[jboss-cvs] JBossAS SVN: r103354 - trunk/tomcat/src/main/java/org/jboss/web/tomcat/security.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Mar 31 14:20:29 EDT 2010
Author: anil.saldhana at jboss.com
Date: 2010-03-31 14:20:28 -0400 (Wed, 31 Mar 2010)
New Revision: 103354
Modified:
trunk/tomcat/src/main/java/org/jboss/web/tomcat/security/JBossWebRealm.java
Log:
JBAS-7881: flag to bypass jboss authz and rely on Tomcat realmbase authz only, if the admin chooses, for performance reasons
Modified: trunk/tomcat/src/main/java/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- trunk/tomcat/src/main/java/org/jboss/web/tomcat/security/JBossWebRealm.java 2010-03-31 17:47:39 UTC (rev 103353)
+++ trunk/tomcat/src/main/java/org/jboss/web/tomcat/security/JBossWebRealm.java 2010-03-31 18:20:28 UTC (rev 103354)
@@ -117,6 +117,10 @@
* false - consider, true - do not consider
*/
protected boolean ignoreBaseDecision = false;
+
+ /**
+ * Should we rely on RealmBase Authorization Check Alone? */
+ protected boolean ignoreJBossAuthorization = false;
protected static boolean securityManagerFallback = false;
@@ -176,8 +180,18 @@
public void setIgnoreBaseDecision(boolean ignoreBaseDecision)
{
this.ignoreBaseDecision = ignoreBaseDecision;
+ if( ignoreBaseDecision && ignoreJBossAuthorization )
+ throw new RuntimeException( "One of ignoreBaseDecision or ignoreJBossAuthorization should be false" );
}
+
+ public void setIgnoreJBossAuthorization(boolean ignoreJBossAuthz )
+ {
+ this.ignoreJBossAuthorization = ignoreJBossAuthz;
+ if( ignoreBaseDecision && ignoreJBossAuthorization )
+ throw new RuntimeException( "One of ignoreBaseDecision or ignoreJBossAuthorization should be false" );
+ }
+
//*************************************************************************
// Realm.Authenticate Methods
//*************************************************************************
@@ -531,6 +545,9 @@
*/
public boolean hasRole(Principal principal, String role)
{
+ if( ignoreBaseDecision && ignoreJBossAuthorization )
+ throw new RuntimeException( "One of ignoreBaseDecision or ignoreJBossAuthorization should be false" );
+
String servletName = null;
//WebProgrammaticAuthentication does not go through hasResourcePermission
//and hence the activeRequest thread local may not be set
@@ -571,7 +588,7 @@
boolean authzDecision = false;
boolean baseDecision = ignoreBaseDecision ? true : super.hasRole(principal, role);
- if (baseDecision)
+ if (baseDecision && !ignoreJBossAuthorization )
{
SecurityContext sc = SecurityAssociationActions.getSecurityContext();
@@ -613,9 +630,12 @@
public boolean hasUserDataPermission(Request request, Response response, SecurityConstraint[] constraints)
throws IOException
{
+ if( ignoreBaseDecision && ignoreJBossAuthorization )
+ throw new RuntimeException( "One of ignoreBaseDecision or ignoreJBossAuthorization should be false" );
+
boolean ok = ignoreBaseDecision ? true : super.hasUserDataPermission(request, response, constraints);
//If the realmbase check has passed, then we can go to authz framework
- if (ok)
+ if (ok && !ignoreJBossAuthorization )
{
Principal requestPrincipal = request.getPrincipal();
establishSubjectContext(requestPrincipal);
@@ -1054,4 +1074,4 @@
}
return policyRegistration;
}
-}
\ No newline at end of file
+}
More information about the jboss-cvs-commits
mailing list