use of org.jboss.security.javaee.SecurityRoleRef in project wildfly by wildfly.
the class SimpleSecurityManager method isCallerInRole.
/**
* @param ejbName The name of the EJB component where isCallerInRole was invoked.
* @param incommingMappedRoles The principal vs roles mapping (if any). Can be null.
* @param roleLinks The role link map where the key is an alias role name and the value is the collection of
* role names, that alias represents. Can be null.
* @param roleNames The role names for which the caller is being checked for
* @return true if the user is in <b>any</b> one of the <code>roleNames</code>. Else returns false
*/
public boolean isCallerInRole(final String ejbName, final String policyContextID, final Object incommingMappedRoles, final Map<String, Collection<String>> roleLinks, final String... roleNames) {
final SecurityContext securityContext = doPrivileged(securityContext());
if (securityContext == null) {
return false;
}
final EJBResource resource = new EJBResource(new HashMap<String, Object>());
resource.setEjbName(ejbName);
resource.setPolicyContextID(policyContextID);
resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs());
resource.setCallerSubject(securityContext.getUtil().getSubject());
Principal userPrincipal = securityContext.getUtil().getUserPrincipal();
resource.setPrincipal(userPrincipal);
if (roleLinks != null) {
final Set<SecurityRoleRef> roleRefs = new HashSet<SecurityRoleRef>();
for (String key : roleLinks.keySet()) {
Collection<String> values = roleLinks.get(key);
if (values != null) {
for (String value : values) roleRefs.add(new SecurityRoleRef(key, value));
}
}
resource.setSecurityRoleReferences(roleRefs);
}
Map<String, Set<String>> previousRolesAssociationMap = null;
try {
// ensure the security roles association contains the incoming principal x roles map.
if (incommingMappedRoles != null) {
SecurityRolesMetaData rolesMetaData = (SecurityRolesMetaData) incommingMappedRoles;
previousRolesAssociationMap = this.setSecurityRolesAssociation(rolesMetaData.getPrincipalVersusRolesMap());
}
AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext);
for (String roleName : roleNames) {
if (helper.isCallerInRole(resource, roleName)) {
return true;
}
}
return false;
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
// reset the security roles association state.
if (incommingMappedRoles != null) {
this.setSecurityRolesAssociation(previousRolesAssociationMap);
}
}
}
Aggregations