protected boolean userIsSubject(Principal userID, Subject subject) { if (userID == null || subject == null) { return false; } for (Principal subjectPrincipal : subject.getPrincipals()) { if (AuthenticationUtil.equals(subjectPrincipal, userID)) { return true; } } return false; }
if (s != null) { for (Principal cp : s.getPrincipals()) { if (AuthenticationUtil.equals(p, cp)) { log.debug("[cache hit] caller Subject matches " + p + ": " + s); return s;
/** * Checks that the current caller is equivalent to the job owner. * * @param job The Job to check authorization to. * @throws AccessControlException If the current subject is not authorized */ protected void doAuthorizationCheck(Job job) throws AccessControlException { log.debug("doAuthorizationCheck: " + job.getID() + "," + job.getOwnerID()); if (job.ownerSubject == null) { return; } AccessControlContext acContext = AccessController.getContext(); Subject caller = Subject.getSubject(acContext); if (caller != null) { Set<Principal> ownerPrincipals = job.ownerSubject.getPrincipals(); Set<Principal> callerPrincipals = caller.getPrincipals(); for (Principal oPrin : ownerPrincipals) { for (Principal cPrin : callerPrincipals) { log.debug("doAuthorizationCheck: " + oPrin + " vs " + cPrin); if (AuthenticationUtil.equals(oPrin, cPrin)) { return; // caller===owner } } } } throw new AccessControlException("permission denied"); } }
for (Principal cp : cur.getPrincipals()) { for (Principal op : owner.getPrincipals()) { if (AuthenticationUtil.equals(op, cp)) { return;
for (Principal cp : cur.getPrincipals()) { for (Principal op : owner.getPrincipals()) { if (AuthenticationUtil.equals(op, cp)) { log.debug("user is owner, permission granted"); return;