You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ad...@apache.org on 2004/07/29 22:54:43 UTC
cvs commit: incubator-geronimo/modules/security/src/java/org/apache/geronimo/security ContextManager.java
adc 2004/07/29 13:54:43
Modified: modules/security/src/java/org/apache/geronimo/security
ContextManager.java
Log:
Added utility method to obtain the thread's identifying principal.
Revision Changes Path
1.8 +49 -2 incubator-geronimo/modules/security/src/java/org/apache/geronimo/security/ContextManager.java
Index: ContextManager.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/security/src/java/org/apache/geronimo/security/ContextManager.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- ContextManager.java 10 Mar 2004 09:59:25 -0000 1.7
+++ ContextManager.java 29 Jul 2004 20:54:43 -0000 1.8
@@ -22,7 +22,6 @@
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.Subject;
import javax.security.jacc.EJBRoleRefPermission;
-
import java.io.Serializable;
import java.security.AccessControlContext;
import java.security.AccessControlException;
@@ -34,6 +33,7 @@
import java.util.Hashtable;
import java.util.IdentityHashMap;
import java.util.Map;
+import java.util.Set;
/**
@@ -245,6 +245,53 @@
}
return result;
+ }
+
+ /**
+ * Obtain the thread's identifying principal.
+ * <p/>
+ * Clients should use <code>Subject.doAs*</code> to associate a Subject
+ * with the thread's call stack. It is this Subject that will be used for
+ * authentication checks.
+ * <p/>
+ * It will first attempt to return a <code>IdentificationPrincipal</code>.
+ * This kind of principal is inserted into a subject if one uses one of
+ * the Geronimo LoginModules. It is a secure id that identifies the Subject.
+ * <p/>
+ * If there is no <code>IdentificationPrincipal</code>, it will attempt to
+ * return an instance <code>PrimaryRealmPrincipal</code>.
+ * <p/>
+ * If there is no <code>PrimaryRealmPrincipal</code>, it will attempt to
+ * return an instance <code>RealmPrincipal</code>.
+ * <p/>
+ * If there is no <code>RealmPrincipal</code>, it will attempt to
+ * return an instance <code>Principal</code>.
+ *
+ * @return the principal that identifies the Subject of this thread.
+ * @see Subject#doAs(javax.security.auth.Subject, java.security.PrivilegedAction)
+ * @see Subject#doAs(javax.security.auth.Subject, java.security.PrivilegedExceptionAction)
+ * @see Subject#doAsPrivileged(javax.security.auth.Subject, java.security.PrivilegedAction, java.security.AccessControlContext)
+ * @see Subject#doAsPrivileged(javax.security.auth.Subject, java.security.PrivilegedExceptionAction, java.security.AccessControlContext)
+ */
+ public static Principal getThreadPrincipal() {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) sm.checkPermission(GET_CONTEXT);
+
+ Subject subject = Subject.getSubject(AccessController.getContext());
+ if (subject != null) {
+ Set set = subject.getPrincipals(IdentificationPrincipal.class);
+ if (!set.isEmpty()) return (Principal) set.iterator().next();
+
+ set = subject.getPrincipals(PrimaryRealmPrincipal.class);
+ if (!set.isEmpty()) return (Principal) set.iterator().next();
+
+ set = subject.getPrincipals(RealmPrincipal.class);
+ if (!set.isEmpty()) return (Principal) set.iterator().next();
+
+ set = subject.getPrincipals();
+ if (!set.isEmpty()) return (Principal) set.iterator().next();
+ }
+ return null;
}
public static String getAlgorithm() {