[jboss-cvs] JBossAS SVN: r58039 - projects/security/trunk/src/main/org/jboss/security/plugins
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Nov 2 23:43:14 EST 2006
Author: anil.saldhana at jboss.com
Date: 2006-11-02 23:43:13 -0500 (Thu, 02 Nov 2006)
New Revision: 58039
Modified:
projects/security/trunk/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java
Log:
SECURITY-19:Authorization Manager passes deployment level roles
Modified: projects/security/trunk/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java
===================================================================
--- projects/security/trunk/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java 2006-11-03 04:39:59 UTC (rev 58038)
+++ projects/security/trunk/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java 2006-11-03 04:43:13 UTC (rev 58039)
@@ -43,6 +43,7 @@
import org.jboss.security.NobodyPrincipal;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityRolesAssociation;
import org.jboss.security.SimpleGroup;
import org.jboss.security.Util;
import org.jboss.security.authorization.AuthorizationContext;
@@ -122,7 +123,7 @@
public boolean doesUserHaveRole(Principal principal, Set rolePrincipals)
{
boolean hasRole = false;
- Group roles = this.getCurrentRoles();
+ Group roles = this.getCurrentRoles(principal);
if( trace )
log.trace("doesUserHaveRole(Set), roles: "+roles);
if(roles != null)
@@ -155,7 +156,7 @@
public boolean doesUserHaveRole(Principal principal, Principal role)
{
boolean hasRole = false;
- Group roles = this.getCurrentRoles();
+ Group roles = this.getCurrentRoles(principal);
hasRole = doesRoleGroupHaveRole(role, roles);
return hasRole;
}
@@ -170,7 +171,7 @@
*/
public Set getUserRoles(Principal principal)
{
- Group userRoles = getCurrentRoles();
+ Group userRoles = getCurrentRoles(principal);
return this.getRolesAsSet(userRoles);
}
@@ -291,8 +292,9 @@
/*
* Get the current role group from the security context or
* the Subject
+ * @param principal The Principal in question
*/
- private Group getCurrentRoles()
+ private Group getCurrentRoles(Principal principal)
{
boolean emptyContextRoles = false;
//Check that the caller is authenticated to the current thread
@@ -324,9 +326,13 @@
{
Map contextMap = new HashMap();
contextMap.put(SecurityConstants.ROLES_IDENTIFIER, userRoles);
+ contextMap.put(SecurityConstants.PRINCIPAL_IDENTIFIER, principal);
+ //Append any deployment role->principals configuration done by the user
+ contextMap.put(SecurityConstants.DEPLOYMENT_PRINCIPAL_ROLES_MAP,
+ SecurityRolesAssociation.getSecurityRoles());
//Append the principals also
- contextMap.put(SecurityConstants.PRINCIPALS_IDENTIFIER, subject.getPrincipals());
+ contextMap.put(SecurityConstants.PRINCIPALS_SET_IDENTIFIER, subject.getPrincipals());
if(trace)
log.trace("Roles before mapping:"+ userRoles);
mc.performMapping(contextMap, userRoles);
More information about the jboss-cvs-commits
mailing list