1 22 package org.jboss.jmx.connector.invoker; 23 24 import java.util.HashSet ; 25 import java.util.Set ; 26 import java.util.Iterator ; 27 import java.security.Principal ; 28 import java.security.acl.Group ; 29 30 import javax.security.auth.Subject ; 31 32 import org.jboss.security.SimplePrincipal; 33 34 40 public class RolesAuthorization 41 { 42 private HashSet requiredRoles = new HashSet (); 43 44 public RolesAuthorization() 45 { 46 requiredRoles.add(new SimplePrincipal("JBossAdmin")); 47 } 48 public void setRequiredRoles(HashSet requiredRoles) 49 { 50 this.requiredRoles = requiredRoles; 51 } 52 public void authorize(Principal caller, Subject subject, 53 String objectname, String opname) 54 { 55 Set groups = subject.getPrincipals(Group .class); 56 Group roles = null; 57 Iterator iter = groups.iterator(); 58 while( iter.hasNext() ) 59 { 60 Group grp = (Group ) iter.next(); 61 if( grp.getName().equals("Roles") ) 62 { 63 roles = grp; 64 break; 65 } 66 } 67 if( roles == null ) 68 { 69 throw new SecurityException ("Subject has no Roles"); 70 } 71 72 iter = requiredRoles.iterator(); 73 boolean hasRole = false; 74 while( iter.hasNext() && hasRole == false ) 75 { 76 Principal p = (Principal ) iter.next(); 77 hasRole = roles.isMember(p); 78 } 79 if( hasRole == false ) 80 { 81 throw new SecurityException ("Authorization failure, requiredRoles="+requiredRoles 82 +", callerRoles="+roles); 83 } 84 } 85 } 86 | Popular Tags |