[jboss-cvs] JBossAS SVN: r73157 - trunk/tomcat/src/main/org/jboss/web/tomcat/security.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu May 8 12:38:35 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-05-08 12:38:34 -0400 (Thu, 08 May 2008)
New Revision: 73157
Modified:
trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java
Log:
JBAS-5511: establish subject for hasRole check
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2008-05-08 15:47:30 UTC (rev 73156)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2008-05-08 16:38:34 UTC (rev 73157)
@@ -575,9 +575,16 @@
}
helper.setPolicyRegistration(getPolicyRegistration());
helper.setEnableAudit(enableAudit);
+ Subject callerSubject = SecurityAssociationActions.getSubject();
+ if(callerSubject == null)
+ {
+ //During hasResourcePermission check, catalina calls hasRole. But we have not established
+ // a subject yet in the security context. So we will get the subject from the cached principal
+ callerSubject = SecurityAssociationActions.getSubjectFromRequestPrincipal(principal);
+ }
authzDecision = helper.hasRole(roleName, principal, servletName, getPrincipalRoles(principal),
- PolicyContext.getContextID(), SecurityAssociationActions.getSubject());
+ PolicyContext.getContextID(), callerSubject);
}
boolean finalDecision = baseDecision && authzDecision;
if(trace)
@@ -944,4 +951,4 @@
}
return policyRegistration;
}
-}
\ No newline at end of file
+}
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java 2008-05-08 15:47:30 UTC (rev 73156)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java 2008-05-08 16:38:34 UTC (rev 73157)
@@ -297,12 +297,27 @@
static Class<?> loadClass(final String fqn) throws PrivilegedActionException
{
- return (Class<?>)AccessController.doPrivileged(new PrivilegedExceptionAction()
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
{
- public Object run() throws PrivilegedActionException, ClassNotFoundException
+ public Class<?> run() throws PrivilegedActionException, ClassNotFoundException
{
return Thread.currentThread().getContextClassLoader().loadClass(fqn);
}
});
}
-}
+
+ static Subject getSubjectFromRequestPrincipal(final Principal userPrincipal)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Subject>()
+ {
+ public Subject run()
+ {
+ if(userPrincipal instanceof JBossGenericPrincipal)
+ {
+ return ((JBossGenericPrincipal)userPrincipal).getSubject();
+ }
+ return null;
+ }
+ });
+ }
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list