diff options
author | lresende <lresende@13f79535-47bb-0310-9956-ffa450edef68> | 2009-07-27 22:29:00 +0000 |
---|---|---|
committer | lresende <lresende@13f79535-47bb-0310-9956-ffa450edef68> | 2009-07-27 22:29:00 +0000 |
commit | 778d2391361cdcc62538d7f26e400e6b3d27e984 (patch) | |
tree | e165fccce5db63c5b74f1809a7e9d897f1db2765 /branches/sca-java-1.x/modules/policy-security-http/src/main | |
parent | 5865816a3a1066fe90c4ef143de39c481a3ec8b1 (diff) |
Properly registering authenticated caler with geronimo context manager to find what are the current user roles
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@798311 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'branches/sca-java-1.x/modules/policy-security-http/src/main')
-rw-r--r-- | branches/sca-java-1.x/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/branches/sca-java-1.x/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java b/branches/sca-java-1.x/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java index 07ccd78123..47af843eb4 100644 --- a/branches/sca-java-1.x/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java +++ b/branches/sca-java-1.x/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java @@ -19,12 +19,15 @@ package org.apache.tuscany.sca.policy.security.http; +import java.security.AccessControlContext; import java.util.List; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginContext; +import javax.security.jacc.WebRoleRefPermission; +import org.apache.geronimo.security.ContextManager; import org.apache.tuscany.sca.invocation.Interceptor; import org.apache.tuscany.sca.invocation.Invoker; import org.apache.tuscany.sca.invocation.Message; @@ -58,7 +61,7 @@ public class LDAPRealmAuthenticationInterceptor implements Interceptor { public Message invoke(Message msg) { Subject subject = null; Subject authenticatedSubject = null; - + try { // Perform user authentication LDAPRealmAuthenticationPolicy authenticationPolicy = authenticationPolicies.get(0); @@ -76,6 +79,7 @@ public class LDAPRealmAuthenticationInterceptor implements Interceptor { LoginContext geronimoLoginContext = ContextManager.login(authenticationPolicy.getRealmConfigurationName(), callbackHandler); authenticatedSubject = geronimoLoginContext.getSubject(); + ContextManager.setCallers(authenticatedSubject, authenticatedSubject); if (authenticatedSubject != null) { //TODO: add authenticated subject to the msg header ? } @@ -87,9 +91,14 @@ public class LDAPRealmAuthenticationInterceptor implements Interceptor { if(authorizationPolicy.getAccessControl() == AuthorizationPolicy.AcessControl.allow) { /* Geronimo Specific code */ /* + AccessControlContext acc = ContextManager.getCurrentContext(); + boolean isAllowed = false; for (String requiredRole : authorizationPolicy.getRoleNames()) { - isAllowed = isUserInRole(authenticatedSubject, requiredRole); + isAllowed = isUserInRole(acc, requiredRole); + if(isAllowed) { + break; + } } if(! isAllowed ) { @@ -106,22 +115,20 @@ public class LDAPRealmAuthenticationInterceptor implements Interceptor { return getNext().invoke(msg); } - public boolean isUserInRole(Subject subject, String role) { + public boolean isUserInRole(AccessControlContext acc, String role) { /* Geronimo Specific code */ /* - AccessControlContext acc = ContextManager.getCurrentContext(); - + try { acc.checkPermission(new WebRoleRefPermission("", role)); } catch (Exception e) { + System.out.println(">>> NO : " + e.getMessage()); return false; } - + return true; */ return false; } - - } |