Search in sources :

Example 1 with ContextStateCache

use of org.jboss.as.security.api.ContextStateCache in project wildfly by wildfly.

the class ServerSecurityInterceptor method aroundInvoke.

@AroundInvoke
public Object aroundInvoke(final InvocationContext invocationContext) throws Exception {
    Principal desiredUser = null;
    UserPrincipal connectionUser = null;
    Map<String, Object> contextData = invocationContext.getContextData();
    if (contextData.containsKey(DELEGATED_USER_KEY)) {
        desiredUser = new SimplePrincipal((String) contextData.get(DELEGATED_USER_KEY));
        Collection<Principal> principals = ConnectionSecurityContext.getConnectionPrincipals();
        if (principals != null) {
            for (Principal current : principals) {
                if (current instanceof UserPrincipal) {
                    connectionUser = (UserPrincipal) current;
                    break;
                }
            }
        } else {
            throw new IllegalStateException("Delegation user requested but no user on connection found.");
        }
    }
    ContextStateCache stateCache = null;
    try {
        if (desiredUser != null && connectionUser != null && (desiredUser.getName().equals(connectionUser.getName()) == false)) {
            try {
                // The final part of this check is to verify that the change does actually indicate a change in user.
                // We have been requested to switch user and have successfully identified the user from the connection
                // so now we attempt the switch.
                stateCache = ConnectionSecurityContext.pushIdentity(desiredUser, new CurrentUserCredential(connectionUser.getName()));
            } catch (Exception e) {
                LOGGER.error("Failed to switch security context for user", e);
                // Don't propagate the exception stacktrace back to the client for security reasons
                throw new EJBAccessException("Unable to attempt switching of user.");
            }
        }
        return invocationContext.proceed();
    } finally {
        // switch back to original security context
        if (stateCache != null) {
            ConnectionSecurityContext.popIdentity(stateCache);
        }
    }
}
Also used : IllegalStateException(javax.resource.spi.IllegalStateException) ContextStateCache(org.jboss.as.security.api.ContextStateCache) CurrentUserCredential(org.jboss.as.test.integration.ejb.container.interceptor.security.CurrentUserCredential) UserPrincipal(org.jboss.as.core.security.api.UserPrincipal) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) UserPrincipal(org.jboss.as.core.security.api.UserPrincipal) SimplePrincipal(org.jboss.security.SimplePrincipal) EJBAccessException(javax.ejb.EJBAccessException) IllegalStateException(javax.resource.spi.IllegalStateException) EJBAccessException(javax.ejb.EJBAccessException) AroundInvoke(javax.interceptor.AroundInvoke)

Aggregations

Principal (java.security.Principal)1 EJBAccessException (javax.ejb.EJBAccessException)1 AroundInvoke (javax.interceptor.AroundInvoke)1 IllegalStateException (javax.resource.spi.IllegalStateException)1 UserPrincipal (org.jboss.as.core.security.api.UserPrincipal)1 ContextStateCache (org.jboss.as.security.api.ContextStateCache)1 CurrentUserCredential (org.jboss.as.test.integration.ejb.container.interceptor.security.CurrentUserCredential)1 SimplePrincipal (org.jboss.security.SimplePrincipal)1