Search in sources :

Example 1 with ServletChain

use of io.undertow.servlet.handlers.ServletChain in project undertow by undertow-io.

the class HttpServletRequestImpl method isUserInRole.

@Override
public boolean isUserInRole(final String role) {
    if (role == null) {
        return false;
    }
    //according to the servlet spec this aways returns false
    if (role.equals("*")) {
        return false;
    }
    SecurityContext sc = exchange.getSecurityContext();
    Account account = sc.getAuthenticatedAccount();
    if (account == null) {
        return false;
    }
    ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
    if (role.equals("**")) {
        Set<String> roles = servletRequestContext.getDeployment().getDeploymentInfo().getSecurityRoles();
        if (!roles.contains("**")) {
            return true;
        }
    }
    final ServletChain servlet = servletRequestContext.getCurrentServlet();
    final Deployment deployment = servletContext.getDeployment();
    final AuthorizationManager authorizationManager = deployment.getDeploymentInfo().getAuthorizationManager();
    return authorizationManager.isUserInRole(role, account, servlet.getManagedServlet().getServletInfo(), this, deployment);
}
Also used : Account(io.undertow.security.idm.Account) ServletChain(io.undertow.servlet.handlers.ServletChain) SecurityContext(io.undertow.security.api.SecurityContext) ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext) Deployment(io.undertow.servlet.api.Deployment) HttpString(io.undertow.util.HttpString) AuthorizationManager(io.undertow.servlet.api.AuthorizationManager)

Example 2 with ServletChain

use of io.undertow.servlet.handlers.ServletChain in project wildfly by wildfly.

the class SecurityContextAssociationHandler method handleRequest.

@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
    SecurityContext sc = exchange.getAttachment(UndertowSecurityAttachments.SECURITY_CONTEXT_ATTACHMENT);
    RunAsIdentityMetaData identity = null;
    RunAs old = null;
    try {
        final ServletChain servlet = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getCurrentServlet();
        identity = runAsIdentityMetaDataMap.get(servlet.getManagedServlet().getServletInfo().getName());
        RunAsIdentity runAsIdentity = null;
        if (identity != null) {
            UndertowLogger.ROOT_LOGGER.tracef("%s, runAs: %s", servlet.getManagedServlet().getServletInfo().getName(), identity);
            runAsIdentity = new RunAsIdentity(identity.getRoleName(), identity.getPrincipalName(), identity.getRunAsRoles());
        }
        old = SecurityActions.setRunAsIdentity(runAsIdentity, sc);
        // Perform the request
        next.handleRequest(exchange);
    } finally {
        if (identity != null) {
            SecurityActions.setRunAsIdentity(old, sc);
        }
    }
}
Also used : ServletChain(io.undertow.servlet.handlers.ServletChain) RunAs(org.jboss.security.RunAs) SecurityContext(org.jboss.security.SecurityContext) RunAsIdentity(org.jboss.security.RunAsIdentity) RunAsIdentityMetaData(org.jboss.metadata.javaee.jboss.RunAsIdentityMetaData)

Aggregations

ServletChain (io.undertow.servlet.handlers.ServletChain)2 SecurityContext (io.undertow.security.api.SecurityContext)1 Account (io.undertow.security.idm.Account)1 AuthorizationManager (io.undertow.servlet.api.AuthorizationManager)1 Deployment (io.undertow.servlet.api.Deployment)1 ServletRequestContext (io.undertow.servlet.handlers.ServletRequestContext)1 HttpString (io.undertow.util.HttpString)1 RunAsIdentityMetaData (org.jboss.metadata.javaee.jboss.RunAsIdentityMetaData)1 RunAs (org.jboss.security.RunAs)1 RunAsIdentity (org.jboss.security.RunAsIdentity)1 SecurityContext (org.jboss.security.SecurityContext)1