use of com.sun.enterprise.security.SecurityContext in project Payara by payara.
the class CertificateRealm method authenticate.
/**
* @param subject The Subject object for the authentication request.
* @param principal The Principal object from the user certificate.
* @return principal's name
*/
public String authenticate(Subject subject, X500Principal principal) {
validateSubjectViaAPI(subject, principal);
_logger.finest(() -> String.format("authenticate(subject=%s, principal=%s)", subject, principal));
final LdapName dn = getLdapName(principal);
_logger.log(Level.FINE, "dn={0}", dn);
final String principalName = getPrincipalName(dn);
_logger.log(Level.FINE, "Certificate realm is setting up security context for principal: {0}", principalName);
final Enumeration<String> defaultGroups = getGroupNames(principalName);
final Set<Principal> principalSet = subject.getPrincipals();
while (defaultGroups.hasMoreElements()) {
principalSet.add(new Group(defaultGroups.nextElement()));
}
final Set<Group> groupsFromDN = getGroupNamesFromDN(dn);
principalSet.addAll(groupsFromDN);
_logger.log(Level.FINE, "principalSet: {0}", principalSet);
if (!subject.getPrincipals().isEmpty()) {
subject.getPublicCredentials().add(new DistinguishedPrincipalCredential(principal));
}
// Making authentication final - setting the authenticated caller name
// in the security context
SecurityContext.setCurrent(new SecurityContext(principalName, subject));
return principalName;
}
use of com.sun.enterprise.security.SecurityContext in project Payara by payara.
the class GenericAdminAuthenticator method ensureGroupMembership.
private boolean ensureGroupMembership(String user, String realm) {
try {
SecurityContext secContext = SecurityContext.getCurrent();
// before generics
Set ps = secContext.getPrincipalSet();
for (Object principal : ps) {
if (principal instanceof Group) {
Group group = (Group) principal;
if (group.getName().equals(AdminConstants.DOMAIN_ADMIN_GROUP_NAME))
return true;
}
}
ADMSEC_LOGGER.fine("User is not a member of the special admin group");
return false;
} catch (Exception e) {
ADMSEC_LOGGER.log(Level.FINE, "User is not a member of the special admin group: {0}", e);
return false;
}
}
use of com.sun.enterprise.security.SecurityContext in project Payara by payara.
the class ConnectorCallbackHandler method processResults.
private void processResults(Callback[] mappedCallbacks, boolean hasCallerPrincipalCallback) {
if (mappedCallbacks != null) {
Subject s = new Subject();
// Handle Single Principal as the caller identity
if (!hasCallerPrincipalCallback) {
Set<Principal> principals = executionSubject.getPrincipals();
if (principals != null && principals.size() == 1) {
// process if there is only one principal
for (Principal p : principals) {
Principal mappedPrincipal = null;
if (needMapping) {
mappedPrincipal = getMappedPrincipal(p, null);
} else {
mappedPrincipal = p;
}
if (mappedPrincipal != null) {
s.getPrincipals().add(mappedPrincipal);
}
}
s.getPublicCredentials().addAll(executionSubject.getPublicCredentials());
s.getPrivateCredentials().addAll(executionSubject.getPrivateCredentials());
}
}
// TODO V3 what happens for Public/Private Credentials of Mapped case (Case II)
for (Callback callback : mappedCallbacks) {
if (callback instanceof CallerPrincipalCallback) {
CallerPrincipalCallback cpc = (CallerPrincipalCallback) callback;
s.getPrincipals().addAll(cpc.getSubject().getPrincipals());
s.getPublicCredentials().addAll(cpc.getSubject().getPublicCredentials());
s.getPrivateCredentials().addAll(cpc.getSubject().getPrivateCredentials());
} else if (callback instanceof GroupPrincipalCallback) {
GroupPrincipalCallback gpc = (GroupPrincipalCallback) callback;
s.getPrincipals().addAll(gpc.getSubject().getPrincipals());
s.getPublicCredentials().addAll(gpc.getSubject().getPublicCredentials());
s.getPrivateCredentials().addAll(gpc.getSubject().getPrivateCredentials());
} else if (callback instanceof PasswordValidationCallback) {
PasswordValidationCallback pvc = (PasswordValidationCallback) callback;
s.getPrincipals().addAll(pvc.getSubject().getPrincipals());
s.getPublicCredentials().addAll(pvc.getSubject().getPublicCredentials());
s.getPrivateCredentials().addAll(pvc.getSubject().getPrivateCredentials());
}
}
SecurityContext.setCurrent(new SecurityContext(s));
}
}
use of com.sun.enterprise.security.SecurityContext in project Payara by payara.
the class ContextSetupProviderImpl method saveContext.
@Override
public ContextHandle saveContext(ContextService contextService, Map<String, String> contextObjectProperties) {
// Capture the current thread context
ClassLoader contextClassloader = null;
SecurityContext currentSecurityContext = null;
ComponentInvocation savedInvocation = null;
if (classloading) {
contextClassloader = Utility.getClassLoader();
}
if (security) {
currentSecurityContext = SecurityContext.getCurrent();
}
ComponentInvocation currentInvocation = invocationManager.getCurrentInvocation();
if (currentInvocation != null) {
savedInvocation = createComponentInvocation(currentInvocation);
}
boolean useTransactionOfExecutionThread = transactionManager == null && useTransactionOfExecutionThread(contextObjectProperties);
// TODO - support workarea propagation
return new InvocationContext(savedInvocation, contextClassloader, currentSecurityContext, useTransactionOfExecutionThread);
}
Aggregations