You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by rm...@apache.org on 2012/10/17 01:26:51 UTC
svn commit: r1399044 - in /openejb/trunk/openejb:
container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java
Author: rmannibucau
Date: Tue Oct 16 23:26:51 2012
New Revision: 1399044
URL: http://svn.apache.org/viewvc?rev=1399044&view=rev
Log:
TOMEE-475 iscallerinrole doesn't work in tomee
Modified:
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java
Modified: openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java?rev=1399044&r1=1399043&r2=1399044&view=diff
==============================================================================
--- openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java (original)
+++ openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java Tue Oct 16 23:26:51 2012
@@ -337,8 +337,8 @@ public abstract class AbstractSecuritySe
protected final static class SecurityContext {
- private final Subject subject;
- private final AccessControlContext acc;
+ public final Subject subject;
+ public final AccessControlContext acc;
public SecurityContext(final Subject subject) {
this.subject = subject;
Modified: openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java?rev=1399044&r1=1399043&r2=1399044&view=diff
==============================================================================
--- openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java (original)
+++ openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java Tue Oct 16 23:26:51 2012
@@ -19,9 +19,12 @@ package org.apache.tomee.catalina;
import org.apache.catalina.Engine;
import org.apache.catalina.Realm;
+import org.apache.catalina.Role;
import org.apache.catalina.Server;
import org.apache.catalina.Service;
+import org.apache.catalina.realm.GenericPrincipal;
import org.apache.openejb.BeanContext;
+import org.apache.openejb.core.ThreadContext;
import org.apache.openejb.core.security.AbstractSecurityService;
import org.apache.openejb.spi.CallerPrincipal;
import org.apache.tomee.loader.TomcatHelper;
@@ -59,6 +62,36 @@ public class TomcatSecurityService exten
}
}
+ @Override
+ public boolean isCallerInRole(final String role) {
+ if (super.isCallerInRole(role)) {
+ return true;
+ }
+
+ final ThreadContext threadContext = ThreadContext.getThreadContext();
+ final SecurityContext securityContext = threadContext.get(SecurityContext.class);
+ final Set<TomcatUser> users = securityContext.subject.getPrincipals(TomcatUser.class);
+ for (final TomcatUser user : users) {
+ final Principal pcp = user.getTomcatPrincipal();
+ if (pcp instanceof GenericPrincipal) {
+ for (String r : ((GenericPrincipal) pcp).getRoles()) {
+ if(r.equals(role)) {
+ return true;
+ }
+ }
+ } else if (pcp instanceof org.apache.catalina.Group) {
+ if (((org.apache.catalina.Group) pcp).getGroupname().equals(role)) {
+ return true;
+ }
+ } else if (pcp instanceof Role) {
+ if (((Role) pcp).getRolename().equals(role)) {
+ return true;
+ }
+ } // else ?
+ }
+ return false;
+ }
+
public UUID login(String realmName, String username, String password) throws LoginException {
if (defaultRealm == null) {
throw new LoginException("No Tomcat realm available");