Examples of org.jboss.security.RunAsIdentity

• org.jboss.security.RunAsIdentity
  The RunAsIdentity is a Principal that associates the run-as principal with his run-as role(s). @author Thomas.Diesler@jboss.org @author Scott.Stark@jboss.org @author Anil.Saldhana@jboss.org @version $Revision: 68965 $

         // The caller is using a run-as identity
         else
         {
            if(callerRunAs instanceof RunAsIdentity)
            {
               RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
               RoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());

               // Check that the run-as role is in the set of method roles
               if(srg.containsAtleastOneRole(methodRoles) == false)
               {
                  String method = this.ejbMethod.getName();
                  String msg = "Insufficient method permissions, principal=" + ejbPrincipal
                  + ", ejbName=" + this.ejbName
                  + ", method=" + method + ", interface=" + this.methodInterface
                  + ", requiredRoles=" + methodRoles + ", runAsRoles="
                  + callerRunAsIdentity.getRunAsRoles();
                  if(trace)
                     log.trace("Exception:"+msg);
                  allowed = false;
               }

         //allowed = am.doesUserHaveRole(ejbPrincipal, set);
      else
      {
         if(callerRunAs instanceof RunAsIdentity)
         {
            RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
            SimpleRoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());
            allowed = srg.containsRole(deploymentrole);
            //allowed = callerRunAsIdentity.doesUserHaveRole(set);
         }
      }
      return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;

            try {
                servlet = request.getWrapper();
                if (servlet != null) {
                    String name = servlet.getName();
                    RunAsIdentityMetaData identity = runAsIdentity.get(name);
                    RunAsIdentity runAsIdentity = null;
                    if (identity != null) {
                        WebLogger.WEB_SECURITY_LOGGER.tracef(name + ", runAs: " + identity);
                        runAsIdentity = new RunAsIdentity(identity.getRoleName(), identity.getPrincipalName(),
                                identity.getRunAsRoles());
                    }
                    SecurityActions.pushRunAsIdentity(runAsIdentity);
                }

            try {
                servlet = request.getWrapper();
                if (servlet != null) {
                    String name = servlet.getName();
                    RunAsIdentityMetaData identity = metaData.getRunAsIdentity(name);
                    RunAsIdentity runAsIdentity = null;
                    if (identity != null) {
                        log.tracef(name + ", runAs: " + identity);
                        runAsIdentity = new RunAsIdentity(identity.getRoleName(), identity.getPrincipalName(),
                                identity.getRunAsRoles());
                    }
                    SecurityActions.pushRunAsIdentity(runAsIdentity);
                }

            InvokerLocator locator = (InvokerLocator) invocation.getMetaData(InvokeRemoteInterceptor.REMOTING,
                  InvokeRemoteInterceptor.INVOKER_LOCATOR);

            String iface = (locator != null) ? "Remote" : "Local";

            RunAsIdentity callerRunAs = SecurityActions.peekRunAsIdentity();

            EJBAuthorizationHelper helper = new EJBAuthorizationHelper(sc);
            boolean isAuthorized = helper.authorize(ejbName,
                             mi.getMethod(),
                             sc.getUtil().getUserPrincipal(),

   }

   public static RunAsIdentity peekRunAsIdentity(int depth)
   {
      PrivilegedAction action = new PeekRunAsRoleAction(depth);
      RunAsIdentity principal = (RunAsIdentity) AccessController.doPrivileged(action);
      return principal;
   }

      return (RunAsIdentity)AccessController.doPrivileged(new PrivilegedAction()
      {
         public Object run()
         {
            SecurityContext sc = getSecurityContext();
            RunAsIdentity ra = (RunAsIdentity) sc.getOutgoingRunAs();
            sc.setOutgoingRunAs(null);
            return ra;
         }
      });
   }

         this.depth = depth;
      }

      public Object run()
      {
         RunAsIdentity principal = SecurityAssociation.peekRunAsIdentity(depth);
         return principal;
      }

      {
         Policy policy = Policy.getPolicy();
         // Get the caller
         Subject caller = SecurityActions.getContextSubject();

         RunAsIdentity rai = SecurityActions.peekRunAsIdentity();

         Principal[] principals = null;
         if(rai != null)
         {
            Set runAsRoles = rai.getRunAsRoles();
            principals = new Principal[runAsRoles.size()];
            runAsRoles.toArray(principals);
         }
         else
         {

   public Object invoke(Invocation invocation) throws Throwable
   {
      Subject previousSubject = null;
      try
      {
         RunAsIdentity runAsIdentity = getRunAsIdentity(invocation);
         SecurityActions.pushRunAsIdentity(runAsIdentity);

         runAsIdentity = SecurityActions.peekRunAsIdentity(1);
         if (runAsIdentity != null)
         {
            previousSubject = SecurityActions.getActiveSubject();
            java.util.Set newPrincipals = runAsIdentity.getPrincipalsSet();
            Subject newSubject = new Subject(false, newPrincipals, new java.util.HashSet(), new java.util.HashSet());
            SecurityAssociation.setSubject(newSubject);
         }

         return invocation.invokeNext();