[jboss-cvs] JBossAS SVN: r81918 - in trunk/server/src: main/org/jboss/proxy and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Dec 1 14:55:43 EST 2008
Author: anil.saldhana at jboss.com
Date: 2008-12-01 14:55:43 -0500 (Mon, 01 Dec 2008)
New Revision: 81918
Added:
trunk/server/src/main/org/jboss/proxy/ejb/SecurityActions.java
trunk/server/src/main/org/jboss/proxy/ejb/SecurityContextInterceptor.java
Modified:
trunk/server/src/etc/conf/default/standardjboss.xml
trunk/server/src/main/org/jboss/proxy/SecurityActions.java
trunk/server/src/main/org/jboss/proxy/SecurityInterceptor.java
Log:
JBAS-6267: SecurityContextInterceptor to maintain compatibility with 4.2 series
Modified: trunk/server/src/etc/conf/default/standardjboss.xml
===================================================================
--- trunk/server/src/etc/conf/default/standardjboss.xml 2008-12-01 15:52:18 UTC (rev 81917)
+++ trunk/server/src/etc/conf/default/standardjboss.xml 2008-12-01 19:55:43 UTC (rev 81918)
@@ -33,6 +33,7 @@
<home>
<interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
+ <interceptor>org.jboss.proxy.ejb.SecurityContextInterceptor</interceptor>
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
<interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
<interceptor call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor>
@@ -40,6 +41,7 @@
<bean>
<interceptor>org.jboss.proxy.ejb.EntityInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
+ <interceptor>org.jboss.proxy.ejb.SecurityContextInterceptor</interceptor>
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
<interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
<interceptor call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor>
@@ -47,6 +49,7 @@
<list-entity>
<interceptor>org.jboss.proxy.ejb.ListEntityInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
+ <interceptor>org.jboss.proxy.ejb.SecurityContextInterceptor</interceptor>
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
<interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
<interceptor call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor>
@@ -64,6 +67,7 @@
<home>
<interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
+ <interceptor>org.jboss.proxy.ejb.SecurityContextInterceptor</interceptor>
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
<interceptor>org.jboss.proxy.ejb.SingleRetryInterceptor</interceptor>
<interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
@@ -72,6 +76,7 @@
<bean>
<interceptor>org.jboss.proxy.ejb.EntityInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
+ <interceptor>org.jboss.proxy.ejb.SecurityContextInterceptor</interceptor>
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
<interceptor>org.jboss.proxy.ejb.SingleRetryInterceptor</interceptor>
<interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
@@ -80,6 +85,7 @@
<list-entity>
<interceptor>org.jboss.proxy.ejb.ListEntityInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
+ <interceptor>org.jboss.proxy.ejb.SecurityContextInterceptor</interceptor>
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
<interceptor>org.jboss.proxy.ejb.SingleRetryInterceptor</interceptor>
<interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
@@ -98,6 +104,7 @@
<home>
<interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
+ <interceptor>org.jboss.proxy.ejb.SecurityContextInterceptor</interceptor>
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
<interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
<interceptor call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor>
@@ -105,6 +112,7 @@
<bean>
<interceptor>org.jboss.proxy.ejb.StatelessSessionInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
+ <interceptor>org.jboss.proxy.ejb.SecurityContextInterceptor</interceptor>
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
<interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
<interceptor call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor>
@@ -122,6 +130,7 @@
<home>
<interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
+ <interceptor>org.jboss.proxy.ejb.SecurityContextInterceptor</interceptor>
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
<interceptor>org.jboss.proxy.ejb.SingleRetryInterceptor</interceptor>
<interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
@@ -130,6 +139,7 @@
<bean>
<interceptor>org.jboss.proxy.ejb.StatelessSessionInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
+ <interceptor>org.jboss.proxy.ejb.SecurityContextInterceptor</interceptor>
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
<interceptor>org.jboss.proxy.ejb.SingleRetryInterceptor</interceptor>
<interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
@@ -148,6 +158,7 @@
<home>
<interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
+ <interceptor>org.jboss.proxy.ejb.SecurityContextInterceptor</interceptor>
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
<interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
<interceptor call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor>
@@ -155,6 +166,7 @@
<bean>
<interceptor>org.jboss.proxy.ejb.StatefulSessionInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
+ <interceptor>org.jboss.proxy.ejb.SecurityContextInterceptor</interceptor>
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
<interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
<interceptor call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor>
@@ -172,6 +184,7 @@
<home>
<interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
+ <interceptor>org.jboss.proxy.ejb.SecurityContextInterceptor</interceptor>
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
<interceptor>org.jboss.proxy.ejb.SingleRetryInterceptor</interceptor>
<interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
@@ -180,6 +193,7 @@
<bean>
<interceptor>org.jboss.proxy.ejb.StatefulSessionInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
+ <interceptor>org.jboss.proxy.ejb.SecurityContextInterceptor</interceptor>
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
<interceptor>org.jboss.proxy.ejb.SingleRetryInterceptor</interceptor>
<interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
Modified: trunk/server/src/main/org/jboss/proxy/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/proxy/SecurityActions.java 2008-12-01 15:52:18 UTC (rev 81917)
+++ trunk/server/src/main/org/jboss/proxy/SecurityActions.java 2008-12-01 19:55:43 UTC (rev 81918)
@@ -23,22 +23,19 @@
import java.security.AccessController;
import java.security.Principal;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
+import java.security.PrivilegedAction;
-import org.jboss.security.RunAs;
import org.jboss.security.SecurityAssociation;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextFactory;
+import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
/**
* Interface defining the Privileged Blocks
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Mar 5, 2007
- * @version $Revision$
+ * @author <a href="mailto:marc.fleury at jboss.org">Marc Fleury</a>
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Mar 5, 2007
+ * @version $Revision$
*/
interface SecurityActions
{
@@ -61,13 +58,12 @@
p = sc.getUtil().getUserPrincipal();
}
if(p == null && SecurityContextAssociation.isClient())
- p = SecurityAssociation.getPrincipal();
+ p = SecurityAssociation.getPrincipal();
return p;
}
public Object getCredential()
- {
- //return SecurityAssociation.getCredential();
+ {
Object cred = null;
SecurityContext sc = SecurityContextAssociation.getSecurityContext();
if(sc != null)
@@ -75,56 +71,18 @@
cred = sc.getUtil().getCredential();
}
if(cred == null && SecurityContextAssociation.isClient())
- cred = SecurityAssociation.getCredential();
+ cred = SecurityAssociation.getCredential();
return cred;
}
-
- public RunAs getCallerRunAsIdentity()
- {
- RunAs rai = null;
- //Pluck the run-as identity from the existing SC if any
- SecurityContext existingSC = getSecurityContext();
- if(existingSC != null)
- {
- rai = existingSC.getOutgoingRunAs();
- }
- return rai;
- }
- public SecurityContext getSecurityContext()
- {
- return SecurityContextAssociation.getSecurityContext();
- }
-
- public void setSecurityContext(SecurityContext sc)
- {
- SecurityContextAssociation.setSecurityContext(sc);
- }
-
- public SecurityContext createSecurityContext(Principal p, Object cred,
- String sdomain) throws Exception
- {
- return SecurityContextFactory.createSecurityContext(p,cred, null, sdomain);
- }
-
- public void setIncomingRunAs(SecurityContext sc, RunAs incomingRunAs)
- {
- sc.setOutgoingRunAs(incomingRunAs);
- }
-
- public void setOutgoingRunAs(SecurityContext sc, RunAs outgoingRunAs)
- {
- sc.setOutgoingRunAs(outgoingRunAs);
- }
};
SecurityActions PRIVILEGED = new SecurityActions()
{
- private final PrivilegedAction getPrincipalAction = new PrivilegedAction()
+ private final PrivilegedAction<Principal> getPrincipalAction = new PrivilegedAction<Principal>()
{
- public Object run()
- {
- //return SecurityAssociation.getPrincipal();
+ public Principal run()
+ {
Principal p = null;
SecurityContext sc = SecurityContextAssociation.getSecurityContext();
if(sc != null)
@@ -135,11 +93,10 @@
}
};
- private final PrivilegedAction getCredentialAction = new PrivilegedAction()
+ private final PrivilegedAction<Object> getCredentialAction = new PrivilegedAction<Object>()
{
public Object run()
- {
- //return SecurityAssociation.getCredential();
+ {
Object cred = null;
SecurityContext sc = SecurityContextAssociation.getSecurityContext();
if(sc != null)
@@ -148,115 +105,21 @@
}
return cred;
}
- };
+ };
- private final PrivilegedAction getSecurityContextAction = new PrivilegedAction()
- {
- public Object run()
- {
- return SecurityContextAssociation.getSecurityContext();
- }
- };
-
public Principal getPrincipal()
{
- return (Principal)AccessController.doPrivileged(getPrincipalAction);
+ return AccessController.doPrivileged(getPrincipalAction);
}
public Object getCredential()
{
return AccessController.doPrivileged(getCredentialAction);
}
-
- public RunAs getCallerRunAsIdentity()
- {
- return (RunAs)AccessController.doPrivileged(new PrivilegedAction(){
- public Object run()
- {
- RunAs rai = null;
- //Pluck the run-as identity from the existing SC if any
- SecurityContext existingSC = getSecurityContext();
- if(existingSC != null)
- {
- rai = existingSC.getOutgoingRunAs();
- }
- return rai;
- }});
-
- }
-
- public SecurityContext getSecurityContext()
- {
- return (SecurityContext) AccessController.doPrivileged(getSecurityContextAction);
- }
-
- public void setSecurityContext(final SecurityContext sc)
- {
- AccessController.doPrivileged(new PrivilegedAction(){
-
- public Object run()
- {
- SecurityContextAssociation.setSecurityContext(sc);
- return null;
- }});
- }
-
- public SecurityContext createSecurityContext(final Principal p, final Object cred,
- final String sdomain) throws PrivilegedActionException
- {
- return (SecurityContext) AccessController.doPrivileged(new PrivilegedExceptionAction()
- {
- public Object run() throws Exception
- {
- return SecurityContextFactory.createSecurityContext(p,cred, null, sdomain);
- }
-
- });
- }
-
- public void setIncomingRunAs(final SecurityContext sc, final RunAs incomingRunAs)
- {
- AccessController.doPrivileged(new PrivilegedAction<Object>(){
-
- public Object run()
- {
- sc.setIncomingRunAs(incomingRunAs);
- return null;
- }
- });
-
-
- }
-
- public void setOutgoingRunAs(final SecurityContext sc, final RunAs outgoingRunAs)
- {
- AccessController.doPrivileged(new PrivilegedAction<Object>(){
-
- public Object run()
- {
- sc.setOutgoingRunAs(outgoingRunAs);
- return null;
- }
- });
-
- }
};
Principal getPrincipal();
- Object getCredential();
-
- RunAs getCallerRunAsIdentity();
-
- SecurityContext createSecurityContext( Principal p, Object cred,
- String sdomain) throws Exception;
-
- SecurityContext getSecurityContext();
-
- void setSecurityContext(SecurityContext sc);
-
- public void setIncomingRunAs(SecurityContext sc, RunAs incomingRunAs);
-
- void setOutgoingRunAs(SecurityContext sc, RunAs outgoingRunAs);
+ Object getCredential();
}
Modified: trunk/server/src/main/org/jboss/proxy/SecurityInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/proxy/SecurityInterceptor.java 2008-12-01 15:52:18 UTC (rev 81917)
+++ trunk/server/src/main/org/jboss/proxy/SecurityInterceptor.java 2008-12-01 19:55:43 UTC (rev 81918)
@@ -21,12 +21,9 @@
*/
package org.jboss.proxy;
-import java.security.Principal;
+import java.security.Principal;
-import org.jboss.invocation.Invocation;
-import org.jboss.invocation.InvocationKey;
-import org.jboss.security.RunAs;
-import org.jboss.security.SecurityContext;
+import org.jboss.invocation.Invocation;
/**
* The client-side proxy for an EJB Home object.
@@ -66,50 +63,8 @@
if (credential != null)
{
invocation.setCredential(credential);
- }
-
- SecurityContext sc = sa.getSecurityContext();
- RunAs callerRAI = sa.getCallerRunAsIdentity();
- SecurityContext newSc = createSecurityContext(invocation);
- //Push the caller run-as identity onto the security context
- if(callerRAI != null)
- {
- sa.setOutgoingRunAs(newSc, callerRAI);
- sa.setIncomingRunAs(newSc, callerRAI);
- }
- /**
- * Push the security context on the invocation
- */
- invocation.setSecurityContext(newSc);
+ }
- try
- {
- return getNext().invoke(invocation);
- }
- finally
- {
- if(sc != null)
- sa.setSecurityContext(sc);
- }
+ return getNext().invoke(invocation);
}
-
- /**
- * Return loaded Security Context to be passed on the invocation
- * @param invocation invocation instance
- * @return
- */
- private SecurityContext createSecurityContext(Invocation invocation) throws Exception
- {
- SecurityActions sa = SecurityActions.UTIL.getSecurityActions();
-
- //There may be principal set on the invocation
- Principal p = invocation.getPrincipal();
- Object cred = invocation.getCredential();
-
- //Create a new SecurityContext
- String domain = (String) invocation.getInvocationContext().getValue(InvocationKey.SECURITY_DOMAIN);
- if(domain == null)
- domain = "CLIENT_PROXY";
- return sa.createSecurityContext(p,cred, domain);
- }
-}
+}
\ No newline at end of file
Added: trunk/server/src/main/org/jboss/proxy/ejb/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/proxy/ejb/SecurityActions.java (rev 0)
+++ trunk/server/src/main/org/jboss/proxy/ejb/SecurityActions.java 2008-12-01 19:55:43 UTC (rev 81918)
@@ -0,0 +1,118 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.proxy.ejb;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
+
+import org.jboss.security.RunAs;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Dec 1, 2008
+ */
+class SecurityActions
+{
+ static SecurityContext getSecurityContext()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
+ {
+ public SecurityContext run()
+ {
+ return SecurityContextAssociation.getSecurityContext();
+ }
+ });
+ }
+
+ static RunAs getCallerRunAsIdentity()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<RunAs>()
+ {
+ public RunAs run()
+ {
+ RunAs rai = null;
+ //Pluck the run-as identity from the existing SC if any
+ SecurityContext existingSC = getSecurityContext();
+ if(existingSC != null)
+ {
+ rai = existingSC.getOutgoingRunAs();
+ }
+ return rai;
+ }
+ });
+ }
+
+
+ static void setSecurityContext(final SecurityContext sc)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ SecurityContextAssociation.setSecurityContext(sc);
+ return null;
+ }
+ });
+ }
+
+ static SecurityContext createSecurityContext(final Principal p, final Object cred,
+ final String sdomain) throws Exception
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<SecurityContext>()
+ {
+ public SecurityContext run() throws Exception
+ {
+ return SecurityContextFactory.createSecurityContext(p,cred, null, sdomain);
+ }
+ });
+ }
+
+ static void setIncomingRunAs(final SecurityContext sc, final RunAs incomingRunAs)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ sc.setOutgoingRunAs(incomingRunAs);
+ return null;
+ }
+ });
+ }
+
+ static void setOutgoingRunAs(final SecurityContext sc, final RunAs outgoingRunAs)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ sc.setOutgoingRunAs(outgoingRunAs);
+ return null;
+ }
+ });
+ }
+}
\ No newline at end of file
Added: trunk/server/src/main/org/jboss/proxy/ejb/SecurityContextInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/proxy/ejb/SecurityContextInterceptor.java (rev 0)
+++ trunk/server/src/main/org/jboss/proxy/ejb/SecurityContextInterceptor.java 2008-12-01 19:55:43 UTC (rev 81918)
@@ -0,0 +1,85 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.proxy.ejb;
+
+import java.security.Principal;
+
+import org.jboss.invocation.Invocation;
+import org.jboss.invocation.InvocationKey;
+import org.jboss.proxy.Interceptor;
+import org.jboss.security.RunAs;
+import org.jboss.security.SecurityContext;
+
+/**
+ * Establishes a SecurityContext to be sent
+ * over the invocation
+ * @author Anil.Saldhana at redhat.com
+ * @since Nov 30, 2008
+ */
+public class SecurityContextInterceptor extends Interceptor
+{
+ @Override
+ public Object invoke(Invocation invocation) throws Throwable
+ {
+ SecurityContext sc = SecurityActions.getSecurityContext();
+ RunAs callerRAI = SecurityActions.getCallerRunAsIdentity();
+ SecurityContext newSc = createSecurityContext(invocation);
+ //Push the caller run-as identity onto the security context
+ if(callerRAI != null)
+ {
+ SecurityActions.setOutgoingRunAs(newSc, callerRAI);
+ SecurityActions.setIncomingRunAs(newSc, callerRAI);
+ }
+ /**
+ * Push the security context on the invocation
+ */
+ invocation.setSecurityContext(newSc);
+
+ try
+ {
+ return getNext().invoke(invocation);
+ }
+ finally
+ {
+ if(sc != null)
+ SecurityActions.setSecurityContext(sc);
+ }
+ }
+
+ /**
+ * Return loaded Security Context to be passed on the invocation
+ * @param invocation invocation instance
+ * @return
+ */
+ private SecurityContext createSecurityContext(Invocation invocation) throws Exception
+ {
+ //There may be principal set on the invocation
+ Principal p = invocation.getPrincipal();
+ Object cred = invocation.getCredential();
+
+ //Create a new SecurityContext
+ String domain = (String) invocation.getInvocationContext().getValue(InvocationKey.SECURITY_DOMAIN);
+ if(domain == null)
+ domain = "CLIENT_PROXY";
+ return SecurityActions.createSecurityContext(p,cred, domain);
+ }
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list