Search in sources :

Example 1 with RunAsPrincipalInterceptor

use of org.jboss.as.ejb3.security.RunAsPrincipalInterceptor in project wildfly by wildfly.

the class EJBComponentDescription method getElytronInterceptorFactories.

public HashMap<Integer, InterceptorFactory> getElytronInterceptorFactories(String policyContextID, boolean enableJacc, boolean propagateSecurity) {
    final HashMap<Integer, InterceptorFactory> interceptorFactories = new HashMap<>(2);
    final Set<String> roles = new HashSet<>();
    // First interceptor: security domain association
    interceptorFactories.put(InterceptorOrder.View.SECURITY_CONTEXT, SecurityDomainInterceptorFactory.INSTANCE);
    if (enableJacc) {
        // Next interceptor: policy context ID
        interceptorFactories.put(InterceptorOrder.View.POLICY_CONTEXT, new ImmediateInterceptorFactory(new PolicyContextIdInterceptor(policyContextID)));
    }
    if (securityRoles != null) {
        final Map<String, Set<String>> principalVsRolesMap = securityRoles.getPrincipalVersusRolesMap();
        if (!principalVsRolesMap.isEmpty()) {
            interceptorFactories.put(InterceptorOrder.View.SECURITY_ROLES, new ImmediateInterceptorFactory(new SecurityRolesAddingInterceptor("ejb", principalVsRolesMap)));
        }
    }
    // Switch users if there's a run-as principal
    if (runAsPrincipal != null) {
        interceptorFactories.put(InterceptorOrder.View.RUN_AS_PRINCIPAL, new ImmediateInterceptorFactory(new RunAsPrincipalInterceptor(runAsPrincipal)));
        // Next interceptor: extra principal roles
        if (securityRoles != null) {
            final Set<String> extraRoles = securityRoles.getSecurityRoleNamesByPrincipal(runAsPrincipal);
            if (!extraRoles.isEmpty()) {
                interceptorFactories.put(InterceptorOrder.View.EXTRA_PRINCIPAL_ROLES, new ImmediateInterceptorFactory(new RoleAddingInterceptor("ejb", RoleMapper.constant(Roles.fromSet(extraRoles)))));
                roles.addAll(extraRoles);
            }
        }
    // Next interceptor: prevent identity propagation
    } else if (!propagateSecurity) {
        interceptorFactories.put(InterceptorOrder.View.RUN_AS_PRINCIPAL, new ImmediateInterceptorFactory(new RunAsPrincipalInterceptor(RunAsPrincipalInterceptor.ANONYMOUS_PRINCIPAL)));
    }
    // Next interceptor: run-as-role
    if (runAsRole != null) {
        interceptorFactories.put(InterceptorOrder.View.RUN_AS_ROLE, new ImmediateInterceptorFactory(new RoleAddingInterceptor("ejb", RoleMapper.constant(Roles.fromSet(Collections.singleton(runAsRole))))));
        roles.add(runAsRole);
    }
    // Next interceptor: security identity outflow
    if (!roles.isEmpty()) {
        interceptorFactories.put(InterceptorOrder.View.SECURITY_IDENTITY_OUTFLOW, new IdentityOutflowInterceptorFactory("ejb", RoleMapper.constant(Roles.fromSet(roles))));
    } else {
        interceptorFactories.put(InterceptorOrder.View.SECURITY_IDENTITY_OUTFLOW, IdentityOutflowInterceptorFactory.INSTANCE);
    }
    // Ignoring declared roles
    RoleMapper.constant(Roles.fromSet(getDeclaredRoles()));
    return interceptorFactories;
}
Also used : IdentityOutflowInterceptorFactory(org.jboss.as.ejb3.security.IdentityOutflowInterceptorFactory) Set(java.util.Set) HashSet(java.util.HashSet) IdentityHashMap(java.util.IdentityHashMap) HashMap(java.util.HashMap) PolicyContextIdInterceptor(org.jboss.as.ejb3.security.PolicyContextIdInterceptor) RoleAddingInterceptor(org.jboss.as.ejb3.security.RoleAddingInterceptor) IdentityOutflowInterceptorFactory(org.jboss.as.ejb3.security.IdentityOutflowInterceptorFactory) InterceptorFactory(org.jboss.invocation.InterceptorFactory) ImmediateInterceptorFactory(org.jboss.invocation.ImmediateInterceptorFactory) SecurityDomainInterceptorFactory(org.jboss.as.ejb3.security.SecurityDomainInterceptorFactory) ShutDownInterceptorFactory(org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory) ImmediateInterceptorFactory(org.jboss.invocation.ImmediateInterceptorFactory) RunAsPrincipalInterceptor(org.jboss.as.ejb3.security.RunAsPrincipalInterceptor) HashSet(java.util.HashSet) SecurityRolesAddingInterceptor(org.jboss.as.ejb3.security.SecurityRolesAddingInterceptor)

Aggregations

HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 IdentityHashMap (java.util.IdentityHashMap)1 Set (java.util.Set)1 ShutDownInterceptorFactory (org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory)1 IdentityOutflowInterceptorFactory (org.jboss.as.ejb3.security.IdentityOutflowInterceptorFactory)1 PolicyContextIdInterceptor (org.jboss.as.ejb3.security.PolicyContextIdInterceptor)1 RoleAddingInterceptor (org.jboss.as.ejb3.security.RoleAddingInterceptor)1 RunAsPrincipalInterceptor (org.jboss.as.ejb3.security.RunAsPrincipalInterceptor)1 SecurityDomainInterceptorFactory (org.jboss.as.ejb3.security.SecurityDomainInterceptorFactory)1 SecurityRolesAddingInterceptor (org.jboss.as.ejb3.security.SecurityRolesAddingInterceptor)1 ImmediateInterceptorFactory (org.jboss.invocation.ImmediateInterceptorFactory)1 InterceptorFactory (org.jboss.invocation.InterceptorFactory)1