FISH-8215 : port solution from Glassfish

appserver/web/web-core/src/main/java/org/apache/catalina/realm/JAASRealm.java

@@ -55,19 +55,19 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-// Portions Copyright [2019] Payara Foundation and/or affiliates
+// Portions Copyright [2019-2024] Payara Foundation and/or affiliates
 
 package org.apache.catalina.realm;
 
 
+import com.sun.enterprise.security.GroupPrincipal;
 import org.apache.catalina.Container;
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.LogFacade;
 
 import javax.security.auth.Subject;
 import javax.security.auth.login.*;
 import java.security.Principal;
-import java.security.acl.Group;
 import java.text.MessageFormat;
 import java.util.ArrayList;
 import java.util.Enumeration;
@@ -438,15 +438,13 @@ protected Principal createPrincipal(String username, Subject subject) {
                 roles.add(principal.getName());
             }
             // Same as Jboss - that's a pretty clean solution
-            if( (principal instanceof Group) &&
-                    "Roles".equals( principal.getName())) {
-                Group grp=(Group)principal;
-                Enumeration en=grp.members();
-                while( en.hasMoreElements() ) {
-                    Principal roleP=(Principal)en.nextElement();
-                    roles.add( roleP.getName());
+            if ((principal instanceof GroupPrincipal) && "Roles".equals(principal.getName())) {
+                GroupPrincipal grp = (GroupPrincipal) principal;
+                Enumeration<? extends Principal> membersEnum = grp.members();
+                while (membersEnum.hasMoreElements()) {
+                    Principal roleP = membersEnum.nextElement();
+                    roles.add(roleP.getName());
                 }
-
             }
         }
 

nucleus/security/core/src/main/java/com/sun/enterprise/security/GroupPrincipal.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2021 Contributors to Eclipse Foundation. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+// Portions Copyright 2024 Payara Foundation and/or affiliates
+package com.sun.enterprise.security;
+
+import java.security.Principal;
+import java.util.Enumeration;
+
+/**
+ * A group of principals.
+ *
+ * @author Arjan Tijms
+ *
+ */
+public interface GroupPrincipal extends Principal {
+
+    /**
+     * Returns true when the given principal is in this group.
+     *
+     * <p>
+     * A recursive search is done, meaning that if a principal is in a group which is itself in this group, the result is true.
+     *
+     * @param principal the principal for which we check to be in this group.
+     *
+     * @return true if the principal is in this group, false otherwise.
+     */
+    boolean isMember(Principal principal);
+
+    /**
+     * Returns an enumeration of all the principals in this group.
+     *
+     * <p>
+     * The returned principals can include principals that are besides instanced of Principal also instances of GroupPrincipal.
+     *
+     * @return an enumeration of principals in this group, potentially including nested group principals.
+     */
+    Enumeration<? extends Principal> members();
+
+}