Examples of org.jboss.security.SecurityContext

• org.jboss.security.SecurityContext
  Encapsulation of Authentication, Authorization, Mapping and other security aspects at the level of a security domain @author Anil Saldhana @version $Revision$ @since Aug 24, 2006

      return AccessController.doPrivileged(new PrivilegedAction<Principal>()
      {
         public Principal run()
         {
            Principal principal = null;
            SecurityContext sc = getSecurityContext();
            if(sc != null)
            {
               principal = sc.getUtil().getUserPrincipal();
            }
            return principal;
         }
      });
   }

      return AccessController.doPrivileged(new PrivilegedAction<Object>()
      {
         public Object run()
         {
            Object credential = null;
            SecurityContext sc = getSecurityContext();
            if(sc != null)
            {
               credential = sc.getUtil().getCredential();
            }
            return credential;
         }
      });
   }

   {
      return AccessController.doPrivileged(new PrivilegedAction<Boolean>()
      {
         public Boolean run()
         {
            SecurityContext sc = SecurityContextAssociation.getSecurityContext();
            Principal principal = sc.getUtil().getUserPrincipal();

            char[] passwordChars = (char[])sc.getUtil().getCredential();

            Subject subject = sc.getSubjectInfo().getAuthenticatedSubject();

            boolean authenticated = authenticationManager.isValid(principal, passwordChars, subject);

            if (authenticated)
            {

      return AccessController.doPrivileged(new PrivilegedAction<Exception>()
      {
         static final String EX_KEY = "org.jboss.security.exception";
         public Exception run()
         {
            SecurityContext sc = getSecurityContext();
            return (Exception) sc.getData().get(EX_KEY);
         }
      });
   }

      Object credential = SecurityActions.getCredential();
      if (credential != null) invocation.getMetaData().addMetaData("security", "credential", credential);

      //Get the security context
      SecurityContext sc = SecurityActions.getSecurityContext();
      if(sc == null)
      {
         sc = SecurityActions.createSecurityContext();
         SecurityActions.setSecurityContext(sc);
      }

      if(shelper.isEJBTimeOutCallback(method) ||
            shelper.containsTimeoutAnnotation(container, method) ||
            shelper.isMDB(container))
         return invocation.invokeNext();

      SecurityContext prevSC = SecurityActions.getSecurityContext();
      try
      {
         SecurityContext invSC = (SecurityContext) invocation.getMetaData("security","context");

         SecurityDomain domain = container.getAnnotation(SecurityDomain.class);

         boolean domainExists = domain != null && domain.value() != null
                       && domain.value().length() > 0;

         /**
          * TODO: Decide if you want to allow zero security based on non-availability
          * of a security domain, as per the configuration on the container
          */
         if(domainExists)
         {
            String domainValue = canonicalizeSecurityDomain(domain.value());

            /* Need to establish the security context. For local calls, we pick the outgoing runas
             * of the existing sc. For remote calls, we create a new security context with the information
             * from the invocation sc
             */
            final SecurityContext sc = SecurityActions.createSecurityContext(domainValue);

            if(shelper.isLocalCall(mi))
            {
               if(prevSC == null)
                  throw new IllegalStateException("Local Call: Security Context is null");
               populateSecurityContext(sc, prevSC);
            }
            else
            {
              //Remote Invocation
              if(invSC == null)
                throw new IllegalStateException("Remote Call: Invocation Security Context is null");

              populateSecurityContext(sc, invSC);
            }

            SecurityActions.setSecurityContext(sc);

            //TODO: Need to get the SecurityManagement instance
            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
            {
               public Object run() throws Exception
               {
                  sc.setSecurityManagement(getSecurityManagement());
                  return null;
               }
            });


            //Check if there is a RunAs configured and can be trusted
            EJBAuthenticationHelper helper = null;
            try
            {
               helper = SecurityHelperFactory.getEJBAuthenticationHelper(sc);
            }
            catch(Exception e)
            {
               throw new RuntimeException(e);
            }
            boolean trustedCaller = hasIncomingRunAsIdentity(sc) || helper.isTrusted();
            if(!trustedCaller)
            {
               Subject subject = new Subject();
               /**
                * Special Case: Invocation has no principal set,
                * but an unauthenticatedPrincipal has been configured in JBoss DD
                */
               Principal userPrincipal = sc.getUtil().getUserPrincipal();
               String unauthenticatedPrincipal = domain.unauthenticatedPrincipal();
               if(userPrincipal == null && unauthenticatedPrincipal !=null &&
                     unauthenticatedPrincipal.length() > 0)
               {
                  Identity unauthenticatedIdentity = new SimpleIdentity(unauthenticatedPrincipal);
                  sc.getSubjectInfo().addIdentity(unauthenticatedIdentity);
                  subject.getPrincipals().add(unauthenticatedIdentity.asPrincipal());
               }
               else
               {
                  //Authenticate the caller now

      catch (Exception e)
      {
         log.trace("Exception in getSubjectRoles:",e);
         throw new RuntimeException(e);
      }
      SecurityContext sc = scb.getSecurityContext();

      RoleGroup roles = this.getCurrentRoles(null, authenticatedSubject, sc);
      if(roles == null)
         roles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
      return roles;

      {
         throw new IllegalStateException(e);
      }

      //Deal with the security context
      SecurityContext sc = SubjectActions.getSecurityContext();
      if(sc == null)
      {
         sc = new JBossSecurityContext(securityDomain);
         SubjectActions.setSecurityContext(sc);
      }

      if(userPrincipal instanceof String)
         up = new SimplePrincipal((String)userPrincipal);
      else
         up = (Principal) userPrincipal;

      SecurityContext sc = SecurityContextAssociation.getSecurityContext();
      if(sc == null)
      {
         try
         {
            sc = SecurityContextFactory.createSecurityContext("CLIENT");
         }
         catch (Exception e)
         {
            throw new RuntimeException(e);
         }
         sc.getUtil().createSubjectInfo(up, credential, null);
      }
      SecurityContextAssociation.setSecurityContext(sc);
   }

         this.value = value;
      }
      public Object run()
      {
         //Set it on the current security context also
         SecurityContext sc = SecurityContextAssociation.getSecurityContext();
         if(sc != null)
         {
            sc.getData().put(key.toString(), value);
         }
         return SecurityAssociation.setContextInfo(key, value);
      }