From 945c08c20f94eb2202538e40fbda376fe33a6f23 Mon Sep 17 00:00:00 2001
From: luiseufrasio <luis.eufrasio@gmail.com>
Date: Tue, 23 Jan 2024 18:15:01 -0300
Subject: [PATCH 1/3] FISH-8215 : port solution from Glassfish

---
 .../org/apache/catalina/realm/JAASRealm.java  | 18 +++----
 .../enterprise/security/GroupPrincipal.java   | 52 +++++++++++++++++++
 2 files changed, 60 insertions(+), 10 deletions(-)
 create mode 100644 nucleus/security/core/src/main/java/com/sun/enterprise/security/GroupPrincipal.java

diff --git a/appserver/web/web-core/src/main/java/org/apache/catalina/realm/JAASRealm.java b/appserver/web/web-core/src/main/java/org/apache/catalina/realm/JAASRealm.java
index bec861c84c3..398bcc85e0b 100644
--- a/appserver/web/web-core/src/main/java/org/apache/catalina/realm/JAASRealm.java
+++ b/appserver/web/web-core/src/main/java/org/apache/catalina/realm/JAASRealm.java
@@ -55,11 +55,12 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-// Portions Copyright [2019] Payara Foundation and/or affiliates
+// Portions Copyright [2019-2024] Payara Foundation and/or affiliates
 
 package org.apache.catalina.realm;
 
 
+import com.sun.enterprise.security.GroupPrincipal;
 import org.apache.catalina.Container;
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.LogFacade;
@@ -67,7 +68,6 @@
 import javax.security.auth.Subject;
 import javax.security.auth.login.*;
 import java.security.Principal;
-import java.security.acl.Group;
 import java.text.MessageFormat;
 import java.util.ArrayList;
 import java.util.Enumeration;
@@ -438,15 +438,13 @@ protected Principal createPrincipal(String username, Subject subject) {
                 roles.add(principal.getName());
             }
             // Same as Jboss - that's a pretty clean solution
-            if( (principal instanceof Group) &&
-                    "Roles".equals( principal.getName())) {
-                Group grp=(Group)principal;
-                Enumeration en=grp.members();
-                while( en.hasMoreElements() ) {
-                    Principal roleP=(Principal)en.nextElement();
-                    roles.add( roleP.getName());
+            if ((principal instanceof GroupPrincipal) && "Roles".equals(principal.getName())) {
+                GroupPrincipal grp = (GroupPrincipal) principal;
+                Enumeration<? extends Principal> membersEnum = grp.members();
+                while (membersEnum.hasMoreElements()) {
+                    Principal roleP = membersEnum.nextElement();
+                    roles.add(roleP.getName());
                 }
-
             }
         }
 
diff --git a/nucleus/security/core/src/main/java/com/sun/enterprise/security/GroupPrincipal.java b/nucleus/security/core/src/main/java/com/sun/enterprise/security/GroupPrincipal.java
new file mode 100644
index 00000000000..456c4829504
--- /dev/null
+++ b/nucleus/security/core/src/main/java/com/sun/enterprise/security/GroupPrincipal.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2021 Contributors to Eclipse Foundation. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+// Portions Copyright 2024 Payara Foundation and/or affiliates
+package com.sun.enterprise.security;
+
+import java.security.Principal;
+import java.util.Enumeration;
+
+/**
+ * A group of principals.
+ *
+ * @author Arjan Tijms
+ *
+ */
+public interface GroupPrincipal extends Principal {
+
+    /**
+     * Returns true when the given principal is in this group.
+     *
+     * <p>
+     * A recursive search is done, meaning that if a principal is in a group which is itself in this group, the result is true.
+     *
+     * @param principal the principal for which we check to be in this group.
+     *
+     * @return true if the principal is in this group, false otherwise.
+     */
+    boolean isMember(Principal principal);
+
+    /**
+     * Returns an enumeration of all the principals in this group.
+     *
+     * <p>
+     * The returned principals can include principals that are besides instanced of Principal also instances of GroupPrincipal.
+     *
+     * @return an enumeration of principals in this group, potentially including nested group principals.
+     */
+    Enumeration<? extends Principal> members();
+
+}

From bd8d9edb005400b3d86d5df11139fd52e54dc0ae Mon Sep 17 00:00:00 2001
From: Luis Eufrasio Teixeira Neto <luis.eufrasio@gmail.com>
Date: Fri, 26 Jan 2024 10:18:14 -0300
Subject: [PATCH 2/3] Update
 nucleus/security/core/src/main/java/com/sun/enterprise/security/GroupPrincipal.java

Co-authored-by: Andrew Pielage <pandrex247@hotmail.com>
---
 .../main/java/com/sun/enterprise/security/GroupPrincipal.java    | 1 -
 1 file changed, 1 deletion(-)

diff --git a/nucleus/security/core/src/main/java/com/sun/enterprise/security/GroupPrincipal.java b/nucleus/security/core/src/main/java/com/sun/enterprise/security/GroupPrincipal.java
index 456c4829504..17559ae559d 100644
--- a/nucleus/security/core/src/main/java/com/sun/enterprise/security/GroupPrincipal.java
+++ b/nucleus/security/core/src/main/java/com/sun/enterprise/security/GroupPrincipal.java
@@ -13,7 +13,6 @@
  *
  * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
  */
-// Portions Copyright 2024 Payara Foundation and/or affiliates
 package com.sun.enterprise.security;
 
 import java.security.Principal;

From 112a4a32d3858c810f4e446ad83b25f58da21de5 Mon Sep 17 00:00:00 2001
From: Andrew Pielage <pandrex247@hotmail.com>
Date: Fri, 26 Jan 2024 17:22:00 +0000
Subject: [PATCH 3/3] Update
 appserver/web/web-core/src/main/java/org/apache/catalina/realm/JAASRealm.java

---
 .../src/main/java/org/apache/catalina/realm/JAASRealm.java       | 1 +
 1 file changed, 1 insertion(+)

diff --git a/appserver/web/web-core/src/main/java/org/apache/catalina/realm/JAASRealm.java b/appserver/web/web-core/src/main/java/org/apache/catalina/realm/JAASRealm.java
index 398bcc85e0b..56698040e0a 100644
--- a/appserver/web/web-core/src/main/java/org/apache/catalina/realm/JAASRealm.java
+++ b/appserver/web/web-core/src/main/java/org/apache/catalina/realm/JAASRealm.java
@@ -56,6 +56,7 @@
  * limitations under the License.
  */
 // Portions Copyright [2019-2024] Payara Foundation and/or affiliates
+// Payara Foundation and/or its affiliates elects to include this software in this distribution under the GPL Version 2 license
 
 package org.apache.catalina.realm;