@Override public boolean doesUserHaveRole(Principal principal, Set<Principal> roles) { return context.getAuthorizationManager().doesUserHaveRole(principal, roles); }
@Override public boolean doesUserHaveRole(Principal principal, Set<Principal> roles) { return context.getAuthorizationManager().doesUserHaveRole(principal, roles); }
@Override public boolean doesUserHaveRole(Principal principal, Set<Principal> roles) { return context.getAuthorizationManager().doesUserHaveRole(principal, roles); }
/** Does the current Subject have a role(a Principal) that equates to one of the role names. This method obtains the Group named 'Roles' from the principal set of the currently authenticated Subject as determined by the SecurityAssociation.getSubject() method and then creates a SimplePrincipal for each name in roleNames. If the role is a member of the Roles group, then the user has the role. This requires that the caller establish the correct SecurityAssociation subject prior to calling this method. In the past this was done as a side-effect of an isValid() call, but this is no longer the case. @param principal - ignored. The current authenticated Subject determines the active user and assigned user roles. @param rolePrincipals - a Set of Principals for the roles to check. @see java.security.acl.Group; @see Subject#getPrincipals() */ public boolean doesUserHaveRole(Principal principal, Set<Principal> rolePrincipals) { AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain, SecurityConstants.JAAS_CONTEXT_ROOT); return am.doesUserHaveRole(principal, rolePrincipals); }
/** Does the current Subject have a role(a Principal) that equates to one of the role names. This method obtains the Group named 'Roles' from the principal set of the currently authenticated Subject as determined by the SecurityAssociation.getSubject() method and then creates a SimplePrincipal for each name in roleNames. If the role is a member of the Roles group, then the user has the role. This requires that the caller establish the correct SecurityAssociation subject prior to calling this method. In the past this was done as a side-effect of an isValid() call, but this is no longer the case. @param principal - ignored. The current authenticated Subject determines the active user and assigned user roles. @param rolePrincipals - a Set of Principals for the roles to check. @see java.security.acl.Group; @see Subject#getPrincipals() */ public boolean doesUserHaveRole(Principal principal, Set<Principal> rolePrincipals) { if(this.authorizationManager == null) { this.authorizationManager = SecurityUtil.getAuthorizationManager(securityDomain, SecurityConstants.JAAS_CONTEXT_ROOT); } if(this.authorizationManager == null) { log.trace("doesUserHaveRole:AuthorizationManager is null"); return false; } return authorizationManager.doesUserHaveRole(principal, rolePrincipals); }
/** Does the current Subject have a role(a Principal) that equates to one of the role names. This method obtains the Group named 'Roles' from the principal set of the currently authenticated Subject as determined by the SecurityAssociation.getSubject() method and then creates a SimplePrincipal for each name in roleNames. If the role is a member of the Roles group, then the user has the role. This requires that the caller establish the correct SecurityAssociation subject prior to calling this method. In the past this was done as a side-effect of an isValid() call, but this is no longer the case. @param principal - ignored. The current authenticated Subject determines the active user and assigned user roles. @param rolePrincipals - a Set of Principals for the roles to check. @see java.security.acl.Group; @see Subject#getPrincipals() */ public boolean doesUserHaveRole(Principal principal, Set<Principal> rolePrincipals) { if(this.authorizationManager == null) { this.authorizationManager = SecurityUtil.getAuthorizationManager(securityDomain, SecurityConstants.JAAS_CONTEXT_ROOT); } if(this.authorizationManager == null) { PicketBoxLogger.LOGGER.debugNullAuthorizationManager(securityDomain); return false; } return authorizationManager.doesUserHaveRole(principal, rolePrincipals); }
if(!authorizationManager.doesUserHaveRole(principal, expectedRoles ))
if (!authorizationManager.doesUserHaveRole(null, expectedRoles)) { SecurityContext sc = SecurityActions.getSecurityContext(); StringBuilder builder = new StringBuilder("Authorization Failed:Subject=");
if (!authorizationManager.doesUserHaveRole(null, expectedRoles)) { SecurityContext sc = SecurityActions.getSecurityContext(); StringBuilder builder = new StringBuilder("Authorization Failed:Subject=");
@Override public Boolean run() { final SimplePrincipal principal = new SimplePrincipal(username); // push a new security context if there is not one. final SecurityContext currentSecurityContext = SecurityContextAssociation.getSecurityContext(); final SecurityContext securityContext; if (currentSecurityContext == null) { try { securityContext = SecurityContextFactory.createSecurityContext(principal, password, subject, securityDomainContext.getAuthenticationManager().getSecurityDomain()); } catch (Exception e) { throw new RuntimeException(e); } } else { securityContext = currentSecurityContext; securityContext.getUtil().createSubjectInfo(principal, password, subject); } SecurityContextAssociation.setSecurityContext(securityContext); final Set<Principal> principals = new HashSet<Principal>(); for (Role role : roles) { if (checkType.hasRole(role)) { principals.add(new SimplePrincipal(role.getName())); } } final boolean authenticated = securityDomainContext.getAuthorizationManager().doesUserHaveRole(new SimplePrincipal(username), principals); // restore the previous security context if any SecurityContextAssociation.setSecurityContext(currentSecurityContext); return authenticated; } });
@Override public Boolean run() { final SimplePrincipal principal = new SimplePrincipal(username); // push a new security context if there is not one. final SecurityContext currentSecurityContext = SecurityContextAssociation.getSecurityContext(); final SecurityContext securityContext; if (currentSecurityContext == null) { try { securityContext = SecurityContextFactory.createSecurityContext(principal, password, subject, securityDomainContext.getAuthenticationManager().getSecurityDomain()); } catch (Exception e) { throw new RuntimeException(e); } } else { securityContext = currentSecurityContext; securityContext.getUtil().createSubjectInfo(principal, password, subject); } SecurityContextAssociation.setSecurityContext(securityContext); final Set<Principal> principals = new HashSet<Principal>(); for (Role role : roles) { if (checkType.hasRole(role)) { principals.add(new SimplePrincipal(role.getName())); } } final boolean authenticated = securityDomainContext.getAuthorizationManager().doesUserHaveRole(new SimplePrincipal(username), principals); // restore the previous security context if any SecurityContextAssociation.setSecurityContext(currentSecurityContext); return authenticated; } });