[jboss-cvs] Picketbox SVN: r473 - in branches/eap62: security-jboss-sx/jbosssx/src/main/java/org/jboss/security/jacc and 1 other directories.

Wed Oct 23 13:08:40 EDT 2013

Author: pskopek at redhat.com
Date: 2013-10-23 13:08:40 -0400 (Wed, 23 Oct 2013)
New Revision: 473

Added:
   branches/eap62/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authorization/jacc/
Modified:
   branches/eap62/
   branches/eap62/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/jacc/ContextPolicy.java
Log:
Add support for the JACC '**' role (any authenticated user).


Property changes on: branches/eap62
___________________________________________________________________
Modified: svn:mergeinfo
   - /branches/4.0.16.Final_BZ_901138:413
/branches/embargo/4.0.14.Final-JBPAPP6-1704:377
/branches/embargo/4.0.16.Final-vault:408-449
/tags/4.0.16.Final:393-407
/trunk:458,462
   + /branches/4.0.16.Final_BZ_901138:413
/branches/embargo/4.0.14.Final-JBPAPP6-1704:377
/branches/embargo/4.0.16.Final-vault:408-449
/tags/4.0.16.Final:393-407
/trunk:458,462-463

Modified: branches/eap62/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/jacc/ContextPolicy.java
===================================================================

--- branches/eap62/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/jacc/ContextPolicy.java	2013-10-23 16:34:28 UTC (rev 472)
+++ branches/eap62/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/jacc/ContextPolicy.java	2013-10-23 17:08:40 UTC (rev 473)
@@ -53,6 +53,8 @@
    /** HashMap<String, Permissions> role name to permissions mapping */
    private HashMap<String, Permissions> rolePermissions = new HashMap<String, Permissions>();
 
+   private static final String ANY_AUTHENTICATED_USER_ROLE = "**";
+
    ContextPolicy(String contextID)
    {
       this.contextID = contextID;
@@ -122,24 +124,21 @@
             principalNames.add(name);
          }
       }
-      if( principalNames.size() > 0 )
+      if (principalNames.size() == 0)
+         PicketBoxLogger.LOGGER.traceNoPrincipalsInProtectionDomain(domain);
+
+      principalNames.add(ANY_AUTHENTICATED_USER_ROLE);
+      PicketBoxLogger.LOGGER.traceProtectionDomainPrincipals(principalNames);
+      for(int n = 0; implied == false && n < principalNames.size(); n ++)
       {
-         PicketBoxLogger.LOGGER.traceProtectionDomainPrincipals(principalNames);
-         for(int n = 0; implied == false && n < principalNames.size(); n ++)
-         {
-            String name = principalNames.get(n);
-            Permissions perms = rolePermissions.get(name);
-            PicketBoxLogger.LOGGER.debugImpliesParameters(name, perms);
-            if( perms == null )
-               continue;
-            implied = perms.implies(permission);
-            PicketBoxLogger.LOGGER.debugImpliesResult(implied);
-         }
+         String name = principalNames.get(n);
+         Permissions perms = rolePermissions.get(name);
+         PicketBoxLogger.LOGGER.debugImpliesParameters(name, perms);
+         if( perms == null )
+            continue;
+         implied = perms.implies(permission);
+         PicketBoxLogger.LOGGER.debugImpliesResult(implied);
       }
-      else
-      {
-         PicketBoxLogger.LOGGER.traceNoPrincipalsInProtectionDomain(domain);
-      }
 
       return implied;
    }

