[jboss-cvs] JBossAS SVN: r73157 - trunk/tomcat/src/main/org/jboss/web/tomcat/security.

[jboss-cvs-commits at lists.jboss.org]

Author: anil.saldhana at jboss.com
Date: 2008-05-08 12:38:34 -0400 (Thu, 08 May 2008)
New Revision: 73157

Modified:
   trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
   trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java
Log:
JBAS-5511: establish subject for hasRole check

Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java	2008-05-08 15:47:30 UTC (rev 73156)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java	2008-05-08 16:38:34 UTC (rev 73157)
@@ -575,9 +575,16 @@
          }
          helper.setPolicyRegistration(getPolicyRegistration());
          helper.setEnableAudit(enableAudit); 
+         Subject callerSubject = SecurityAssociationActions.getSubject();
+         if(callerSubject == null)
+         {
+           //During hasResourcePermission check, catalina calls hasRole. But we have not established
+           // a subject yet in the security context. So we will get the subject from the cached principal
+           callerSubject = SecurityAssociationActions.getSubjectFromRequestPrincipal(principal); 
+         }
          
          authzDecision = helper.hasRole(roleName, principal, servletName, getPrincipalRoles(principal), 
-               PolicyContext.getContextID(), SecurityAssociationActions.getSubject());
+               PolicyContext.getContextID(), callerSubject);
       }
       boolean finalDecision = baseDecision && authzDecision; 
       if(trace)
@@ -944,4 +951,4 @@
       } 
       return policyRegistration;
    }
-}
\ No newline at end of file
+}

Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java	2008-05-08 15:47:30 UTC (rev 73156)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java	2008-05-08 16:38:34 UTC (rev 73157)
@@ -297,12 +297,27 @@
    
    static Class<?> loadClass(final String fqn) throws PrivilegedActionException
    {
-      return (Class<?>)AccessController.doPrivileged(new PrivilegedExceptionAction()
+      return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
       { 
-         public Object run() throws PrivilegedActionException, ClassNotFoundException 
+         public Class<?> run() throws PrivilegedActionException, ClassNotFoundException 
          {   
             return Thread.currentThread().getContextClassLoader().loadClass(fqn);
          }
       });
    }
-}
+   
+   static Subject getSubjectFromRequestPrincipal(final Principal userPrincipal)
+   {
+	  return AccessController.doPrivileged(new PrivilegedAction<Subject>()
+	  {
+		public Subject run() 
+		{
+		   if(userPrincipal instanceof JBossGenericPrincipal)
+		   {
+		      return ((JBossGenericPrincipal)userPrincipal).getSubject();
+		   }
+		   return null;
+		}
+	   });
+   }
+}
\ No newline at end of file