in hawtio-system/src/main/java/io/hawt/system/Authenticator.java [351:387]
private static boolean checkIfSubjectHasRequiredRoleOnJbossEAP(Subject subject, String role) {
LOG.debug("Running on Jboss EAP: checking if the Role {} is in the set of groups in SimpleGroup", role);
for (final Principal prin : subject.getPrincipals()) {
LOG.debug("Checking principal {} if it is a Jboss specific SimpleGroup containing group info", prin);
if ("org.jboss.security.SimpleGroup".equals(prin.getClass().getName()) && "Roles".equals(prin.getName())) {
try {
Method groupsMethod = getJbossEAPGetGroupsMethod(prin);
@SuppressWarnings("unchecked")
final Enumeration<Principal> groups = (Enumeration<Principal>) groupsMethod.invoke(prin);
if (groups != null) {
while (groups.hasMoreElements()) {
Principal group = groups.nextElement();
LOG.debug("Matching Jboss EAP group name {} to required role(s) {}", group, role);
String[] roleArray = role.split(",");
for (String r : roleArray) {
if (r.equals(group.toString())) {
LOG.debug("Required role {} found in Jboss EAP specific credentials", r);
return true;
} else {
LOG.debug("role {} doesn't match {}, continuing", r, group.toString());
}
}
}
} else {
LOG.debug("The Jboss EAP groups list is null");
}
} catch (NoSuchMethodException | SecurityException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
// ignored
LOG.debug("Caught exception trying to read groups from JBoss EAP specific SimpleGroup class", e);
}
}
}
return false;
}