Examples of org.jboss.security.RunAsIdentity

• org.jboss.security.RunAsIdentity
  The RunAsIdentity is a Principal that associates the run-as principal with his run-as role(s). @author Thomas.Diesler@jboss.org @author Scott.Stark@jboss.org @author Anil.Saldhana@jboss.org @version $Revision: 68965 $

    * @param invocation the object that contains the metadata of the method being called.
    * @return the {@code RunAsIdentity} to be used, or {@code null} if no run-as identity can be found.
    */
   protected RunAsIdentity getRunAsIdentity(Invocation invocation)
   {
      RunAsIdentity identity = (RunAsIdentity) invocation.getMetaData("security", "run-as");
      if (identity == null)
         identity = getAnnotationRunAsIdentity(invocation);
      return identity;
   }

      {
         runAs = (RunAs) invocation.resolveClassAnnotation(RunAs.class);
      }
      if (runAs == null)
         return null;
      RunAsIdentity runAsRole = new RunAsIdentity(runAs.value(), null);
      return runAsRole;
   }

    * (non-Javadoc)
    * @see org.jboss.aop.advice.Interceptor#invoke(org.jboss.aop.joinpoint.Invocation)
    */
   public Object invoke(org.jboss.aop.joinpoint.Invocation invocation) throws Throwable
   {
      RunAsIdentity runAsRole = getRunAsIdentity(invocation);
      // If a run-as role was specified, push it so that any calls made
      // by this bean will have the runAsRole available for declarative
      // security checks.
      if (runAsRole != null)
      {

                    runAs = role.getName();
                }
                roles.add(role.getName());
            }
        }
        RunAs new_jb_runAs = runAs != null ? new RunAsIdentity(runAs, principal != null ? principal.getName() : null, roles) : null;
        org.jboss.security.SecurityContext old_jb_securityContext = SecurityContextAssociation.getSecurityContext();
        if (old_jb_securityContext == null) {
            Set<Object> credentials = subject.getPrivateCredentials();
            Object credential = !credentials.isEmpty() ? credentials.iterator().next() : null;
            org.jboss.security.SecurityContext new_jb_securityContext = SecurityContextFactory.createSecurityContext(securityDomain);

         Wrapper servlet = null;
         try {
            servlet = request.getWrapper();
            if (servlet != null) {
               String name = servlet.getName();
               RunAsIdentity runAsIdentity = null;
               SecurityActions.pushRunAsIdentity(runAsIdentity);
            }

            // If there is a session, get the tomcat session for the principal
            Manager manager = container.getManager();

   public TrustDecision isTrusted() throws IdentityTrustException
   {
      RunAs runAs = this.securityContext.getIncomingRunAs();
      if(runAs instanceof RunAsIdentity )
      {
         RunAsIdentity runAsIdentity = (RunAsIdentity)runAs;
         if(SecurityConstants.JAVAEE.equals(runAsIdentity.getProof()))
               return TrustDecision.Permit;
      }
      return TrustDecision.NotApplicable;
   }

        RoleGroup roleGroup = null;

        RunAs runAs = securityContext.getIncomingRunAs();
        if (runAs != null && runAs instanceof RunAsIdentity) {
            RunAsIdentity runAsIdentity = (RunAsIdentity) runAs;
            roleGroup = runAsIdentity.getRunAsRolesAsRoleGroup();
        } else {
            AuthorizationManager am = securityContext.getAuthorizationManager();
            SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(securityContext);

            roleGroup = am.getSubjectRoles(securityContext.getSubjectInfo().getAuthenticatedSubject(), scb);

                throw SecurityMessages.MESSAGES.invalidUserException();
            }
        }

        if (runAs != null) {
            RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles);
            current.setOutgoingRunAs(runAsIdentity);
        } else if (previous != null && previous.getOutgoingRunAs() != null) {
            // Ensure the propagation continues.
            current.setOutgoingRunAs(previous.getOutgoingRunAs());
        }

         if ((secMech.sas_context_mech.target_supports
              & IdentityAssertion.value) != 0)
         {
            // will create identity token
            Principal p = null;
            RunAsIdentity runAs = SecurityAssociation.peekRunAsIdentity();
            if (runAs != null)
            {
               // will use run-as identity
               p = runAs;
            }

            SubjectInfo si = sc.getSubjectInfo();

            if(si != null)
            {
               Subject activeSubject = si.getAuthenticatedSubject();
               RunAsIdentity callerRunAsIdentity = (RunAsIdentity)sc.getIncomingRunAs();

               if( activeSubject != null )
               {
                  Set principalsSet = null;
                  if( callerRunAsIdentity == null )
                  {
                     principalsSet = activeSubject.getPrincipals();
                  }
                  else
                  {
                     principalsSet = callerRunAsIdentity.getPrincipalsSet();
                  }

                  theSubject = new Subject(true, principalsSet,
                     activeSubject.getPublicCredentials(),
                     activeSubject.getPrivateCredentials());
               }
               else
               {
                  if( callerRunAsIdentity != null )
                  {
                     Set principalsSet = callerRunAsIdentity.getPrincipalsSet();
                     theSubject = new Subject(true, principalsSet, EMPTY_SET, EMPTY_SET);
                  }
               }
            }
         }