[jboss-cvs] JBossAS SVN: r57408 - branches/JEE5_TCK/tomcat/src/main/org/jboss/web/tomcat/security
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Oct 3 17:08:52 EDT 2006
Author: anil.saldhana at jboss.com
Date: 2006-10-03 17:08:52 -0400 (Tue, 03 Oct 2006)
New Revision: 57408
Modified:
branches/JEE5_TCK/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
Log:
flag to allow option to ignore the realm base decision and rely on the authorization framework only
Modified: branches/JEE5_TCK/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- branches/JEE5_TCK/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2006-10-03 21:07:05 UTC (rev 57407)
+++ branches/JEE5_TCK/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2006-10-03 21:08:52 UTC (rev 57408)
@@ -114,6 +114,11 @@
/** Should Security Audit be done **/
protected boolean enableAudit = true;
+ /** Should RealmBase Authorization decision be considered or not?
+ * false - consider, true - do not consider
+ */
+ protected boolean ignoreBaseDecision = false;
+
/**
* Set the class name of the CertificatePrincipal used for mapping X509 cert
* chains to a Princpal.
@@ -160,14 +165,18 @@
{
this.enableAudit = enableAudit;
}
+
+ public void setIgnoreBaseDecision(boolean ignoreBaseDecision)
+ {
+ this.ignoreBaseDecision = ignoreBaseDecision;
+ }
-
//*************************************************************************
// Realm.Authenticate Methods
//*************************************************************************
- /**
+/**
* Return the Principal associated with the specified chain of X509 client
* certificates. If there is none, return <code>null</code>.
*
@@ -470,8 +479,9 @@
activeRequest.set(getServletName(servlet));
}
- boolean baseDecision = super.hasResourcePermission(request,response,
- securityConstraints, context);
+ boolean baseDecision = ignoreBaseDecision ? true :
+ super.hasResourcePermission(request,response,
+ securityConstraints, context);
Subject caller = this.establishSubjectContext(request.getPrincipal());
@@ -486,7 +496,7 @@
boolean authzDecision = (permit == AuthorizationContext.PERMIT);
boolean finalDecision = baseDecision && authzDecision;
if(trace)
- log.trace("RealmBase says:" + baseDecision +
+ log.trace("hasResourcePerm:RealmBase says:" + baseDecision +
"::Authz framework says:" + authzDecision + ":final=" + finalDecision);
if( finalDecision == false )
{
@@ -534,7 +544,7 @@
}
}
- boolean baseDecision = super.hasRole(principal, role);
+ boolean baseDecision = ignoreBaseDecision ? true : super.hasRole(principal, role);
Map map = new HashMap();
map.put(ResourceKeys.ROLENAME, roleName);
map.put(ResourceKeys.HASROLE_PRINCIPAL, principal);
@@ -545,7 +555,7 @@
boolean authzDecision = (permit == AuthorizationContext.PERMIT);
boolean finalDecision = baseDecision && authzDecision;
if(trace)
- log.trace("RealmBase says:" + baseDecision +
+ log.trace("hasRole:RealmBase says:" + baseDecision +
"::Authz framework says:" + authzDecision + ":final=" + finalDecision);
return finalDecision;
More information about the jboss-cvs-commits
mailing list