[jboss-cvs] JBossAS SVN: r110379 - in branches/JBPAPP_5_1/varia: src/main/org/jboss/jmx/adaptor/html and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Jan 14 12:02:40 EST 2011
Author: mmoyses
Date: 2011-01-14 12:02:40 -0500 (Fri, 14 Jan 2011)
New Revision: 110379
Added:
branches/JBPAPP_5_1/varia/src/main/org/jboss/jmx/adaptor/html/SecurityActions.java
Modified:
branches/JBPAPP_5_1/varia/build.xml
branches/JBPAPP_5_1/varia/src/main/org/jboss/jmx/adaptor/html/JMXOpsAccessControlFilter.java
Log:
JBPAPP-5690: Fixing filter to consider role mapping provider
Modified: branches/JBPAPP_5_1/varia/build.xml
===================================================================
--- branches/JBPAPP_5_1/varia/build.xml 2011-01-14 16:53:02 UTC (rev 110378)
+++ branches/JBPAPP_5_1/varia/build.xml 2011-01-14 17:02:40 UTC (rev 110379)
@@ -124,6 +124,7 @@
<path refid="jboss.jnpserver.classpath"/>
<path refid="jboss.server.classpath"/>
<path refid="jboss.jbosssx.classpath"/>
+ <path refid="jboss.jboss.security.spi.classpath"/>
</path>
<!-- ===== -->
Modified: branches/JBPAPP_5_1/varia/src/main/org/jboss/jmx/adaptor/html/JMXOpsAccessControlFilter.java
===================================================================
--- branches/JBPAPP_5_1/varia/src/main/org/jboss/jmx/adaptor/html/JMXOpsAccessControlFilter.java 2011-01-14 16:53:02 UTC (rev 110378)
+++ branches/JBPAPP_5_1/varia/src/main/org/jboss/jmx/adaptor/html/JMXOpsAccessControlFilter.java 2011-01-14 17:02:40 UTC (rev 110379)
@@ -23,17 +23,14 @@
import java.io.IOException;
import java.lang.reflect.Method;
-import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Enumeration;
-import java.util.Iterator;
import java.util.List;
import java.util.StringTokenizer;
+import java.util.Set;
+import java.util.Iterator;
+import java.security.Principal;
-import javax.security.auth.Subject;
-import javax.security.jacc.PolicyContext;
-import javax.security.jacc.PolicyContextException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -43,7 +40,6 @@
import javax.servlet.http.HttpServletResponse;
import org.jboss.logging.Logger;
-import org.jboss.security.SimpleGroup;
//$Id$
@@ -219,43 +215,33 @@
private ArrayList getSubjectRoles()
{
ArrayList alist = new ArrayList();
+
+ this.getMappedSubjectRoles(alist);
- String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
- try
- {
- Subject caller = (Subject) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
- Iterator iter = caller.getPrincipals().iterator();
- while(iter != null && iter.hasNext())
- {
- Principal p = (Principal)iter.next();
- if(p instanceof SimpleGroup)
- {
- SimpleGroup sg = (SimpleGroup)p;
- String name = sg.getName();
- if("Roles".equals(name))
- {
- Enumeration en = sg.members();
- while(en.hasMoreElements())
- {
- String role = en.nextElement().toString();
- if(role != null)
- alist.add(role);
- }
- }
- }
- }
- }
- catch (PolicyContextException e)
- {
- if(trace)
- log.trace("Error obtaining authenticated subject:",e);
- }
if(trace)
log.trace("Subject Roles="+alist);
return alist;
}
-
+ private void getMappedSubjectRoles(ArrayList alist)
+ {
+ try
+ {
+ Set role_set = SecurityActions.getSubjectRoles();
+ Iterator role_iter = role_set.iterator();
+ while(role_iter != null && role_iter.hasNext())
+ {
+ Principal p = (Principal)role_iter.next();
+ alist.add(p.getName());
+ }
+ }
+ catch (Exception e)
+ {
+ if(trace)
+ log.trace("Error obtaining mapped roles:",e);
+ }
+ }
+
/**
* Instantiate The Authorization Delegate
* @param delegateStr
Added: branches/JBPAPP_5_1/varia/src/main/org/jboss/jmx/adaptor/html/SecurityActions.java
===================================================================
--- branches/JBPAPP_5_1/varia/src/main/org/jboss/jmx/adaptor/html/SecurityActions.java (rev 0)
+++ branches/JBPAPP_5_1/varia/src/main/org/jboss/jmx/adaptor/html/SecurityActions.java 2011-01-14 17:02:40 UTC (rev 110379)
@@ -0,0 +1,52 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.jmx.adaptor.html;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.util.Set;
+
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+
+class SecurityActions
+{
+
+ static Set getSubjectRoles() {
+ Set set = null;
+ set = AccessController.doPrivileged(new PrivilegedAction<Set>()
+ {
+ public Set run() {
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ AuthorizationManager am = sc.getAuthorizationManager();
+ Principal principal = sc.getUtil().getUserPrincipal();
+
+ return am.getUserRoles(principal);
+ }
+ });
+
+ return set;
+ }
+
+}
More information about the jboss-cvs-commits
mailing list