Examples of com.sun.enterprise.security.SecurityContext

• com.sun.enterprise.security.SecurityContext
  This class that extends AbstractSecurityContext that gets stored in Thread Local Storage. If the current thread creates child threads, the SecurityContext stored in the current thread is automatically propogated to the child threads. This class is used on the server side to represent the security context. Thread Local Storage is a concept introduced in JDK1.2. @see java.lang.ThreadLocal @see java.lang.InheritableThreadLocal @author Harish Prabandham @author Harpreet Singh

        return new ClientPipeCreator(ref);
    }

      public Principal getUserPrincipal(boolean isWeb) {
         //This is a servlet endpoint
        SecurityContext ctx = SecurityContext.getCurrent();
        if (ctx == null) {
            return null;
        }
        if (ctx.didServerGenerateCredentials()) {
            if (isWeb) {
                return null;
            }
        }
        return ctx.getCallerPrincipal();
    }

            "Container Auth: ServerAuthContext.validateRequest");
        }

  Subject subject = null;
  boolean firstAuthentication = true;
  SecurityContext sc = SecurityContext.getCurrent();
  if (sc == null || sc.didServerGenerateCredentials()) {
      subject = new Subject();
  } else {
      subject = sc.getSubject();
      firstAuthentication = false;
  }

  sAC.validateRequest((AuthParam)param, subject, sharedState);

  if (rvalue && firstAuthentication) {
      Set principalSet = subject.getPrincipals();
      // must be at least one new principal to establish
      // non-default security contex
      if (principalSet != null && !principalSet.isEmpty()) {
    // define and add initiator to Subject - note that this may add
    // a second principal (of type PrincipalImpl) for initiator.
    String initiator = ((Principal)principalSet.iterator().next()).
        getName();
    SecurityContext newSC = new SecurityContext(initiator,subject);
    SecurityContext.setCurrent(newSC);
      }
  }

        return rvalue;

            "Container Auth: ServerAuthContext.secureResponse");
        }

  // subject may change if runAs identity differs from caller's.
  // Therefore, session state is saved in sharedState not subject
  SecurityContext sc = SecurityContext.getCurrent();
  Subject subject = sc.getSubject();

  SOAPAuthParam param = new SOAPAuthParam(null, response);

        try{
            sAC.secureResponse((AuthParam)param, subject, sharedState);

      ClientSecurityContext sc = ClientSecurityContext.getCurrent();
      if (sc != null) {
    subject = sc.getSubject();
      }
  } else {
      SecurityContext sc = SecurityContext.getCurrent();
      if (sc != null && !sc.didServerGenerateCredentials()) {
    // make sure we don't use default unauthenticated subject,
    // so that module cannot change this important (constant)
    // subject.
    subject = sc.getSubject();
      }
  }
  if (subject == null) subject = new Subject();

  cAC.secureRequest ( param, subject, sharedState);

            cp = inv.invocationInfo.cachedPermission;
            ejbmp = cp.getPermission();
        }

        String caller = null;
        SecurityContext sc = null;

        pcHandlerImpl.getHandlerData().setInvocation(inv);
        ret = cp.checkPermission();

        if (!ret) {

            sc = SecurityContext.getCurrent();
            Set principalSet = sc.getPrincipalSet();
            ProtectionDomain prdm = getCachedProtectionDomain(principalSet, true);
            try {
                // set the policy context in the TLS.
                String oldContextId = setPolicyContext(this.contextId);
                try {
                    ret = policy.implies(prdm, ejbmp);
                } catch (SecurityException se) {
                    _logger.log(Level.SEVERE, "jacc_access_exception", se);
                    ret = false;
                } catch (Throwable t) {
                    _logger.log(Level.SEVERE, "jacc_access_exception", t);
                    ret = false;
                } finally {
                    resetPolicyContext(oldContextId, this.contextId);
                }

            } catch (Throwable t) {
                _logger.log(Level.SEVERE, "jacc_policy_context_exception", t);
                ret = false;
            }
        }

        inv.setAuth((ret) ? Boolean.TRUE : Boolean.FALSE);

        if (auditManager.isAuditOn()) {
            if (sc == null) {
                sc = SecurityContext.getCurrent();
            }
            caller = sc.getCallerPrincipal().getName();
            auditManager.ejbInvocation(caller, ejbName, inv.method.toString(), ret);
        }

        if (ret && inv.isWebService && !inv.isPreInvokeDone()) {
            preInvoke(inv);

            _logger.entering("EJBSecurityManager", "isCallerInRole", role);

        }
        EJBRoleRefPermission ejbrr = new EJBRoleRefPermission(ejbName, role);

        SecurityContext sc;
        if (runAs != null) {
            ComponentInvocation ci = invMgr.getCurrentInvocation();
            sc = (SecurityContext) ci.getOldSecurityContext();
        } else {
            sc = SecurityContext.getCurrent();
        }

        Set principalSet = (sc != null) ? sc.getPrincipalSet() : null;
        ProtectionDomain prdm = getCachedProtectionDomain(principalSet, true);

        String oldContextId = null;
        try {
            // set the policy context in the TLS.

     *
     * @return A Principal object of the client who made this invocation.
     *         or null if the SecurityContext has not been established by the client.
     */
    public Principal getCallerPrincipal() {
        SecurityContext sc = null;
        if (runAs != null) { // Run As
            // return the principal associated with the old security context
            ComponentInvocation ci = invMgr.getCurrentInvocation();

            if (ci == null) {
                throw new InvocationException(); // 4646060
            }
            sc = (SecurityContext) ci.getOldSecurityContext();

        } else {
            // lets optimize a little. no need to look up oldsecctx
            // its the same as the new one
            sc = SecurityContext.getCurrent();
        }

        Principal prin;

        if (sc != null) {
            prin = sc.getCallerPrincipal();
        } else {
            prin = SecurityContext.getDefaultCallerPrincipal();
        }
        return prin;
    }

     * SecurityContext.
     */
    public Object doAsPrivileged(PrivilegedExceptionAction pea)
            throws Throwable {

        SecurityContext sc = SecurityContext.getCurrent();
        Set principalSet = sc.getPrincipalSet();
        AccessControlContext acc =
                (AccessControlContext) accessControlContextCache.get(principalSet);

        if (acc == null) {
            final ProtectionDomain[] pdArray = new ProtectionDomain[1];
            pdArray[0] = getCachedProtectionDomain(principalSet, false);
            try {
                if (principalSet != null) {

                    final Subject s = sc.getSubject();

                    acc = (AccessControlContext)
                            AccessController.doPrivileged(new PrivilegedExceptionAction() {
                                public Object run() throws Exception {
                                    return new AccessControlContext

            cp = inv.invocationInfo.cachedPermission;
            ejbmp = cp.getPermission();
        }

        String caller = null;
        SecurityContext sc = null;

        pcHandlerImpl.getHandlerData().setInvocation(inv);
        ret = cp.checkPermission();

        if (!ret) {

            sc = SecurityContext.getCurrent();
            Set principalSet = sc.getPrincipalSet();
            ProtectionDomain prdm = getCachedProtectionDomain(principalSet, true);
            try {
                // set the policy context in the TLS.
                String oldContextId = setPolicyContext(this.contextId);
                try {
                    ret = policy.implies(prdm, ejbmp);
                } catch (SecurityException se) {
                    _logger.log(Level.SEVERE, "jacc_access_exception", se);
                    ret = false;
                } catch (Throwable t) {
                    _logger.log(Level.SEVERE, "jacc_access_exception", t);
                    ret = false;
                } finally {
                    resetPolicyContext(oldContextId, this.contextId);
                }

            } catch (Throwable t) {
                _logger.log(Level.SEVERE, "jacc_policy_context_exception", t);
                ret = false;
            }
        }

        inv.setAuth((ret) ? Boolean.TRUE : Boolean.FALSE);

        if (auditManager.isAuditOn()) {
            if (sc == null) {
                sc = SecurityContext.getCurrent();
            }
            caller = sc.getCallerPrincipal().getName();
            auditManager.ejbInvocation(caller, ejbName, inv.method.toString(), ret);
        }

        if (ret && inv.isWebService && !inv.isPreInvokeDone()) {
            preInvoke(inv);

            _logger.entering("EJBSecurityManager", "isCallerInRole", role);

        }
        EJBRoleRefPermission ejbrr = new EJBRoleRefPermission(ejbName, role);

        SecurityContext sc;
        if (runAs != null) {
            ComponentInvocation ci = invMgr.getCurrentInvocation();
            sc = (SecurityContext) ci.getOldSecurityContext();
        } else {
            sc = SecurityContext.getCurrent();
        }

        Set principalSet = (sc != null) ? sc.getPrincipalSet() : null;
        ProtectionDomain prdm = getCachedProtectionDomain(principalSet, true);

        String oldContextId = null;
        try {
            // set the policy context in the TLS.