Examples of com.sun.enterprise.security.SecurityContext

• com.sun.enterprise.security.SecurityContext
  This class that extends AbstractSecurityContext that gets stored in Thread Local Storage. If the current thread creates child threads, the SecurityContext stored in the current thread is automatically propogated to the child threads. This class is used on the server side to represent the security context. Thread Local Storage is a concept introduced in JDK1.2. @see java.lang.ThreadLocal @see java.lang.InheritableThreadLocal @author Harish Prabandham @author Harpreet Singh

  Subject s = (Subject) request.invocationProperties.get(PipeConstants.CLIENT_SUBJECT);

        if (s == null || (s.getPrincipals().isEmpty() && s.getPublicCredentials().isEmpty())) {
            SecurityContext.setUnauthenticatedContext();
        } else {
      SecurityContext sC = new SecurityContext(s);
            SecurityContext.setCurrent(sC);
        }

  // we should try to replace this endpoint specific
  // authorization check with a generic web service message check

            "Container Auth: ServerAuthContext.validateRequest");
        }

  Subject subject = null;
  boolean firstAuthentication = true;
  SecurityContext sc = SecurityContext.getCurrent();
  if (sc == null || sc.didServerGenerateCredentials()) {
      subject = new Subject();
  } else {
      subject = sc.getSubject();
      firstAuthentication = false;
  }

  sAC.validateRequest((AuthParam)param, subject, sharedState);

  if (rvalue && firstAuthentication) {
      Set principalSet = subject.getPrincipals();
      // must be at least one new principal to establish
      // non-default security contex
      if (principalSet != null && !principalSet.isEmpty()) {
    // define and add initiator to Subject - note that this may add
    // a second principal (of type PrincipalImpl) for initiator.
    String initiator = ((Principal)principalSet.iterator().next()).
        getName();
    SecurityContext newSC = new SecurityContext(initiator,subject);
    SecurityContext.setCurrent(newSC);
      }
  }

        return rvalue;

            "Container Auth: ServerAuthContext.secureResponse");
        }

  // subject may change if runAs identity differs from caller's.
  // Therefore, session state is saved in sharedState not subject
  SecurityContext sc = SecurityContext.getCurrent();
  Subject subject = sc.getSubject();

  SOAPAuthParam param = new SOAPAuthParam(null, response);

        try{
            sAC.secureResponse((AuthParam)param, subject, sharedState);

      ClientSecurityContext sc = ClientSecurityContext.getCurrent();
      if (sc != null) {
    subject = sc.getSubject();
      }
  } else {
      SecurityContext sc = SecurityContext.getCurrent();
      if (sc != null && !sc.didServerGenerateCredentials()) {
    // make sure we don't use default unauthenticated subject,
    // so that module cannot change this important (constant)
    // subject.
    subject = sc.getSubject();
      }
  }
  if (subject == null) subject = new Subject();

  cAC.secureRequest ( param, subject, sharedState);

                    resourceShareable, jndiNameToUse, conn, false);
        } else {
            ResourcePrincipal prin = null;
            Set principalSet = null;
            Principal callerPrincipal = null;
            SecurityContext securityContext = null;
            ConnectorRuntime connectorRuntime = ConnectorRuntime.getRuntime();
            //TODO V3 is SecurityContext.getCurrent() the right way ? Does it need to be injected ?
            if (connectorRuntime.isServer() &&
                    (securityContext = SecurityContext.getCurrent()) != null &&
                    (callerPrincipal = securityContext.getCallerPrincipal()) != null &&
                    (principalSet = securityContext.getPrincipalSet()) != null) {
                AuthenticationService authService =
                        connectorRuntime.getAuthenticationService(rarName, poolInfo);
                if (authService != null) {
                    prin = (ResourcePrincipal) authService.mapPrincipal(
                            callerPrincipal, principalSet);

     * Return <code>true</code> if this constraint is satisfied and processing
     * should continue, or <code>false</code> otherwise.
     * @return true is the resource is granted, false if denied
     */
    public boolean hasResourcePermission(HttpServletRequest httpsr){
  SecurityContext sc = getSecurityContext(httpsr.getUserPrincipal());
        WebResourcePermission perm = createWebResourcePermission(httpsr);
        setSecurityInfo(httpsr);
        boolean isGranted = checkPermission(perm,sc.getPrincipalSet());
  SecurityContext.setCurrent(sc);
        if(logger.isLoggable(Level.FINE)){
            logger.log(Level.FINE, "[Web-Security] hasResource isGranted: {0}", isGranted);
            logger.log(Level.FINE, "[Web-Security] hasResource perm: {0}", perm);
        }

     * This is an private method for transforming principal into a SecurityContext
     * @param principal expected to be a WebPrincipal
     * @return SecurityContext
     */
    private SecurityContext getSecurityContext(Principal principal) {
        SecurityContext secContext = null;
        if (principal != null) {
      if (principal instanceof WebPrincipal){
    WebPrincipal wp = (WebPrincipal)principal;
    secContext = wp.getSecurityContext();
      }else {
    secContext = new SecurityContext(principal.getName(),null);
      }
        }
  if (secContext == null) {
            secContext = SecurityContext.getDefaultSecurityContext();
        }

     * Return <code>true</code> if this constraint is satisfied and processing
     * should continue, or <code>false</code> otherwise.
     * @return true is the resource is granted, false if denied
     */
    public boolean hasResourcePermission(HttpServletRequest httpsr){
  SecurityContext sc = getSecurityContext(httpsr.getUserPrincipal());
        WebResourcePermission perm = createWebResourcePermission(httpsr);
        setSecurityInfo(httpsr);
        boolean isGranted = checkPermission(perm,sc.getPrincipalSet());
  SecurityContext.setCurrent(sc);
        if(logger.isLoggable(Level.FINE)){
            logger.log(Level.FINE, "[Web-Security] hasResource isGranted: {0}", isGranted);
            logger.log(Level.FINE, "[Web-Security] hasResource perm: {0}", perm);
        }

     * This is an private method for transforming principal into a SecurityContext
     * @param principal expected to be a WebPrincipal
     * @return SecurityContext
     */
    private SecurityContext getSecurityContext(Principal principal) {
        SecurityContext secContext = null;
        if (principal != null) {
      if (principal instanceof WebPrincipal){
    WebPrincipal wp = (WebPrincipal)principal;
    secContext = wp.getSecurityContext();
      }else {
    secContext = new SecurityContext(principal.getName(),null);
      }
        }
  if (secContext == null) {
            secContext = SecurityContext.getDefaultSecurityContext();
        }

     * @param Credentials the credentials that the server associated with it
     */
private static void setSecurityContext(String userName,
            Subject subject, String realm) {

        SecurityContext securityContext = new SecurityContext(userName, subject, realm);
        SecurityContext.setCurrent(securityContext);
    }