On Sun, Mar 19, 2017 at 11:17 PM, arjan tijms <arjan.tijms_at_gmail.com> wrote:
> So with a small SPI interface (like e.g. the CDI RI (Weld) and the JSF RI
> (Mojarra) also have) this should be possible.
>
> I'll do a quick implementation of such an SPI in Soteria as a draft
> proposal, so we can base further discussion on that.
>
I just committed this SPI and an example implementation of it here:
https://github.com/javaee-security-spec/soteria/commit/51f8430e2310e5ed724b4684e0bef6f890ea2c81
Specifically this small SPI interface (to be implemented by integrators):
package org.glassfish.soteria.authorization.spi;
import java.security.Principal;
public interface CallerDetailsResolver {
Principal getCallerPrincipal();
boolean isCallerInRole(String role);
}
And a following example implementation:
public class ReflectionAndJaccCallerDetailsResolver implements
CallerDetailsResolver {
@Override
public Principal getCallerPrincipal() {
Subject subject = JACC.getSubject();
if (subject == null) {
return null;
}
SubjectParser roleMapper = new SubjectParser(getContextID(),
emptyList());
return
roleMapper.getCallerPrincipalFromPrincipals(subject.getPrincipals());
}
// isCallerInRole left to be done
}
In this example, the Subject is obtained from JACC, and then a helper class
that has knowledge about several servers and how they store Principals in
the Subject tries to find the caller principal in this subject.
Again, this is a generic example and every vendor/integrator can implement
this in whatever way, using or not using JACC.
Kind regards,
Arjan Tijms