/** * Set the current security context on the Thread Local Storage to null. * */ private static void unsetSecurityContext() { SecurityContext.setCurrent((SecurityContext)null); } /**
/** * No need to unmarshall the unauthenticated principal.... */ public static void reset(SecurityContext sc){ setCurrent(sc); }
/** * No need to unmarshall the unauthenticated principal.... */ public static void reset(SecurityContext sc){ setCurrent(sc); }
/** * This is called on the server to unset the security context * this is introduced to prevent the re-use of the thread * security context on re-use of the thread. */ public static void unsetSecurityContext(boolean isLocal) { // logout method from LoginContext not called // as we dont want to unset the appcontainer context if (!isLocal) { com.sun.enterprise.security.SecurityContext.setCurrent(null); } }
/** * Set the current security context on the Thread Local Storage to null. * */ private static void unsetSecurityContext() { SecurityContext.setCurrent((SecurityContext)null); } /**
private void setSecurityContext(SecurityContext sc) { SecurityContext.setCurrent(sc); }
public void setCurrentSecurityContext(AppServSecurityContext context) { if (_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE, "SecurityContext: setCurrentSecurityContext method called"); } if (context == null) { setCurrent(null); return; } if (context instanceof SecurityContext) { setCurrent((SecurityContext)context); return; } throw new IllegalArgumentException("Expected SecurityContext, found " + context); }
public void setCurrentSecurityContext(AppServSecurityContext context) { if (_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE, "SecurityContext: setCurrentSecurityContext method called"); } if (context == null) { setCurrent(null); return; } if (context instanceof SecurityContext) { setCurrent((SecurityContext)context); return; } throw new IllegalArgumentException("Expected SecurityContext, found " + context); }
public void setCurrentSecurityContextWithWebPrincipal(Principal principal) { if (principal instanceof WebPrincipal) { SecurityContext.setCurrent(getSecurityContextForPrincipal(principal)); } }
/** * This method sets the security context on the current Thread Local * Storage * @param String username is the user who authenticated * @param Subject is the subject representation of the user * @param Credentials the credentials that the server associated with it */ private static void setSecurityContext(String userName, Subject subject, String realm) { SecurityContext securityContext = new SecurityContext(userName, subject, realm); SecurityContext.setCurrent(securityContext); }
public Object run() { SecurityContext.setCurrent( (SecurityContext) finv.getOldSecurityContext()); return null; } });
/** * This method sets the security context on the current Thread Local * Storage * @param String username is the user who authenticated * @param Subject is the subject representation of the user * @param Credentials the credentials that the server associated with it */ private static void setSecurityContext(String userName, Subject subject, String realm) { SecurityContext securityContext = new SecurityContext(userName, subject, realm); SecurityContext.setCurrent(securityContext); }
public Object run() { SecurityContext.setCurrent( (SecurityContext) finv.getOldSecurityContext()); return null; } });
public void setSecurityContextWithPrincipal(Principal principal) { SecurityContext ctx = getSecurityContextForPrincipal(principal); setCurrent(ctx); }
public void setCurrentSecurityContext(Principal principal) { SecurityContext.setCurrent(getSecurityContextForPrincipal(principal)); }
public void setSecurityContextWithPrincipal(Principal principal) { SecurityContext ctx = getSecurityContextForPrincipal(principal); setCurrent(ctx); }
/** * Perform access control based on the <code>HttpServletRequest</code>. * Return <code>true</code> if this constraint is satisfied and processing * should continue, or <code>false</code> otherwise. * @return true is the resource is granted, false if denied */ public boolean hasResourcePermission(HttpServletRequest httpsr){ SecurityContext sc = getSecurityContext(httpsr.getUserPrincipal()); WebResourcePermission perm = createWebResourcePermission(httpsr); setSecurityInfo(httpsr); boolean isGranted = checkPermission(perm,sc.getPrincipalSet()); SecurityContext.setCurrent(sc); if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE, "[Web-Security] hasResource isGranted: {0}", isGranted); logger.log(Level.FINE, "[Web-Security] hasResource perm: {0}", perm); } recordWebInvocation(httpsr, RESOURCE, isGranted); return isGranted; }
/** * Perform access control based on the <code>HttpServletRequest</code>. * Return <code>true</code> if this constraint is satisfied and processing * should continue, or <code>false</code> otherwise. * @return true is the resource is granted, false if denied */ public boolean hasResourcePermission(HttpServletRequest httpsr){ SecurityContext sc = getSecurityContext(httpsr.getUserPrincipal()); WebResourcePermission perm = createWebResourcePermission(httpsr); setSecurityInfo(httpsr); boolean isGranted = checkPermission(perm,sc.getPrincipalSet()); SecurityContext.setCurrent(sc); if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE, "[Web-Security] hasResource isGranted: {0}", isGranted); logger.log(Level.FINE, "[Web-Security] hasResource perm: {0}", perm); } AuditManager auditManager = SecurityServicesUtil.getInstance().getAuditManager(); if(auditManager !=null && auditManager.isAuditOn()){ Principal prin = httpsr.getUserPrincipal(); String user = (prin != null) ? prin.getName(): null; auditManager.webInvocation(user, httpsr, RESOURCE, isGranted); } return isGranted; }
SecurityContext.setCurrent(handle.getSecurityContext());
SecurityContext.setCurrent(handle.getSecurityContext());