Examples of org.jboss.security.identity.RoleGroup

• org.jboss.security.identity.RoleGroup
  Represents a group of roles @author Anil.Saldhana@redhat.com @since Nov 16, 2007 @version $Revision$

      webResource.setPrincipal(principal);
      webResource.setServletName(servletName);

      webResource.setCallerSubject(callerSubject);
      SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
      RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);

      try
      {
         int permit = authzMgr.authorize(webResource, callerSubject, callerRoles);
         hasTheRole = (permit == AuthorizationContext.PERMIT);

      webResource.setServletRequest(request);
      webResource.setServletResponse(response);

      webResource.setCallerSubject(callerSubject);
      SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
      RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);

      try
      {
         int permit = authzMgr.authorize(webResource, callerSubject, callerRoles);
         hasPerm = (permit == AuthorizationContext.PERMIT);

    @see Subject#getPrincipals()
    */
   public boolean doesUserHaveRole(Principal principal, Set<Principal> rolePrincipals)
   {
      boolean hasRole = false;
      RoleGroup roles = this.getCurrentRoles(principal);
      if( trace )
         log.trace("doesUserHaveRole(Set), roles: "+roles);
      if(roles != null)
      {
         Iterator<Principal> iter = rolePrincipals.iterator();

    @return true if the active principal has the role, false otherwise.
    */
   public boolean doesUserHaveRole(Principal principal, Principal role)
   {
      boolean hasRole = false;
      RoleGroup roles = this.getCurrentRoles(principal);
      hasRole = doesRoleGroupHaveRole(role, roles);
      return hasRole;
   }

    @return The Set<Principal> for the application domain roles that the
    principal has been assigned.
    */
   public Set<Principal> getUserRoles(Principal principal)
   {
      RoleGroup userRoles = getCurrentRoles(principal);
      return this.getRolesAsSet(userRoles);
   }

      if(callerRunAs != null)
      {
         callerPrincipal = new SimplePrincipal(callerRunAs.getName());
      }

      RoleGroup roles = this.getCurrentRoles(callerPrincipal, authenticatedSubject, sc);
      if(roles == null)
         roles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
      return roles;
   }

      Group subjectRoles = getGroupFromSubject(subject);

      boolean emptyContextRoles = false;

      RoleGroup userRoles = sc.getUtil().getRoles();
      //Group userRoles = (Group)sc.getData().get(ROLES_IDENTIFIER);
      if(userRoles == null || "true".equalsIgnoreCase(SubjectActions.getRefreshSecurityContextRoles()))
         emptyContextRoles = true;
      userRoles = copyGroups(userRoles, subjectRoles);

      /**
       * Update the roles in the SecurityContext and
       * allow mapping rules be applied only if the SC roles
       * and the subject roles are not the same
       */
      if(subjectRoles != userRoles || emptyContextRoles)
      {
         MappingManager mm = sc.getMappingManager();
         MappingContext<RoleGroup> mc = mm.getMappingContext(RoleGroup.class);

         RoleGroup mappedUserRoles = userRoles;
         if(mc != null && mc.hasModules())
         {
            Map<String,Object> contextMap = new HashMap<String,Object>();
            contextMap.put(SecurityConstants.ROLES_IDENTIFIER, userRoles);
            if(principal != null)

         else
         {
            if(callerRunAs instanceof RunAsIdentity)
            {
               RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
               RoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());

               // Check that the run-as role is in the set of method roles
               if(srg.containsAtleastOneRole(methodRoles) == false)
               {
                  String method = this.ejbMethod.getName();
                  String msg = "Insufficient method permissions, principal=" + ejbPrincipal
                  + ", ejbName=" + this.ejbName
                  + ", method=" + method + ", interface=" + this.methodInterface

    * which is usable by roles (roleA,roleB)
    * @throws Exception
    */
   public void testRegularEJBAuthorizationPass() throws Exception
   {
      RoleGroup principalRole = SecurityTestUtil.getRoleGroup(new String[] {"roleA"});

      //Create a ContextMap
      Map<String,Object> cmap = new HashMap<String,Object>();

      EJBResource ejbResource = new EJBResource(cmap);

    * This method tests with a bad role
    * @throws Exception
    */
   public void testInvalidRegularEJBAuthorization() throws Exception
   {
      RoleGroup principalRole = SecurityTestUtil.getRoleGroup(new String[] {"badRole"});

      //Create a ContextMap
      Map<String,Object> cmap = new HashMap<String,Object>();

      EJBResource ejbResource = new EJBResource(cmap);