Examples of org.jboss.security.RunAs

• org.jboss.security.RunAs
  Represent an entity X with a proof of identity Y @author Anil.Saldhana@redhat.com @since Mar 6, 2007 @version $Revision$

      SecurityContext sc = SecurityActions.getSecurityContext();
      if (sc == null)
         throw new IllegalStateException("Security Context is null");

      RunAs callerRunAsIdentity = sc.getIncomingRunAs();
      if (log.isTraceEnabled())
         log.trace("Caller RunAs=" + callerRunAsIdentity + ": useCallerIdentity=" + this.isUseCallerIdentity);
      // Authenticate the subject and apply any declarative security checks
      try
      {
         checkSecurityContext(mi, callerRunAsIdentity);
      }
      catch (Exception e)
      {
         log.error("Error in Security Interceptor", e);
         throw e;
      }

      RunAs runAsIdentityToPush = runAsIdentity;
      /**
       * Special case: if <use-caller-identity> configured and
       * the caller is arriving with a run-as, we need to push that run-as
       */
      if (callerRunAsIdentity != null && this.isUseCallerIdentity)

      return false;
   }

   private boolean containsTrustableRunAs(SecurityContext sc)
   {
      RunAs incomingRunAs = sc.getIncomingRunAs();
      return incomingRunAs != null && incomingRunAs instanceof RunAsIdentity;
   }

            return false;
        }

        RoleGroup roleGroup = null;

        RunAs runAs = securityContext.getIncomingRunAs();
        if (runAs != null && runAs instanceof RunAsIdentity) {
            RunAsIdentity runAsIdentity = (RunAsIdentity) runAs;
            roleGroup = runAsIdentity.getRunAsRolesAsRoleGroup();
        } else {
            AuthorizationManager am = securityContext.getAuthorizationManager();

        if (previous != null) {
            current.setSubjectInfo(previous.getSubjectInfo());
            current.setIncomingRunAs(previous.getOutgoingRunAs());
        }

        RunAs currentRunAs = current.getIncomingRunAs();
        boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;

        if (trusted == false) {
            /*
             * We should only be switching to a context based on an identity from the Remoting connection
             * if we don't already have a trusted identity - this allows for beans to reauthenticate as a
             * different identity.
             */
            boolean authenticated = false;
            if (RemotingContext.isSet()) {
                // In this case the principal and credential will not have been set to set some random values.
                SecurityContextUtil util = current.getUtil();

                UserInfo userInfo = RemotingContext.getConnection().getUserInfo();
                Principal p = null;
                String credential = null;
                Subject subject = null;
                if (userInfo instanceof SubjectUserInfo) {
                    SubjectUserInfo sinfo = (SubjectUserInfo) userInfo;
                    subject = sinfo.getSubject();

                    Set<PasswordCredential> pcSet = subject.getPrivateCredentials(PasswordCredential.class);
                    if (pcSet.size() > 0) {
                        PasswordCredential pc = pcSet.iterator().next();
                        p = new SimplePrincipal(pc.getUserName());
                        credential = new String(pc.getCredential());
                        RemotingContext.clear(); // Now that it has been used clear it.
                    }
                }
                if (p == null || credential == null) {
                    p = new SimplePrincipal(UUID.randomUUID().toString());
                    credential = UUID.randomUUID().toString();
                }

                util.createSubjectInfo(p, credential, subject);
            }

            // If we have a trusted identity no need for a re-auth.
            if (authenticated == false) {
                authenticated = authenticate(current);
            }
            if (authenticated == false) {
                // TODO - Better type needed.
                throw SecurityMessages.MESSAGES.invalidUserException();
            }
        }

        if (runAs != null) {
            RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles);
            current.setOutgoingRunAs(runAsIdentity);
        } else if (previous != null && previous.getOutgoingRunAs() != null) {
            // Ensure the propagation continues.
            current.setOutgoingRunAs(previous.getOutgoingRunAs());
        }

            IdentityToken identityToken = absentIdentityToken;
            byte[] encodedAuthenticationToken = noAuthenticationToken;

            if ((secMech.sas_context_mech.target_supports & IdentityAssertion.value) != 0) {
                // will create identity token.
                RunAs runAs = SecurityContextAssociation.peekRunAsIdentity();
                Principal p = (runAs != null) ? runAs : SecurityContextAssociation.getPrincipal();

                if (p != null) {
                    // The name scope needs to be externalized.
                    String name = p.getName();

      {
         //RunAsIdentity principal = SecurityAssociation.popRunAsIdentity();
         SecurityContext sc = getSecurityContext();
         if(sc == null)
            throw new IllegalStateException("Security Context is null");
         RunAs principal = null;
         principal = sc.getOutgoingRunAs();
         sc.setOutgoingRunAs(null);
         return principal;
      }

        if (securityContext == null)
            throw new IllegalStateException("No security context established");

        RoleGroup roleGroup = null;

        RunAs runAs = securityContext.getIncomingRunAs();
        if (runAs != null && runAs instanceof RunAsIdentity) {
            RunAsIdentity runAsIdentity = (RunAsIdentity) runAs;
            roleGroup = runAsIdentity.getRunAsRolesAsRoleGroup();
        } else {

        if (previous != null) {
            current.setSubjectInfo(previous.getSubjectInfo());
            current.setIncomingRunAs(previous.getOutgoingRunAs());
        }

        RunAs currentRunAs = current.getIncomingRunAs();
        boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;

        // TODO - Set unauthenticated identity if no auth to occur
        if (trusted == false) {
            // If we have a trusted identity no need for a re-auth.
            boolean authenticated = authenticate(current);
            if (authenticated == false) {
                // TODO - Better type needed.
                throw new SecurityException("Invalid User");
            }
        }

        if (runAs != null) {
            RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal);
            current.setOutgoingRunAs(runAsIdentity);
        } else if (previous != null && previous.getOutgoingRunAs() != null) {
            // Ensure the propagation continues.
            current.setOutgoingRunAs(previous.getOutgoingRunAs());
        }

     return this.security_management;
   }

   private boolean hasIncomingRunAsIdentity(SecurityContext sc)
   {
      RunAs incomingRunAs = sc.getIncomingRunAs();
      return incomingRunAs != null && incomingRunAs instanceof RunAsIdentity;
   }

      return (ISecurityManagement) clazz.newInstance();
   }

   private boolean hasIncomingRunAsIdentity(SecurityContext sc)
   {
      RunAs incomingRunAs = sc.getIncomingRunAs();
      return incomingRunAs != null && incomingRunAs instanceof RunAsIdentity;
   }