Project: Adobe BlazeDS

Revision: 3027

Author: shodgson@adobe.com

Date: 28 Aug 2008 14:42:58

• /blazeds/trunk/modules/opt/src/websphere/flex/messaging/security/WebSphereLoginCommand.java

  ......	@@ -21,9 +21,11 @@
  21	21	import java.security.Principal;
  22	22
  23	23	import java.util.ArrayList;
  	24	import java.util.Iterator;
  24	25	import java.util.List;
  25	26
  26	27	import javax.security.auth.Subject;
  	28	import javax.servlet.http.HttpServletRequest;
  27	29
  28	30	import com.ibm.websphere.security.UserRegistry;
  29	31	import com.ibm.websphere.security.WSSecurityException;
  ......	@@ -31,6 +33,10 @@
  31	33	import com.ibm.ws.security.core.ContextManager;
  32	34	import com.ibm.ws.security.core.ContextManagerFactory;
  33	35
  	36	import flex.messaging.FlexContext;
  	37	import flex.messaging.log.Log;
  	38	import flex.messaging.log.LogCategories;
  	39
  34	40	/*
  35	41	* To setup WebSphere 5.1 for authentication testing:
  36	42	*
  ......	@@ -132,6 +138,10 @@
  132	138	{
  133	139	}
  134	140
  	141	if (Log.isDebug())
  	142	Log.getLogger(LogCategories.SECURITY).debug("WebSphereLoginCommand#doAuthentication(). Principal: " + principal + ", Principal class: " + principal.getClass().getName()
  	143	+ ", Principal identity: " + System.identityHashCode(principal));
  	144
  135	145	return principal;
  136	146	}
  137	147
  ......	@@ -146,24 +156,42 @@
  146	156	if (principal == null)
  147	157	return false;
  148	158
  149		ContextManager contextManager = ((WSLCPrincipal)principal).getContextManager();
  150		UserRegistry registry = contextManager.getRegistry(contextManager.getDefaultRealm());
  	159	if (Log.isDebug())
  	160	Log.getLogger(LogCategories.SECURITY).debug("WebSphereLoginCommand#doAuthorization(). Principal: " + principal + ", Principal class: " + principal.getClass().getName()
  	161	+ ", Principal identity: " + System.identityHashCode(principal));
  151	162
  152		try
  	163	if (principal instanceof WSLCPrincipal) // This code path is hit if this login command handled authentication.
  153	164	{
  154		List groups = new ArrayList(registry.getGroupsForUser(principal.getName()));
  	165	ContextManager contextManager = ((WSLCPrincipal)principal).getContextManager();
  	166	UserRegistry registry = contextManager.getRegistry(contextManager.getDefaultRealm());
  	167
  	168	try
  	169	{
  	170	List groups = new ArrayList(registry.getGroupsForUser(principal.getName()));
  155	171
  156		groups.retainAll(roles);
  157
  158		// if authorization succeeds, set the user's Subject on this invocation context
  159		// so that the rest of the Thread is executed in the context of the appropriate Subject
  160		if (groups.size() > 0)
  161		ContextManagerFactory.getInstance().setCallerSubject(((WSLCPrincipal)principal).getSubject());
  	172	groups.retainAll(roles);
  	173
  	174	// if authorization succeeds, set the user's Subject on this invocation context
  	175	// so that the rest of the Thread is executed in the context of the appropriate Subject
  	176	if (groups.size() > 0)
  	177	ContextManagerFactory.getInstance().setCallerSubject(((WSLCPrincipal)principal).getSubject());
  162	178
  163		return groups.size() > 0;
  	179	return groups.size() > 0;
  	180	}
  	181	catch (Exception e)
  	182	{
  	183	}
  164	184	}
  165		catch (Exception e)
  	185	else // This code path is hit if this login command didn't handle authentication.
  166	186	{
  	187	// The Principal was not null, meaning we have a WAS Principal in the current HttpServletRequest.
  	188	// Use that for the authorization check.
  	189	HttpServletRequest request = FlexContext.getHttpRequest();
  	190	for (Iterator iter = roles.iterator(); iter.hasNext(); )
  	191	{
  	192	if (request.isUserInRole((String)iter.next()))
  	193	return true;
  	194	}
  167	195	}
  168	196
  169	197	return false;