[jboss-cvs] JBossAS SVN: r114757 - projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/authorization/modules/ejb.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Mar 12 06:06:53 EDT 2014
Author: soul2zimate
Date: 2014-03-12 06:06:53 -0400 (Wed, 12 Mar 2014)
New Revision: 114757
Modified:
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java
Log:
[SECURITY-804], backport for Branch_2_0
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java 2014-03-11 15:22:03 UTC (rev 114756)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java 2014-03-12 10:06:53 UTC (rev 114757)
@@ -28,12 +28,15 @@
import java.security.Principal;
import java.security.ProtectionDomain;
import java.util.Map;
+import java.util.Set;
import javax.security.auth.Subject;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import org.jboss.logging.Logger;
+import org.jboss.security.RunAs;
+import org.jboss.security.RunAsIdentity;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.Resource;
@@ -62,6 +65,7 @@
private CodeSource ejbCS = null;
private String roleName = null;
private Boolean roleRefCheck = Boolean.FALSE;
+ private RunAsIdentity callerRunAs;
public EJBJACCPolicyModuleDelegate()
{
@@ -90,6 +94,9 @@
this.ejbMethod = ejbResource.getEjbMethod();
this.ejbName = ejbResource.getEjbName();
this.methodInterface = ejbResource.getEjbMethodInterface();
+ RunAs runAs = ejbResource.getCallerRunAsIdentity();
+ if(runAs instanceof RunAsIdentity)
+ this.callerRunAs = RunAsIdentity.class.cast(runAs);
//isCallerInRole checks
this.roleName = (String)map.get(ResourceKeys.ROLENAME);
@@ -138,8 +145,17 @@
private boolean checkWithPolicy(Permission ejbPerm, Subject subject, Role role)
{
- Principal[] principals = this.getPrincipals(subject, role);
- ProtectionDomain pd = new ProtectionDomain (ejbCS, null, null, principals);
- return Policy.getPolicy().implies(pd, ejbPerm);
+ // caller is using the caller identity
+ if (this.callerRunAs == null) {
+ Principal[] principals = this.getPrincipals(subject, role);
+ ProtectionDomain pd = new ProtectionDomain(ejbCS, null, null,principals);
+ return Policy.getPolicy().implies(pd, ejbPerm);
+ }
+ // caller is using a run-as identity
+ else {
+ Set<Principal> principals = this.callerRunAs.getRunAsRoles();
+ ProtectionDomain pd = new ProtectionDomain(ejbCS, null, null, principals.toArray(new Principal[principals.size()]));
+ return Policy.getPolicy().implies(pd, ejbPerm);
+ }
}
}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list