[jboss-cvs] Picketlink SVN: r894 - trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Apr 18 12:37:07 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-04-18 12:37:07 -0400 (Mon, 18 Apr 2011)
New Revision: 894
Modified:
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java
Log:
PLFED-178: pass sc to the JBoss Authz Mgr
Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2011-04-18 15:54:20 UTC (rev 893)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2011-04-18 16:37:07 UTC (rev 894)
@@ -71,6 +71,17 @@
}
});
}
+
+ static SecurityContext getSecurityContext()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
+ {
+ public SecurityContext run()
+ {
+ return SecurityContextAssociation.getSecurityContext();
+ }
+ });
+ }
/**
* Get the {@link Subject} from the {@link SecurityContextAssociation}
* @return authenticated subject or null
Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java 2011-04-18 15:54:20 UTC (rev 893)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java 2011-04-18 16:37:07 UTC (rev 894)
@@ -35,7 +35,9 @@
import javax.xml.ws.handler.MessageContext;
import org.jboss.security.AuthorizationManager;
+import org.jboss.security.SecurityContext;
import org.jboss.security.SimplePrincipal;
+import org.jboss.security.callbacks.SecurityContextCallbackHandler;
import org.jboss.wsf.spi.invocation.SecurityAdaptor;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.trust.jbossws.util.JBossWSSERoleExtractor;
@@ -104,9 +106,11 @@
Set<Principal> expectedRoles = rolesSet(roles);
if(!authorizationManager.doesUserHaveRole(principal, expectedRoles ))
{
+ SecurityContext sc = SecurityActions.getSecurityContext();
StringBuilder builder = new StringBuilder("Authorization Failed:Principal=");
builder.append(principal).append(":Expected Roles=").append(expectedRoles);
- builder.append("::Actual Roles=").append(authorizationManager.getSubjectRoles(subject,null));
+ SecurityContextCallbackHandler scbh = new SecurityContextCallbackHandler(sc);
+ builder.append("::Actual Roles=").append(authorizationManager.getSubjectRoles(subject,scbh));
log.error(builder.toString() );
throw new RuntimeException("Authorization Failed");
More information about the jboss-cvs-commits
mailing list