package com.ibm.ws.security.core;

import com.ibm.ISecurityLocalObjectBaseL13Impl.DomainInfo;
import com.ibm.ejs.models.base.bindings.applicationbnd.AuthorizationTable;
import com.ibm.ejs.models.base.bindings.applicationbnd.Group;
import com.ibm.ejs.models.base.bindings.applicationbnd.RoleAssignment;
import com.ibm.ejs.models.base.bindings.applicationbnd.SpecialSubject;
import com.ibm.ejs.models.base.bindings.applicationbnd.User;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminContext;
import com.ibm.websphere.management.authorizer.AdminAuthorizer;
import com.ibm.websphere.management.authorizer.AdminAuthorizerFactory;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.config.UserRegistryConfig;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.registry.RegistryUtil;
import com.ibm.ws.security.role.PluggableAuthorizationTableProxy;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.Constants;
import com.ibm.ws.security.util.WCCMHelper;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.Subject;
import org.eclipse.emf.common.util.EList;
import org.eclipse.jst.j2ee.common.SecurityRole;

/* loaded from: input_file:WEB-INF/lib/admin-8.5.0.jar:com/ibm/ws/security/core/WSAccessManager.class */
public abstract class WSAccessManager extends BaseAccessManager {
    public static final String USER = "user";
    public static final String GROUP = "group";
    public static final String ADMINAPP = "Server Administration Application";
    private String serverId;
    private User userSub;
    private Group groupSub;
    protected AdminAuthorizer adminAuthorizer = null;
    private static final TraceComponent tc = Tr.register((Class<?>) WSAccessManager.class, "Security", AdminConstants.MSG_BUNDLE_NAME);
    private static Hashtable authzTableMap = new Hashtable(10);
    private static Hashtable contextIDTable = new Hashtable(10);
    private static AuthorizationTable adminAppAuthTable = null;
    private static boolean filledAccessIDs = false;
    protected static List adminapps = null;

    public WSAccessManager() {
        this.serverId = null;
        this.userSub = null;
        this.groupSub = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "admin applications", adminapps);
        }
        this.serverId = getServerId();
        if (this.serverId == null && tc.isDebugEnabled()) {
            Tr.debug(tc, "Failed to form serverId in WSAccessManager(), most likely in bootstrap mode, and therefore not an error");
        }
        this.groupSub = WCCMHelper.createGroup("group", "group");
        this.userSub = WCCMHelper.createUser("user", "user");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>");
        }
    }

    public static void setAccessIdsFilled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setAccessIdsFilled");
        }
        filledAccessIDs = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setAccessIdsFilled");
        }
    }

    public static AuthorizationTable getAdminAppAuthorizationTable() {
        return adminAppAuthTable;
    }

    public static Enumeration getAuthorizationTables() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthorizationTables");
        }
        Enumeration elements = authzTableMap.elements();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuthorizationTables", elements);
        }
        return elements;
    }

    public static AuthorizationTable getAuthorizationTable(String str) {
        return (AuthorizationTable) authzTableMap.get(str);
    }

    public static void removeAuthorizationTable(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeAuthorizationTable", str);
        }
        authzTableMap.remove(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeAuthorizationTable");
        }
    }

    public static void addAuthorizationTable(String str, AuthorizationTable authorizationTable) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addAuthorizationTable", new Object[]{str, authorizationTable});
        }
        synchronized (authzTableMap) {
            int lastIndexOf = str.lastIndexOf("_");
            String substring = lastIndexOf != -1 ? str.substring(0, lastIndexOf) : str;
            if (authorizationTable != null) {
                if (substring.equals(ADMINAPP)) {
                    adminAppAuthTable = authorizationTable;
                }
                authzTableMap.put(str, authorizationTable);
                fillMissingAccessIds(authorizationTable);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addAuthorizationTable");
        }
    }

    public static void storeContextID(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "storeContextID", new Object[]{str, str2});
        }
        synchronized (contextIDTable) {
            if (str2 != null) {
                contextIDTable.put(str, str2);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "storeContextID");
        }
    }

    public static void removeContextID(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeContextID", str);
        }
        synchronized (contextIDTable) {
            contextIDTable.remove(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeContextID");
        }
    }

    public static String getContextID(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getContextID", str);
        }
        String str2 = (String) contextIDTable.get(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getContextID", str2);
        }
        return str2;
    }

    public static boolean checkIfAdminApp(String str) {
        return adminapps != null && adminapps.contains(str);
    }

    @Override // com.ibm.ws.security.core.BaseAccessManager
    public abstract boolean allowIfNoRequiredRoles();

    @Override // com.ibm.ws.security.core.BaseAccessManager, com.ibm.ws.security.core.AccessManager
    public boolean isGrantedRole(AccessContext accessContext, SecurityRole securityRole, Principal principal) {
        boolean isGrantedRole;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isGrantedRole", new Object[]{accessContext, securityRole, principal});
        }
        Subject subject = principal != null ? ((WSPrincipal) principal).getSubject() : null;
        String enterpriseAppName = accessContext != null ? accessContext.getEnterpriseAppName() : null;
        if (accessContext != null ? checkIfAdminApp(enterpriseAppName) : false) {
            isGrantedRole = getAdminAuthorizer() == null ? true : this.adminAuthorizer.isGrantedRole(new String[]{securityRole.getRoleName()}, subject);
        } else {
            isGrantedRole = isGrantedRole(accessContext, getAuthorizationTable(enterpriseAppName), securityRole, subject);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isGrantedRole", new Boolean(isGrantedRole));
        }
        return isGrantedRole;
    }

    protected boolean isGrantedRole(AccessContext accessContext, AuthorizationTable authorizationTable, SecurityRole securityRole, Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isGrantedRole", new Object[]{accessContext, authorizationTable, securityRole, subjectToString(subject)});
        }
        boolean z = false;
        PluggableAuthorizationTableProxy authorizationTableProxy = PluggableAuthorizationTableProxy.getAuthorizationTableProxy();
        if (authorizationTableProxy != null) {
            z = authorizationTableProxy.isGrantedRole(accessContext, securityRole, subject);
        } else if (authorizationTable != null) {
            SecurityRole[] securityRoleArr = {securityRole};
            if (isEveryoneGranted(accessContext, securityRoleArr)) {
                z = true;
            } else if (isGrantedAnyRole(accessContext, securityRoleArr, subject)) {
                z = true;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isGrantedRole", new Boolean(z));
        }
        return z;
    }

    @Override // com.ibm.ws.security.core.BaseAccessManager, com.ibm.ws.security.core.AccessManager
    public boolean isEveryoneGranted(AccessContext accessContext, SecurityRole[] securityRoleArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isEveryoneGranted", new Object[]{accessContext, securityRoleArr});
        }
        boolean z = false;
        PluggableAuthorizationTableProxy authorizationTableProxy = PluggableAuthorizationTableProxy.getAuthorizationTableProxy();
        if (securityRoleArr != PermissionRoleMap.EMPTY_REQUIRED_ROLES) {
            z = authorizationTableProxy != null ? authorizationTableProxy.isEveryoneGranted(accessContext, securityRoleArr) : isSpecialSubjectGrantedAnyRole(getAuthorizationTable(accessContext.getEnterpriseAppName()), securityRoleArr, Constants.EVERYONE);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Empty required roles list from web application DD");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isEveryoneGranted", new Boolean(z));
        }
        return z;
    }

    private boolean isServerId(String str) {
        return str != null && str.equalsIgnoreCase(this.serverId);
    }

    @Override // com.ibm.ws.security.core.BaseAccessManager, com.ibm.ws.security.core.AccessManager
    public boolean isGrantedAnyRole(AccessContext accessContext, SecurityRole[] securityRoleArr, Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isGrantedAnyRole", new Object[]{accessContext, securityRoleArr, subjectToString(subject)});
        }
        String enterpriseAppName = accessContext != null ? accessContext.getEnterpriseAppName() : null;
        boolean checkIfAdminApp = accessContext != null ? checkIfAdminApp(enterpriseAppName) : false;
        boolean z = false;
        PluggableAuthorizationTableProxy authorizationTableProxy = PluggableAuthorizationTableProxy.getAuthorizationTableProxy();
        if (securityRoleArr == PermissionRoleMap.EMPTY_REQUIRED_ROLES) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Empty required roles list from web application DD");
            }
        } else if (checkIfAdminApp) {
            z = getAdminAuthorizer() == null ? true : this.adminAuthorizer.isGrantedRole(getNamesFromRoles(securityRoleArr), subject);
        } else {
            z = authorizationTableProxy != null ? authorizationTableProxy.isGrantedAnyRole(accessContext, securityRoleArr, subject) : isGrantedAnyRole(getAuthorizationTable(enterpriseAppName), securityRoleArr, subject);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isGrantedAnyRole", new Boolean(z));
        }
        return z;
    }

    private boolean isGrantedAnyRole(AuthorizationTable authorizationTable, SecurityRole[] securityRoleArr, Subject subject) {
        String str;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isGrantedAnyRole", new Object[]{authorizationTable, securityRoleArr, subjectToString(subject)});
        }
        boolean z = false;
        Subject authenticatedSubject = getAuthenticatedSubject(subject);
        if (authenticatedSubject != null) {
            try {
                str = SubjectHelper.getWSCredentialFromSubject(authenticatedSubject).getRealmName();
            } catch (Exception e) {
                str = "unknown";
            }
            String string = SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getString("realm");
            if (!DomainInfo.isAppRealmDefined() || string == null) {
                string = DomainInfo.getAdminRealm();
            }
            if (!string.equalsIgnoreCase(str)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "checking authorization for a foreign user in realm: " + str + ": this realm is: " + string);
                }
                if (isSpecialSubjectGrantedAnyRole(authorizationTable, securityRoleArr, Constants.ALL_AUTHENTICATED_USERS_IN_TRUSTED_REALMS)) {
                    z = true;
                } else if (isGrantedAnyRole(authorizationTable, securityRoleArr, SubjectHelper.getWSCredentialFromSubject(authenticatedSubject))) {
                    z = true;
                }
            } else if (isSpecialSubjectGrantedAnyRole(authorizationTable, securityRoleArr, Constants.ALL_AUTHENTICATED_USERS) || isSpecialSubjectGrantedAnyRole(authorizationTable, securityRoleArr, Constants.ALL_AUTHENTICATED_USERS_IN_TRUSTED_REALMS)) {
                z = true;
            } else {
                WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(authenticatedSubject);
                if (isServerId(getAccessId(wSCredentialFromSubject)) && isSpecialSubjectGrantedAnyRole(authorizationTable, securityRoleArr, Constants.SERVER)) {
                    z = true;
                } else if (isGrantedAnyRole(authorizationTable, securityRoleArr, wSCredentialFromSubject)) {
                    z = true;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isGrantedAnyRole", new Boolean(z));
        }
        return z;
    }

    private boolean isSpecialSubjectGrantedAnyRole(AuthorizationTable authorizationTable, SecurityRole[] securityRoleArr, SpecialSubject specialSubject) {
        List rolesForSubject;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isSpecialSubjectGrantedAnyRole", new Object[]{authorizationTable, securityRoleArr, specialSubject});
        }
        boolean z = false;
        if (authorizationTable != null && (rolesForSubject = authorizationTable.getRolesForSubject(specialSubject)) != null) {
            int i = 0;
            while (true) {
                if (i >= securityRoleArr.length) {
                    break;
                }
                if (rolesForSubject.contains(securityRoleArr[i])) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isSpecialSubjectGrantedAnyRole", new Boolean(z));
        }
        return z;
    }

    private boolean isGrantedAnyRole(AuthorizationTable authorizationTable, SecurityRole[] securityRoleArr, WSCredential wSCredential) {
        List rolesForSubject;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isGrantedAnyRole", new Object[]{authorizationTable, securityRoleArr, wSCredential});
        }
        boolean z = false;
        if (authorizationTable != null) {
            String accessId = getAccessId(wSCredential);
            synchronized (this.userSub) {
                this.userSub.setAccessId(accessId);
                this.userSub.setName(accessId);
                rolesForSubject = authorizationTable.getRolesForSubject(this.userSub);
            }
            if (rolesForSubject != null) {
                for (int i = 0; i < rolesForSubject.size(); i++) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "user-grantedRoles for List entry: " + i + " are :" + rolesForSubject.get(i));
                    }
                }
            }
            int i2 = 0;
            while (true) {
                if (rolesForSubject == null || i2 >= securityRoleArr.length) {
                    break;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "reqRoles " + securityRoleArr[i2]);
                }
                if (rolesForSubject.contains(securityRoleArr[i2])) {
                    z = true;
                    break;
                }
                i2++;
            }
            if (!z) {
                String[] groupIds = getGroupIds(wSCredential);
                synchronized (this.groupSub) {
                    int i3 = 0;
                    while (groupIds != null) {
                        if (i3 >= groupIds.length || z) {
                            break;
                        }
                        this.groupSub.setAccessId(groupIds[i3]);
                        this.groupSub.setName(groupIds[i3]);
                        List rolesForSubject2 = authorizationTable.getRolesForSubject(this.groupSub);
                        int i4 = 0;
                        while (true) {
                            if (rolesForSubject2 != null && i4 < securityRoleArr.length) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "reqRoles " + securityRoleArr[i4]);
                                }
                                if (rolesForSubject2.contains(securityRoleArr[i4])) {
                                    z = true;
                                    break;
                                }
                                i4++;
                            }
                        }
                        i3++;
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isGrantedAnyRole", new Boolean(z));
        }
        return z;
    }

    private Subject getAuthenticatedSubject(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthenticatedSubject", subjectToString(subject));
        }
        Subject subject2 = null;
        final WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
        if (wSCredentialFromSubject == null || wSCredentialFromSubject.isUnauthenticated()) {
            subject2 = null;
        } else if (wSCredentialFromSubject.isBasicAuth()) {
            try {
                final ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                subject2 = (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.core.WSAccessManager.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws WSLoginFailedException {
                        return contextManagerFactory.login(wSCredentialFromSubject);
                    }
                });
            } catch (PrivilegedActionException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.WSAccessManager.getAuthenticatedSubject", "849", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authentication failed:" + e.getException());
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.core.WSAccessManager.getAuthenticatedSubject", "854", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authentication failed:" + e2);
                }
                subject2 = null;
            }
        } else {
            subject2 = subject;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuthenticatedSubject", subjectToString(subject2));
        }
        return subject2;
    }

    protected static synchronized void fillAccessIds() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fillAccessIds");
        }
        Iterator it = authzTableMap.values().iterator();
        while (it.hasNext()) {
            fillMissingAccessIds((AuthorizationTable) it.next());
        }
        setAccessIdsFilled();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "fillAccessIds");
        }
    }

    protected static void fillMissingAccessIds(AuthorizationTable authorizationTable) {
        ContextManager contextManagerFactory;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fillMissingAccessIds", authorizationTable);
        }
        UserRegistry userRegistry = null;
        try {
            contextManagerFactory = ContextManagerFactory.getInstance();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.WSAccessManager.fillMissingAccessIds", "933");
            Tr.error(tc, "security.wsaccessmanage.get.reg", new Object[]{e});
        }
        if (contextManagerFactory == null) {
            return;
        }
        userRegistry = contextManagerFactory.getRegistry(null);
        UserRegistryConfig activeUserRegistry = SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry();
        boolean z = activeUserRegistry.getBoolean("ignoreCase");
        boolean z2 = false;
        if (activeUserRegistry.getType().equals("LDAP")) {
            z2 = true;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "User registry type is LDAP");
            }
        }
        for (RoleAssignment roleAssignment : authorizationTable.getAuthorizations()) {
            EList specialSubjects = roleAssignment.getSpecialSubjects();
            int size = specialSubjects.size();
            for (int i = 0; i < size; i++) {
                SpecialSubject specialSubject = (SpecialSubject) specialSubjects.get(i);
                String name = specialSubject.getName();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "SpecialSubject " + name);
                }
                String accessId = specialSubject.getAccessId();
                if (accessId == null || accessId.length() == 0) {
                    specialSubject.setAccessId(name);
                }
            }
            for (User user : roleAssignment.getUsers()) {
                String accessId2 = user.getAccessId();
                if (accessId2 != null && z2) {
                    accessId2 = RegistryUtil.removeDNSpace(accessId2, -1);
                }
                if (accessId2 == null || accessId2.length() == 0 || !accessId2.startsWith("user:")) {
                    try {
                        String name2 = user.getName();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "user name is: " + name2);
                        }
                        accessId2 = userRegistry.getUniqueUserId(name2);
                    } catch (Exception e2) {
                        FFDCFilter.processException(e2, "com.ibm.ws.security.core.WSAccessManager.fillMissingAccessIds", "982");
                    }
                }
                if (accessId2 != null && z) {
                    accessId2 = accessId2.toLowerCase();
                }
                if (accessId2 != null && accessId2.length() > 0) {
                    user.setAccessId(accessId2);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "user accessId=" + accessId2);
                }
            }
            for (Group group : roleAssignment.getGroups()) {
                String accessId3 = group.getAccessId();
                if (accessId3 != null && z2) {
                    accessId3 = RegistryUtil.removeDNSpace(accessId3, -1);
                }
                if (accessId3 == null || accessId3.length() == 0 || !accessId3.startsWith("group:")) {
                    try {
                        String name3 = group.getName();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "group name is: " + name3);
                        }
                        accessId3 = userRegistry.getUniqueGroupId(name3);
                    } catch (Exception e3) {
                        FFDCFilter.processException(e3, "com.ibm.ws.security.core.WSAccessManager.fillMissingAccessIds", "1018");
                    }
                }
                if (accessId3 != null && z) {
                    accessId3 = accessId3.toLowerCase();
                }
                if (accessId3 != null && accessId3.length() > 0) {
                    group.setAccessId(accessId3);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "group accessId=" + accessId3);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "fillMissingAccessIds");
        }
    }

    private String getAccessId(WSCredential wSCredential) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAccessId");
        }
        String str = null;
        if (wSCredential == null) {
            return null;
        }
        try {
            str = wSCredential.getAccessId();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.WSAccessManager.getAccessId", "1057", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getAccessId raised exception", e);
            }
        }
        if (str != null && str.length() > 0 && SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getBoolean("ignoreCase")) {
            str = str.toLowerCase();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAccessId", str);
        }
        return str;
    }

    private String[] getGroupIds(WSCredential wSCredential) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroupsIds", wSCredential);
        }
        String[] strArr = null;
        try {
            ArrayList groupIds = wSCredential.getGroupIds();
            strArr = (String[]) groupIds.toArray(new String[groupIds.size()]);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.WSAccessManager.getGroupIds", "1090", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getAccessId raised exception", e);
            }
        }
        if (SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getBoolean("ignoreCase")) {
            int length = strArr == null ? 0 : strArr.length;
            for (int i = 0; i < length; i++) {
                strArr[i] = strArr[i].toLowerCase();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGroupsIds", strArr);
        }
        return strArr;
    }

    private static String subjectToString(final Subject subject) {
        String str = null;
        if (subject != null) {
            try {
                str = (String) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.core.WSAccessManager.2
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws WSLoginFailedException {
                        return subject.toString();
                    }
                });
            } catch (Exception e) {
            }
        }
        return str;
    }

    @Override // com.ibm.ws.security.core.BaseAccessManager
    protected AdminAuthorizer getAdminAuthorizer() {
        if (this.adminAuthorizer == null || AdminContext.peek() != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getting adminAuthorizer");
            }
            this.adminAuthorizer = AdminAuthorizerFactory.getAdminAuthorizer();
        }
        return this.adminAuthorizer;
    }

    private String getServerId() {
        String str = null;
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "getServerId");
        }
        try {
            WSCredential serverCredential = ContextManagerFactory.getInstance().getServerCredential();
            str = serverCredential != null ? getAccessId(serverCredential) : null;
        } catch (WSSecurityException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WSSecurityException caught in WSAccessManager.getServerId() when trying to form serverId");
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "serverId is set to: " + str);
            Tr.exit(tc, "getServerId");
        }
        return str;
    }
}
