Examples of com.sun.enterprise.security.SecurityContext

• com.sun.enterprise.security.SecurityContext
  This class that extends AbstractSecurityContext that gets stored in Thread Local Storage. If the current thread creates child threads, the SecurityContext stored in the current thread is automatically propogated to the child threads. This class is used on the server side to represent the security context. Thread Local Storage is a concept introduced in JDK1.2. @see java.lang.ThreadLocal @see java.lang.InheritableThreadLocal @author Harish Prabandham @author Harpreet Singh

    private void auditInvocation(Call call)
    {
        if(auditManager.isAuditOn())
        {
            if (/*auditManager.isAuditOn() &&*/ isAuditable(call)){
                SecurityContext sc = SecurityContext.getCurrent();
//XXX remove audit API
/*
                auditManager.adminInvocation(
                    sc.getCallerPrincipal().getName(), //caller
                    sc.getSubject(), //subject

     * @param Credentials the credentials that the server associated with it
     */
    private  static void setSecurityContext(String userName,
                                            Subject subject, String realm){

        SecurityContext securityContext =
            new SecurityContext(userName, subject, realm);
        SecurityContext.setCurrent(securityContext);
    }

      cp = inv.invocationInfo.cachedPermission;
      ejbmp = cp.getPermission();
  }

  String caller = null;
        SecurityContext sc = null;

  pcHandlerImpl.getHandlerData().setInvocation(inv);
  ret = cp.checkPermission();

  if (!ret) {

      sc = SecurityContext.getCurrent();

      Set principalSet = sc.getPrincipalSet();

      ProtectionDomain prdm = getCachedProtectionDomain(principalSet,true);

      try {
    // set the policy context in the TLS.
    String oldContextId = setPolicyContext(this.contextId);

    try {

        ret = policy.implies(prdm, ejbmp);

    } catch (SecurityException se){
        _logger.log(Level.SEVERE,"JACC: Unexpected security exception on access decision",se);
        ret = false;
    } catch (Throwable t) {
        _logger.log(Level.SEVERE,"JACC: Unexpected exception on access decision",t);
        ret = false;
    } finally {
        resetPolicyContext(oldContextId,this.contextId);
    }

      } catch (Throwable t) {
    _logger.log(Level.SEVERE,"JACC: Unexpected exception manipulating policy context",t);
    ret = false;
      }
  }

        inv.auth = (ret) ? Boolean.TRUE : Boolean.FALSE;

  if (auditManager.isAuditOn()){
            if (sc == null) {
                sc = SecurityContext.getCurrent();
            }
      caller = sc.getCallerPrincipal().getName();
      auditManager.ejbInvocation(caller, ejbName, inv.method.toString(), ret);
  }

        if (ret && inv.isWebService && !inv.preInvokeDone) {
            preInvoke(inv);

      _logger.entering("EJBSecurityManager", "isCallerInRole", role);

  }
  EJBRoleRefPermission ejbrr = new EJBRoleRefPermission(ejbName, role);

   SecurityContext sc;
  if (runAs != null) {
      InvocationManager im = theSwitch.getInvocationManager();
      ComponentInvocation ci = im.getCurrentInvocation();
      sc = ci.getOldSecurityContext();
  } else {
      sc = SecurityContext.getCurrent();
  }
   Set principalSet = null;
   if (sc != null) principalSet = sc.getPrincipalSet();

   ProtectionDomain prdm = getCachedProtectionDomain(principalSet,true);

        try {
            // set the policy context in the TLS.

     * Invocation.
     * @return A Principal object of the client who made this invocation.
     * or null if the SecurityContext has not been established by the client.
     */
    public Principal getCallerPrincipal() {
  SecurityContext sc = null;
  if (runAs != null){ // Run As
      /* return the principal associated with the old security
       * context
       */
      InvocationManager im = theSwitch.getInvocationManager();
      ComponentInvocation ci =  im.getCurrentInvocation();

      if (ci == null) {
    throw new InvocationException(); // 4646060
      }
      sc = ci.getOldSecurityContext();

  } else{
      // lets optimize a little. no need to look up oldsecctx
      // its the same as the new one
      sc = SecurityContext.getCurrent();
  }

   Principal prin;

   if (sc != null) {
      prin = sc.getCallerPrincipal();
  } else {
      prin = SecurityContext.getDefaultCallerPrincipal();
  }
    return prin;
      }

     * SecurityContext.
     */
    public Object doAsPrivileged(PrivilegedExceptionAction pea)
  throws Throwable {

  SecurityContext sc = SecurityContext.getCurrent();

  Set principalSet = sc.getPrincipalSet();

  AccessControlContext acc =
      (AccessControlContext)accessControlContextCache.get(principalSet);

  if(acc == null){

      final ProtectionDomain[] pdArray = new ProtectionDomain[1];
      pdArray[0] = getCachedProtectionDomain(principalSet,false);

      try{

    if (principalSet != null) {

        final Subject s = sc.getSubject();

        acc = (AccessControlContext)
      AccessController.doPrivileged(new PrivilegedExceptionAction(){
        public java.lang.Object run() throws Exception{
            return new AccessControlContext

        return new ClientPipeCreator(ref);
    }

      public Principal getUserPrincipal(boolean isWeb) {
         //This is a servlet endpoint
        SecurityContext ctx = SecurityContext.getCurrent();
        if (ctx == null) {
            return null;
        }
        if (ctx.didServerGenerateCredentials()) {
            if (isWeb) {
                return null;
            }
        }
        return ctx.getCallerPrincipal();
    }

            "Container Auth: ServerAuthContext.validateRequest");
        }

  Subject subject = null;
  boolean firstAuthentication = true;
  SecurityContext sc = SecurityContext.getCurrent();
  if (sc == null || sc.didServerGenerateCredentials()) {
      subject = new Subject();
  } else {
      subject = sc.getSubject();
      firstAuthentication = false;
  }

  sAC.validateRequest((AuthParam)param, subject, sharedState);

  if (rvalue && firstAuthentication) {
      Set principalSet = subject.getPrincipals();
      // must be at least one new principal to establish
      // non-default security contex
      if (principalSet != null && !principalSet.isEmpty()) {
    // define and add initiator to Subject - note that this may add
    // a second principal (of type PrincipalImpl) for initiator.
    String initiator = ((Principal)principalSet.iterator().next()).
        getName();
    SecurityContext newSC = new SecurityContext(initiator,subject);
    SecurityContext.setCurrent(newSC);
      }
  }

        return rvalue;

            "Container Auth: ServerAuthContext.secureResponse");
        }

  // subject may change if runAs identity differs from caller's.
  // Therefore, session state is saved in sharedState not subject
  SecurityContext sc = SecurityContext.getCurrent();
  Subject subject = sc.getSubject();

  SOAPAuthParam param = new SOAPAuthParam(null, response);

        try{
            sAC.secureResponse((AuthParam)param, subject, sharedState);

      ClientSecurityContext sc = ClientSecurityContext.getCurrent();
      if (sc != null) {
    subject = sc.getSubject();
      }
  } else {
      SecurityContext sc = SecurityContext.getCurrent();
      if (sc != null && !sc.didServerGenerateCredentials()) {
    // make sure we don't use default unauthenticated subject,
    // so that module cannot change this important (constant)
    // subject.
    subject = sc.getSubject();
      }
  }
  if (subject == null) subject = new Subject();

  cAC.secureRequest ( param, subject, sharedState);