[jboss-cvs] JBossAS SVN: r82340 - projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Wed Dec 17 07:08:12 EST 2008 

Author: wolfc
Date: 2008-12-17 07:08:12 -0500 (Wed, 17 Dec 2008)
New Revision: 82340

Modified:
   projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
Log:
EJBTHREE-1643: reinstated unauthenticatedPrincipal handling (removed in r67969)

Modified: projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
===================================================================
--- projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java	2008-12-17 11:46:18 UTC (rev 82339)
+++ projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java	2008-12-17 12:08:12 UTC (rev 82340)
@@ -40,6 +40,8 @@
 import org.jboss.security.RunAsIdentity;
 import org.jboss.security.SecurityContext;
 import org.jboss.security.SecurityUtil;
+import org.jboss.security.identity.Identity;
+import org.jboss.security.identity.plugins.SimpleIdentity;
 import org.jboss.security.javaee.EJBAuthenticationHelper;
 import org.jboss.security.javaee.SecurityHelperFactory;
 
@@ -140,9 +142,24 @@
          if(!trustedCaller)
          {
             Subject subject = new Subject();
-            //Authenticate the caller now
-            if(!helper.isValid(subject, method.getName()))
-               throw new EJBAccessException("Invalid User"); 
+            /**
+             * Special Case: Invocation has no principal set, 
+             * but an unauthenticatedPrincipal has been configured in JBoss DD
+             */
+            String unauthenticatedPrincipal = domain.unauthenticatedPrincipal();
+            if(sc.getUtil().getUserPrincipal() == null && unauthenticatedPrincipal !=null &&
+                  unauthenticatedPrincipal.length() > 0)
+            {
+               Identity unauthenticatedIdentity = new SimpleIdentity(unauthenticatedPrincipal);
+               sc.getSubjectInfo().addIdentity(unauthenticatedIdentity);
+               subject.getPrincipals().add(unauthenticatedIdentity.asPrincipal());
+            }
+            else
+            { 
+               //Authenticate the caller now
+               if(!helper.isValid(subject, method.getName()))
+                  throw new EJBAccessException("Invalid User"); 
+            }
             helper.pushSubjectContext(subject);
          }
          else

More information about the jboss-cvs-commits mailing list