Example 46 with Role
use of org.apache.activemq.artemis.core.security.Role in project wildfly by wildfly.
the class ElytronSecurityManager method validateUserAndRole.
@Override
public boolean validateUserAndRole(String username, String password, Set<Role> roles, CheckType checkType) {
if (defaultUser.equals(username) && defaultPassword.equals(password))
return true;
final SecurityIdentity identity = this.authenticate(username, password);
if (identity == null) {
return false;
}
final Set<String> filteredRoles = new HashSet<>();
for (Role role : roles) {
if (checkType.hasRole(role)) {
String name = role.getName();
filteredRoles.add(name);
}
}
return identity.getRoles().containsAny(filteredRoles);
}
Also used :
SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity)
Role(org.apache.activemq.artemis.core.security.Role)
HashSet(java.util.HashSet)
Example 47 with Role
use of org.apache.activemq.artemis.core.security.Role in project wildfly by wildfly.
the class SecurityRoleAttributeHandler method applyUpdateToRuntime.
@Override
protected boolean applyUpdateToRuntime(OperationContext context, ModelNode operation, String attributeName, ModelNode newValue, ModelNode currentValue, HandbackHolder<Set<Role>> handbackHolder) throws OperationFailedException {
final ActiveMQServer server = getActiveMQServer(context, operation);
if (server != null) {
final PathAddress address = PathAddress.pathAddress(operation.require(ModelDescriptionConstants.OP_ADDR));
final String match = address.getElement(address.size() - 2).getValue();
final String roleName = address.getLastElement().getValue();
final Set<Role> newRoles = new HashSet<Role>();
final Set<Role> roles = server.getSecurityRepository().getMatch(match);
handbackHolder.setHandback(roles);
for (final Role role : roles) {
if (!roleName.equals(role.getName())) {
newRoles.add(role);
}
}
final Resource resource = context.readResource(PathAddress.EMPTY_ADDRESS);
final ModelNode subModel = resource.getModel();
final Role updatedRole = SecurityRoleDefinition.transform(context, roleName, subModel);
newRoles.add(updatedRole);
server.getSecurityRepository().addMatch(match, newRoles);
}
return false;
}
Also used :
Role(org.apache.activemq.artemis.core.security.Role)
ActiveMQActivationService.getActiveMQServer(org.wildfly.extension.messaging.activemq.ActiveMQActivationService.getActiveMQServer)
ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer)
PathAddress(org.jboss.as.controller.PathAddress)
Resource(org.jboss.as.controller.registry.Resource)
ModelNode(org.jboss.dmr.ModelNode)
HashSet(java.util.HashSet)
Example 48 with Role
use of org.apache.activemq.artemis.core.security.Role in project wildfly by wildfly.
the class SecurityRoleRemove method removeRole.
static void removeRole(ActiveMQServer server, String match, String roleName) {
if (server != null) {
final Set<Role> roles = server.getSecurityRepository().getMatch(match);
final Set<Role> newRoles = new HashSet<Role>();
for (final Role role : roles) {
if (!roleName.equals(role.getName())) {
newRoles.add(role);
}
}
server.getSecurityRepository().addMatch(match, newRoles);
}
}Example 49 with Role
use of org.apache.activemq.artemis.core.security.Role in project wildfly by wildfly.
the class ServerAdd method processSecuritySettings.
/**
* Process the security settings.
*
* @param configuration the ActiveMQ configuration
* @param params the detyped operation parameters
*/
static void processSecuritySettings(final OperationContext context, final Configuration configuration, final ModelNode params) throws OperationFailedException {
if (params.get(SECURITY_SETTING).isDefined()) {
for (final Property property : params.get(SECURITY_SETTING).asPropertyList()) {
final String match = property.getName();
final ModelNode config = property.getValue();
if (config.hasDefined(CommonAttributes.ROLE)) {
final Set<Role> roles = new HashSet<Role>();
for (final Property role : config.get(CommonAttributes.ROLE).asPropertyList()) {
roles.add(SecurityRoleDefinition.transform(context, role.getName(), role.getValue()));
}
configuration.getSecurityRoles().put(match, roles);
}
}
}
}
Also used :
Role(org.apache.activemq.artemis.core.security.Role)
SimpleString(org.apache.activemq.artemis.api.core.SimpleString)
ModelNode(org.jboss.dmr.ModelNode)
Property(org.jboss.dmr.Property)
HashSet(java.util.HashSet)
Example 50 with Role
use of org.apache.activemq.artemis.core.security.Role in project wildfly by wildfly.
the class WildFlySecurityManager method validateUserAndRole.
@Override
public boolean validateUserAndRole(final String username, final String password, final Set<Role> roles, final CheckType checkType) {
if (defaultUser.equals(username) && defaultPassword.equals(password))
return true;
if (securityDomainContext == null)
throw MessagingLogger.ROOT_LOGGER.securityDomainContextNotSet();
final Subject subject = new Subject();
// The authentication call here changes the subject and that subject must be used later. That is why we don't call validateUser(String, String) here.
boolean authenticated = securityDomainContext.getAuthenticationManager().isValid(new SimplePrincipal(username), password, subject);
if (authenticated) {
authenticated = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
@Override
public Boolean run() {
final SimplePrincipal principal = new SimplePrincipal(username);
// push a new security context if there is not one.
final SecurityContext currentSecurityContext = SecurityContextAssociation.getSecurityContext();
final SecurityContext securityContext;
if (currentSecurityContext == null) {
try {
securityContext = SecurityContextFactory.createSecurityContext(principal, password, subject, securityDomainContext.getAuthenticationManager().getSecurityDomain());
} catch (Exception e) {
throw new RuntimeException(e);
}
} else {
securityContext = currentSecurityContext;
securityContext.getUtil().createSubjectInfo(principal, password, subject);
}
SecurityContextAssociation.setSecurityContext(securityContext);
final Set<Principal> principals = new HashSet<Principal>();
for (Role role : roles) {
if (checkType.hasRole(role)) {
principals.add(new SimplePrincipal(role.getName()));
}
}
final boolean authenticated = securityDomainContext.getAuthorizationManager().doesUserHaveRole(new SimplePrincipal(username), principals);
// restore the previous security context if any
SecurityContextAssociation.setSecurityContext(currentSecurityContext);
return authenticated;
}
});
}
return authenticated;
}
Also used :
Role(org.apache.activemq.artemis.core.security.Role)
PrivilegedAction(java.security.PrivilegedAction)
SecurityContext(org.jboss.security.SecurityContext)
Subject(javax.security.auth.Subject)
SimplePrincipal(org.jboss.security.SimplePrincipal)
Principal(java.security.Principal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
HashSet(java.util.HashSet)
Aggregations
Role (org.apache.activemq.artemis.core.security.Role)86
HashSet (java.util.HashSet)72
ActiveMQJAASSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)49
Test (org.junit.Test)46
ActiveMQServer (org.apache.activemq.artemis.core.server.ActiveMQServer)35
ClientSession (org.apache.activemq.artemis.api.core.client.ClientSession)33
ClientSessionFactory (org.apache.activemq.artemis.api.core.client.ClientSessionFactory)33
Set (java.util.Set)30
SimpleString (org.apache.activemq.artemis.api.core.SimpleString)26
ActiveMQException (org.apache.activemq.artemis.api.core.ActiveMQException)24
ClientProducer (org.apache.activemq.artemis.api.core.client.ClientProducer)20
TransportConfiguration (org.apache.activemq.artemis.api.core.TransportConfiguration)15
ActiveMQSecurityException (org.apache.activemq.artemis.api.core.ActiveMQSecurityException)14
Before (org.junit.Before)11
Configuration (org.apache.activemq.artemis.core.config.Configuration)9
HashMap (java.util.HashMap)7
ClientConsumer (org.apache.activemq.artemis.api.core.client.ClientConsumer)7
Session (javax.jms.Session)5
ActiveMQResourceAdapter (org.apache.activemq.artemis.ra.ActiveMQResourceAdapter)5
Connection (javax.jms.Connection)4
