/** * Return <code>true</code> if the specified Principal has the specified security role, within the * context of this Realm; otherwise return <code>false</code>. * * <p>Since the Principal, in the JaasSecurityManager, has been stored in its cache using the * JOSSO Single Sign-On Session Identifier Principal (see isValid method), when roles are checked * , the Principal to be submitted to the overriden operation is not the user principal but the * JOSSO Session Id Principal. * * @param principal Principal for whom the role is to be checked * @param role Security role to be checked */ public boolean hasRole(Principal principal, String role) { boolean hasRole = false; try { Context securityCtx = null; securityCtx = prepareENC(); if (securityCtx == null) { logger.error("No security context for authenticate(String, String)"); return false; } logger.debug("hasRole(" + principal + "," + role + ")"); // Get the JBoss security manager from the ENC context SubjectSecurityManager securityMgr = (SubjectSecurityManager) securityCtx.lookup("securityMgr"); if (!isSSODomain(securityMgr.getSecurityDomain())) { // This is not a SSO Security domain, let JBoss realm handle this ... return super.hasRole(principal, role); } Subject activeSubject = securityMgr.getActiveSubject(); logger.debug("Authenticated Subject: " + activeSubject); CatalinaSSOUser ssoUser = CatalinaSSOUser.newInstance(this, activeSubject); hasRole = super.hasRole(ssoUser, role); } catch (NamingException e) { principal = null; logger.error("Error during authenticate", e); } return hasRole; }