SEC-803: Removed use of websphere SubjectHelper class.

2025-07-12 21:33:30 +00:00 · 2008-05-14 22:51:39 +00:00 · 2008-05-14 22:51:39 +00:00 · 6493df13f8
commit 6493df13f8
parent d4defb10fe
1 changed files with 163 additions and 152 deletions
--- a/core/src/main/java/org/springframework/security/ui/preauth/websphere/WASSecurityHelper.java
+++ b/core/src/main/java/org/springframework/security/ui/preauth/websphere/WASSecurityHelper.java
@ -30,12 +30,13 @@ final class WASSecurityHelper {

    private static Method getRunAsSubject = null;

-	private static Method getWSCredentialFromSubject = null;
-
    private static Method getGroupsForUser = null;

    private static Method getSecurityName = null;

+    // SEC-803
+    private static Class wsCredentialClass = null;
+    
    /**
     * Get the security name for the given subject.
     * 
@ -49,7 +50,8 @@ final class WASSecurityHelper {
        }
        String userSecurityName = null;
        if (subject != null) {
-			Object credential = invokeMethod(getWSCredentialFromSubjectMethod(),null,new Object[]{subject});
+            // SEC-803
+            Object credential = subject.getPublicCredentials(getWSCredentialClass()).iterator().next();
            if (credential != null) {
                userSecurityName = (String)invokeMethod(getSecurityNameMethod(),credential,null);
            }
@ -169,14 +171,6 @@ final class WASSecurityHelper {
        return getRunAsSubject;
    }

-	private static final Method getWSCredentialFromSubjectMethod() {
-		if (getWSCredentialFromSubject == null) {
-			getWSCredentialFromSubject = getMethod("com.ibm.ws.security.auth.SubjectHelper", "getWSCredentialFromSubject",
-					new String[] { "javax.security.auth.Subject" });
-		}
-		return getWSCredentialFromSubject;
-	}
-
    private static final Method getGroupsForUserMethod() {
        if (getGroupsForUser == null) {
            getGroupsForUser = getMethod("com.ibm.websphere.security.UserRegistry", "getGroupsForUser", new String[] { "java.lang.String" });
@ -191,4 +185,21 @@ final class WASSecurityHelper {
        return getSecurityName;
    }
    
+    // SEC-803
+    private static final Class getWSCredentialClass() {
+        if (wsCredentialClass == null) {
+            wsCredentialClass = getClass("com.ibm.websphere.security.cred.WSCredential");
+        }
+        return wsCredentialClass;
+    }
+    
+    private static final Class getClass(String className) {
+        try {
+            return Class.forName(className);
+        } catch (ClassNotFoundException e) {
+            logger.error("Required class " + className + " not found");
+            throw new RuntimeException("Required class " + className + " not found",e);
+        }
+    }    
+
 }