[wildfly-dev] JACCAuthorizationManager only passes roles or caller (not both) to JACC module

[arjan tijms]

Hi,

I noticed that JBoss' JACCAuthorizationManager only passes the role
principals (if any) into a JACC module, as per the following code:

// create a protection domain with the user roles (or account principal if
no roles are found)
        final Map<String, Set<String>> principalVersusRolesMap =
deployment.getDeploymentInfo().getPrincipalVersusRolesMap();
        final Principal[] principals = this.getPrincipals(account,
principalVersusRolesMap);
        final CodeSource codeSource =
servletInfo.getServletClass().getProtectionDomain().getCodeSource();
        final ProtectionDomain protectionDomain = new
ProtectionDomain(codeSource, null, null, principals);

If there happen to be no roles, then and only then is the caller principal
passed to the JACC module.

I wonder if there was any specific idea here. The comment explicitly
indicates this, so it doesn't just seem a bug. But this is quite, unusual,
and also a bit confusing for a JACC module to work with.

As far as I know, no other server does this (at least GF, Payara, Geronimo,
JEUS and TomEE don't do this). You always see all the principals from the
Subject being passed in.

A JACC module can work around this by obtaining the subject directly using
"PolicyContext.getContext("javax.security.auth.Subject.container")", but
still wondering why JBoss doesn't just pass all principals here.

Any insight would be appreciated.

Kind regards,
Arjan Tijms
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20160820/f40efa3c/attachment.html