Attachment 681840 Details for Bug 901076 – JBPAPP-10255.patch

JBPAPP-10255.patch

JBPAPP-10255.patch (text/x-patch), 3.37 KB, created by Josef Cacek on 2012-11-08 14:57:11 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Josef Cacek

Created: 2012-11-08 14:57:11 UTC

Size: 3.37 KB

patch

obsolete

>diff --git web/src/main/java/org/jboss/as/web/security/jaspi/WebJASPIAuthenticator.java web/src/main/java/org/jboss/as/web/security/jaspi/WebJASPIAuthenticator.java
>index ad33618..f0ad076 100644
>--- web/src/main/java/org/jboss/as/web/security/jaspi/WebJASPIAuthenticator.java
>+++ web/src/main/java/org/jboss/as/web/security/jaspi/WebJASPIAuthenticator.java
>@@ -33,6 +33,7 @@ import java.util.Set;
> 
> import javax.security.auth.Subject;
> import javax.security.auth.message.callback.CallerPrincipalCallback;
>+import javax.security.auth.message.callback.GroupPrincipalCallback;
> import javax.security.auth.message.callback.PasswordValidationCallback;
> import javax.servlet.http.Cookie;
> import javax.servlet.http.HttpServletResponse;
>@@ -121,6 +122,7 @@ public class WebJASPIAuthenticator extends AuthenticatorBase {
>         if (result) {
>             PasswordValidationCallback pvc = cbh.getPasswordValidationCallback();
>             CallerPrincipalCallback cpc = cbh.getCallerPrincipalCallback();
>+            GroupPrincipalCallback gpc = cbh.getGroupPrincipalCallback();
> 
>             // get the client principal from the callback.
>             Principal clientPrincipal = cpc.getPrincipal();
>@@ -130,10 +132,11 @@ public class WebJASPIAuthenticator extends AuthenticatorBase {
> 
>             // if the client principal is not a jboss generic principal, we need to build one before registering.
>             if (!(clientPrincipal instanceof JBossGenericPrincipal))
>-                clientPrincipal = this.buildJBossPrincipal(clientSubject, clientPrincipal);
>+                clientPrincipal = this.buildJBossPrincipal(clientSubject, clientPrincipal, gpc);
> 
>-            this.register(request, response, clientPrincipal, authMethod, pvc.getUsername(),
>-                    new String(pvc.getPassword()));
>+            this.register(request, response, clientPrincipal, authMethod, 
>+                pvc != null ? pvc.getUsername() : null,
>+                pvc != null && pvc.getPassword() != null ? new String(pvc.getPassword()) : null);
> 
>             if (this.secureResponse)
>                 sam.secureResponse(messageInfo, new Subject(), messageLayer, appContext, cbh);
>@@ -308,7 +311,7 @@ public class WebJASPIAuthenticator extends AuthenticatorBase {
>         sso.associate(ssoId, session);
>     }
> 
>-    protected Principal buildJBossPrincipal(Subject subject, Principal principal) {
>+    protected Principal buildJBossPrincipal(Subject subject, Principal principal, GroupPrincipalCallback groupPrincipalCallback ) {
> 
>         List<String> roles = new ArrayList<String>();
>         // look for roles in the subject first.
>@@ -320,6 +323,12 @@ public class WebJASPIAuthenticator extends AuthenticatorBase {
>             }
>         }
> 
>+        if (groupPrincipalCallback != null && groupPrincipalCallback.getGroups() != null) {
>+            for (String group : groupPrincipalCallback.getGroups()) {
>+                roles.add(group);
>+            }
>+        }
>+
>         // if the subject didn't contain any roles, look for the roles declared in the deployment descriptor.
>         JBossWebRealm realm = (JBossWebRealm) this.getContainer().getRealm();
>         Set<String> descriptorRoles = realm.getPrincipalVersusRolesMap().get(principal.getName());
>@@ -331,4 +340,4 @@ public class WebJASPIAuthenticator extends AuthenticatorBase {
> 
>     }
> 
>-}
>\ No newline at end of file
>+}

Actions: View

Attachments on bug 901076: 681840