in hawtio-system/src/main/java/io/hawt/system/Authenticator.java [312:349]
private static boolean checkIfSubjectHasRequiredRoleOnWebsphere(Subject subject, String role) {
LOG.debug("Running on websphere: checking if the Role {} is in the set of groups in WSCredential", role);
for (final Object cred : subject.getPublicCredentials()) {
LOG.debug("Checking credential {} if it is a WebSphere specific WSCredential containing group info", cred);
if (implementsInterface(cred, "com.ibm.websphere.security.cred.WSCredential")) {
try {
Method groupsMethod = getWebSphereGetGroupsMethod(cred);
@SuppressWarnings("unchecked")
final List<Object> groups = (List<Object>) groupsMethod.invoke(cred);
if (groups != null) {
LOG.debug("Found a total of {} groups in the IBM WebSphere Credentials", groups.size());
for (Object group : groups) {
LOG.debug("Matching IBM Websphere group name {} to required role {}", group, role);
String[] roleArray = role.split(",");
for (String r : roleArray) {
if (r.equals(group.toString())) {
LOG.debug("Required role {} found in IBM WebSphere specific credentials", r);
return true;
} else {
LOG.debug("role {} doesn't match {}, continuing", r, group.toString());
}
}
}
} else {
LOG.debug("The IBM Websphere groups list is null");
}
} catch (NoSuchMethodException | SecurityException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
// ignored
LOG.debug("Caught exception trying to read groups from WebSphere specific WSCredentials class", e);
}
}
}
return false;
}