[jboss-cvs] JBossAS SVN: r57408 - branches/JEE5_TCK/tomcat/src/main/org/jboss/web/tomcat/security

[jboss-cvs-commits at lists.jboss.org]

Author: anil.saldhana at jboss.com
Date: 2006-10-03 17:08:52 -0400 (Tue, 03 Oct 2006)
New Revision: 57408

Modified:
   branches/JEE5_TCK/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
Log:
flag to allow option to ignore the realm base decision and rely on the authorization framework only

Modified: branches/JEE5_TCK/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- branches/JEE5_TCK/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java	2006-10-03 21:07:05 UTC (rev 57407)
+++ branches/JEE5_TCK/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java	2006-10-03 21:08:52 UTC (rev 57408)
@@ -114,6 +114,11 @@
    /** Should Security Audit be done **/
    protected boolean enableAudit = true;
    
+   /** Should RealmBase Authorization decision be considered or not?
+    * false - consider, true - do not consider
+    */
+   protected boolean ignoreBaseDecision = false;
+   
    /**
     * Set the class name of the CertificatePrincipal used for mapping X509 cert
     * chains to a Princpal.
@@ -160,14 +165,18 @@
    {
       this.enableAudit = enableAudit;
    } 
+
+   public void setIgnoreBaseDecision(boolean ignoreBaseDecision) 
+   {
+	  this.ignoreBaseDecision = ignoreBaseDecision;
+   } 
    
-   
    //*************************************************************************
    //   Realm.Authenticate Methods
    //************************************************************************* 
 
 
-   /**
+/**
     * Return the Principal associated with the specified chain of X509 client
     * certificates.  If there is none, return <code>null</code>.
     *
@@ -470,8 +479,9 @@
          activeRequest.set(getServletName(servlet));
       }
       
-      boolean baseDecision =  super.hasResourcePermission(request,response,
-            securityConstraints, context);  
+      boolean baseDecision =  ignoreBaseDecision ? true :
+                   super.hasResourcePermission(request,response, 
+                                      securityConstraints, context);  
       
       Subject caller = this.establishSubjectContext(request.getPrincipal());
 
@@ -486,7 +496,7 @@
       boolean authzDecision = (permit == AuthorizationContext.PERMIT);
       boolean finalDecision = baseDecision && authzDecision; 
       if(trace)
-         log.trace("RealmBase says:" + baseDecision + 
+         log.trace("hasResourcePerm:RealmBase says:" + baseDecision + 
                "::Authz framework says:" + authzDecision + ":final=" + finalDecision); 
       if( finalDecision == false )
       {
@@ -534,7 +544,7 @@
          }
       }  
        
-      boolean baseDecision = super.hasRole(principal, role); 
+      boolean baseDecision = ignoreBaseDecision ? true : super.hasRole(principal, role); 
       Map map =  new HashMap(); 
       map.put(ResourceKeys.ROLENAME, roleName);
       map.put(ResourceKeys.HASROLE_PRINCIPAL, principal);
@@ -545,7 +555,7 @@
       boolean authzDecision = (permit == AuthorizationContext.PERMIT);
       boolean finalDecision = baseDecision && authzDecision; 
       if(trace)
-         log.trace("RealmBase says:" + baseDecision + 
+         log.trace("hasRole:RealmBase says:" + baseDecision + 
                "::Authz framework says:" + authzDecision + ":final=" + finalDecision); 
        
       return finalDecision;