsIdentity(runAsIdentity);
+ Subject caller = SecurityActions.getContextSubject();
+ SecurityActions.popRunAsIdentity();
+ return caller;
+ }
}
More information about the jboss-cvs-commits
mailing list