Java SecurityActions.getSecurityContext示例

示例#1

文件： WSAuthorizationHandler.java 项目： anilsaldhana/picketlink-federation

  @Override
  protected boolean handleInbound(MessageContext msgContext) {
    if (trace) {
      log.trace("Handling Inbound Message");
      trace(msgContext);
    }
    ServletContext context = (ServletContext) msgContext.get(MessageContext.SERVLET_CONTEXT);
    // Read the jboss-wsse.xml file
    InputStream is = getWSSE(context);
    if (is == null)
      throw new RuntimeException(ErrorCodes.RESOURCE_NOT_FOUND + "unable to load jboss-wsse.xml");

    QName portName = (QName) msgContext.get(MessageContext.WSDL_PORT);
    QName opName = (QName) msgContext.get(MessageContext.WSDL_OPERATION);

    if (portName == null)
      portName = JBossWSNativeStackUtil.getPortNameViaReflection(getClass(), msgContext);

    if (portName == null)
      throw new RuntimeException(
          ErrorCodes.NULL_VALUE + "Unable to determine port name from the message context");

    if (opName == null) opName = getOperationName(msgContext);

    if (opName == null)
      throw new RuntimeException(
          ErrorCodes.NULL_VALUE + "Unable to determine operation name from the message context");

    List<String> roles = null;

    String key = portName.getLocalPart() + "_" + opName.toString();

    // First check in cache
    if (cache.containsKey(key)) {
      roles = cache.get(key);
    } else {
      try {
        roles = JBossWSSERoleExtractor.getRoles(is, portName.getLocalPart(), opName.toString());
      } catch (ProcessingException e) {
        throw new RuntimeException(e);
      }
      cache.put(key, roles);
    }

    if (!roles.contains(UNCHECKED)) {
      AuthorizationManager authorizationManager = getAuthorizationManager();

      SecurityAdaptor securityAdaptor = secAdapterfactory.newSecurityAdapter();
      Principal principal = securityAdaptor.getPrincipal();
      Subject subject = SecurityActions.getAuthenticatedSubject();

      Set<Principal> expectedRoles = rolesSet(roles);
      if (!authorizationManager.doesUserHaveRole(principal, expectedRoles)) {
        SecurityContext sc = SecurityActions.getSecurityContext();
        StringBuilder builder = new StringBuilder("Authorization Failed:Principal=");
        builder.append(principal).append(":Expected Roles=").append(expectedRoles);
        SecurityContextCallbackHandler scbh = new SecurityContextCallbackHandler(sc);
        builder
            .append("::Actual Roles=")
            .append(authorizationManager.getSubjectRoles(subject, scbh));
        log.error(builder.toString());

        throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION + "Authorization Failed");
      }
    }
    return true;
  }