[jboss-cvs] JBossAS SVN: r57532 - branches/JEE5_TCK/ejb3/src/main/org/jboss/ejb3/security

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Tue Oct 10 10:40:04 EDT 2006 

Author: anil.saldhana at jboss.com
Date: 2006-10-10 10:40:03 -0400 (Tue, 10 Oct 2006)
New Revision: 57532

Modified:
   branches/JEE5_TCK/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java
Log:
EJBTHREE-735:Push the RunAsIdentity on the SecurityAssociation stack

Modified: branches/JEE5_TCK/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java
===================================================================
--- branches/JEE5_TCK/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java	2006-10-10 10:19:25 UTC (rev 57531)
+++ branches/JEE5_TCK/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java	2006-10-10 14:40:03 UTC (rev 57532)
@@ -20,21 +20,12 @@
   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
   */
 package org.jboss.ejb3.security;
-
-import java.util.Set;
-import java.util.HashSet;
-import java.util.Iterator;
-
-import java.security.Principal;
-
-import javax.annotation.security.RunAs;
-import org.jboss.aop.joinpoint.Invocation;
+ 
+import org.jboss.aop.joinpoint.Invocation;  
 import org.jboss.logging.Logger;
 import org.jboss.security.AuthenticationManager;
 import org.jboss.security.RealmMapping;
-import org.jboss.security.RunAsIdentity;
-import org.jboss.security.SecurityAssociation;
-import org.jboss.security.SimplePrincipal;
+import org.jboss.security.RunAsIdentity; 
 
 /**
  * An interceptor that enforces the run-as identity declared by a bean.
@@ -50,7 +41,7 @@
    public RunAsSecurityInterceptor(AuthenticationManager manager, RealmMapping realmMapping, RunAsIdentity id)
    {
       super(manager, realmMapping);
-      this.runAsIdentity = id;
+      this.runAsIdentity = id; 
    }
 
    protected RunAsIdentity getRunAsIdentity(Invocation invocation)
@@ -60,7 +51,19 @@
 
    public Object invoke(Invocation invocation) throws Throwable
    {
-      return super.invoke(invocation);
+      try
+      { 
+         /* If a run-as role was specified, push it so that any calls made
+         by this bean will have the runAsRole available for declarative
+         security checks.
+         */
+         SecurityActions.pushRunAsIdentity(runAsIdentity);
+         return super.invoke(invocation);
+      }
+      finally
+      {
+         SecurityActions.popRunAsIdentity();  
+      }
    }
 
 }

More information about the jboss-cvs-commits mailing list