@Override protected boolean handleInbound(MessageContext msgContext) { if (trace) { log.trace("Handling Inbound Message"); trace(msgContext); } ServletContext context = (ServletContext) msgContext.get(MessageContext.SERVLET_CONTEXT); // Read the jboss-wsse.xml file InputStream is = getWSSE(context); if (is == null) throw new RuntimeException(ErrorCodes.RESOURCE_NOT_FOUND + "unable to load jboss-wsse.xml"); QName portName = (QName) msgContext.get(MessageContext.WSDL_PORT); QName opName = (QName) msgContext.get(MessageContext.WSDL_OPERATION); if (portName == null) portName = JBossWSNativeStackUtil.getPortNameViaReflection(getClass(), msgContext); if (portName == null) throw new RuntimeException( ErrorCodes.NULL_VALUE + "Unable to determine port name from the message context"); if (opName == null) opName = getOperationName(msgContext); if (opName == null) throw new RuntimeException( ErrorCodes.NULL_VALUE + "Unable to determine operation name from the message context"); List<String> roles = null; String key = portName.getLocalPart() + "_" + opName.toString(); // First check in cache if (cache.containsKey(key)) { roles = cache.get(key); } else { try { roles = JBossWSSERoleExtractor.getRoles(is, portName.getLocalPart(), opName.toString()); } catch (ProcessingException e) { throw new RuntimeException(e); } cache.put(key, roles); } if (!roles.contains(UNCHECKED)) { AuthorizationManager authorizationManager = getAuthorizationManager(); SecurityAdaptor securityAdaptor = secAdapterfactory.newSecurityAdapter(); Principal principal = securityAdaptor.getPrincipal(); Subject subject = SecurityActions.getAuthenticatedSubject(); Set<Principal> expectedRoles = rolesSet(roles); if (!authorizationManager.doesUserHaveRole(principal, expectedRoles)) { SecurityContext sc = SecurityActions.getSecurityContext(); StringBuilder builder = new StringBuilder("Authorization Failed:Principal="); builder.append(principal).append(":Expected Roles=").append(expectedRoles); SecurityContextCallbackHandler scbh = new SecurityContextCallbackHandler(sc); builder .append("::Actual Roles=") .append(authorizationManager.getSubjectRoles(subject, scbh)); log.error(builder.toString()); throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION + "Authorization Failed"); } } return true; }