Merge pull request #23 from avpinchuk/ccx-fix-authorization-service

Fixes policy configuration state transitions in `AuthorizationService`
eclipse-ee4j · Sep 19, 2023 · 7c21502 · 7c21502
2 parents 399e690 + 93af0f2
commit 7c21502
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/impl/src/main/java/org/glassfish/exousia/AuthorizationService.java b/impl/src/main/java/org/glassfish/exousia/AuthorizationService.java
@@ -1,4 +1,5 @@
 /*
+ * Copyright (c) 2023 Contributors to the Eclipse Foundation.
  * Copyright (c) 2019, 2021 OmniFaces. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -69,7 +70,7 @@ public class AuthorizationService {
 
     static final Logger logger = Logger.getLogger(AuthorizationService.class.getName());
 
-    private static boolean isSecMgrOff = System.getSecurityManager() == null;
+    private static final boolean isSecMgrOff = System.getSecurityManager() == null;
 
     public static final String HTTP_SERVLET_REQUEST = "jakarta.servlet.http.HttpServletRequest";
     public static final String SUBJECT = "javax.security.auth.Subject.container";
@@ -81,7 +82,7 @@ public class AuthorizationService {
 
     private final String contextId;
 
-    private Function<Set<Principal>, ProtectionDomain> protectionDomainCreator = e -> newProtectionDomain(e);
+    private Function<Set<Principal>, ProtectionDomain> protectionDomainCreator = this::newProtectionDomain;
 
     /**
      * The authorization policy. This is the class that makes the actual decision for a permission
@@ -263,6 +264,9 @@ public void removeStatementsFromPolicy(Set<String> declaredRoles) {
         try {
             boolean inService = factory.inService(contextId);
 
+            // Open policy configuration
+            PolicyConfiguration policyConfiguration = factory.getPolicyConfiguration(contextId, false);
+
             policyConfiguration.removeUncheckedPolicy();
             policyConfiguration.removeExcludedPolicy();