1 /* 2 * The contents of this file are subject to the terms 3 * of the Common Development and Distribution License 4 * (the License). You may not use this file except in 5 * compliance with the License. 6 * 7 * You can obtain a copy of the license at 8 * https://glassfish.dev.java.net/public/CDDLv1.0.html or 9 * glassfish/bootstrap/legal/CDDLv1.0.txt. 10 * See the License for the specific language governing 11 * permissions and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL 14 * Header Notice in each file and include the License file 15 * at glassfish/bootstrap/legal/CDDLv1.0.txt. 16 * If applicable, add the following below the CDDL Header, 17 * with the fields enclosed by brackets [] replaced by 18 * you own identifying information: 19 * "Portions Copyrighted [year] [name of copyright owner]" 20 * 21 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 22 */ 23 24 package com.sun.enterprise.webservice; 25 26 import java.security.Principal; 27 import javax.xml.ws.handler.MessageContext; 28 import javax.xml.ws.handler.MessageContext; 29 import javax.servlet.http.HttpServletRequest; 30 import com.sun.xml.ws.spi.runtime.WebServiceContext; 31 import com.sun.web.security.WebPrincipal; 32 import com.sun.enterprise.Switch; 33 import com.sun.enterprise.InvocationManager; 34 import com.sun.ejb.containers.StatelessSessionContainer; 35 36 public class WebServiceContextImpl implements WebServiceContext { 37 38 public static ThreadLocal msgContext = new ThreadLocal(); 39 40 public static ThreadLocal principal = new ThreadLocal(); 41 42 public MessageContext getMessageContext() { 43 MessageContext ctxt = (MessageContext)msgContext.get(); 44 return ctxt; 45 } 46 47 public void setMessageContext(MessageContext ctxt) { 48 msgContext.set(ctxt); 49 } 50 51 public void setUserPrincipal(WebPrincipal p) { 52 principal.set(p); 53 } 54 55 public Principal getUserPrincipal() { 56 // This could be an EJB endpoint; check the threadlocal variable 57 WebPrincipal p = (WebPrincipal) principal.get(); 58 if (p != null) { 59 return p; 60 } 61 // This is a servlet endpoint 62 MessageContext ctxt = (MessageContext)msgContext.get(); 63 if (ctxt != null) { 64 HttpServletRequest req = (HttpServletRequest)ctxt.get( 65 MessageContext.SERVLET_REQUEST); 66 if (req != null) { 67 return req.getUserPrincipal(); 68 } 69 } 70 throw new IllegalStateException(); 71 } 72 73 public boolean isUserInRole(String role) { 74 // This could be an EJB endpoint; check the threadlocal variable 75 WebPrincipal p = (WebPrincipal) principal.get(); 76 if (p != null) { 77 Switch sw = Switch.getSwitch(); 78 InvocationManager mgr = sw.getInvocationManager(); 79 StatelessSessionContainer cont = 80 (StatelessSessionContainer) mgr.getCurrentInvocation().getContainerContext(); 81 boolean res = cont.getSecurityManager().isCallerInRole(role); 82 return res; 83 } 84 // This is a servlet endpoint 85 MessageContext ctxt = (MessageContext)msgContext.get(); 86 if (ctxt != null) { 87 HttpServletRequest req = (HttpServletRequest)ctxt.get( 88 MessageContext.SERVLET_REQUEST); 89 if (req != null) { 90 return req.isUserInRole(role); 91 } 92 } 93 throw new IllegalStateException(); 94 } 95 } 96