Example 1 with RealmUser
use of org.jboss.as.core.security.RealmUser in project wildfly by wildfly.
the class ConnectionSecurityContext method getConnectionPrincipals.
/**
* Obtain a {@link Collection} containing the {@link Principal} instances for the user associated with the connection.
*
* Note: This method should be called from within a {@link PrivilegedAction}.
*
* @return The Collection of Principals for the user authenticated with the connection. An empty Collection will be returned
* of no user is associated with the connection, {@code null} will be returned if no connection is associated with
* the {@link Thread}
*/
public static Collection<Principal> getConnectionPrincipals() {
Connection con = RemotingContext.getConnection();
if (con != null) {
Collection<Principal> principals = new HashSet<>();
SecurityIdentity localIdentity = con.getLocalIdentity();
if (localIdentity != null) {
principals.add(new RealmUser(localIdentity.getPrincipal().getName()));
StreamSupport.stream(localIdentity.getRoles().spliterator(), true).forEach((String role) -> {
principals.add(new RealmGroup(role));
principals.add(new RealmRole(role));
});
return principals;
} else {
return Collections.emptySet();
}
}
return null;
}
Also used :
SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity)
RealmRole(org.jboss.as.core.security.RealmRole)
RealmGroup(org.jboss.as.core.security.RealmGroup)
Connection(org.jboss.remoting3.Connection)
RealmUser(org.jboss.as.core.security.RealmUser)
Principal(java.security.Principal)
HashSet(java.util.HashSet)
Example 2 with RealmUser
use of org.jboss.as.core.security.RealmUser in project wildfly by wildfly.
the class RemotingLoginModule method login.
@SuppressWarnings("unchecked")
@Override
public boolean login() throws LoginException {
if (super.login() == true) {
log.debug("super.login()==true");
return true;
}
Object credential = getCredential();
if (credential instanceof RemotingConnectionCredential) {
Connection con = ((RemotingConnectionCredential) credential).getConnection();
Principal up = null;
SecurityIdentity localIdentity = con.getLocalIdentity();
if (localIdentity != null) {
up = new RealmUser(localIdentity.getPrincipal().getName());
}
// If we found a principal from the connection then authentication succeeded.
if (up != null) {
identity = up;
if (getUseFirstPass()) {
String userName = identity.getName();
log.debugf("Storing username '%s'", userName);
// Add the username to the shared state map
sharedState.put("javax.security.auth.login.name", identity);
if (useNewClientCert) {
SSLSession session = con.getSslSession();
if (session != null) {
try {
credential = session.getPeerCertificates()[0];
log.debug("Using new certificate as credential.");
} catch (SSLPeerUnverifiedException e) {
log.debugf("No peer certificate available for '%s'", userName);
}
}
} else if (useClientCert) {
SSLSession session = con.getSslSession();
if (session != null) {
try {
credential = session.getPeerCertificateChain()[0];
log.debug("Using certificate as credential.");
} catch (SSLPeerUnverifiedException e) {
log.debugf("No peer certificate available for '%s'", userName);
}
}
}
sharedState.put("javax.security.auth.login.password", credential);
}
loginOk = true;
return true;
}
}
// username and password has been supplied to a web auth.
return false;
}
Also used :
SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
Connection(org.jboss.remoting3.Connection)
RealmUser(org.jboss.as.core.security.RealmUser)
SSLSession(javax.net.ssl.SSLSession)
Principal(java.security.Principal)
Example 3 with RealmUser
use of org.jboss.as.core.security.RealmUser in project wildfly by wildfly.
the class ServerSecurityInterceptor method aroundInvoke.
@AroundInvoke
public Object aroundInvoke(final InvocationContext invocationContext) throws Exception {
Principal desiredUser = null;
RealmUser connectionUser = null;
Map<String, Object> contextData = invocationContext.getContextData();
if (contextData.containsKey(DELEGATED_USER_KEY)) {
desiredUser = new SimplePrincipal((String) contextData.get(DELEGATED_USER_KEY));
Connection con = RemotingContext.getConnection();
if (con != null) {
SecurityIdentity localIdentity = con.getLocalIdentity();
if (localIdentity != null) {
connectionUser = new RealmUser(localIdentity.getPrincipal().getName());
}
} else {
throw new IllegalStateException("Delegation user requested but no user on connection found.");
}
}
SecurityContext cachedSecurityContext = null;
boolean contextSet = false;
try {
if (desiredUser != null && connectionUser != null && (desiredUser.getName().equals(connectionUser.getName()) == false)) {
try {
// The final part of this check is to verify that the change does actually indicate a change in user.
// We have been requested to switch user and have successfully identified the user from the connection
// so now we attempt the switch.
cachedSecurityContext = SecurityContextAssociation.getSecurityContext();
final SecurityContext nextContext = SecurityContextFactory.createSecurityContext(desiredUser, new CurrentUserCredential(connectionUser.getName()), new Subject(), "fooSecurityDomain");
SecurityContextAssociation.setSecurityContext(nextContext);
// keep track that we switched the security context
contextSet = true;
RemotingContext.clear();
} catch (Exception e) {
LOGGER.error("Failed to switch security context for user", e);
// Don't propagate the exception stacktrace back to the client for security reasons
throw new EJBAccessException("Unable to attempt switching of user.");
}
}
return invocationContext.proceed();
} finally {
// switch back to original security context
if (contextSet) {
SecurityContextAssociation.setSecurityContext(cachedSecurityContext);
}
}
}
Also used :
IllegalStateException(javax.resource.spi.IllegalStateException)
RealmUser(org.jboss.as.core.security.RealmUser)
Connection(org.jboss.remoting3.Connection)
Subject(javax.security.auth.Subject)
EJBAccessException(javax.ejb.EJBAccessException)
IllegalStateException(javax.resource.spi.IllegalStateException)
EJBAccessException(javax.ejb.EJBAccessException)
SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity)
SecurityContext(org.jboss.security.SecurityContext)
Principal(java.security.Principal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
AroundInvoke(javax.interceptor.AroundInvoke)
Example 4 with RealmUser
use of org.jboss.as.core.security.RealmUser in project wildfly by wildfly.
the class RealmDirectLoginModule method getRoleSets.
@Override
protected Group[] getRoleSets() throws LoginException {
Collection<Principal> principalCol = new HashSet<Principal>();
principalCol.add(new RealmUser(getUsername()));
try {
AuthorizingCallbackHandler callbackHandler = getCallbackHandler();
SubjectUserInfo sui = callbackHandler.createSubjectUserInfo(principalCol);
SimpleGroup sg = new SimpleGroup("Roles");
Set<RealmRole> roles = sui.getSubject().getPrincipals(RealmRole.class);
for (RealmRole current : roles) {
sg.addMember(createIdentity(current.getName()));
}
return new Group[] { sg };
} catch (Exception e) {
throw SecurityLogger.ROOT_LOGGER.failureCallingSecurityRealm(e.getMessage());
}
}
Also used :
SimpleGroup(org.jboss.security.SimpleGroup)
Group(java.security.acl.Group)
RealmRole(org.jboss.as.core.security.RealmRole)
RealmUser(org.jboss.as.core.security.RealmUser)
SimpleGroup(org.jboss.security.SimpleGroup)
AuthorizingCallbackHandler(org.jboss.as.domain.management.AuthorizingCallbackHandler)
SubjectUserInfo(org.jboss.as.core.security.SubjectUserInfo)
Principal(java.security.Principal)
LoginException(javax.security.auth.login.LoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
HashSet(java.util.HashSet)
Aggregations
Principal (java.security.Principal)4
RealmUser (org.jboss.as.core.security.RealmUser)4
Connection (org.jboss.remoting3.Connection)3
SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)3
HashSet (java.util.HashSet)2
RealmRole (org.jboss.as.core.security.RealmRole)2
IOException (java.io.IOException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
Group (java.security.acl.Group)1
EJBAccessException (javax.ejb.EJBAccessException)1
AroundInvoke (javax.interceptor.AroundInvoke)1
SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)1
SSLSession (javax.net.ssl.SSLSession)1
IllegalStateException (javax.resource.spi.IllegalStateException)1
Subject (javax.security.auth.Subject)1
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1
LoginException (javax.security.auth.login.LoginException)1
RealmGroup (org.jboss.as.core.security.RealmGroup)1
SubjectUserInfo (org.jboss.as.core.security.SubjectUserInfo)1
AuthorizingCallbackHandler (org.jboss.as.domain.management.AuthorizingCallbackHandler)1
