use of org.apache.cxf.security.LoginSecurityContext in project testcases by coheigea.
the class XACML3AuthorizingInterceptor method handleMessage.
public void handleMessage(Message message) throws Fault {
SecurityContext sc = message.get(SecurityContext.class);
if (sc instanceof LoginSecurityContext) {
Principal principal = sc.getUserPrincipal();
LoginSecurityContext loginSecurityContext = (LoginSecurityContext) sc;
Set<Principal> principalRoles = loginSecurityContext.getUserRoles();
List<String> roles = new ArrayList<String>();
if (principalRoles != null) {
for (Principal p : principalRoles) {
if (p != principal) {
roles.add(p.getName());
}
}
}
try {
if (authorize(principal, roles, message)) {
return;
}
} catch (Exception e) {
LOG.log(Level.FINE, "Unauthorized: " + e.getMessage(), e);
throw new AccessDeniedException("Unauthorized");
}
} else {
LOG.log(Level.FINE, "The SecurityContext was not an instance of LoginSecurityContext. No authorization " + "is possible as a result");
}
throw new AccessDeniedException("Unauthorized");
}
use of org.apache.cxf.security.LoginSecurityContext in project cxf by apache.
the class DeprecatedSecurityContextTest method testPrivateStaticGroup.
@Test
public void testPrivateStaticGroup() {
Subject s = new Subject();
Principal p = new SimplePrincipal("Barry");
s.getPrincipals().add(p);
// create a friend group and add Barry to this group
GroupWrapper test = new GroupWrapper("friend", "Barry");
s.getPrincipals().add(test.getGroup());
LoginSecurityContext context = new DefaultSecurityContext(p, s);
assertTrue(context.isUserInRole("Barry"));
}
use of org.apache.cxf.security.LoginSecurityContext in project cxf by apache.
the class DefaultSecurityContextTest method testMultipleRoles.
@Test
public void testMultipleRoles() {
Subject s = new Subject();
Principal p = new SimplePrincipal("Barry");
s.getPrincipals().add(p);
Set<Principal> roles = new HashSet<>();
roles.add(new SimpleGroup("friend", p));
roles.add(new SimpleGroup("admin", p));
s.getPrincipals().addAll(roles);
LoginSecurityContext context = new DefaultSecurityContext(p, s);
assertTrue(context.isUserInRole("friend"));
assertTrue(context.isUserInRole("admin"));
assertFalse(context.isUserInRole("bar"));
Set<Principal> roles2 = context.getUserRoles();
assertEquals(roles2, roles);
}
use of org.apache.cxf.security.LoginSecurityContext in project cxf by apache.
the class DefaultSecurityContextTest method testUserInImplicitRoles.
@Test
public void testUserInImplicitRoles() {
Subject s = new Subject();
Principal p = new SimplePrincipal("Barry");
s.getPrincipals().add(p);
Principal role = new SimplePrincipal("friend");
s.getPrincipals().add(role);
LoginSecurityContext context = new DefaultSecurityContext(p, s);
assertTrue(context.isUserInRole("friend"));
assertFalse(context.isUserInRole("family"));
assertFalse(context.isUserInRole("Barry"));
}
use of org.apache.cxf.security.LoginSecurityContext in project cxf by apache.
the class OAuthUtils method createSubject.
public static UserSubject createSubject(SecurityContext securityContext) {
List<String> roleNames = Collections.emptyList();
if (securityContext instanceof LoginSecurityContext) {
roleNames = ((LoginSecurityContext) securityContext).getUserRoles().stream().map(Principal::getName).collect(toList());
}
UserSubject subject = new UserSubject(securityContext.getUserPrincipal().getName(), roleNames);
Message m = JAXRSUtils.getCurrentMessage();
if (m != null && m.get(AuthenticationMethod.class) != null) {
subject.setAuthenticationMethod(m.get(AuthenticationMethod.class));
}
return subject;
}
Aggregations