Details
-
Bug
-
Resolution: Done
-
Major
-
7.0.5.GA
Description
Description of problem:
We have a custom permission (extends java.security.Permission) that we want to check at runtime.
The permission should be granted to a user with a specific Principal (org.jboss.security.SimplePrincipal "admin") in my testing:
grant principal org.jboss.security.SimplePrincipal "admin" { permission org.jboss.example.CustomPermission "/Hello"; };
We have coded our servlet to check this permission at run time with code that looks like the following:
javax.security.auth.Subject subj = (javax.security.auth.Subject) javax.security.jacc.PolicyContext.getContext("javax.security.auth.Subject.container"); org.jboss.example.CustomPermission permission = new org.jboss.example.CustomPermission("/Hello"); try { Subject.doAsPrivileged(subj, new PrivilegedAction() { public Object run() { AccessController.checkPermission(p); return null; } }, null); return true; } catch (SecurityException se) { log.warn("AuthUtils.permitted(): Subject " + subj + " not authorized for permission " + p); return false; }
The subj above contains a org.jboss.security.SimplePrincipal instance with the username of "admin" in its principal set.
Actual results:
The permission check always returns "denied".
Expected results:
The permission check should return "granted" when the subject contains a SimplePrincipal instance with "admin" as the username.
Attachments
Issue Links
- is incorporated by
-
JBEAP-10518 (7.0.z) Upgrade jboss-modules from 1.5.3 to 1.5.4
-
- Verified
-
