[jboss-cvs] JBossAS SVN: r67907 - trunk/tomcat/src/main/org/jboss/web/tomcat/security.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Tue Dec 4 14:22:41 EST 2007 

Author: anil.saldhana at jboss.com
Date: 2007-12-04 14:22:41 -0500 (Tue, 04 Dec 2007)
New Revision: 67907

Modified:
   trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
Log:
JBAS-3595: the RealmBase redirection is working for hasUserDataPermission

Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java	2007-12-04 18:52:37 UTC (rev 67906)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java	2007-12-04 19:22:41 UTC (rev 67907)
@@ -558,26 +558,25 @@
    public boolean hasUserDataPermission(Request request, Response response,
          SecurityConstraint[] constraints) throws IOException
    { 
-      Principal requestPrincipal = request.getPrincipal();
-      establishSubjectContext(requestPrincipal); 
-      Map<String,Object> map =  new HashMap<String,Object>(); 
+      boolean ok = ignoreBaseDecision ? true : super.hasUserDataPermission(request, response, constraints);
+      //If the realmbase check has passed, then we can go to authz framework
+      if(ok)
+      {
+        Principal requestPrincipal = request.getPrincipal();
+        establishSubjectContext(requestPrincipal); 
+        Map<String,Object> map =  new HashMap<String,Object>(); 
+        map.put(ResourceKeys.WEB_SECURITY_CONSTRAINTS, constraints); 
+        map.put(ResourceKeys.USERDATA_PERM_CHECK, Boolean.TRUE); 
       
-      map.put(ResourceKeys.WEB_SECURITY_CONSTRAINTS, constraints); 
-      map.put(ResourceKeys.USERDATA_PERM_CHECK, Boolean.TRUE); 
+        SecurityContext sc = SecurityAssociationActions.getSecurityContext();
+        AuthorizationManager am = getAuthorizationManager();
       
-      SecurityContext sc = SecurityAssociationActions.getSecurityContext();
-      AuthorizationManager am = getAuthorizationManager();
+        if(am == null)
+          throw new IllegalStateException("Null AuthorizationManager for SC:"+sc.getSecurityDomain());
+        WebAuthorizationHelper wah = new WebAuthorizationHelper(sc, this.enableAudit);
+        ok = wah.hasUserDataPermission(map, request, response, am);
+      }
       
-      if(am == null)
-         throw new IllegalStateException("Null AuthorizationManager for SC:"+sc.getSecurityDomain());
-      WebAuthorizationHelper wah = new WebAuthorizationHelper(sc, this.enableAudit);
-      boolean ok = wah.hasUserDataPermission(map, request, response, am);
-      
-      /* If the constraint is not valid delegate to super to redirect to the
-         ssl port if allowed
-       */
-      if( ok == false )
-         ok = super.hasUserDataPermission(request, response, constraints);
       return ok;
    }
    
@@ -907,4 +906,4 @@
       cmap.put("principal", principal);
       audit(AuditLevel.ERROR,cmap,e);
    } 
-}
\ No newline at end of file
+}

More information about the jboss-cvs-commits mailing list