/**
* Return <code>true</code> if the specified Principal has the specified security role, within the
* context of this Realm; otherwise return <code>false</code>.
*
* <p>Since the Principal, in the JaasSecurityManager, has been stored in its cache using the
* JOSSO Single Sign-On Session Identifier Principal (see isValid method), when roles are checked
* , the Principal to be submitted to the overriden operation is not the user principal but the
* JOSSO Session Id Principal.
*
* @param principal Principal for whom the role is to be checked
* @param role Security role to be checked
*/
public boolean hasRole(Principal principal, String role) {
boolean hasRole = false;
try {
Context securityCtx = null;
securityCtx = prepareENC();
if (securityCtx == null) {
logger.error("No security context for authenticate(String, String)");
return false;
}
logger.debug("hasRole(" + principal + "," + role + ")");
// Get the JBoss security manager from the ENC context
SubjectSecurityManager securityMgr =
(SubjectSecurityManager) securityCtx.lookup("securityMgr");
if (!isSSODomain(securityMgr.getSecurityDomain())) {
// This is not a SSO Security domain, let JBoss realm handle this ...
return super.hasRole(principal, role);
}
Subject activeSubject = securityMgr.getActiveSubject();
logger.debug("Authenticated Subject: " + activeSubject);
CatalinaSSOUser ssoUser = CatalinaSSOUser.newInstance(this, activeSubject);
hasRole = super.hasRole(ssoUser, role);
} catch (NamingException e) {
principal = null;
logger.error("Error during authenticate", e);
}
return hasRole;
}
