JACC.java

package org.javaee7.jaspic.jaccpropagation.jacc;

import static java.security.Policy.getPolicy;
import static java.util.logging.Level.SEVERE;

import java.security.CodeSource;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.logging.Logger;

import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.WebResourcePermission;

/**
 * 
 * @author Arjan Tijms
 * 
 */
public class JACC {
    
    private final static Logger logger = Logger.getLogger(JACC.class.getName());
    
    public static Subject getSubject() {
        try {
            return (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
        } catch (Exception e) {
            logger.log(SEVERE, "", e);
        }
        
        return null;
    }

    public static boolean hasAccess(String uri, Subject subject) {
        return getPolicy().implies(
            new ProtectionDomain(
                new CodeSource(null, (Certificate[]) null), 
                null, null,
                subject.getPrincipals().toArray(new Principal[subject.getPrincipals().size()])
            ),
            new WebResourcePermission(uri, "GET")
        );
    }
}