Example 1 with SecurityRoleRef
use of io.undertow.servlet.api.SecurityRoleRef in project undertow by undertow-io.
the class DefaultAuthorizationManager method isUserInRole.
@Override
public boolean isUserInRole(String role, Account account, ServletInfo servletInfo, HttpServletRequest request, Deployment deployment) {
final Map<String, Set<String>> principalVersusRolesMap = deployment.getDeploymentInfo().getPrincipalVersusRolesMap();
final Set<String> roles = principalVersusRolesMap.get(account.getPrincipal().getName());
//TODO: a more efficient imple
for (SecurityRoleRef ref : servletInfo.getSecurityRoleRefs()) {
if (ref.getRole().equals(role)) {
if (roles != null && roles.contains(ref.getLinkedRole())) {
return true;
}
return account.getRoles().contains(ref.getLinkedRole());
}
}
if (roles != null && roles.contains(role)) {
return true;
}
return account.getRoles().contains(role);
}
Also used :
Set(java.util.Set)
SecurityRoleRef(io.undertow.servlet.api.SecurityRoleRef)
Example 2 with SecurityRoleRef
use of io.undertow.servlet.api.SecurityRoleRef in project wildfly by wildfly.
the class JbossAuthorizationManager method isUserInRole.
@Override
public boolean isUserInRole(String role, Account account, ServletInfo servletInfo, HttpServletRequest request, Deployment deployment) {
boolean authzDecision = true;
boolean baseDecision = delegate.isUserInRole(role, account, servletInfo, request, deployment);
// if the RealmBase check has passed, then we can go to authz framework
if (baseDecision) {
String servletName = servletInfo.getName();
String roleName = role;
List<SecurityRoleRef> roleRefs = servletInfo.getSecurityRoleRefs();
if (roleRefs != null) {
for (SecurityRoleRef ref : roleRefs) {
if (ref.getLinkedRole().equals(role)) {
roleName = ref.getRole();
break;
}
}
}
SecurityContext sc = SecurityActions.getSecurityContext();
AbstractWebAuthorizationHelper helper = null;
try {
helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
} catch (Exception e) {
UndertowLogger.ROOT_LOGGER.noAuthorizationHelper(e);
return false;
}
Subject callerSubject = sc.getUtil().getSubject();
//if (callerSubject == null) {
// // During hasResourcePermission check, Catalina calls hasRole. But we have not established
// // a subject yet in the security context. So we will get the subject from the cached principal
// callerSubject = getSubjectFromRequestPrincipal(principal);
//}
authzDecision = helper.hasRole(roleName, account.getPrincipal(), servletName, getPrincipalRoles(account), PolicyContext.getContextID(), callerSubject, new ArrayList<String>(account.getRoles()));
}
boolean finalDecision = baseDecision && authzDecision;
UndertowLogger.ROOT_LOGGER.tracef("hasRole:RealmBase says: %s ::Authz framework says: %s :final= %s", baseDecision, authzDecision, finalDecision);
return finalDecision;
}
Also used :
SecurityContext(org.jboss.security.SecurityContext)
ArrayList(java.util.ArrayList)
AbstractWebAuthorizationHelper(org.jboss.security.javaee.AbstractWebAuthorizationHelper)
SecurityRoleRef(io.undertow.servlet.api.SecurityRoleRef)
IOException(java.io.IOException)
Subject(javax.security.auth.Subject)
Aggregations
SecurityRoleRef (io.undertow.servlet.api.SecurityRoleRef)2
IOException (java.io.IOException)1
ArrayList (java.util.ArrayList)1
Set (java.util.Set)1
Subject (javax.security.auth.Subject)1
SecurityContext (org.jboss.security.SecurityContext)1
AbstractWebAuthorizationHelper (org.jboss.security.javaee.AbstractWebAuthorizationHelper)1
