Examples of com.sun.enterprise.security.SecurityContext

• com.sun.enterprise.security.SecurityContext
  This class that extends AbstractSecurityContext that gets stored in Thread Local Storage. If the current thread creates child threads, the SecurityContext stored in the current thread is automatically propogated to the child threads. This class is used on the server side to represent the security context. Thread Local Storage is a concept introduced in JDK1.2. @see java.lang.ThreadLocal @see java.lang.InheritableThreadLocal @author Harish Prabandham @author Harpreet Singh

        if (runAs != null) {
            // The existing SecurityContext is saved - however, this seems
            // meaningless - see bug 4757733. For now, keep it unchanged
            // in case there are some dependencies elsewhere in RI.
            SecurityContext old = getSecurityContext();
            inv.setOldSecurityContext(old);

            // Set the run-as principal into SecurityContext
            loginForRunAs(runAs);

     */
    public Principal createFailOveredPrincipal(String username){
        _logger.log(Level.FINEST,"IN createFailOveredPrincipal ("+username+")");
        //set the appropriate security context
        loginForRunAs(username);
        SecurityContext secCtx = SecurityContext.getCurrent();
         _logger.log(Level.FINE,"Security context is "+secCtx);
        assert (secCtx != null);
        Principal principal = new WebPrincipal(username, null, secCtx);
        _logger.log(Level.INFO,"Principal created for FailOvered user "+principal);
        return principal;

            // must be at least one new principal to establish
      // non-default security context
            if (principalSet != null && !principalSet.isEmpty() &&
               !principalSetContainsOnlyAnonymousPrincipal(principalSet)) {

                SecurityContext ctx = new SecurityContext(subject);
                //XXX assuming no null principal here
    Principal p = ctx.getCallerPrincipal();
    WebPrincipal wp = new WebPrincipal(p,ctx);
    try {
                    //XXX Keep it for reference
                    /*
        if (this.sAC.managesSessions(sharedState)) {

        // Create a WebPrincipal for tomcat and store in current request
        // This will allow programmatic authorization later in this request
        // to work as expected.

        SecurityContext secCtx = SecurityContext.getCurrent();
        assert (secCtx != null); // since login succeeded above

        WebPrincipal principal = new WebPrincipal(user, password, secCtx);
        req.setUserPrincipal(principal);
        req.setAuthType(WEBAUTH_PROGRAMMATIC);

     * Return <code>true</code> if this constraint is satisfied and processing
     * should continue, or <code>false</code> otherwise.
     * @return true is the resource is granted, false if denied
     */
    public boolean hasResourcePermission(HttpServletRequest httpsr) {
        SecurityContext sc = getSecurityContext(httpsr.getUserPrincipal());
        WebResourcePermission perm = createWebResourcePermission(httpsr);
        setSecurityInfo(httpsr);
        boolean isGranted = checkPermission(perm, sc.getPrincipalSet());
        SecurityContext.setCurrent(sc);
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "[Web-Security] hasResource isGranted: " + isGranted);
            logger.log(Level.FINE, "[Web-Security] hasResource perm: " + perm);
        }

     * This is an private method for transforming principal into a SecurityContext
     * @param principal expected to be a WebPrincipal
     * @return SecurityContext
     */
    private SecurityContext getSecurityContext(Principal principal) {
        SecurityContext secContext = null;
        if (principal != null) {
            if (principal instanceof WebPrincipal) {
                WebPrincipal wp = (WebPrincipal) principal;
                secContext = wp.getSecurityContext();
            } else {
                secContext = new SecurityContext(principal.getName(), null);
            }
        }
        if (secContext == null) {
            secContext = SecurityContext.getDefaultSecurityContext();
        }

      if (s == null) {
    s = Subject.getSubject(AccessController.getContext());
      }

  } else {
      SecurityContext sc = SecurityContext.getCurrent();
      if (sc != null && !sc.didServerGenerateCredentials()) {
    // make sure we don't use default unauthenticated subject,
    // so that module cannot change this important (constant)
    // subject.
    s = sc.getSubject();
      }
  }

  if (s == null) {
      s = new Subject();

  // unathenticated if Subject is null or empty

  Subject s = (Subject) request.invocationProperties.get
      (PipeConstants.CLIENT_SUBJECT);

  SecurityContext sC = new SecurityContext(s);

  SecurityContext.setCurrent(sC);

  // we should try to replace this endpoint specific
  // authorization check with a generic web service message check

                resourceShareable, jndiNameToUse, conn, false );
        } else {
            ResourcePrincipal prin =null;
            Set principalSet =null;
            Principal callerPrincipal = null;
            SecurityContext securityContext = null;
            ConnectorRuntime connectorRuntime = ConnectorRuntime.getRuntime();
            if(connectorRuntime.isServer() &&
             (securityContext = SecurityContext.getCurrent()) != null &&
       (callerPrincipal = securityContext.getCallerPrincipal()) != null &&
       (principalSet = securityContext.getPrincipalSet()) != null) {
                AuthenticationService authService =
                    connectorRuntime.getAuthenticationService(rarName,poolName);
                if(authService != null) {
                    prin = (ResourcePrincipal)authService.mapPrincipal(
                            callerPrincipal, principalSet);

      while (e.hasMoreElements()) {
    principalSet.add(new Group((String) e.nextElement()));
      }
  }

        SecurityContext securityContext =
      new SecurityContext(name, subject);

  SecurityContext.setCurrent(securityContext);
    }