if (previous != null) {
current.setSubjectInfo(previous.getSubjectInfo());
current.setIncomingRunAs(previous.getOutgoingRunAs());
}
RunAs currentRunAs = current.getIncomingRunAs();
boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;
if (trusted == false) {
/*
* We should only be switching to a context based on an identity from the Remoting connection
* if we don't already have a trusted identity - this allows for beans to reauthenticate as a
* different identity.
*/
boolean authenticated = false;
if (SecurityActions.remotingContextIsSet()) {
// In this case the principal and credential will not have been set to set some random values.
SecurityContextUtil util = current.getUtil();
UserInfo userInfo = SecurityActions.remotingContextGetConnection().getUserInfo();
Principal p = null;
String credential = null;
Subject subject = null;
if (userInfo instanceof SubjectUserInfo) {
SubjectUserInfo sinfo = (SubjectUserInfo) userInfo;
subject = sinfo.getSubject();
Set<PasswordCredential> pcSet = subject.getPrivateCredentials(PasswordCredential.class);
if (pcSet.size() > 0) {
PasswordCredential pc = pcSet.iterator().next();
p = new SimplePrincipal(pc.getUserName());
credential = new String(pc.getCredential());
SecurityActions.remotingContextClear(); // Now that it has been used clear it.
}
if ((p == null || credential == null) && userInfo instanceof UniqueIdUserInfo) {
UniqueIdUserInfo uinfo = (UniqueIdUserInfo) userInfo;
p = new SimplePrincipal(sinfo.getUserName());
credential = uinfo.getId();
// In this case we do not clear the RemotingContext as it is still to be used
// here extracting the ID just ensures we are not continually calling the modules
// for each invocation.
}
}
if (p == null || credential == null) {
p = new SimplePrincipal(UUID.randomUUID().toString());
credential = UUID.randomUUID().toString();
}
util.createSubjectInfo(p, credential, subject);
}
// If we have a trusted identity no need for a re-auth.
if (authenticated == false) {
authenticated = authenticate(current, null);
}
if (authenticated == false) {
// TODO - Better type needed.
throw SecurityMessages.MESSAGES.invalidUserException();
}
}
if (runAs != null) {
RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles);
current.setOutgoingRunAs(runAsIdentity);
} else if (previous != null && previous.getOutgoingRunAs() != null) {
// Ensure the propagation continues.
current.setOutgoingRunAs(previous.getOutgoingRunAs());
}