diff --git a/web/src/main/java/org/jboss/as/web/security/SecurityContextAssociationValve.java b/web/src/main/java/org/jboss/as/web/security/SecurityContextAssociationValve.java index a0ed3de1190..b461f679528 100644 --- a/web/src/main/java/org/jboss/as/web/security/SecurityContextAssociationValve.java +++ b/web/src/main/java/org/jboss/as/web/security/SecurityContextAssociationValve.java @@ -24,6 +24,7 @@ import java.io.IOException; import java.security.Principal; +import java.util.Map; import javax.security.jacc.PolicyContext; import javax.servlet.ServletException; @@ -58,19 +59,33 @@ */ public class SecurityContextAssociationValve extends ValveBase { - private final DeploymentUnit deploymentUnit; + private final String securityDomain; + private final Map runAsIdentity; + private final String contextId; private static final ThreadLocal activeRequest = new ThreadLocal(); public SecurityContextAssociationValve(DeploymentUnit deploymentUnit) { - this.deploymentUnit = deploymentUnit; + final WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); + JBossWebMetaData metaData = warMetaData.getMergedJBossWebMetaData(); + String securityDomain = SecurityUtil.unprefixSecurityDomain(metaData.getSecurityDomain()); + if (securityDomain == null) { + securityDomain = SecurityConstants.DEFAULT_WEB_APPLICATION_POLICY; + } + String contextId = deploymentUnit.getName(); + if (deploymentUnit.getParent() != null) { + contextId = deploymentUnit.getParent().getName() + "!" + contextId; + } + this.securityDomain = securityDomain; + this.runAsIdentity = metaData.getRunAsIdentity(); + this.contextId = contextId; } - /** {@inheritDoc} */ + /** + * {@inheritDoc} + */ @Override public void invoke(Request request, Response response) throws IOException, ServletException { - final WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); - JBossWebMetaData metaData = warMetaData.getMergedJBossWebMetaData(); activeRequest.set(request); Session session = null; @@ -86,9 +101,6 @@ public void invoke(Request request, Response response) throws IOException, Servl SecurityContext sc = SecurityActions.getSecurityContext(); if (sc == null) { createdSecurityContext = true; - String securityDomain = SecurityUtil.unprefixSecurityDomain(metaData.getSecurityDomain()); - if (securityDomain == null) - securityDomain = SecurityConstants.DEFAULT_WEB_APPLICATION_POLICY; sc = SecurityActions.createSecurityContext(securityDomain); SecurityActions.setSecurityContextOnAssociation(sc); } @@ -99,7 +111,7 @@ public void invoke(Request request, Response response) throws IOException, Servl servlet = request.getWrapper(); if (servlet != null) { String name = servlet.getName(); - RunAsIdentityMetaData identity = metaData.getRunAsIdentity(name); + RunAsIdentityMetaData identity = runAsIdentity.get(name); RunAsIdentity runAsIdentity = null; if (identity != null) { WebLogger.WEB_SECURITY_LOGGER.tracef(name + ", runAs: " + identity); @@ -126,7 +138,7 @@ public void invoke(Request request, Response response) throws IOException, Servl if (principal == null) { Session sessionInternal = request.getSessionInternal(false); if (sessionInternal != null) { - principal = (JBossGenericPrincipal) sessionInternal.getNote(Constants.FORM_PRINCIPAL_NOTE); + principal = (JBossGenericPrincipal) sessionInternal.getNote(Constants.FORM_PRINCIPAL_NOTE); } } } else { @@ -147,9 +159,6 @@ public void invoke(Request request, Response response) throws IOException, Servl WebLogger.WEB_SECURITY_LOGGER.debug("Failed to determine servlet", e); } // set JACC contextID - String contextId = deploymentUnit.getName(); - if (deploymentUnit.getParent() != null) - contextId = deploymentUnit.getParent().getName() + "!" + contextId; PolicyContext.setContextID(contextId); // Perform the request