Examples of javax.security.jacc.WebRoleRefPermission

• javax.security.jacc.WebRoleRefPermission
  @version $Rev: 54183 $ $Date: 2004-10-09 16:04:29 -0600 (Sat, 09 Oct 2004) $

    }

    public boolean isUserInRole(Principal user, String role) {
        AccessControlContext acc = ContextManager.getCurrentContext();
        try {
            acc.checkPermission(new WebRoleRefPermission(JettyServletHolder.getJettyServletHolder().getName(), role));
        } catch (AccessControlException e) {
            return false;
        }
        return true;
    }

                Set refs = (Set) roleRefs.get(roleLink);
                if (refs == null) {
                    refs = new HashSet();
                    roleRefs.put(roleLink, refs);
                }
                refs.add(new WebRoleRefPermission(name, roleLink));
            } else {
                log.warn("Ignored invalid security-role-ref element: " + "servlet-name=" + name + ", " + securityRef);
            }
        }
    }

                roles.removeAll((Set) servletRoles.get(servletName));

                iter = roles.iterator();
                while (iter.hasNext()) {
                    String roleName = (String) iter.next();
                    configuration.addToRole(roleName, new WebRoleRefPermission(servletName, roleName));
                }
            }

        } catch (ClassCastException cce) {
            throw new GeronimoSecurityException("Policy configuration object does not implement RoleMappingConfiguration", cce.getCause());

    public boolean isUserInRole(AccessControlContext acc, String role) {
        /* Geronimo Specific code */
        try {
            acc.checkPermission(new WebRoleRefPermission("", role));
        } catch (Exception e) {
            return false;
        }

        return true;

    public boolean isUserInRole(AccessControlContext acc, String role) {
        /* Geronimo Specific code */
        try {
            acc.checkPermission(new WebRoleRefPermission("", role));
        } catch (Exception e) {
            return false;
        }

        return true;

    }


    protected void addUnmappedJSPPermissions(Set<String> securityRoles, Map<String, PermissionCollection> rolePermissions) {
        for (String roleName : securityRoles) {
            addPermissionToRole(roleName, new WebRoleRefPermission("", roleName), rolePermissions);
        }
    }

            * must be the value of the role-name (that is the  reference), appearing in the security-role-ref.
            * The deployment tools must  call the addToRole method on the PolicyConfiguration object to add the
            * WebRoleRefPermission object resulting from the translation to the role
            * identified in the role-link appearing in the security-role-ref.
            */
            addPermissionToRole(roleLink, new WebRoleRefPermission(servletName, roleName), rolePermissions);
            unmappedRoles.remove(roleName);
        }
        for (String roleName : unmappedRoles) {
            addPermissionToRole(roleName, new WebRoleRefPermission(servletName, roleName), rolePermissions);
        }
//        servletData.setAttribute("webRoleRefPermissions", webRoleRefPermissions);
    }

    * @return
    */
   private boolean hasRole(Principal principal, String roleName,
         Set<Principal> roles, String servletName)
   {
      WebRoleRefPermission perm = new WebRoleRefPermission(servletName, roleName);
      Principal[] principals = {principal};
      if( roles != null )
      {
         principals = new Principal[roles.size()];
         roles.toArray(principals);

      for (; esrr.hasMoreElements();){
    SecurityRoleReference srr = (SecurityRoleReference)esrr.nextElement();
    if(srr != null){
        String action = srr.getRoleName();
        WebRoleRefPermission wrrp = new WebRoleRefPermission(name, action);
        role.add(new Role(action));
        pc.addToRole(srr.getSecurityRoleLink().getName(),wrrp);
        if (logger.isLoggable(Level.FINE)){
      logger.log(Level.FINE,"JACC: role-reference translation: RoleRefPermission created with name(servlet-name)  = "+ name  +
           " and action(Role-name tag) = " + action + " added to role(role-link tag) = "+ srr.getSecurityRoleLink().getName());
        }

    }
      }
      if (logger.isLoggable(Level.FINE)){
    logger.log(Level.FINE,"JACC: role-reference translation: Going through the list of roles not present in RoleRef elements and creating WebRoleRefPermissions ");
      }
      for(Iterator it = roleset.iterator(); it.hasNext();){
    Role r = (Role)it.next();
    if (logger.isLoggable(Level.FINE)){
        logger.log(Level.FINE,"JACC: role-reference translation: Looking at Role =  "+r.getName());
    }
    if(!role.contains(r)){
        String action = r.getName();
        WebRoleRefPermission wrrp = new WebRoleRefPermission(name, action);
        pc.addToRole(action ,wrrp);
        if (logger.isLoggable(Level.FINE)){
      logger.log(Level.FINE,"JACC: role-reference translation: RoleRef  = "+ action +
           " is added for servlet-resource = " + name);
      logger.log(Level.FINE, "JACC: role-reference translation: Permission added for above role-ref ="
           + wrrp.getName() +" "+ wrrp.getActions());
        }
    }
      }
        /**
         * JACC MR8 add WebRoleRefPermission for the any authenticated user role '**'
         */
        if ((!role.contains(anyAuthUserRole)) && !rolesetContainsAnyAuthUserRole) {
            addAnyAuthenticatedUserRoleRef(pc, name);
        }
  }
  if (logger.isLoggable(Level.FINE)){
      logger.exiting("WebPermissionUtil", "createWebRoleRefPermission");
  }

        // START S1AS8PE 4966609
        /**
         * For every security role in the web application add a
         * WebRoleRefPermission to the corresponding role. The name of all such
         * permissions shall be the empty string, and the actions of each
         * permission shall be the corresponding role name. When checking a
         * WebRoleRefPermission from a JSP not mapped to a servlet, use a
         * permission with the empty string as its name
         * and with the argument to isUserInRole as its actions
         */
        for(Iterator it = roleset.iterator(); it.hasNext();){
            Role r = (Role)it.next();
            if (logger.isLoggable(Level.FINE)){
                logger.log(Level.FINE,
                    "JACC: role-reference translation: Looking at Role =  "
                        + r.getName());
            }
            String action = r.getName();
            WebRoleRefPermission wrrp = new WebRoleRefPermission("", action);
            pc.addToRole(action ,wrrp);
            if (logger.isLoggable(Level.FINE)){
                logger.log(Level.FINE,
                    "JACC: role-reference translation: RoleRef  = "
                    + action
                    + " is added for jsp's that can't be mapped to servlets");
                logger.log(Level.FINE,
                    "JACC: role-reference translation: Permission added for above role-ref ="
                     + wrrp.getName() +" "+ wrrp.getActions());
            }
        }
        // END S1AS8PE 4966609
        /**
         * JACC MR8 add WebRoleRefPermission for the any authenticated user role '**'

     * JACC MR8 add WebRoleRefPermission for the any authenticated user role '**'
     */
    private static void addAnyAuthenticatedUserRoleRef(PolicyConfiguration pc, String name)
        throws javax.security.jacc.PolicyContextException {
      String action = "**";
      WebRoleRefPermission wrrp = new WebRoleRefPermission(name, action);
      pc.addToRole(action ,wrrp);
      if (logger.isLoggable(Level.FINE)){
        logger.log(Level.FINE,
            "JACC: any authenticated user role-reference translation: Permission added for role-ref ="
                + wrrp.getName() +" "+ wrrp.getActions());
      }
    }