Package org.jboss.security

Examples of org.jboss.security.SecurityContext

78
79
80
81
82
83
84
85
86
87
88
89
90
91
    }

    private SecurityContext establishSecurityContext(final String securityDomain) {
        // Do not use SecurityFactory.establishSecurityContext, its static init is broken.
        try {
            final SecurityContext securityContext = SecurityContextFactory.createSecurityContext(securityDomain);
            if(securityManagement == null)
                throw SecurityMessages.MESSAGES.securityManagementNotInjected();
            securityContext.setSecurityManagement(securityManagement);
            SecurityContextAssociation.setSecurityContext(securityContext);
            return securityContext;
        } catch (Exception e) {
            throw SecurityMessages.MESSAGES.securityException(e);
        }
View Full Code Here
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
    public void setSecurityManagement(ISecurityManagement iSecurityManagement){
        securityManagement = iSecurityManagement;
    }

    public Principal getCallerPrincipal() {
        final SecurityContext securityContext = doPrivileged(securityContext());
        if (securityContext == null) {
            return getUnauthenticatedIdentity().asPrincipal();
        }
        /*
         * final Principal principal = getPrincipal(securityContext.getUtil().getSubject());
         */
        Principal principal = securityContext.getIncomingRunAs();
        if (principal == null)
            principal = getPrincipal(securityContext.getSubjectInfo().getAuthenticatedSubject());
        if (principal == null)
            return getUnauthenticatedIdentity().asPrincipal();
        return principal;
    }
View Full Code Here
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
     * @param roleNames The role names for which the caller is being checked for
     * @return true if the user is in <b>any</b> one of the <code>roleNames</code>. Else returns false
     */
    public boolean isCallerInRole(final SecurityRolesMetaData mappedRoles, final Map<String, Collection<String>> roleLinks,
                                  final String... roleNames) {
        final SecurityContext securityContext = doPrivileged(securityContext());
        if (securityContext == null) {
            return false;
        }

        RoleGroup roleGroup = null;

        RunAs runAs = securityContext.getIncomingRunAs();
        if (runAs != null && runAs instanceof RunAsIdentity) {
            RunAsIdentity runAsIdentity = (RunAsIdentity) runAs;
            roleGroup = runAsIdentity.getRunAsRolesAsRoleGroup();
        } else {
            AuthorizationManager am = securityContext.getAuthorizationManager();
            SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(securityContext);

            roleGroup = am.getSubjectRoles(securityContext.getSubjectInfo().getAuthenticatedSubject(), scb);
        }

        List<Role> roles = roleGroup.getRoles();

        // TODO - Review most performant way.
View Full Code Here
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
     * @param runAsPrincipal
     * @param extraRoles
     */
    public void push(final String securityDomain, final String runAs, final String runAsPrincipal, final Set<String> extraRoles) {
        // TODO - Handle a null securityDomain here? Yes I think so.
        final SecurityContext previous = SecurityContextAssociation.getSecurityContext();
        contexts.push(previous);
        SecurityContext current = establishSecurityContext(securityDomain);
        if (previous != null) {
            current.setSubjectInfo(previous.getSubjectInfo());
            current.setIncomingRunAs(previous.getOutgoingRunAs());
        }

        RunAs currentRunAs = current.getIncomingRunAs();
        boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;

        if (trusted == false) {
            /*
             * We should only be switching to a context based on an identity from the Remoting connection
             * if we don't already have a trusted identity - this allows for beans to reauthenticate as a
             * different identity.
             */
            boolean authenticated = false;
            if (RemotingContext.isSet()) {
                // In this case the principal and credential will not have been set to set some random values.
                SecurityContextUtil util = current.getUtil();

                UserInfo userInfo = RemotingContext.getConnection().getUserInfo();
                Principal p = null;
                String credential = null;
                Subject subject = null;
                if (userInfo instanceof SubjectUserInfo) {
                    SubjectUserInfo sinfo = (SubjectUserInfo) userInfo;
                    subject = sinfo.getSubject();

                    Set<PasswordCredential> pcSet = subject.getPrivateCredentials(PasswordCredential.class);
                    if (pcSet.size() > 0) {
                        PasswordCredential pc = pcSet.iterator().next();
                        p = new SimplePrincipal(pc.getUserName());
                        credential = new String(pc.getCredential());
                        RemotingContext.clear(); // Now that it has been used clear it.
                    }
                }
                if (p == null || credential == null) {
                    p = new SimplePrincipal(UUID.randomUUID().toString());
                    credential = UUID.randomUUID().toString();
                }

                util.createSubjectInfo(p, credential, subject);
            }

            // If we have a trusted identity no need for a re-auth.
            if (authenticated == false) {
                authenticated = authenticate(current);
            }
            if (authenticated == false) {
                // TODO - Better type needed.
                throw SecurityMessages.MESSAGES.invalidUserException();
            }
        }

        if (runAs != null) {
            RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles);
            current.setOutgoingRunAs(runAsIdentity);
        } else if (previous != null && previous.getOutgoingRunAs() != null) {
            // Ensure the propagation continues.
            current.setOutgoingRunAs(previous.getOutgoingRunAs());
        }
    }
View Full Code Here
321
322
323
324
325
326
327
328
    /**
     * Must be called from within a privileged action.
     */
    public void pop() {
        final SecurityContext sc = contexts.pop();
        SecurityContextAssociation.setSecurityContext(sc);
    }
View Full Code Here
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
    public static final String DOLLAR_LOCAL = "$local";

    @Override
    public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
        final SecurityContext context = doPrivileged(securityContext());

        for (final Callback current : callbacks) {
            if (current instanceof NameCallback) {
                final NameCallback ncb = (NameCallback) current;
                if (context != null) {
                    final Set<Identity> identities = context.getSubjectInfo().getIdentities();
                    if (identities.isEmpty()) {
                        ncb.setName(DOLLAR_LOCAL);
                    } else {
                        final Identity identity = identities.iterator().next();
                        ncb.setName(identity.getName());
                    }
                } else {
                    ncb.setName(DOLLAR_LOCAL);
                }
            } else if (current instanceof PasswordCallback) {
                if (context != null) {
                    final PasswordCallback pcb = (PasswordCallback) current;
                    final Set<Identity> identities = context.getSubjectInfo().getIdentities();
                    if (identities.isEmpty()) {
                        throw new UnsupportedCallbackException(current);
                    } else {
                        final Identity identity = identities.iterator().next();
                        if (identity instanceof CredentialIdentity) {
View Full Code Here
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
        Subject subject = new Subject();
        try {
            boolean isValid = authenticationManager.isValid(userPrincipal, credentials, subject);
            if (isValid) {
                WebLogger.WEB_SECURITY_LOGGER.tracef("User: " + userPrincipal + " is authenticated");
                SecurityContext sc = SecurityActions.getSecurityContext();
                if (sc == null)
                    throw new IllegalStateException("No SecurityContext found!");
                userPrincipal = getPrincipal(subject);
                sc.getUtil().createSubjectInfo(userPrincipal, credentials, subject);
                SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(sc);
                if (mappingManager != null) {
                    // if there are mapping modules let them handle the role mapping
                    MappingContext<RoleGroup> mc = mappingManager.getMappingContext(MappingType.ROLE.name());
                    if (mc != null && mc.hasModules()) {
View Full Code Here
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
            userPrincipal = certMapping.toPrincipal(certs);
            Subject subject = new Subject();
            boolean isValid = authenticationManager.isValid(userPrincipal, certs, subject);
            if (isValid) {
                WebLogger.WEB_SECURITY_LOGGER.tracef("User: " + userPrincipal + " is authenticated");
                SecurityContext sc = SecurityActions.getSecurityContext();
                if (sc == null)
                    throw new IllegalStateException("No SecurityContext found!");
                userPrincipal = getPrincipal(subject);
                sc.getUtil().createSubjectInfo(userPrincipal, certs, subject);
                SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(sc);
                if (mappingManager != null) {
                    // if there are mapping modules let them handle the role mapping
                    MappingContext<RoleGroup> mc = mappingManager.getMappingContext(MappingType.ROLE.name());
                    if (mc != null && mc.hasModules()) {
View Full Code Here
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
        if (authenticationManager == null)
            throw MESSAGES.noAuthenticationManager();
        if (authorizationManager == null)
            throw MESSAGES.noAuthorizationManager();
        Principal userPrincipal = null;
        SecurityContext sc = SecurityActions.getSecurityContext();
        if (sc == null)
            throw MESSAGES.noSecurityContext();
        Principal caller = sc.getUtil().getUserPrincipal();
        if (caller == null && username == null && clientDigest == null) {
            return null;
        }
        try {
            DigestCallbackHandler handler = new DigestCallbackHandler(username, nOnce, nc, cnonce, qop, realm, md5a2);
            CallbackHandlerPolicyContextHandler.setCallbackHandler(handler);
            userPrincipal = getPrincipal(username);
            Subject subject = new Subject();
            boolean isValid = authenticationManager.isValid(userPrincipal, clientDigest, subject);
            if (isValid) {
                WebLogger.WEB_SECURITY_LOGGER.tracef("User: " + userPrincipal + " is authenticated");
                userPrincipal = getPrincipal(subject);
                sc.getUtil().createSubjectInfo(userPrincipal, clientDigest, subject);
                SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(sc);
                if (mappingManager != null) {
                    // if there are mapping modules let them handle the role mapping
                    MappingContext<RoleGroup> mc = mappingManager.getMappingContext(MappingType.ROLE.name());
                    if (mc != null && mc.hasModules()) {
View Full Code Here
490
491
492
493
494
495
496
497
498
499
500
501
        boolean authzDecision = true;
        boolean baseDecision = super.hasResourcePermission(request, response, constraints, context);

        // if the RealmBase check has passed, then we can go to authz framework
        if (baseDecision && useJBossAuthorization) {
            SecurityContext sc = SecurityActions.getSecurityContext();
            Subject caller = sc.getUtil().getSubject();
            if (caller == null)
                caller = getSubjectFromRequestPrincipal(request.getPrincipal());
            Map<String, Object> contextMap = new HashMap<String, Object>();
            contextMap.put(ResourceKeys.RESOURCE_PERM_CHECK, Boolean.TRUE);
            contextMap.put("securityConstraints", constraints);
View Full Code Here
TOP

Related Classes of org.jboss.security.SecurityContext

  • com.redhat.gss.ejb.CallerAuthEjb
  • org.gatein.sso.agent.filter.PicketlinkSTSIntegrationFilter
  • org.infinispan.server.endpoint.subsystem.SecurityActions
  • org.jboss.as.appclient.service.DefaultApplicationClientCallbackHandler
  • org.jboss.as.cmp.jdbc.bridge.SecurityActions
  • org.jboss.as.ee.concurrent.handle.SecurityContextHandleFactory$SecuritySetupContextHandle
  • org.jboss.as.ejb3.component.interceptors.AsyncFutureInterceptorFactory
  • org.jboss.as.ejb3.iiop.EjbCorbaServant
  • org.jboss.as.ejb3.remote.LocalEjbReceiver
  • org.jboss.as.messaging.HornetQSecurityManagerAS7
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.