[jboss-cvs] JBossAS SVN: r58039 - projects/security/trunk/src/main/org/jboss/security/plugins

Thu Nov 2 23:43:14 EST 2006

Author: anil.saldhana at jboss.com
Date: 2006-11-02 23:43:13 -0500 (Thu, 02 Nov 2006)
New Revision: 58039

Modified:
   projects/security/trunk/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java
Log:
SECURITY-19:Authorization Manager passes deployment level roles

Modified: projects/security/trunk/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java
===================================================================

--- projects/security/trunk/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java	2006-11-03 04:39:59 UTC (rev 58038)
+++ projects/security/trunk/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java	2006-11-03 04:43:13 UTC (rev 58039)
@@ -43,6 +43,7 @@
 import org.jboss.security.NobodyPrincipal;  
 import org.jboss.security.SecurityConstants;
 import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityRolesAssociation;
 import org.jboss.security.SimpleGroup;
 import org.jboss.security.Util;
 import org.jboss.security.authorization.AuthorizationContext;
@@ -122,7 +123,7 @@
    public boolean doesUserHaveRole(Principal principal, Set rolePrincipals)
    {
       boolean hasRole = false;
-      Group roles = this.getCurrentRoles();
+      Group roles = this.getCurrentRoles(principal);
       if( trace )
          log.trace("doesUserHaveRole(Set), roles: "+roles);
       if(roles != null)
@@ -155,7 +156,7 @@
    public boolean doesUserHaveRole(Principal principal, Principal role)
    {
       boolean hasRole = false;
-      Group roles = this.getCurrentRoles();
+      Group roles = this.getCurrentRoles(principal);
       hasRole = doesRoleGroupHaveRole(role, roles); 
       return hasRole;
    } 
@@ -170,7 +171,7 @@
     */
    public Set getUserRoles(Principal principal)
    { 
-      Group userRoles = getCurrentRoles();
+      Group userRoles = getCurrentRoles(principal);
       return this.getRolesAsSet(userRoles); 
    }  
      
@@ -291,8 +292,9 @@
    /*
     * Get the current role group from the security context or
     * the Subject
+    * @param principal The Principal in question
     */
-   private Group getCurrentRoles()
+   private Group getCurrentRoles(Principal principal)
    {
       boolean emptyContextRoles = false;
       //Check that the caller is authenticated to the current thread
@@ -324,9 +326,13 @@
          {
             Map contextMap = new HashMap();
             contextMap.put(SecurityConstants.ROLES_IDENTIFIER, userRoles);
+            contextMap.put(SecurityConstants.PRINCIPAL_IDENTIFIER, principal);
+            //Append any deployment role->principals configuration done by the user
+            contextMap.put(SecurityConstants.DEPLOYMENT_PRINCIPAL_ROLES_MAP,
+                  SecurityRolesAssociation.getSecurityRoles());
             
             //Append the principals also
-            contextMap.put(SecurityConstants.PRINCIPALS_IDENTIFIER, subject.getPrincipals());
+            contextMap.put(SecurityConstants.PRINCIPALS_SET_IDENTIFIER, subject.getPrincipals());
             if(trace)
                log.trace("Roles before mapping:"+ userRoles);
             mc.performMapping(contextMap, userRoles);


