[jboss-cvs] JBossAS SVN: r70623 - in projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules: ejb and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Mar 10 10:49:32 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-03-10 10:49:31 -0400 (Mon, 10 Mar 2008)
New Revision: 70623
Modified:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractJACCModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java
Log:
remove commented out code
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractJACCModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractJACCModuleDelegate.java 2008-03-10 14:48:25 UTC (rev 70622)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractJACCModuleDelegate.java 2008-03-10 14:49:31 UTC (rev 70623)
@@ -42,36 +42,18 @@
* @version $Revision$
*/
public abstract class AbstractJACCModuleDelegate extends AuthorizationModuleDelegate
-{
+{
public abstract int authorize(Resource resource, Subject subject, RoleGroup role);
protected Principal[] getPrincipals(Subject subject, Role role)
{
Set<Principal> principalsSet = null;
- //Ignore the subject principals as the role principals are the mapped ones
- /*
- if(subject != null)
- {
- principalsSet = new HashSet<Principal>();
- principalsSet.addAll(subject.getPrincipals());
- }
- */
+
if(role != null)
{
- if(principalsSet == null)
- principalsSet = new HashSet<Principal>();
- if(role instanceof RoleGroup)
- {
- RoleGroup rg = (RoleGroup) role;
- List<Role> rolesList = rg.getRoles();
- for(Role r: rolesList)
- {
- principalsSet.add(new SimplePrincipal(r.getRoleName()));
- }
- }
- else
- principalsSet.add(new SimplePrincipal(role.getRoleName()));
+ principalsSet = getPrincipalSetFromRole(role);
}
+
Principal[] arr = null;
if(principalsSet != null)
{
@@ -80,4 +62,21 @@
}
return arr;
}
+
+ private Set<Principal> getPrincipalSetFromRole(Role role)
+ {
+ Set<Principal> principalsSet = new HashSet<Principal>();
+ if(role instanceof RoleGroup)
+ {
+ RoleGroup rg = (RoleGroup) role;
+ List<Role> rolesList = rg.getRoles();
+ for(Role r: rolesList)
+ {
+ principalsSet.add(new SimplePrincipal(r.getRoleName()));
+ }
+ }
+ else
+ principalsSet.add(new SimplePrincipal(role.getRoleName()));
+ return principalsSet;
+ }
}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java 2008-03-10 14:48:25 UTC (rev 70622)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java 2008-03-10 14:49:31 UTC (rev 70623)
@@ -62,7 +62,7 @@
private CodeSource ejbCS = null;
private String roleName = null;
private Boolean roleRefCheck = Boolean.FALSE;
- //private Group securityContextRoles = null;
+ //private Group securityContextRoles = null;
public EJBJACCPolicyModuleDelegate()
{
@@ -84,13 +84,7 @@
Map<String,Object> map = resource.getMap();
if(map == null)
throw new IllegalStateException("Map from the Resource is null");
-
- /*AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
- if(am == null)
- throw new IllegalStateException("Authorization Manager is null");
- if(am instanceof PolicyRegistration)
- this.policyRegistration = (PolicyRegistration) am;
- */
+
this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
this.ejbCS = ejbResource.getCodeSource();
@@ -98,14 +92,8 @@
this.ejbName = ejbResource.getEjbName();
this.methodInterface = ejbResource.getEjbMethodInterface();
- this.roleName = (String)map.get(ResourceKeys.ROLENAME);
- //Get the Security Context Roles
- /*if(am != null)
- {
- Principal ejbPrincipal = (Principal)map.get(ResourceKeys.EJB_PRINCIPAL);
- Set<Principal> roleset = am.getUserRoles(ejbPrincipal);
- this.securityContextRoles = getGroupFromRoleSet(roleset);
- } */
+ this.roleName = (String)map.get(ResourceKeys.ROLENAME);
+
this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK);
if(this.roleRefCheck == Boolean.TRUE)
return checkRoleRef(callerSubject, role);
@@ -148,41 +136,10 @@
return policyDecision ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
}
- /*private Principal[] getPrincipalSet(Subject callerSubject, Role role)
- {
- Principal[] principals = null;
- *//**
- * Previously, we relied on the principals in the Subject that contained
- * the roles. Now we just rely on the roles from the Security Context
- *//*
- if(trace)
- log.trace("Roles used for checking from the context:" + securityContextRoles);
- if(securityContextRoles != null )
- {
- Set<Principal> principalsSet = new HashSet<Principal>();
- Enumeration<? extends Principal> en = securityContextRoles.members();
- while(en.hasMoreElements())
- principalsSet.add(en.nextElement());
- principals = new Principal[principalsSet.size()];
- principalsSet.toArray(principals);
- }
- return principals;
- }*/
-
private boolean checkWithPolicy(Permission ejbPerm, Subject subject, Role role)
{
Principal[] principals = this.getPrincipals(subject, role);
ProtectionDomain pd = new ProtectionDomain (ejbCS, null, null, principals);
return Policy.getPolicy().implies(pd, ejbPerm);
}
-
- /*private Group getGroupFromRoleSet(Set<Principal> roleset)
- {
- Group gp = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
- for(Principal p: roleset)
- {
- gp.addMember(p);
- }
- return gp;
- }*/
}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list