public boolean hasRoleRefPermission(String servletName, String role, Principal p) { Set principalSet = getSecurityContext(p).getPrincipalSet(); WebRoleRefPermission perm = new WebRoleRefPermission(servletName, role); boolean isGranted = checkPermission(perm,principalSet); if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE, "[Web-Security] hasRoleRef perm: {0}", perm); logger.log(Level.FINE, "[Web-Security] hasRoleRef isGranted: {0}", isGranted); } return isGranted; }
private boolean ensureGroupMembership(String user, String realm) { try { SecurityContext secContext = SecurityContext.getCurrent(); Set ps = secContext.getPrincipalSet(); //before generics for (Object principal : ps) { if (principal instanceof Group) { Group group = (Group) principal; if (group.getName().equals(AdminConstants.DOMAIN_ADMIN_GROUP_NAME)) return true; } } ADMSEC_LOGGER.fine("User is not a member of the special admin group"); return false; } catch(Exception e) { ADMSEC_LOGGER.log(Level.FINE, "User is not a member of the special admin group: {0}", e); return false; } }
public boolean hasRoleRefPermission(String servletName, String role, Principal p) { Set principalSet = getSecurityContext(p).getPrincipalSet(); WebRoleRefPermission perm = new WebRoleRefPermission(servletName, role); boolean isGranted = checkPermission(perm,principalSet); if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE, "[Web-Security] hasRoleRef perm: {0}", perm); logger.log(Level.FINE, "[Web-Security] hasRoleRef isGranted: {0}", isGranted); } return isGranted; }
private boolean ensureGroupMembership(String user, String realm) { try { SecurityContext secContext = SecurityContext.getCurrent(); Set ps = secContext.getPrincipalSet(); //before generics for (Object principal : ps) { if (principal instanceof Group) { Group group = (Group) principal; if (group.getName().equals(AdminConstants.DOMAIN_ADMIN_GROUP_NAME)) return true; } } logger.fine("User is not the member of the special admin group"); return false; } catch(Exception e) { logger.log(Level.FINE, "User is not the member of the special admin group: {0}", e.getMessage()); return false; } }
/** * Perform access control based on the <code>HttpServletRequest</code>. * Return <code>true</code> if this constraint is satisfied and processing * should continue, or <code>false</code> otherwise. * @return true is the resource is granted, false if denied */ public boolean hasResourcePermission(HttpServletRequest httpsr){ SecurityContext sc = getSecurityContext(httpsr.getUserPrincipal()); WebResourcePermission perm = createWebResourcePermission(httpsr); setSecurityInfo(httpsr); boolean isGranted = checkPermission(perm,sc.getPrincipalSet()); SecurityContext.setCurrent(sc); if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE, "[Web-Security] hasResource isGranted: {0}", isGranted); logger.log(Level.FINE, "[Web-Security] hasResource perm: {0}", perm); } recordWebInvocation(httpsr, RESOURCE, isGranted); return isGranted; }
private boolean authorizeCORBA(byte[] object_id, String method) throws Exception { // Check if target is an EJB ProtocolManager protocolMgr = orbHelper.getProtocolManager(); // Check to make sure protocolMgr is not null. // This could happen during server initialization or if this call // is on a callback object in the client VM. if (protocolMgr == null) { return true; } if (protocolMgr.getEjbDescriptor(object_id) != null) { return true; // an EJB object } CORBAObjectPermission perm = new CORBAObjectPermission("*", method); // Create a ProtectionDomain for principal on current thread. com.sun.enterprise.security.SecurityContext sc = com.sun.enterprise.security.SecurityContext.getCurrent(); Set principalSet = sc.getPrincipalSet(); Principal[] principals = (principalSet == null ? null : (Principal[])principalSet.toArray(new Principal[principalSet.size()])); CodeSource cs = new CodeSource(new java.net.URL("file://"), (java.security.cert.Certificate[]) null); ProtectionDomain prdm = new ProtectionDomain(cs, null, null, principals); // Check if policy gives principal the permissions boolean result = policy.implies(prdm, perm); if (_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE, "CORBA Object permission evaluation result=" + result + " for method=" + method); } return result; }
/** * Perform access control based on the <code>HttpServletRequest</code>. * Return <code>true</code> if this constraint is satisfied and processing * should continue, or <code>false</code> otherwise. * @return true is the resource is granted, false if denied */ public boolean hasResourcePermission(HttpServletRequest httpsr){ SecurityContext sc = getSecurityContext(httpsr.getUserPrincipal()); WebResourcePermission perm = createWebResourcePermission(httpsr); setSecurityInfo(httpsr); boolean isGranted = checkPermission(perm,sc.getPrincipalSet()); SecurityContext.setCurrent(sc); if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE, "[Web-Security] hasResource isGranted: {0}", isGranted); logger.log(Level.FINE, "[Web-Security] hasResource perm: {0}", perm); } AuditManager auditManager = SecurityServicesUtil.getInstance().getAuditManager(); if(auditManager !=null && auditManager.isAuditOn()){ Principal prin = httpsr.getUserPrincipal(); String user = (prin != null) ? prin.getName(): null; auditManager.webInvocation(user, httpsr, RESOURCE, isGranted); } return isGranted; }
Set principalSet = sc.getPrincipalSet(); AccessControlContext acc = (AccessControlContext) accessControlContextCache.get(principalSet);
Set principalSet = sc.getPrincipalSet(); AccessControlContext acc = (AccessControlContext) accessControlContextCache.get(principalSet);
Set principalSet = (sc != null) ? sc.getPrincipalSet() : null; ProtectionDomain prdm = getCachedProtectionDomain(principalSet, true);
if (sc != null) principalSet = sc.getPrincipalSet();
Set principalSet = sc.getPrincipalSet(); ProtectionDomain prdm = getCachedProtectionDomain(principalSet, true); try {
Set principalSet = sc.getPrincipalSet(); ProtectionDomain prdm = getCachedProtectionDomain(principalSet, true); try {
(securityContext = SecurityContext.getCurrent()) != null && (callerPrincipal = securityContext.getCallerPrincipal()) != null && (principalSet = securityContext.getPrincipalSet()) != null) { AuthenticationService authService = connectorRuntime.getAuthenticationService(rarName, poolInfo);