Examples of org.jboss.security.RunAs

• org.jboss.security.RunAs
  Represent an entity X with a proof of identity Y @author Anil.Saldhana@redhat.com @since Mar 6, 2007 @version $Revision$

            IdentityToken identityToken = absentIdentityToken;
            byte[] encodedAuthenticationToken = noAuthenticationToken;

            if ((secMech.sas_context_mech.target_supports & IdentityAssertion.value) != 0) {
                // will create identity token.
                RunAs runAs = SecurityContextAssociation.peekRunAsIdentity();
                Principal p = (runAs != null) ? runAs : SecurityContextAssociation.getPrincipal();

                if (p != null) {
                    // The name scope needs to be externalized.
                    String name = p.getName();

            return false;
        }

        RoleGroup roleGroup = null;

        RunAs runAs = securityContext.getIncomingRunAs();
        if (runAs != null && runAs instanceof RunAsIdentity) {
            RunAsIdentity runAsIdentity = (RunAsIdentity) runAs;
            roleGroup = runAsIdentity.getRunAsRolesAsRoleGroup();
        } else {
            AuthorizationManager am = securityContext.getAuthorizationManager();

        if (previous != null) {
            current.setSubjectInfo(previous.getSubjectInfo());
            current.setIncomingRunAs(previous.getOutgoingRunAs());
        }

        RunAs currentRunAs = current.getIncomingRunAs();
        boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;

        if (trusted == false) {
            /*
             * We should only be switching to a context based on an identity from the Remoting connection
             * if we don't already have a trusted identity - this allows for beans to reauthenticate as a
             * different identity.
             */
            boolean authenticated = false;
            if (SecurityActions.remotingContextIsSet()) {
                // In this case the principal and credential will not have been set to set some random values.
                SecurityContextUtil util = current.getUtil();

                UserInfo userInfo = SecurityActions.remotingContextGetConnection().getUserInfo();
                Principal p = null;
                String credential = null;
                Subject subject = null;
                if (userInfo instanceof SubjectUserInfo) {
                    SubjectUserInfo sinfo = (SubjectUserInfo) userInfo;
                    subject = sinfo.getSubject();

                    Set<PasswordCredential> pcSet = subject.getPrivateCredentials(PasswordCredential.class);
                    if (pcSet.size() > 0) {
                        PasswordCredential pc = pcSet.iterator().next();
                        p = new SimplePrincipal(pc.getUserName());
                        credential = new String(pc.getCredential());
                        SecurityActions.remotingContextClear(); // Now that it has been used clear it.
                    }
                    if ((p == null || credential == null) && userInfo instanceof UniqueIdUserInfo) {
                        UniqueIdUserInfo uinfo = (UniqueIdUserInfo) userInfo;
                        p = new SimplePrincipal(sinfo.getUserName());
                        credential = uinfo.getId();
                        // In this case we do not clear the RemotingContext as it is still to be used
                        // here extracting the ID just ensures we are not continually calling the modules
                        // for each invocation.
                    }
                }

                if (p == null || credential == null) {
                    p = new SimplePrincipal(UUID.randomUUID().toString());
                    credential = UUID.randomUUID().toString();
                }

                util.createSubjectInfo(p, credential, subject);
            }

            // If we have a trusted identity no need for a re-auth.
            if (authenticated == false) {
                authenticated = authenticate(current, null);
            }
            if (authenticated == false) {
                // TODO - Better type needed.
                throw SecurityMessages.MESSAGES.invalidUserException();
            }
        }

        if (runAs != null) {
            RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles);
            current.setOutgoingRunAs(runAsIdentity);
        } else if (previous != null && previous.getOutgoingRunAs() != null) {
            // Ensure the propagation continues.
            current.setOutgoingRunAs(previous.getOutgoingRunAs());
        }

        if (previous != null) {
            current.setSubjectInfo(previous.getSubjectInfo());
            current.setIncomingRunAs(previous.getOutgoingRunAs());
        }

        RunAs currentRunAs = current.getIncomingRunAs();
        boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;

        if (trusted == false) {
            SecurityContextUtil util = current.getUtil();
            util.createSubjectInfo(new SimplePrincipal(userName), new String(password), subject);

      if(key == null)
         throw new IllegalArgumentException("Key is null");
      Map<String,Object> contextMap = securityContext.getData();
      if(RUNAS_IDENTITY_IDENTIFIER.equals(key))
      {
         RunAs runAs = securityContext.getOutgoingRunAs();
         //Move the caller RAI to current RAI
         securityContext.setOutgoingRunAs((RunAs) contextMap.get(CALLER_RAI_IDENTIFIER));

         //Clear the Caller RAI
         contextMap.remove(CALLER_RAI_IDENTIFIER);

   private void setRunAsIdentity(RunAsIdentity rai)
   {
      Map<String,Object> contextMap = securityContext.getData();

      //Move the current RAI on the sc into the caller rai
      RunAs currentRA = securityContext.getOutgoingRunAs();
      contextMap.put(CALLER_RAI_IDENTIFIER, currentRA);

      securityContext.setOutgoingRunAs(rai);
   }

            @Override
            public RunAs run() {
                SecurityContext sc = getSecurityContext();
                if (sc == null)
                    throw new IllegalStateException("SecurityContext is null");
                RunAs principal = sc.getOutgoingRunAs();
                sc.setOutgoingRunAs(null);
                return principal;
            }
        });
    }

      return (ISecurityManagement) clazz.newInstance();
   }

   private boolean hasIncomingRunAsIdentity(SecurityContext sc)
   {
      RunAs incomingRunAs = sc.getIncomingRunAs();
      return incomingRunAs != null && incomingRunAs instanceof RunAsIdentity;
   }

      map.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);

      EJBResource ejbResource = new EJBResource(map);
      ejbResource.setPolicyContextID(contextID);

      RunAs callerRunAs = SecurityActions.getIncomingRunAs(securityContext);

      ejbResource.setEjbVersion(version);
      ejbResource.setEjbName(ejbName);
      ejbResource.setPrincipal(ejbPrincipal);
      ejbResource.setCallerRunAsIdentity(callerRunAs);

      if(key == null)
         throw new IllegalArgumentException("Key is null");
      Map<String,Object> contextMap = securityContext.getData();
      if(RUNAS_IDENTITY_IDENTIFIER.equals(key))
      {
         RunAs runAs = securityContext.getOutgoingRunAs();
         //Move the caller RAI to current RAI
         securityContext.setOutgoingRunAs((RunAs) contextMap.get(CALLER_RAI_IDENTIFIER));

         //Clear the Caller RAI
         contextMap.remove(CALLER_RAI_IDENTIFIER);