Author: tveronezi Date: Thu Feb 10 01:17:00 2011 New Revision: 1069191 URL: http://svn.apache.org/viewvc?rev=1069191&view=rev Log: According to the issue reported on the users-list, the "Sessioncontext.isCallerInRole" returns a wrong "false" result. It turns out that we were using the "AllowedRoles" feature to get the "isCallerInRole" value (with an inner "try{return true}-catch{return false}").
More info here: http://openejb.979440.n4.nabble.com/JUnit-Sessioncontext-isCallerInRole-allways-returns-false-td3257408.html Modified: openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java Modified: openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java?rev=1069191&r1=1069190&r2=1069191&view=diff ============================================================================== --- openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java (original) +++ openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java Thu Feb 10 01:17:00 2011 @@ -21,6 +21,7 @@ import org.apache.openejb.spi.SecuritySe import org.apache.openejb.spi.CallerPrincipal; import org.apache.openejb.core.ThreadContextListener; import org.apache.openejb.core.ThreadContext; +import org.apache.openejb.core.security.jaas.GroupPrincipal; import org.apache.openejb.core.security.jacc.BasicJaccProvider; import org.apache.openejb.core.security.jacc.BasicPolicyConfiguration; import org.apache.openejb.InterfaceType; @@ -30,7 +31,6 @@ import org.apache.openejb.loader.SystemI import javax.security.auth.Subject; import javax.security.auth.login.LoginException; import javax.security.jacc.PolicyContext; -import javax.security.jacc.EJBRoleRefPermission; import javax.security.jacc.EJBMethodPermission; import javax.security.jacc.PolicyConfigurationFactory; import java.security.AccessControlContext; @@ -221,14 +221,19 @@ public abstract class AbstractSecuritySe ThreadContext threadContext = ThreadContext.getThreadContext(); SecurityContext securityContext = threadContext.get(SecurityContext.class); - try { - BeanContext deployment = threadContext.getBeanContext(); - - securityContext.acc.checkPermission(new EJBRoleRefPermission(deployment.getEjbName(), role)); - } catch (AccessControlException e) { - return false; - } - return true; + final Set<Group> grps = securityContext.subject.getPrincipals(Group.class); + for (Group grp : grps) { + if(grp.getName().equals(role)) { + return true; + } + } + final Set<GroupPrincipal> grpsp = securityContext.subject.getPrincipals(GroupPrincipal.class); + for (GroupPrincipal grp : grpsp) { + if(grp.getName().equals(role)) { + return true; + } + } + return false; } public Principal getCallerPrincipal() {
