just before adding authorization service.

[photos] / jaccmagic.txt

diff --git a/jaccmagic.txt b/jaccmagic.txt
new file mode 100644 (file)
index 0000000..decf99e
--- /dev/null
+++ b/jaccmagic.txt
@@ -0,0 +1,33 @@
+  // https://blogs.oracle.com/monzillo/entry/using_jacc_to_determine_a
+
+        Subject subject = (Subject) PolicyContext
+            .getContext("javax.security.auth.Subject.container");
+        CodeSource cs = new CodeSource(null,
+            (java.security.cert.Certificate[]) null);
+        Principal principals[] = (subject == null ? new Principal[0] : subject
+            .getPrincipals().toArray(new Principal[0]));
+        for (Principal principal : principals) {
+            System.out
+                .println(principal + " " + principal.getClass().getName());
+        }
+
+        ProtectionDomain pd = new ProtectionDomain(cs, null, null, principals);
+        Policy policy = Policy.getPolicy();
+        PermissionCollection pc = policy.getPermissions(pd);
+        pc.implies(new WebRoleRefPermission(null, null));
+        Set<String> roleSet = new HashSet<String>();
+        Enumeration<Permission> e = pc.elements();
+        while (e.hasMoreElements()) {
+            Permission p = e.nextElement();
+            if (p instanceof WebRoleRefPermission) {
+                String roleRef = p.getActions();
+                // confirm roleRef via isUserInRole to ensure proper scoping to
+                // Servlet Name
+                // if (request.isUserInRole(roleRef)) {
+                roleSet.add(p.getActions());
+                System.out.println("Role actions: " + p.getActions());
+                System.out.println("Role name:    " + p.getName());
+                // }
+            }
+        }
+        System.out.println("Roles in the context of this page: " + roleSet);