JAASHelper.java

package org.apache.aries.blueprint.itests.authz.helper;

import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;

import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

public class JAASHelper {

    public static <T> void doAs(final String[] groups, PrivilegedAction<T> action) {
        Configuration config = new Configuration() {
    
            @Override
            public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
                Map<String, Object> options = new HashMap<String, Object>();
                options.put("username", "dummy"); // The user does not matter
                options.put("groups", groups);
                AppConfigurationEntry entry = new AppConfigurationEntry(SimpleLoginModule.class.getName(),
                                                                        LoginModuleControlFlag.REQUIRED,
                                                                        options);
                return new AppConfigurationEntry[] {
                    entry
                };
            }
    
        };
        try {
            LoginContext lc = new LoginContext("test", new Subject(), null, config);
            lc.login();
            Subject.doAs(lc.getSubject(), action);
            lc.logout();
        } catch (LoginException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    
}