[jboss-cvs] Picketbox SVN: r333 - in trunk/security-jboss-sx/jbosssx/src: test/java/org/jboss/test and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Aug 9 18:20:00 EDT 2012
Author: sguilhen at redhat.com
Date: 2012-08-09 18:20:00 -0400 (Thu, 09 Aug 2012)
New Revision: 333
Modified:
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/AbstractServerLoginModule.java
trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/DelegatingPolicyTestCase.java
Log:
SECURITY-680: fixed AbstractServerLM.commit() to only create a caller principal group if the call to getRoleSets() didn't do it first.
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/AbstractServerLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/AbstractServerLoginModule.java 2012-07-10 15:56:58 UTC (rev 332)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/AbstractServerLoginModule.java 2012-08-09 22:20:00 UTC (rev 333)
@@ -22,27 +22,17 @@
package org.jboss.security.auth.spi;
-import java.lang.reflect.Constructor;
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Arrays;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
+import org.jboss.security.*;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
+import java.lang.reflect.Constructor;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.*;
-import org.jboss.security.NestableGroup;
-import org.jboss.security.PicketBoxLogger;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SimpleGroup;
-import org.jboss.security.SimplePrincipal;
-
/**
* This class implements the common functionality required for a JAAS
* server side LoginModule and implements the JBossSX standard Subject usage
@@ -228,15 +218,7 @@
Set<Principal> principals = subject.getPrincipals();
Principal identity = getIdentity();
principals.add(identity);
- // add the CallerPrincipal group
- Group callerGroup = getCallerPrincipalGroup(principals);
- if (callerGroup == null)
- {
- callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
- callerGroup.addMember(identity);
- principals.add(callerGroup);
- }
- // add other role groups
+ // add role groups returned by getRoleSets.
Group[] roleSets = getRoleSets();
for(int g = 0; g < roleSets.length; g ++)
{
@@ -260,7 +242,15 @@
subjectGroup.addMember(role);
}
}
- return true;
+ // add the CallerPrincipal group if none has been added in getRoleSets
+ Group callerGroup = getCallerPrincipalGroup(principals);
+ if (callerGroup == null)
+ {
+ callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
+ callerGroup.addMember(identity);
+ principals.add(callerGroup);
+ }
+ return true;
}
/** Method to abort the authentication process (phase 2).
Modified: trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/DelegatingPolicyTestCase.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/DelegatingPolicyTestCase.java 2012-07-10 15:56:58 UTC (rev 332)
+++ trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/DelegatingPolicyTestCase.java 2012-08-09 22:20:00 UTC (rev 333)
@@ -21,23 +21,6 @@
*/
package org.jboss.test;
-import java.lang.reflect.Constructor;
-import java.security.AccessControlContext;
-import java.security.AccessControlException;
-import java.security.AccessController;
-import java.security.CodeSource;
-import java.security.Policy;
-import java.security.Principal;
-import java.security.PrivilegedAction;
-import java.security.ProtectionDomain;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.jacc.EJBMethodPermission;
-import javax.security.jacc.PolicyConfiguration;
-import javax.security.jacc.PolicyConfigurationFactory;
-import javax.security.jacc.PolicyContext;
-
import junit.extensions.TestSetup;
import junit.framework.Test;
import junit.framework.TestCase;
@@ -48,6 +31,15 @@
import org.jboss.security.jacc.DelegatingPolicy;
import org.jboss.security.jacc.SubjectPolicyContextHandler;
+import javax.security.auth.Subject;
+import javax.security.jacc.EJBMethodPermission;
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyConfigurationFactory;
+import javax.security.jacc.PolicyContext;
+import java.lang.reflect.Constructor;
+import java.security.*;
+import java.util.Set;
+
public class DelegatingPolicyTestCase extends TestCase
{
private static Logger log = Logger.getLogger(DelegatingPolicyTestCase.class);
@@ -153,6 +145,8 @@
pc = pcf.getPolicyConfiguration("context-a", true);
pc.addToUncheckedPolicy(someEJB);
sysPolicy.refresh();
+
+ PolicyContext.setContextID("context-a");
EJBMethodPermission methodX = new EJBMethodPermission("someEJB", "methodX,,int");
// This perm should be denied since the policy config has not been comitted
boolean implied = sysPolicy.implies(null, methodX);
@@ -187,7 +181,7 @@
AccessControlContext acc = new AccessControlContext(new AccessControlContext(pds),
new SubjectDomainCombiner(caller));
*/
-
+ PolicyContext.setContextID("context-a");
Boolean allowed = Subject.doAsPrivileged(caller, new PrivilegedAction<Boolean>()
{
public Boolean run()
More information about the jboss-cvs-commits
mailing list