Friday, April 30, 2010

Spring Security Authorizer with JBoss JAAS

We've recently been working to integrate OpenAM (formerly OpenSSO) as our SSO solution via JAAS. Spring Security comes with OOB functionality for JAAS Authentication, but not for JAAS Authorization.  So in order to accept the roles and principals returned by SSO we put together the following.




public class JaasSpringSecurity implements AuthorityGranter {
    
    public Set grant(Principal principal) {
        Set returnSet = new HashSet();
        
        if (principal instanceof SimpleGroup) {        
            SimpleGroup sg = (SimpleGroup) principal;
            returnSet.addAll(getNestedRoles(sg));
        }
        return returnSet;
    }

    private Set getNestedRoles(SimpleGroup sg) {
        Enumeration members = sg.members();
        Set tmpSet = new HashSet();
        if (members.hasMoreElements()) {

            while (members.hasMoreElements()) {
                Object o = members.nextElement();
                if (o instanceof SimpleGroup) {
                    tmpSet.addAll(getNestedRoles((SimpleGroup) o));
                } else if(o instanceof SimplePrincipal){
                    tmpSet.add( ((SimplePrincipal) o).getName());
                } 
            }
        } else {

        }
        return tmpSet;
    }
}


It should be noted that in this case we are running under JBoss and so we are passed objects of Type :

org.jboss.security.SimpleGroup and org.jboss.security.SimplePrincipal.  This may differ based on provider.

Posted by trisbez at 9:05 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)