Examples of org.jboss.security.RunAs

org.jboss.security.RunAs
Represent an entity X with a proof of identity Y @author Anil.Saldhana@redhat.com @since Mar 6, 2007 @version $Revision$

   private void setRunAsIdentity(RunAsIdentity rai)
   {
      Map<String,Object> contextMap = securityContext.getData();
      
      //Move the current RAI on the sc into the caller rai
      RunAs currentRA = securityContext.getOutgoingRunAs(); 
      contextMap.put(CALLER_RAI_IDENTIFIER, currentRA);
      
      securityContext.setOutgoingRunAs(rai); 
   }

View Full Code Here

      return (ISecurityManagement) clazz.newInstance();    
   }
   
   private boolean hasIncomingRunAsIdentity(SecurityContext sc)
   {
      RunAs incomingRunAs = sc.getIncomingRunAs();
      return incomingRunAs != null && incomingRunAs instanceof RunAsIdentity;
   }

View Full Code Here

            return false;
        }


        RoleGroup roleGroup = null;


        RunAs runAs = securityContext.getIncomingRunAs();
        if (runAs != null && runAs instanceof RunAsIdentity) {
            RunAsIdentity runAsIdentity = (RunAsIdentity) runAs;
            roleGroup = runAsIdentity.getRunAsRolesAsRoleGroup();
        } else {
            AuthorizationManager am = securityContext.getAuthorizationManager();

View Full Code Here

        if (previous != null) {
            current.setSubjectInfo(previous.getSubjectInfo());
            current.setIncomingRunAs(previous.getOutgoingRunAs());
        }


        RunAs currentRunAs = current.getIncomingRunAs();
        boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;


        if (trusted == false) {
            /*
             * We should only be switching to a context based on an identity from the Remoting connection
             * if we don't already have a trusted identity - this allows for beans to reauthenticate as a
             * different identity.
             */
            boolean authenticated = false;
            if (RemotingContext.isSet()) {
                // In this case the principal and credential will not have been set to set some random values.
                SecurityContextUtil util = current.getUtil();


                UserInfo userInfo = RemotingContext.getConnection().getUserInfo();
                Principal p = null;
                String credential = null;
                Subject subject = null;
                if (userInfo instanceof SubjectUserInfo) {
                    SubjectUserInfo sinfo = (SubjectUserInfo) userInfo;
                    subject = sinfo.getSubject();


                    Set<PasswordCredential> pcSet = subject.getPrivateCredentials(PasswordCredential.class);
                    if (pcSet.size() > 0) {
                        PasswordCredential pc = pcSet.iterator().next();
                        p = new SimplePrincipal(pc.getUserName());
                        credential = new String(pc.getCredential());
                        RemotingContext.clear(); // Now that it has been used clear it.
                    }
                    if ((p == null || credential == null) && userInfo instanceof UniqueIdUserInfo) {
                        UniqueIdUserInfo uinfo = (UniqueIdUserInfo) userInfo;
                        p = new SimplePrincipal(sinfo.getUserName());
                        credential = uinfo.getId();
                        // In this case we do not clear the RemotingContext as it is still to be used
                        // here extracting the ID just ensures we are not continually calling the modules
                        // for each invocation.
                    }
                }


                if (p == null || credential == null) {
                    p = new SimplePrincipal(UUID.randomUUID().toString());
                    credential = UUID.randomUUID().toString();
                }


                util.createSubjectInfo(p, credential, subject);
            }


            // If we have a trusted identity no need for a re-auth.
            if (authenticated == false) {
                authenticated = authenticate(current, null);
            }
            if (authenticated == false) {
                // TODO - Better type needed.
                throw SecurityMessages.MESSAGES.invalidUserException();
            }
        }


        if (runAs != null) {
            RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles);
            current.setOutgoingRunAs(runAsIdentity);
        } else if (previous != null && previous.getOutgoingRunAs() != null) {
            // Ensure the propagation continues.
            current.setOutgoingRunAs(previous.getOutgoingRunAs());
        }

View Full Code Here

        if (previous != null) {
            current.setSubjectInfo(previous.getSubjectInfo());
            current.setIncomingRunAs(previous.getOutgoingRunAs());
        }


        RunAs currentRunAs = current.getIncomingRunAs();
        boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;


        if (trusted == false) {
            SecurityContextUtil util = current.getUtil();
            util.createSubjectInfo(new SimplePrincipal(userName), new String(password), subject);

View Full Code Here

      boolean compatib = validateASVersionCompatibility(invocation); 
      
      if(compatib)
      {
         sc  = SecurityActions.getSecurityContext();
         RunAs callerRAI =  SecurityActions.getCallerRunAsIdentity();
         SecurityContext newSc = createSecurityContext(invocation);
         //Push the caller run-as identity onto the security context 
         if(callerRAI != null)
         {
            SecurityActions.setOutgoingRunAs(newSc, callerRAI);

View Full Code Here


      SecurityContext sc = SecurityActions.getSecurityContext();
      if (sc == null)
         throw new IllegalStateException("Security Context is null");


      RunAs callerRunAsIdentity = sc.getIncomingRunAs();
      if (log.isTraceEnabled())
         log.trace("Caller RunAs=" + callerRunAsIdentity + ": useCallerIdentity=" + this.isUseCallerIdentity);
      // Authenticate the subject and apply any declarative security checks
      try
      {

View Full Code Here

      return false;
   }
   
   private boolean containsTrustableRunAs(SecurityContext sc)
   {
      RunAs incomingRunAs = sc.getIncomingRunAs();
      return incomingRunAs != null && incomingRunAs instanceof RunAsIdentity;
   }

View Full Code Here

  {
     return AccessController.doPrivileged(new PrivilegedAction<RunAs>()
     {
        public RunAs run()
        {
           RunAs rai = null;
           //Pluck the run-as identity from the existing SC if any
           SecurityContext existingSC = getSecurityContext();
           if(existingSC != null)
           { 
              rai = existingSC.getOutgoingRunAs();

View Full Code Here

            @Override
            public RunAs run() {
                SecurityContext sc = getSecurityContext();
                if (sc == null)
                    throw MESSAGES.noSecurityContext();
                RunAs principal = sc.getOutgoingRunAs();
                sc.setOutgoingRunAs(null);
                return principal;
            }
        });
    }

View Full Code Here

0 1 2 3 4 5 6 7

TOP

Related Classes of org.jboss.security.RunAs

org.infinispan.server.endpoint.subsystem.SecurityActions

org.jboss.as.jacorb.csiv2.SASClientIdentityInterceptor

org.jboss.as.security.service.SimpleSecurityManager

org.jboss.as.web.security.SecurityActions

org.jboss.ejb.plugins.SecurityInterceptor

org.jboss.ejb.txtimer.TimedObjectInvokerImpl

org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2

org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2

org.jboss.proxy.ejb.SecurityActions

org.jboss.proxy.ejb.SecurityContextInterceptor

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.