diff --git a/appserver/web/web-core/src/main/java/org/apache/catalina/realm/JAASRealm.java b/appserver/web/web-core/src/main/java/org/apache/catalina/realm/JAASRealm.java
index bec861c84c3..56698040e0a 100644
--- a/appserver/web/web-core/src/main/java/org/apache/catalina/realm/JAASRealm.java
+++ b/appserver/web/web-core/src/main/java/org/apache/catalina/realm/JAASRealm.java
@@ -55,11 +55,13 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-// Portions Copyright [2019] Payara Foundation and/or affiliates
+// Portions Copyright [2019-2024] Payara Foundation and/or affiliates
+// Payara Foundation and/or its affiliates elects to include this software in this distribution under the GPL Version 2 license
package org.apache.catalina.realm;
+import com.sun.enterprise.security.GroupPrincipal;
import org.apache.catalina.Container;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LogFacade;
@@ -67,7 +69,6 @@
import javax.security.auth.Subject;
import javax.security.auth.login.*;
import java.security.Principal;
-import java.security.acl.Group;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Enumeration;
@@ -438,15 +439,13 @@ protected Principal createPrincipal(String username, Subject subject) {
roles.add(principal.getName());
}
// Same as Jboss - that's a pretty clean solution
- if( (principal instanceof Group) &&
- "Roles".equals( principal.getName())) {
- Group grp=(Group)principal;
- Enumeration en=grp.members();
- while( en.hasMoreElements() ) {
- Principal roleP=(Principal)en.nextElement();
- roles.add( roleP.getName());
+ if ((principal instanceof GroupPrincipal) && "Roles".equals(principal.getName())) {
+ GroupPrincipal grp = (GroupPrincipal) principal;
+ Enumeration membersEnum = grp.members();
+ while (membersEnum.hasMoreElements()) {
+ Principal roleP = membersEnum.nextElement();
+ roles.add(roleP.getName());
}
-
}
}
diff --git a/nucleus/security/core/src/main/java/com/sun/enterprise/security/GroupPrincipal.java b/nucleus/security/core/src/main/java/com/sun/enterprise/security/GroupPrincipal.java
new file mode 100644
index 00000000000..17559ae559d
--- /dev/null
+++ b/nucleus/security/core/src/main/java/com/sun/enterprise/security/GroupPrincipal.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2021 Contributors to Eclipse Foundation. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+package com.sun.enterprise.security;
+
+import java.security.Principal;
+import java.util.Enumeration;
+
+/**
+ * A group of principals.
+ *
+ * @author Arjan Tijms
+ *
+ */
+public interface GroupPrincipal extends Principal {
+
+ /**
+ * Returns true when the given principal is in this group.
+ *
+ *
+ * A recursive search is done, meaning that if a principal is in a group which is itself in this group, the result is true.
+ *
+ * @param principal the principal for which we check to be in this group.
+ *
+ * @return true if the principal is in this group, false otherwise.
+ */
+ boolean isMember(Principal principal);
+
+ /**
+ * Returns an enumeration of all the principals in this group.
+ *
+ *
+ * The returned principals can include principals that are besides instanced of Principal also instances of GroupPrincipal.
+ *
+ * @return an enumeration of principals in this group, potentially including nested group principals.
+ */
+ Enumeration members();
+
+}