Search in sources :

Example 1 with SecurityRoleRef

use of io.undertow.servlet.api.SecurityRoleRef in project undertow by undertow-io.

the class DefaultAuthorizationManager method isUserInRole.

@Override
public boolean isUserInRole(String role, Account account, ServletInfo servletInfo, HttpServletRequest request, Deployment deployment) {
    final Map<String, Set<String>> principalVersusRolesMap = deployment.getDeploymentInfo().getPrincipalVersusRolesMap();
    final Set<String> roles = principalVersusRolesMap.get(account.getPrincipal().getName());
    //TODO: a more efficient imple
    for (SecurityRoleRef ref : servletInfo.getSecurityRoleRefs()) {
        if (ref.getRole().equals(role)) {
            if (roles != null && roles.contains(ref.getLinkedRole())) {
                return true;
            }
            return account.getRoles().contains(ref.getLinkedRole());
        }
    }
    if (roles != null && roles.contains(role)) {
        return true;
    }
    return account.getRoles().contains(role);
}
Also used : Set(java.util.Set) SecurityRoleRef(io.undertow.servlet.api.SecurityRoleRef)

Example 2 with SecurityRoleRef

use of io.undertow.servlet.api.SecurityRoleRef in project wildfly by wildfly.

the class JbossAuthorizationManager method isUserInRole.

@Override
public boolean isUserInRole(String role, Account account, ServletInfo servletInfo, HttpServletRequest request, Deployment deployment) {
    boolean authzDecision = true;
    boolean baseDecision = delegate.isUserInRole(role, account, servletInfo, request, deployment);
    // if the RealmBase check has passed, then we can go to authz framework
    if (baseDecision) {
        String servletName = servletInfo.getName();
        String roleName = role;
        List<SecurityRoleRef> roleRefs = servletInfo.getSecurityRoleRefs();
        if (roleRefs != null) {
            for (SecurityRoleRef ref : roleRefs) {
                if (ref.getLinkedRole().equals(role)) {
                    roleName = ref.getRole();
                    break;
                }
            }
        }
        SecurityContext sc = SecurityActions.getSecurityContext();
        AbstractWebAuthorizationHelper helper = null;
        try {
            helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
        } catch (Exception e) {
            UndertowLogger.ROOT_LOGGER.noAuthorizationHelper(e);
            return false;
        }
        Subject callerSubject = sc.getUtil().getSubject();
        //if (callerSubject == null) {
        //    // During hasResourcePermission check, Catalina calls hasRole. But we have not established
        //    // a subject yet in the security context. So we will get the subject from the cached principal
        //    callerSubject = getSubjectFromRequestPrincipal(principal);
        //}
        authzDecision = helper.hasRole(roleName, account.getPrincipal(), servletName, getPrincipalRoles(account), PolicyContext.getContextID(), callerSubject, new ArrayList<String>(account.getRoles()));
    }
    boolean finalDecision = baseDecision && authzDecision;
    UndertowLogger.ROOT_LOGGER.tracef("hasRole:RealmBase says: %s ::Authz framework says: %s :final= %s", baseDecision, authzDecision, finalDecision);
    return finalDecision;
}
Also used : SecurityContext(org.jboss.security.SecurityContext) ArrayList(java.util.ArrayList) AbstractWebAuthorizationHelper(org.jboss.security.javaee.AbstractWebAuthorizationHelper) SecurityRoleRef(io.undertow.servlet.api.SecurityRoleRef) IOException(java.io.IOException) Subject(javax.security.auth.Subject)

Aggregations

SecurityRoleRef (io.undertow.servlet.api.SecurityRoleRef)2 IOException (java.io.IOException)1 ArrayList (java.util.ArrayList)1 Set (java.util.Set)1 Subject (javax.security.auth.Subject)1 SecurityContext (org.jboss.security.SecurityContext)1 AbstractWebAuthorizationHelper (org.jboss.security.javaee.AbstractWebAuthorizationHelper)1