use of org.jboss.as.ejb3.security.RunAsPrincipalInterceptor in project wildfly by wildfly.
the class EJBComponentDescription method getElytronInterceptorFactories.
public HashMap<Integer, InterceptorFactory> getElytronInterceptorFactories(String policyContextID, boolean enableJacc, boolean propagateSecurity) {
final HashMap<Integer, InterceptorFactory> interceptorFactories = new HashMap<>(2);
final Set<String> roles = new HashSet<>();
// First interceptor: security domain association
interceptorFactories.put(InterceptorOrder.View.SECURITY_CONTEXT, SecurityDomainInterceptorFactory.INSTANCE);
if (enableJacc) {
// Next interceptor: policy context ID
interceptorFactories.put(InterceptorOrder.View.POLICY_CONTEXT, new ImmediateInterceptorFactory(new PolicyContextIdInterceptor(policyContextID)));
}
if (securityRoles != null) {
final Map<String, Set<String>> principalVsRolesMap = securityRoles.getPrincipalVersusRolesMap();
if (!principalVsRolesMap.isEmpty()) {
interceptorFactories.put(InterceptorOrder.View.SECURITY_ROLES, new ImmediateInterceptorFactory(new SecurityRolesAddingInterceptor("ejb", principalVsRolesMap)));
}
}
// Switch users if there's a run-as principal
if (runAsPrincipal != null) {
interceptorFactories.put(InterceptorOrder.View.RUN_AS_PRINCIPAL, new ImmediateInterceptorFactory(new RunAsPrincipalInterceptor(runAsPrincipal)));
// Next interceptor: extra principal roles
if (securityRoles != null) {
final Set<String> extraRoles = securityRoles.getSecurityRoleNamesByPrincipal(runAsPrincipal);
if (!extraRoles.isEmpty()) {
interceptorFactories.put(InterceptorOrder.View.EXTRA_PRINCIPAL_ROLES, new ImmediateInterceptorFactory(new RoleAddingInterceptor("ejb", RoleMapper.constant(Roles.fromSet(extraRoles)))));
roles.addAll(extraRoles);
}
}
// Next interceptor: prevent identity propagation
} else if (!propagateSecurity) {
interceptorFactories.put(InterceptorOrder.View.RUN_AS_PRINCIPAL, new ImmediateInterceptorFactory(new RunAsPrincipalInterceptor(RunAsPrincipalInterceptor.ANONYMOUS_PRINCIPAL)));
}
// Next interceptor: run-as-role
if (runAsRole != null) {
interceptorFactories.put(InterceptorOrder.View.RUN_AS_ROLE, new ImmediateInterceptorFactory(new RoleAddingInterceptor("ejb", RoleMapper.constant(Roles.fromSet(Collections.singleton(runAsRole))))));
roles.add(runAsRole);
}
// Next interceptor: security identity outflow
if (!roles.isEmpty()) {
interceptorFactories.put(InterceptorOrder.View.SECURITY_IDENTITY_OUTFLOW, new IdentityOutflowInterceptorFactory("ejb", RoleMapper.constant(Roles.fromSet(roles))));
} else {
interceptorFactories.put(InterceptorOrder.View.SECURITY_IDENTITY_OUTFLOW, IdentityOutflowInterceptorFactory.INSTANCE);
}
// Ignoring declared roles
RoleMapper.constant(Roles.fromSet(getDeclaredRoles()));
return interceptorFactories;
}
Aggregations