星期四, 九月 11, 2008

Jboss如何获取用户验证后的角色?

通过JAAS验证的用户,要想得到验证的用户的所有的角色,JBOSS目前推荐的是如下代码段
主要是基于新的JACC规范:
Java Authorization Contract for Containers (Java ACC) specification (JSR-115)

import javax.security.auth.Subject ;
import javax.security.jacc.PolicyContext;

private String findRole() throws Exception
{
String result="";

// Get the Authenticated Subject
Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");

// Now look for a Group called Roles
Set principals = subject.getPrincipals(Principal.class);
Iterator iter = principals.iterator();
while(iter.hasNext())
{
Principal p = (Principal)iter.next();
if(p instanceof SimpleGroup)
{
SimpleGroup sg = (SimpleGroup)p;
if("Roles".equals(sg.getName()))
{
Enumeration en = sg.members();
while(en.hasMoreElements())
{
String role = en.nextElement().toString();
result=result+","+role;
System.out.println("Role:"+role);
}
}
}
}
return result;
}