Examples of WebRoleRefPermission


Examples of javax.security.jacc.WebRoleRefPermission

      assertTrue(p.implies(new WebUserDataPermission("/excluded.jsp", "GET,POST")));
   }
  
   private void checkAddToRoleForManager(Permissions p)
   {
      assertTrue(p.implies(new WebRoleRefPermission("secured", "Manager")));
      assertTrue(p.implies(new WebRoleRefPermission("sslprotected", "MGR")));
      assertTrue(p.implies(new WebRoleRefPermission("sslprotected", "Manager")));
      assertTrue(p.implies(new WebRoleRefPermission("unchecked", "Manager")));
      assertTrue(p.implies(new WebRoleRefPermission("excluded", "Manager")));
      //Jacc1.1
      assertTrue(p.implies(new WebRoleRefPermission("", "Manager")));
   }
View Full Code Here

Examples of javax.security.jacc.WebRoleRefPermission

   private void checkAddToRoleForAdministrator(Permissions p)
   {
      assertTrue(p.implies(new WebResourcePermission("/secured.jsp", "GET,POST")));
      assertTrue(p.implies(new WebResourcePermission("/sslprotected.jsp", "GET,POST")));
     
      assertTrue(p.implies(new WebRoleRefPermission("secured", "ADM")));
      assertTrue(p.implies(new WebRoleRefPermission("secured", "Administrator")));
      assertTrue(p.implies(new WebRoleRefPermission("sslprotected", "ADM")));
      assertTrue(p.implies(new WebRoleRefPermission("sslprotected", "Administrator")));
      assertTrue(p.implies(new WebRoleRefPermission("unchecked", "Administrator")));
      assertTrue(p.implies(new WebRoleRefPermission("excluded", "Administrator")));
      //Jacc1.1
      assertTrue(p.implies(new WebRoleRefPermission("", "Administrator")));
   }
View Full Code Here

Examples of javax.security.jacc.WebRoleRefPermission

      assertTrue(p.implies(new WebRoleRefPermission("", "Administrator")));
   }
  
   private void checkAddToRoleForEmployee(Permissions p)
   {
      assertTrue(p.implies(new WebRoleRefPermission("secured", "Employee")));
      assertTrue(p.implies(new WebRoleRefPermission("sslprotected", "Employee")));
      assertTrue(p.implies(new WebRoleRefPermission("unchecked", "Employee")));
      assertTrue(p.implies(new WebRoleRefPermission("excluded", "Employee")));
      //  Jacc1.1
      assertTrue(p.implies(new WebRoleRefPermission("", "Employee")));
   }
View Full Code Here

Examples of javax.security.jacc.WebRoleRefPermission

         Set<String> unreferencedRoles = metaData.getSecurityRoleNames();
         if(roleRefs != null)
         for(SecurityRoleRefMetaData roleRef : roleRefs)
         {
            String roleName = roleRef.getRoleLink();
            WebRoleRefPermission wrrp = new WebRoleRefPermission(servletName, roleRef.getName());
            pc.addToRole(roleName, wrrp);
            /* A bit of a hack due to how tomcat calls out to its Realm.hasRole()
            with a role name that has been mapped to the role-link value. We
            may need to handle this with a custom request wrapper.
            */
            wrrp = new WebRoleRefPermission(servletName, roleName);
            pc.addToRole(roleRef.getName(), wrrp);
            // Remove the role from the unreferencedRoles
            unreferencedRoles.remove(roleName);
         }
        
         //Spec 3.1.3.2: For each servlet element in the deployment descriptor
         //a WebRoleRefPermission must be added to each security-role of the
         //application whose name does not appear as the rolename
         //in a security-role-ref within the servlet element. 
         if(unreferencedRoles != null)
         for(String unrefRole : unreferencedRoles)
         {
            WebRoleRefPermission unrefP = new WebRoleRefPermission(servletName,unrefRole);
            pc.addToRole(unrefRole, unrefP);
         }
      }

      Set<String> unreferencedRoles = metaData.getSecurityRoleNames();
      //JACC 1.1:Spec 3.1.3.2: For each security-role defined in the deployment descriptor, an
      //additional WebRoleRefPermission must be added to the corresponding role by
      //calling the addToRole method on the PolicyConfiguration object. The
      //name of all such permissions must be the empty string, and the actions of each
      //such permission must be the role-name of the corresponding role.
      if(unreferencedRoles != null)
      for(String unreferencedRole : unreferencedRoles)
      {
        WebRoleRefPermission wrrep = new WebRoleRefPermission("", unreferencedRole);
        pc.addToRole(unreferencedRole, wrrep);
      }
     
      // Now build the cross product of the unreferencedRoles and servlets
      Set<String> servletNames = servlets.keySet();
      if(servletNames != null)
      for(String servletName : servletNames)
      {
         if(unreferencedRoles != null)
         for(String role : unreferencedRoles)
         {
            WebRoleRefPermission wrrp = new WebRoleRefPermission(servletName, role);
            pc.addToRole(role, wrrp);           
         }
      }
      /**
       * The programmatic security checks are made from jsps.
       * JBAS-3054:Use of isCallerInRole from jsp does not work for JACC
       */
      if(unreferencedRoles != null)
      for(String role : unreferencedRoles)
      {
         WebRoleRefPermission wrrp = new WebRoleRefPermission("", role);
         pc.addToRole(role, wrrp)
      }
   }
View Full Code Here

Examples of javax.security.jacc.WebRoleRefPermission

    }


    protected void addUnmappedJSPPermissions(Set<String> securityRoles, Map<String, PermissionCollection> rolePermissions) {
        for (String roleName : securityRoles) {
            addPermissionToRole(roleName, new WebRoleRefPermission("", roleName), rolePermissions);
        }
    }
View Full Code Here

Examples of javax.security.jacc.WebRoleRefPermission

            * must be the value of the role-name (that is the  reference), appearing in the security-role-ref.
            * The deployment tools must  call the addToRole method on the PolicyConfiguration object to add the
            * WebRoleRefPermission object resulting from the translation to the role
            * identified in the role-link appearing in the security-role-ref.
            */
            addPermissionToRole(roleLink, new WebRoleRefPermission(servletName, roleName), rolePermissions);
            unmappedRoles.remove(roleName);
        }
        for (String roleName : unmappedRoles) {
            addPermissionToRole(roleName, new WebRoleRefPermission(servletName, roleName), rolePermissions);
        }
    }
View Full Code Here

Examples of javax.security.jacc.WebRoleRefPermission

        try {
            /**
             * JACC v1.0 section 4.1.3
             */
            acc.checkPermission(new WebRoleRefPermission(name, role));
        } catch (AccessControlException e) {
            return false;
        }

        return true;
View Full Code Here

Examples of javax.security.jacc.WebRoleRefPermission

            // JACC v1.0 secion B.19
            String servletName = InternalJettyServletHolder.getCurrentServletName();
            if (servletName == null || servletName.equals("jsp")) {
                servletName = "";
            }
            acc.checkPermission(new WebRoleRefPermission(servletName, role));
        } catch (AccessControlException e) {
            return false;
        }
        return true;
    }
View Full Code Here

Examples of javax.security.jacc.WebRoleRefPermission

        try {
            /**
             * JACC v1.0 section 4.1.3
             */
            acc.checkPermission(new WebRoleRefPermission(name, role));
        } catch (AccessControlException e) {
            return false;
        }

        return true;
View Full Code Here

Examples of javax.security.jacc.WebRoleRefPermission

            // JACC v1.0 secion B.19
            String servletName = JettyServletHolder.getCurrentServletName();
            if (servletName.equals("jsp")) {
                servletName = "";
            }
            acc.checkPermission(new WebRoleRefPermission(servletName, role));
        } catch (AccessControlException e) {
            return false;
        }
        return true;
    }
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.