Example 26 with SecurityContext
use of com.sun.enterprise.security.SecurityContext in project Payara by payara.
the class JaccWebAuthorizationManager method hasResourcePermission.
/**
* Perform access control based on the <code>HttpServletRequest</code>. Return <code>true</code> if this constraint is
* satisfied and processing should continue, or <code>false</code> otherwise.
*
* @return true is the resource is granted, false if denied
*/
public boolean hasResourcePermission(HttpServletRequest servletRequest) {
SecurityContext securityContect = getSecurityContext(servletRequest.getUserPrincipal());
WebResourcePermission webResourcePermission = createWebResourcePermission(servletRequest);
setServletRequestForJACC(servletRequest);
boolean isGranted = checkPermission(webResourcePermission, securityContect.getPrincipalSet());
SecurityContext.setCurrent(securityContect);
if (logger.isLoggable(FINE)) {
logger.log(Level.FINE, "[Web-Security] hasResource isGranted: {0}", isGranted);
logger.log(Level.FINE, "[Web-Security] hasResource perm: {0}", webResourcePermission);
}
recordWebInvocation(servletRequest, RESOURCE, isGranted);
return isGranted;
}
Also used :
WebResourcePermission(javax.security.jacc.WebResourcePermission)
SecurityContext(com.sun.enterprise.security.SecurityContext)
Example 27 with SecurityContext
use of com.sun.enterprise.security.SecurityContext in project Payara by payara.
the class PipeHelper method authorize.
public void authorize(Packet request) throws Exception {
// SecurityContext constructor should set initiator to
// unathenticated if Subject is null or empty
Subject s = (Subject) request.invocationProperties.get(PipeConstants.CLIENT_SUBJECT);
if (s == null || (s.getPrincipals().isEmpty() && s.getPublicCredentials().isEmpty())) {
SecurityContext.setUnauthenticatedContext();
} else {
SecurityContext sC = new SecurityContext(s);
SecurityContext.setCurrent(sC);
}
if (isEjbEndpoint) {
if (invManager == null) {
throw new RuntimeException(localStrings.getLocalString("enterprise.webservice.noEjbInvocationManager", "Cannot validate request : invocation manager null for EJB WebService"));
}
ComponentInvocation inv = (ComponentInvocation) invManager.getCurrentInvocation();
// consumed
if (ejbDelegate != null) {
ejbDelegate.setSOAPMessage(request.getMessage(), inv);
}
Exception ie;
Method m = null;
if (seiModel != null) {
JavaMethod jm = request.getMessage().getMethod(seiModel);
m = (jm != null) ? jm.getMethod() : null;
} else {
// WebServiceProvider
WebServiceEndpoint endpoint = (WebServiceEndpoint) map.get(PipeConstants.SERVICE_ENDPOINT);
EjbDescriptor ejbDescriptor = endpoint.getEjbComponentImpl();
if (ejbDescriptor != null) {
final String ejbImplClassName = ejbDescriptor.getEjbImplClassName();
if (ejbImplClassName != null) {
try {
m = (Method) AppservAccessController.doPrivileged(new PrivilegedExceptionAction() {
@Override
public Object run() throws Exception {
ClassLoader loader = Thread.currentThread().getContextClassLoader();
Class clazz = Class.forName(ejbImplClassName, true, loader);
return clazz.getMethod("invoke", new Class[] { Object.class });
}
});
} catch (PrivilegedActionException pae) {
throw new RuntimeException(pae.getException());
}
}
}
}
if (m != null) {
if (ejbDelegate != null) {
try {
if (!ejbDelegate.authorize(inv, m)) {
throw new Exception(localStrings.getLocalString("enterprise.webservice.methodNotAuth", "Client not authorized for invocation of {0}", new Object[] { m }));
}
} catch (UnmarshalException e) {
String errorMsg = localStrings.getLocalString("enterprise.webservice.errorUnMarshalMethod", "Error unmarshalling method for ejb {0}", new Object[] { ejbName() });
ie = new UnmarshalException(errorMsg);
ie.initCause(e);
throw ie;
} catch (Exception e) {
ie = new Exception(localStrings.getLocalString("enterprise.webservice.methodNotAuth", "Client not authorized for invocation of {0}", new Object[] { m }));
ie.initCause(e);
throw ie;
}
}
}
}
}
Also used :
ComponentInvocation(org.glassfish.api.invocation.ComponentInvocation)
PrivilegedActionException(java.security.PrivilegedActionException)
JavaMethod(com.sun.xml.ws.api.model.JavaMethod)
Method(java.lang.reflect.Method)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
Subject(javax.security.auth.Subject)
PrivilegedActionException(java.security.PrivilegedActionException)
UnmarshalException(javax.xml.bind.UnmarshalException)
AuthException(javax.security.auth.message.AuthException)
WebServiceException(javax.xml.ws.WebServiceException)
EjbDescriptor(com.sun.enterprise.deployment.EjbDescriptor)
WebServiceEndpoint(com.sun.enterprise.deployment.WebServiceEndpoint)
UnmarshalException(javax.xml.bind.UnmarshalException)
ClientSecurityContext(com.sun.enterprise.security.common.ClientSecurityContext)
SecurityContext(com.sun.enterprise.security.SecurityContext)
JavaMethod(com.sun.xml.ws.api.model.JavaMethod)
Example 28 with SecurityContext
use of com.sun.enterprise.security.SecurityContext in project Payara by payara.
the class RealmAdapter method createFailOveredPrincipal.
/**
* This method is added to create a Principal based on the username only. Hercules stores the username as part of
* authentication failover and needs to create a Principal based on username only <sridhar.satuloori@sun.com> See IASRI
* 4809144
*
* @param username
* @return Principal for the user username HERCULES:add
*/
public Principal createFailOveredPrincipal(String username) {
LOG.log(FINEST, "createFailOveredPrincipal ({0})", username);
// Set the appropriate security context
loginForRunAs(username);
SecurityContext securityContext = SecurityContext.getCurrent();
LOG.log(FINE, "Security context is {0}", securityContext);
Principal principal = new WebPrincipal(username, (char[]) null, securityContext);
LOG.log(INFO, "Principal created for FailOvered user {0}", principal);
return principal;
}
Also used :
SecurityContext(com.sun.enterprise.security.SecurityContext)
WebPrincipal(com.sun.enterprise.security.web.integration.WebPrincipal)
WebPrincipal(com.sun.enterprise.security.web.integration.WebPrincipal)
Principal(java.security.Principal)
Example 29 with SecurityContext
use of com.sun.enterprise.security.SecurityContext in project Payara by payara.
the class JaspicRealm method cleanSubject.
public void cleanSubject(HttpRequest httpRequest) throws AuthException {
MessageInfo messageInfo = (MessageInfo) httpRequest.getRequest().getAttribute(MESSAGE_INFO);
if (messageInfo == null) {
messageInfo = new HttpMessageInfo((HttpServletRequest) httpRequest.getRequest(), (HttpServletResponse) httpRequest.getResponse().getResponse());
}
messageInfo.getMap().put(IS_MANDATORY, TRUE.toString());
ServerAuthContext serverAuthContext = jaspicServices.getServerAuthContext(messageInfo, null);
if (serverAuthContext != null) {
// Check for the default/server-generated/unauthenticated security context.
SecurityContext securityContext = SecurityContext.getCurrent();
Subject subject = securityContext.didServerGenerateCredentials() ? new Subject() : securityContext.getSubject();
if (subject == null) {
subject = new Subject();
}
if (subject.isReadOnly()) {
logger.log(WARNING, "Read-only subject found during logout processing");
}
try {
httpRequest.getContext().fireContainerEvent(BEFORE_LOGOUT, null);
serverAuthContext.cleanSubject(messageInfo, subject);
} finally {
httpRequest.getContext().fireContainerEvent(AFTER_LOGOUT, null);
}
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityContext(com.sun.enterprise.security.SecurityContext)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HttpMessageInfo(com.sun.jaspic.config.servlet.HttpMessageInfo)
Subject(javax.security.auth.Subject)
HttpMessageInfo(com.sun.jaspic.config.servlet.HttpMessageInfo)
MessageInfo(javax.security.auth.message.MessageInfo)
ServerAuthContext(javax.security.auth.message.config.ServerAuthContext)
Example 30 with SecurityContext
use of com.sun.enterprise.security.SecurityContext in project Payara by payara.
the class WebServiceSecurity method validateRequest.
private static boolean validateRequest(AuthParam param, HashMap sharedState, ServerAuthContext sAC) throws AuthException {
boolean rvalue = true;
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Container Auth: ServerAuthContext.validateRequest");
}
Subject subject = null;
boolean firstAuthentication = true;
SecurityContext sc = SecurityContext.getCurrent();
if (sc == null || sc.didServerGenerateCredentials()) {
subject = new Subject();
} else {
subject = sc.getSubject();
firstAuthentication = false;
}
sAC.validateRequest(param, subject, sharedState);
if (rvalue && firstAuthentication) {
Set principalSet = subject.getPrincipals();
// non-default security contex
if (principalSet != null && !principalSet.isEmpty()) {
// define and add initiator to Subject - note that this may add
// a second principal (of type PrincipalImpl) for initiator.
String initiator = ((Principal) principalSet.iterator().next()).getName();
SecurityContext newSC = new SecurityContext(initiator, subject);
SecurityContext.setCurrent(newSC);
}
}
return rvalue;
}
Also used :
Set(java.util.Set)
ClientSecurityContext(com.sun.enterprise.security.common.ClientSecurityContext)
SecurityContext(com.sun.enterprise.security.SecurityContext)
Subject(javax.security.auth.Subject)
Principal(java.security.Principal)
Aggregations
SecurityContext (com.sun.enterprise.security.SecurityContext)34
Subject (javax.security.auth.Subject)15
Principal (java.security.Principal)11
WebPrincipal (com.sun.enterprise.security.web.integration.WebPrincipal)10
DistinguishedPrincipalCredential (com.sun.enterprise.security.auth.login.DistinguishedPrincipalCredential)6
ClientSecurityContext (com.sun.enterprise.security.common.ClientSecurityContext)6
ComponentInvocation (org.glassfish.api.invocation.ComponentInvocation)6
PrivilegedAction (java.security.PrivilegedAction)5
X500Principal (javax.security.auth.x500.X500Principal)5
Iterator (java.util.Iterator)3
Set (java.util.Set)3
AuthException (javax.security.auth.message.AuthException)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)3
Group (org.glassfish.security.common.Group)3
EjbDescriptor (com.sun.enterprise.deployment.EjbDescriptor)2
WebServiceEndpoint (com.sun.enterprise.deployment.WebServiceEndpoint)2
SecurityContext.getDefaultCallerPrincipal (com.sun.enterprise.security.SecurityContext.getDefaultCallerPrincipal)2
SOAPAuthParam (com.sun.enterprise.security.jauth.jaspic.provider.SOAPAuthParam)2
JavaMethod (com.sun.xml.ws.api.model.JavaMethod)2
Method (java.lang.reflect.Method)2
