[jboss-cvs] JBossAS SVN: r68903 - in trunk: ejb3/src/main/org/jboss/ejb3/embedded and 5 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Jan 11 15:00:10 EST 2008
Author: anil.saldhana at jboss.com
Date: 2008-01-11 15:00:10 -0500 (Fri, 11 Jan 2008)
New Revision: 68903
Added:
trunk/security/src/main/org/jboss/security/integration/web/SecurityActions.java
Removed:
trunk/tomcat/src/main/org/jboss/web/tomcat/security/authorization/
Modified:
trunk/build/build-thirdparty.xml
trunk/ejb3/src/main/org/jboss/ejb3/embedded/JaasSecurityManagerService.java
trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthorizationHelper.java
trunk/security/src/main/org/jboss/security/integration/ejb/SecurityActions.java
trunk/security/src/main/org/jboss/security/integration/web/WebAuthorizationHelper.java
trunk/security/src/main/org/jboss/security/plugins/AuthorizationManagerService.java
trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
Log:
JBAS-5129: update to JBoss Security 2.0.2.Beta3
Modified: trunk/build/build-thirdparty.xml
===================================================================
--- trunk/build/build-thirdparty.xml 2008-01-11 18:16:06 UTC (rev 68902)
+++ trunk/build/build-thirdparty.xml 2008-01-11 20:00:10 UTC (rev 68903)
@@ -98,9 +98,9 @@
<componentref name="jboss/jboss-ha-server-api" version="1.0.0.BETA2-SNAPSHOT"/>
<componentref name="jboss/jboss-jaspi-api" version="1.0-BETA1"/>
<componentref name="jboss/jboss-javaee" version="5.0.0.Beta3Update1"/>
- <componentref name="jboss/jboss-security-spi" version="2.0.2.Beta1"/>
- <componentref name="jboss/jbosssx" version="2.0.2.beta1"/>
- <componentref name="jboss/jbosssx-client" version="2.0.2.beta"/>
+ <componentref name="jboss/jboss-security-spi" version="2.0.2.Beta3"/>
+ <componentref name="jboss/jbosssx" version="2.0.2.Beta3"/>
+ <componentref name="jboss/jbosssx-client" version="2.0.2.Beta3"/>
<componentref name="jboss/jbossts" version="4.3.0.BETA2"/>
<componentref name="jboss/jboss-vfs" version="2.0.0.Beta6"/>
<componentref name="jboss/jbossws-native50" version="2.0.2.GA"/>
Modified: trunk/ejb3/src/main/org/jboss/ejb3/embedded/JaasSecurityManagerService.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/embedded/JaasSecurityManagerService.java 2008-01-11 18:16:06 UTC (rev 68902)
+++ trunk/ejb3/src/main/org/jboss/ejb3/embedded/JaasSecurityManagerService.java 2008-01-11 20:00:10 UTC (rev 68903)
@@ -114,7 +114,7 @@
*/
String securityDomainName = name.get(1);
final SecurityDomainContext ctx = new SecurityDomainContext(getSecurityManager(securityDomainName), null);
- ctx.setAuthorizationManager(new JBossAuthorizationManager(securityDomainName, new SecurityAssociationHandler()));
+ ctx.setAuthorizationManager(new JBossAuthorizationManager(securityDomainName));
return new BrainlessContext()
{
public Object lookup(Name name) throws NamingException
Modified: trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java 2008-01-11 18:16:06 UTC (rev 68902)
+++ trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java 2008-01-11 20:00:10 UTC (rev 68903)
@@ -383,11 +383,11 @@
return (AuditManager) ctr.newInstance(new Object[]{ securityDomain});
}
- private MappingManager<?> createMappingManager(String securityDomain) throws Exception
+ private MappingManager createMappingManager(String securityDomain) throws Exception
{
Class<?> clazz = SecurityActions.getContextClassLoader().loadClass(mappingMgrClass);
Constructor<?> ctr = clazz.getConstructor(new Class[] { String.class});
- return (MappingManager<?>) ctr.newInstance(new Object[]{ securityDomain});
+ return (MappingManager) ctr.newInstance(new Object[]{ securityDomain});
}
private IdentityTrustManager createIdentityTrustManager(String securityDomain) throws Exception
@@ -397,12 +397,6 @@
return (IdentityTrustManager) ctr.newInstance(new Object[]{ securityDomain});
}
- private Object createObject(String fqn) throws Exception
- {
- Class<?> clazz = SecurityActions.getContextClassLoader().loadClass(fqn);
- return clazz.newInstance();
- }
-
/** Use reflection to attempt to set the authentication cache on the
* securityMgr argument.
* @param securityMgr the security manager
Modified: trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthorizationHelper.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthorizationHelper.java 2008-01-11 18:16:06 UTC (rev 68902)
+++ trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthorizationHelper.java 2008-01-11 20:00:10 UTC (rev 68903)
@@ -28,6 +28,7 @@
import java.util.Set;
import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.RealmMapping;
@@ -38,6 +39,9 @@
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.resources.EJBResource;
+import org.jboss.security.callbacks.SecurityContextCallbackHandler;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
//$Id$
@@ -78,9 +82,10 @@
AuthorizationManager am = securityContext.getAuthorizationManager();
HashMap<String,Object> map = new HashMap<String,Object>();
- map.put(ResourceKeys.AUTHORIZATION_MANAGER, am);
+ map.put(ResourceKeys.POLICY_REGISTRATION, am);
EJBResource ejbResource = new EJBResource(map);
+ ejbResource.setPolicyContextID(PolicyContext.getContextID());
ejbResource.setCallerRunAsIdentity(callerRunAs);
ejbResource.setEjbName(ejbName);
ejbResource.setEjbMethod(ejbMethod);
@@ -89,12 +94,16 @@
ejbResource.setCodeSource(ejbCS);
ejbResource.setCallerRunAsIdentity(callerRunAs);
ejbResource.setCallerSubject(callerSubject);
- ejbResource.setMethodRoles(methodRoles);
+ //ejbResource.setMethodRoles(methodRoles);
+ ejbResource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles));
+ SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
+ RoleGroup callerRoles = am.getSubjectRoles(callerSubject, sch);
+
boolean isAuthorized = false;
try
{
- int check = am.authorize(ejbResource);
+ int check = am.authorize(ejbResource, callerSubject, callerRoles);
isAuthorized = (check == AuthorizationContext.PERMIT);
authorizationAudit((isAuthorized ? AuditLevel.SUCCESS : AuditLevel.FAILURE)
,ejbResource, null);
@@ -136,12 +145,13 @@
HashMap<String,Object> map = new HashMap<String,Object>();
- map.put(ResourceKeys.AUTHORIZATION_MANAGER,am);
+ map.put(ResourceKeys.POLICY_REGISTRATION,am);
map.put(ResourceKeys.ROLENAME, roleName);
map.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
EJBResource ejbResource = new EJBResource(map);
+ ejbResource.setPolicyContextID(PolicyContext.getContextID());
RunAs callerRunAs = securityContext.getIncomingRunAs();
@@ -150,9 +160,25 @@
ejbResource.setCallerRunAsIdentity(callerRunAs);
ejbResource.setSecurityRoleReferences(securityRoleRefs);
+ //Get the authenticated subject
+ Subject subject = null;
try
{
- int check = am.authorize(ejbResource);
+ subject = SecurityActions.getActiveSubject();
+ }
+ catch( Exception e)
+ {
+ log.trace("Exception in getting subject:",e);
+ subject = securityContext.getUtil().getSubject();
+ }
+
+ ejbResource.setCallerSubject(subject);
+ SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
+ RoleGroup callerRoles = am.getSubjectRoles(subject, sch);
+
+ try
+ {
+ int check = am.authorize(ejbResource, subject, callerRoles);
isAuthorized = (check == AuthorizationContext.PERMIT);
}
catch (Exception e)
Modified: trunk/security/src/main/org/jboss/security/integration/ejb/SecurityActions.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/ejb/SecurityActions.java 2008-01-11 18:16:06 UTC (rev 68902)
+++ trunk/security/src/main/org/jboss/security/integration/ejb/SecurityActions.java 2008-01-11 20:00:10 UTC (rev 68903)
@@ -24,7 +24,14 @@
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+
+import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.plugins.SecurityContextAssociation;
@@ -36,15 +43,15 @@
* @since May 19, 2007
* @version $Revision$
*/
-public class SecurityActions
+class SecurityActions
{
- public static Principal getCallerPrincipal(final SecurityContext securityContext)
+ static Principal getCallerPrincipal(final SecurityContext securityContext)
{
- return (Principal)AccessController.doPrivileged(new PrivilegedAction()
+ return AccessController.doPrivileged(new PrivilegedAction<Principal>()
{
- public Object run()
+ public Principal run()
{
Principal caller = null;
@@ -60,12 +67,12 @@
});
}
- public static SecurityContext getSecurityContext()
+ static SecurityContext getSecurityContext()
{
- return (SecurityContext)AccessController.doPrivileged(new PrivilegedAction()
+ return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
{
- public Object run()
+ public SecurityContext run()
{
return SecurityContextAssociation.getSecurityContext();
}
@@ -74,15 +81,25 @@
static Exception getContextException()
{
- return (Exception)AccessController.doPrivileged(new PrivilegedAction()
+ return AccessController.doPrivileged(new PrivilegedAction<Exception>()
{
static final String EX_KEY = "org.jboss.security.exception";
- public Object run()
+ public Exception run()
{
SecurityContext sc = getSecurityContext();
- return sc.getData().get(EX_KEY);
+ return (Exception) sc.getData().get(EX_KEY);
}
});
}
-
-}
+
+ static Subject getActiveSubject() throws PolicyContextException, PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Subject>()
+ {
+ public Subject run() throws Exception
+ {
+ return (Subject) PolicyContext.getContext(SecurityConstants.SUBJECT_CONTEXT_KEY);
+ }
+ });
+ }
+}
\ No newline at end of file
Added: trunk/security/src/main/org/jboss/security/integration/web/SecurityActions.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/web/SecurityActions.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/web/SecurityActions.java 2008-01-11 20:00:10 UTC (rev 68903)
@@ -0,0 +1,105 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration.web;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.plugins.SecurityContextAssociation;
+
+//$Id$
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since May 19, 2007
+ * @version $Revision$
+ */
+class SecurityActions
+{
+
+ static Principal getCallerPrincipal(final SecurityContext securityContext)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Principal>()
+ {
+
+ public Principal run()
+ {
+ Principal caller = null;
+
+ if(securityContext != null)
+ {
+ caller = securityContext.getIncomingRunAs();
+ //If there is no caller run as, use the call principal
+ if(caller == null)
+ caller = securityContext.getUtil().getUserPrincipal();
+ }
+ return caller;
+ }
+ });
+ }
+
+ static SecurityContext getSecurityContext()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
+ {
+
+ public SecurityContext run()
+ {
+ return SecurityContextAssociation.getSecurityContext();
+ }
+ });
+ }
+
+ static Exception getContextException()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Exception>()
+ {
+ static final String EX_KEY = "org.jboss.security.exception";
+ public Exception run()
+ {
+ SecurityContext sc = getSecurityContext();
+ return (Exception) sc.getData().get(EX_KEY);
+ }
+ });
+ }
+
+ static Subject getActiveSubject() throws PolicyContextException, PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Subject>()
+ {
+ public Subject run() throws Exception
+ {
+ return (Subject) PolicyContext.getContext(SecurityConstants.SUBJECT_CONTEXT_KEY);
+ }
+ });
+ }
+}
\ No newline at end of file
Modified: trunk/security/src/main/org/jboss/security/integration/web/WebAuthorizationHelper.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/web/WebAuthorizationHelper.java 2008-01-11 18:16:06 UTC (rev 68902)
+++ trunk/security/src/main/org/jboss/security/integration/web/WebAuthorizationHelper.java 2008-01-11 20:00:10 UTC (rev 68903)
@@ -28,6 +28,7 @@
import java.util.Set;
import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
@@ -37,7 +38,9 @@
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.authorization.resources.WebResource;
+import org.jboss.security.authorization.resources.WebResource;
+import org.jboss.security.callbacks.SecurityContextCallbackHandler;
+import org.jboss.security.identity.RoleGroup;
import org.jboss.security.integration.ejb.SecurityHelper;
//$Id$
@@ -65,14 +68,18 @@
boolean isAuthorized = false;
WebResource webResource = new WebResource(Collections.unmodifiableMap(contextMap));
+ webResource.setPolicyContextID(PolicyContext.getContextID());
webResource.setServletRequest(request);
webResource.setServletResponse(response);
webResource.setCallerSubject(callerSubject);
webResource.setCanonicalRequestURI(canonicalRequestURI);
+ SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
+ RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);
+
try
{
- int permit = authzMgr.authorize(webResource);
+ int permit = authzMgr.authorize(webResource, callerSubject, callerRoles);
isAuthorized = (permit == AuthorizationContext.PERMIT);
String level = (permit == AuthorizationContext.PERMIT ? AuditLevel.SUCCESS : AuditLevel.FAILURE);
if(this.enableAudit)
@@ -95,17 +102,34 @@
boolean hasTheRole = false;
Map<String,Object> map = new HashMap<String,Object>();
map.put(ResourceKeys.ROLENAME, roleName);
- map.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
- map.put(ResourceKeys.SERVLET_NAME, servletName);
+ map.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
map.put(ResourceKeys.PRINCIPAL_ROLES, principalRoles);
- map.put(ResourceKeys.AUTHORIZATION_MANAGER, authzMgr);
+ map.put(ResourceKeys.POLICY_REGISTRATION, authzMgr);
WebResource webResource = new WebResource(Collections.unmodifiableMap(map));
+ webResource.setPolicyContextID(PolicyContext.getContextID());
webResource.setPrincipal(principal);
+ webResource.setServletName(servletName);
+
+ //Get the authenticated subject
+ Subject subject = null;
try
{
- int permit = authzMgr.authorize(webResource);
+ subject = SecurityActions.getActiveSubject();
+ }
+ catch( Exception e)
+ {
+ log.trace("Exception in getting subject:",e);
+ subject = securityContext.getUtil().getSubject();
+ }
+ webResource.setCallerSubject(subject);
+ SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
+ RoleGroup callerRoles = authzMgr.getSubjectRoles(subject, sch);
+
+ try
+ {
+ int permit = authzMgr.authorize(webResource, subject, callerRoles);
hasTheRole = (permit == AuthorizationContext.PERMIT);
String level = (hasTheRole ? AuditLevel.SUCCESS : AuditLevel.FAILURE);
if(this.enableAudit)
@@ -127,14 +151,31 @@
AuthorizationManager authzMgr)
{
boolean hasPerm = false;
- contextMap.put(ResourceKeys.AUTHORIZATION_MANAGER, authzMgr);
+ contextMap.put(ResourceKeys.POLICY_REGISTRATION, authzMgr);
WebResource webResource = new WebResource(Collections.unmodifiableMap(contextMap));
+ webResource.setPolicyContextID(PolicyContext.getContextID());
webResource.setServletRequest(request);
webResource.setServletResponse(response);
+
+ //Get the authenticated subject
+ Subject subject = null;
try
{
- int permit = authzMgr.authorize(webResource);
+ subject = SecurityActions.getActiveSubject();
+ }
+ catch( Exception e)
+ {
+ log.trace("Exception in getting subject:",e);
+ subject = securityContext.getUtil().getSubject();
+ }
+ webResource.setCallerSubject(subject);
+ SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
+ RoleGroup callerRoles = authzMgr.getSubjectRoles(subject, sch);
+
+ try
+ {
+ int permit = authzMgr.authorize(webResource, subject, callerRoles);
hasPerm = (permit == AuthorizationContext.PERMIT);
String level = (hasPerm ? AuditLevel.SUCCESS : AuditLevel.FAILURE);
if(this.enableAudit)
Modified: trunk/security/src/main/org/jboss/security/plugins/AuthorizationManagerService.java
===================================================================
--- trunk/security/src/main/org/jboss/security/plugins/AuthorizationManagerService.java 2008-01-11 18:16:06 UTC (rev 68902)
+++ trunk/security/src/main/org/jboss/security/plugins/AuthorizationManagerService.java 2008-01-11 20:00:10 UTC (rev 68903)
@@ -22,16 +22,17 @@
package org.jboss.security.plugins;
import java.lang.reflect.Constructor;
-import java.lang.reflect.Method;
+import java.lang.reflect.Method;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Hashtable;
import java.util.Map;
-import java.util.Set;
-
+import java.util.Set;
+
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
+import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import org.jboss.logging.Logger;
@@ -42,8 +43,9 @@
import org.jboss.security.authorization.EntitlementHolder;
import org.jboss.security.authorization.Resource;
import org.jboss.security.identity.Identity;
+import org.jboss.security.identity.RoleGroup;
import org.jboss.system.ServiceMBeanSupport;
-import org.jboss.util.CachePolicy;
+import org.jboss.util.CachePolicy;
//$Id: AuthorizationManagerService.java 58710 2006-11-28 17:32:06Z anil.saldhana at jboss.com $
@@ -55,6 +57,7 @@
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @since Jan 3, 2006
* @version $Revision: 58710 $
+ * TODO: THIS CLASS NEEDS TO GO ASAP
*/
public class AuthorizationManagerService
extends ServiceMBeanSupport
@@ -71,6 +74,8 @@
/** The JAAS CallbackHandler interface implementation to use */
private static String callbackHandlerClassName = "org.jboss.security.auth.callback.SecurityAssociationHandler";
private static Class<?> callbackHandlerClass = SecurityAssociationHandler.class;
+
+ private RuntimeException rte = new RuntimeException("Call the method on the authorization manager");
/**
* @see AuthorizationManagerServiceMBean#setAuthorizationManagerClassName(String)
@@ -137,7 +142,7 @@
@return The Set<Principal> for the application domain roles that the
principal has been assigned.
*/
- public Set getUserRoles(Principal principal)
+ public Set<Principal> getUserRoles(Principal principal)
{
String str = "Use getAuthorizationManager method and then call getUserRoles";
throw new IllegalStateException(str);
@@ -251,17 +256,32 @@
public Group getTargetRoles(Principal targetPrincipal, Map<String, Object> contextMap)
{
- throw new RuntimeException("Not implemented");
+ throw rte;
}
public String getSecurityDomain()
{
- throw new RuntimeException("Call the method on the authorization manager");
+ throw rte;
}
public EntitlementHolder<?> entitlements(Resource resource, Identity identity)
throws AuthorizationException
{
- throw new RuntimeException("Call the method on the authorization manager");
+ throw rte;
+ }
+
+ public int authorize(Resource arg0, Subject arg1, RoleGroup arg2) throws AuthorizationException
+ {
+ throw rte;
+ }
+
+ public int authorize(Resource arg0, Subject arg1, Group arg2) throws AuthorizationException
+ {
+ throw rte;
+ }
+
+ public RoleGroup getSubjectRoles(Subject arg0, CallbackHandler arg1)
+ {
+ throw rte;
}
}
\ No newline at end of file
Modified: trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
===================================================================
--- trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2008-01-11 18:16:06 UTC (rev 68902)
+++ trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2008-01-11 20:00:10 UTC (rev 68903)
@@ -54,7 +54,6 @@
import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
-import org.jboss.security.AuthorizationManager;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityDomain;
@@ -664,8 +663,8 @@
if(deepCopySubjectMode)
setDeepCopySubjectOption(securityMgr, true);
//Set the Authorization Manager
- AuthorizationManager am = AuthorizationManagerService.newAuthorizationManager(securityDomain);
- sdc.setAuthorizationManager(am);
+ //AuthorizationManager am = AuthorizationManagerService.newAuthorizationManager(securityDomain);
+ //sdc.setAuthorizationManager(am);
}
catch(Exception e2)
{
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2008-01-11 18:16:06 UTC (rev 68902)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2008-01-11 20:00:10 UTC (rev 68903)
@@ -470,9 +470,9 @@
AuthorizationManager am = getAuthorizationManager();
Map<String,Object> contextMap = new HashMap<String,Object>();
contextMap.put(ResourceKeys.RESOURCE_PERM_CHECK, Boolean.TRUE);
- contextMap.put(ResourceKeys.AUTHORIZATION_MANAGER, am);
+ contextMap.put(ResourceKeys.POLICY_REGISTRATION, am);
- contextMap.put(ResourceKeys.WEB_SECURITY_CONSTRAINTS, securityConstraints);
+ contextMap.put("securityConstraints", securityConstraints);
WebAuthorizationHelper helper = new WebAuthorizationHelper(sc, this.enableAudit);
ok = helper.checkResourcePermission(contextMap, request, response,
@@ -570,7 +570,7 @@
Principal requestPrincipal = request.getPrincipal();
establishSubjectContext(requestPrincipal);
Map<String,Object> map = new HashMap<String,Object>();
- map.put(ResourceKeys.WEB_SECURITY_CONSTRAINTS, constraints);
+ map.put("securityConstraints", constraints);
map.put(ResourceKeys.USERDATA_PERM_CHECK, Boolean.TRUE);
SecurityContext sc = SecurityAssociationActions.getSecurityContext();
More information about the jboss-cvs-commits
mailing list