[jboss-cvs] JBossAS SVN: r62561 - trunk/tomcat/src/main/org/jboss/web/tomcat/security.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Apr 25 11:13:48 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-04-25 11:13:48 -0400 (Wed, 25 Apr 2007)
New Revision: 62561
Modified:
trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossSecurityMgrRealm.java
trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccAuthorizationRealm.java
trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccContextValve.java
trunk/tomcat/src/main/org/jboss/web/tomcat/security/RunAsListener.java
trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java
trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java
Log:
JBAS-4317: security context over the invocation
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossSecurityMgrRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossSecurityMgrRealm.java 2007-04-25 15:12:07 UTC (rev 62560)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossSecurityMgrRealm.java 2007-04-25 15:13:48 UTC (rev 62561)
@@ -108,7 +108,7 @@
}
}
- private Context getSecurityContext()
+ protected Context getSecurityContext()
{
Context securityCtx = null;
// Get the JBoss security manager from the ENC context
@@ -540,32 +540,7 @@
*/
public boolean hasRole(Principal principal, String role)
{
- return super.hasRole(principal, role);
- /*
- if ((principal == null) || (role == null))
- {
- return false;
- }
- if (principal instanceof JBossGenericPrincipal)
- {
- return super.hasRole(principal, role);
- }
- JBossGenericPrincipal gp = (JBossGenericPrincipal) roleMap.get(principal);
- Set userRoles = gp.getUserRoles();
- if (userRoles != null)
- {
- Iterator iter = userRoles.iterator();
- while (iter.hasNext())
- {
- Principal p = (Principal) iter.next();
- if (role.equals(p.getName()))
- {
- return true;
- }
- }
- }
- return false;
- */
+ return super.hasRole(principal, role);
}
/**
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2007-04-25 15:12:07 UTC (rev 62560)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2007-04-25 15:13:48 UTC (rev 62561)
@@ -68,9 +68,7 @@
import org.jboss.security.auth.certs.SubjectDNMapping;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.AuthorizationException;
-import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
+import org.jboss.security.authorization.ResourceKeys;
import org.jboss.web.tomcat.security.authorization.WebResource;
//$Id$
@@ -209,12 +207,8 @@
log.trace("User: " + principal + " is authenticated");
}
securityDomain = securityMgr.getSecurityDomain();
- SecurityAssociationActions.setPrincipalInfo(principal, certs, subject);
+ SecurityAssociationActions.setPrincipalInfo(principal, certs, subject);
- //Establish the Security Context
- this.establishSecurityContext(securityDomain,
- principal, certs, subject);
-
// Get the CallerPrincipal mapping
RealmMapping realmMapping = (RealmMapping) securityCtx.lookup("realmMapping");
Principal oldPrincipal = principal;
@@ -298,12 +292,9 @@
Subject subject = new Subject();
if (securityMgr.isValid(principal, digest, subject))
{
- log.trace("User: " + username + " is authenticated");
- SecurityAssociationActions.setPrincipalInfo(principal, digest, subject);
+ log.trace("User: " + username + " is authenticated");
securityDomain = securityMgr.getSecurityDomain();
- //Establish the Security Context
- this.establishSecurityContext(securityDomain,
- principal, digest, subject);
+ SecurityAssociationActions.setPrincipalInfo(principal, digest, subject);
// Get the CallerPrincipal mapping
RealmMapping realmMapping = (RealmMapping) securityCtx.lookup("realmMapping");
@@ -389,11 +380,8 @@
if (securityMgr.isValid(principal, credentials, subject))
{
log.trace("User: " + username + " is authenticated");
- SecurityAssociationActions.setPrincipalInfo(principal, credentials, subject);
securityDomain = securityMgr.getSecurityDomain();
- //Establish the Security Context
- this.establishSecurityContext(securityDomain,
- principal, credentials, subject);
+ SecurityAssociationActions.setPrincipalInfo(principal, credentials, subject);
// Get the CallerPrincipal mapping
RealmMapping realmMapping = (RealmMapping) securityCtx.lookup("realmMapping");
Principal oldPrincipal = principal;
@@ -903,7 +891,7 @@
ae.setContextMap(contextMap);
ae.setUnderlyingException(e);
- SecurityContext sc = SecurityAssociationActions.getSecurityContext(securityDomain);
+ SecurityContext sc = SecurityAssociationActions.getSecurityContext();
if(sc != null)
{
SecurityAuditManager sam = sc.getAuditManager();
@@ -942,14 +930,5 @@
Map<String,Object> cmap = new HashMap<String,Object>();
cmap.putAll(resource.getMap());
audit(level,cmap,null);
- }
-
- //Security Context
- private void establishSecurityContext(String domain, Principal p, Object cred,
- Subject subject)
- {
- SecurityContextAssociation.setSecurityContext(SecurityContextFactory.createSecurityContext(p,cred,subject,domain));
- if(trace)
- log.trace("Established Security Context for " + domain);
- }
+ }
}
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccAuthorizationRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccAuthorizationRealm.java 2007-04-25 15:12:07 UTC (rev 62560)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccAuthorizationRealm.java 2007-04-25 15:13:48 UTC (rev 62561)
@@ -48,6 +48,7 @@
import org.jboss.logging.Logger;
import org.jboss.metadata.WebMetaData;
import org.jboss.metadata.SecurityRoleRefMetaData;
+import org.jboss.security.SubjectSecurityManager;
/** A subclass of JBossSecurityMgrRealm that peforms authorization based on
* the JACC permissions and active Policy implementation.
@@ -298,7 +299,7 @@
caller = jgp.getSubject();
//
if (trace)
- log.trace("Restoring principal info from cache");
+ log.trace("Restoring principal info from cache");
SecurityAssociationActions.setPrincipalInfo(jgp.getAuthPrincipal(),
jgp.getCredentials(), jgp.getSubject());
}
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccContextValve.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccContextValve.java 2007-04-25 15:12:07 UTC (rev 62560)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccContextValve.java 2007-04-25 15:13:48 UTC (rev 62561)
@@ -33,8 +33,11 @@
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
import org.jboss.logging.Logger;
-import org.jboss.metadata.WebMetaData;
+import org.jboss.metadata.WebMetaData;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityRolesAssociation;
+import org.jboss.security.Util;
/**
* A Valve that sets the JACC context id and HttpServletRequest policy
@@ -67,6 +70,8 @@
public void invoke(Request request, Response response)
throws IOException, ServletException
{
+ boolean createdSecurityContext = false;
+
activeCS.set(warCS);
HttpServletRequest httpRequest = (HttpServletRequest) request.getRequest();
@@ -74,8 +79,22 @@
Map principalToRoleSetMap = metaData.getPrincipalVersusRolesMap();
SecurityRolesAssociation.setSecurityRoles(principalToRoleSetMap);
if(trace)
- log.trace("MetaData:"+metaData+":principalToRoleSetMap"+principalToRoleSetMap);
+ log.trace("MetaData:"+metaData+":principalToRoleSetMap"+principalToRoleSetMap);
+ //Set the security context if one is unavailable
+ SecurityContext sc = SecurityAssociationActions.getSecurityContext();
+ if(sc == null)
+ {
+ String securityDomain = metaData.getSecurityDomain();
+ if(securityDomain == null)
+ securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
+ else
+ securityDomain = Util.unprefixSecurityDomain(securityDomain);
+ sc = SecurityAssociationActions.createSecurityContext(securityDomain);
+ SecurityAssociationActions.setSecurityContext(sc);
+ createdSecurityContext = true;
+ }
+
try
{
// Set the JACC context id
@@ -91,6 +110,10 @@
activeCS.set(null);
SecurityRolesAssociation.setSecurityRoles(null);
HttpServletRequestPolicyContextHandler.setRequest(null);
+ if(createdSecurityContext)
+ {
+ SecurityAssociationActions.clearSecurityContext();
+ }
}
}
}
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/RunAsListener.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/RunAsListener.java 2007-04-25 15:12:07 UTC (rev 62560)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/RunAsListener.java 2007-04-25 15:13:48 UTC (rev 62561)
@@ -27,6 +27,9 @@
import org.jboss.logging.Logger;
import org.jboss.metadata.WebMetaData;
import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.Util;
/**
* An InstanceListener used to push/pop the servlet run-as identity for the
@@ -69,16 +72,38 @@
log.trace(name + ", runAs: " + identity);
// Push the identity on the before init/destroy
if( type.equals(InstanceEvent.BEFORE_INIT_EVENT)
- || type.equals(InstanceEvent.BEFORE_DESTROY_EVENT) )
- {
+ || type.equals(InstanceEvent.BEFORE_DESTROY_EVENT)
+ || type.equals(InstanceEvent.BEFORE_SERVICE_EVENT) )
+ {
+ ensureSecurityContext();
SecurityAssociationActions.pushRunAsIdentity(identity);
}
// Pop the identity on the after init/destroy
else if( type.equals(InstanceEvent.AFTER_INIT_EVENT)
- || type.equals(InstanceEvent.AFTER_DESTROY_EVENT) )
+ || type.equals(InstanceEvent.AFTER_DESTROY_EVENT)
+ || type.equals(InstanceEvent.AFTER_SERVICE_EVENT))
{
+ ensureSecurityContext();
SecurityAssociationActions.popRunAsIdentity();
}
}
}
+
+ /**
+ * Ensure that a security context is present
+ */
+ private void ensureSecurityContext()
+ {
+ String securityDomain = metaData.getSecurityDomain();
+ if(securityDomain == null)
+ securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
+ else
+ securityDomain = Util.unprefixSecurityDomain(securityDomain);
+
+ if(SecurityAssociationActions.getSecurityContext() == null)
+ {
+ SecurityContext sc = SecurityAssociationActions.createSecurityContext(securityDomain);
+ SecurityAssociationActions.setSecurityContext(sc);
+ }
+ }
}
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java 2007-04-25 15:12:07 UTC (rev 62560)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java 2007-04-25 15:13:48 UTC (rev 62561)
@@ -23,15 +23,16 @@
import java.security.PrivilegedAction;
import java.security.Principal;
-import java.security.AccessController;
-import java.util.HashMap;
+import java.security.AccessController;
import javax.security.auth.Subject;
-
-import org.jboss.security.SecurityAssociation;
-import org.jboss.security.RunAsIdentity;
-import org.jboss.security.SecurityConstants;
+
+import org.jboss.security.RunAs;
+import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SubjectInfo;
+import org.jboss.security.plugins.SecurityContextAssociation;
+import org.jboss.security.plugins.SecurityContextFactory;
/** A PrivilegedAction implementation for setting the SecurityAssociation
* principal and credential
@@ -54,33 +55,31 @@
{
this.principal = principal;
this.credential = credential;
- this.subject = subject;
+ this.subject = subject;
}
public Object run()
{
- SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ SecurityContext sc = getSecurityContext();
+ if(sc == null)
+ throw new IllegalStateException("Security Context has not been set");
+
+ sc.getUtil().createSubjectInfo(principal, credential, subject);
+ //SecurityAssociation.pushSubjectContext(subject, principal, credential);
credential = null;
principal = null;
subject = null;
return null;
}
- }
- private static class SetServerAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new SetServerAction();
- public Object run()
- {
- SecurityAssociation.setServer();
- return null;
- }
- }
+ }
+
private static class ClearAction implements PrivilegedAction
{
static PrivilegedAction ACTION = new ClearAction();
public Object run()
{
- SecurityAssociation.clear();
+ //SecurityAssociation.clear();
+ SecurityContextAssociation.clearSecurityContext();
return null;
}
}
@@ -89,7 +88,12 @@
static PrivilegedAction ACTION = new GetSubjectAction();
public Object run()
{
- Subject subject = SecurityAssociation.getSubject();
+ //Subject subject = SecurityAssociation.getSubject();
+ SecurityContext sc = getSecurityContext();
+ if(sc == null)
+ throw new IllegalStateException("Security Context is null");
+ SubjectInfo si = sc.getSubjectInfo();
+ Subject subject = si != null ? si.getAuthenticatedSubject() : null;
return subject;
}
}
@@ -98,8 +102,13 @@
static PrivilegedAction ACTION = new GetPrincipalAction();
public Object run()
{
- Principal principal = SecurityAssociation.getPrincipal();
- return principal;
+ //Principal principal = SecurityAssociation.getPrincipal();
+ SecurityContext sc = getSecurityContext();
+ if(sc == null)
+ throw new IllegalStateException("Security Context is null");
+ SubjectInfo si = sc.getSubjectInfo();
+ return si != null ? si.getAuthenticationPrincipal() : null;
+ //return principal;
}
}
private static class GetCredentialAction implements PrivilegedAction
@@ -107,57 +116,17 @@
static PrivilegedAction ACTION = new GetCredentialAction();
public Object run()
{
- Object credential = SecurityAssociation.getCredential();
- return credential;
+ //Object credential = SecurityAssociation.getCredential();
+ //return credential;
+ SecurityContext sc = getSecurityContext();
+ if(sc == null)
+ throw new IllegalStateException("Security Context is null");
+ SubjectInfo si = sc.getSubjectInfo();
+ return si != null ? si.getAuthenticationCredential() : null;
}
- }
- private static class GetSecurityContextAction implements PrivilegedAction
- {
- private String securityDomain;
- GetSecurityContextAction(String sd)
- {
- this.securityDomain = sd;
- }
-
- public Object run()
- {
- String sc = SecurityConstants.SECURITY_CONTEXT;
- HashMap map = (HashMap)SecurityAssociation.getContextInfo(sc);
- if(map == null)
- {
- map = new HashMap();
- SecurityAssociation.setContextInfo(sc, map);
- }
- SecurityAssociation.setContextInfo(sc, map);
- return map.get(this.securityDomain);
- }
- }
+ }
+
- private static class SetSecurityContextAction implements PrivilegedAction
- {
- private SecurityContext securityContext;
- private String securityDomain;
- SetSecurityContextAction(SecurityContext sc, String sd)
- {
- this.securityContext = sc;
- this.securityDomain = sd;
- }
-
- public Object run()
- {
- String sc = SecurityConstants.SECURITY_CONTEXT;
- HashMap map = (HashMap)SecurityAssociation.getContextInfo(sc);
- if(map == null)
- {
- map = new HashMap();
- SecurityAssociation.setContextInfo(sc, map);
- }
- map.put(securityDomain, securityContext);
- SecurityAssociation.setContextInfo(sc, map);
- return null;
- }
- }
-
private static class PushRunAsRoleAction implements PrivilegedAction
{
RunAsIdentity principal;
@@ -167,7 +136,11 @@
}
public Object run()
{
- SecurityAssociation.pushRunAsIdentity(principal);
+ SecurityContext sc = getSecurityContext();
+ if(sc == null)
+ throw new IllegalStateException("Security Context is null");
+ sc.setRunAs(principal);
+ //SecurityAssociation.pushRunAsIdentity(principal);
return null;
}
}
@@ -177,16 +150,27 @@
static PrivilegedAction ACTION = new PopRunAsRoleAction();
public Object run()
{
- RunAsIdentity principal = SecurityAssociation.popRunAsIdentity();
+ //RunAsIdentity principal = SecurityAssociation.popRunAsIdentity();
+ SecurityContext sc = getSecurityContext();
+ if(sc == null)
+ throw new IllegalStateException("Security Context is null");
+ RunAs principal = null;
+ principal = sc.getRunAs();
+ sc.setRunAs(null);
return principal;
}
}
+
private static class GetAuthExceptionAction implements PrivilegedAction
{
static PrivilegedAction ACTION = new GetAuthExceptionAction();
public Object run()
{
- Object exception = SecurityAssociation.getContextInfo(AUTH_EXCEPTION_KEY);
+ //Object exception = SecurityAssociation.getContextInfo(AUTH_EXCEPTION_KEY);
+ SecurityContext sc = getSecurityContext();
+ if(sc == null)
+ throw new IllegalStateException("Security Context is null");
+ Object exception = sc.getData().get(AUTH_EXCEPTION_KEY) ;
return exception;
}
}
@@ -195,63 +179,74 @@
static PrivilegedAction ACTION = new ClearAuthExceptionAction();
public Object run()
{
- Object exception = SecurityAssociation.setContextInfo(AUTH_EXCEPTION_KEY, null);
- return exception;
+ //Object exception = SecurityAssociation.setContextInfo(AUTH_EXCEPTION_KEY, null);
+ SecurityContext sc = getSecurityContext();
+ if(sc == null)
+ throw new IllegalStateException("Security Context is null");
+ sc.getData().put(AUTH_EXCEPTION_KEY, null);
+ return null;
+ //return exception;
}
- }
- private static class ClearSecurityContextAction implements PrivilegedAction
- {
- private String securityDomain;
-
- public ClearSecurityContextAction(String securityDomain)
- {
- this.securityDomain = securityDomain;
- }
+ }
- public Object run()
- {
- String sc = SecurityConstants.SECURITY_CONTEXT;
- HashMap map = (HashMap)SecurityAssociation.getContextInfo(sc);
- if(map == null)
+ static void clearSecurityContext()
+ {
+ //ClearSecurityContextAction action = new ClearSecurityContextAction(securityDomain);
+ AccessController.doPrivileged(new PrivilegedAction()
+ {
+ public Object run()
{
- map = new HashMap();
- SecurityAssociation.setContextInfo(sc, map);
+ SecurityContextAssociation.clearSecurityContext();
+ return null;
}
- if(map.containsKey(securityDomain))
- map.remove(securityDomain);
-
- SecurityAssociation.setContextInfo(sc, map);
- return null;
- }
+ });
}
-
- static void clearSecurityContext(String securityDomain)
+
+ static SecurityContext getSecurityContext()
{
- ClearSecurityContextAction action = new ClearSecurityContextAction(securityDomain);
- AccessController.doPrivileged(action);
+ //GetSecurityContextAction action = new GetSecurityContextAction(securityDomain);
+ return (SecurityContext)AccessController.doPrivileged(new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return SecurityContextAssociation.getSecurityContext();
+ }
+ });
}
- static SecurityContext getSecurityContext(String securityDomain)
+ static SecurityContext createSecurityContext(final String securityDomain)
{
- GetSecurityContextAction action = new GetSecurityContextAction(securityDomain);
- return (SecurityContext)AccessController.doPrivileged(action);
+ return (SecurityContext)AccessController.doPrivileged(new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return SecurityContextFactory.createSecurityContext(securityDomain);
+ }
+ });
}
- static void setSecurityContext(SecurityContext sc, String securityDomain)
+ static void setSecurityContext(final SecurityContext sc)
{
- SetSecurityContextAction action = new SetSecurityContextAction(sc,securityDomain);
- AccessController.doPrivileged(action);
- }
+ //SetSecurityContextAction action = new SetSecurityContextAction(sc,securityDomain);
+ AccessController.doPrivileged(new PrivilegedAction()
+ {
+ public Object run()
+ {
+ SecurityContextAssociation.setSecurityContext(sc);
+ return null;
+ }
+ });
+ }
static void setPrincipalInfo(Principal principal, Object credential, Subject subject)
{
SetPrincipalInfoAction action = new SetPrincipalInfoAction(principal, credential, subject);
AccessController.doPrivileged(action);
}
- static void setServer()
+ /*static void setServer()
{
AccessController.doPrivileged(SetServerAction.ACTION);
- }
+ }*/
static void clear()
{
AccessController.doPrivileged(ClearAction.ACTION);
@@ -290,5 +285,5 @@
static void clearAuthException()
{
AccessController.doPrivileged(ClearAuthExceptionAction.ACTION);
- }
+ }
}
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java 2007-04-25 15:12:07 UTC (rev 62560)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java 2007-04-25 15:13:48 UTC (rev 62561)
@@ -38,12 +38,8 @@
import org.jboss.logging.Logger;
import org.jboss.metadata.WebMetaData;
import org.jboss.security.AuthenticationManager;
-import org.jboss.security.RunAsIdentity;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.plugins.JaasSecurityManagerServiceMBean;
-import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.plugins.JaasSecurityManagerServiceMBean;
/**
* A Valve that sets/clears the SecurityAssociation information associated with
@@ -67,10 +63,7 @@
private String subjectAttributeName = null;
/** The service used to flush authentication cache on session invalidation. */
private JaasSecurityManagerServiceMBean secMgrService;
- private boolean trace;
-
- /**No push of security context happens for non-sso case. The realm handles it.*/
- private boolean ssoCase = false;
+ private boolean trace;
public SecurityAssociationValve(WebMetaData metaData,
JaasSecurityManagerServiceMBean secMgrService)
@@ -105,14 +98,14 @@
if( trace )
log.trace("Begin invoke, caller"+caller);
// Set the active meta data
- activeWebMetaData.set(metaData);
+ activeWebMetaData.set(metaData);
+
try
{
- //Create a Security Context
- SecurityContext sc = SecurityContextFactory.createSecurityContext(metaData.getSecurityDomain());
+ Wrapper servlet = null;
try
{
- Wrapper servlet = request.getWrapper();
+ servlet = request.getWrapper();
if (servlet != null)
{
String name = servlet.getName();
@@ -122,8 +115,7 @@
if (trace)
log.trace(name + ", runAs: " + identity);
}
- SecurityAssociationActions.pushRunAsIdentity(identity);
- sc.getUtil().set(sc,SecurityConstants.RUNAS_IDENTITY_IDENTIFIER, identity);
+ SecurityAssociationActions.pushRunAsIdentity(identity);
}
userPrincipal.set(caller);
@@ -161,12 +153,7 @@
if (trace)
log.trace("Restoring principal info from cache");
SecurityAssociationActions.setPrincipalInfo(principal.getAuthPrincipal(),
- principal.getCredentials(), principal.getSubject());
- //Create a subject info
- sc.setSubjectInfo(SecurityContextFactory.createSubjectInfo(principal.getAuthPrincipal(),
- principal.getCredentials(), principal.getSubject()));
- this.ssoCase = true;
-
+ principal.getCredentials(), principal.getSubject());
}
// Put the authenticated subject in the session if requested
if (subjectAttributeName != null)
@@ -185,12 +172,13 @@
{
log.debug("Failed to determine servlet", e);
}
-
- if(!ssoCase)
- SecurityContextAssociation.setSecurityContext(sc);
+
// Perform the request
getNext().invoke(request, response);
- SecurityAssociationActions.popRunAsIdentity();
+ if(servlet != null)
+ {
+ SecurityAssociationActions.popRunAsIdentity();
+ }
/* If the security domain cache is to be kept in synch with the
session then flush the cache if the session has been invalidated.
More information about the jboss-cvs-commits
mailing list