Example 1 with JBossGenericPrincipal
use of org.jboss.as.web.security.JBossGenericPrincipal in project keycloak by keycloak.
the class JBossWebPrincipalFactory method createPrincipal.
@Override
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) {
KeycloakAccount account = new KeycloakAccount() {
@Override
public Principal getPrincipal() {
return identity;
}
@Override
public Set<String> getRoles() {
return roleSet;
}
};
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(identity);
Group[] roleSets = getRoleSets(roleSet);
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(identity);
principals.add(callerGroup);
SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
List<String> rolesAsStringList = new ArrayList<>(roleSet);
try {
return (GenericPrincipal) jbossWebPrincipalConstructor.newInstance(realm, userPrincipal.getName(), null, rolesAsStringList, userPrincipal, null, account, null, subject);
} catch (Throwable t) {
throw new RuntimeException("Failed to create JBossGenericPrincipal", t);
}
}
Also used :
SimpleGroup(org.jboss.security.SimpleGroup)
NestableGroup(org.jboss.security.NestableGroup)
Group(java.security.acl.Group)
ArrayList(java.util.ArrayList)
KeycloakAccount(org.keycloak.adapters.spi.KeycloakAccount)
SimpleGroup(org.jboss.security.SimpleGroup)
Subject(javax.security.auth.Subject)
NestableGroup(org.jboss.security.NestableGroup)
GenericPrincipal(org.apache.catalina.realm.GenericPrincipal)
JBossGenericPrincipal(org.jboss.as.web.security.JBossGenericPrincipal)
SecurityContext(org.jboss.security.SecurityContext)
GenericPrincipal(org.apache.catalina.realm.GenericPrincipal)
JBossGenericPrincipal(org.jboss.as.web.security.JBossGenericPrincipal)
Principal(java.security.Principal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
Aggregations
Principal (java.security.Principal)1
Group (java.security.acl.Group)1
ArrayList (java.util.ArrayList)1
Subject (javax.security.auth.Subject)1
GenericPrincipal (org.apache.catalina.realm.GenericPrincipal)1
JBossGenericPrincipal (org.jboss.as.web.security.JBossGenericPrincipal)1
NestableGroup (org.jboss.security.NestableGroup)1
SecurityContext (org.jboss.security.SecurityContext)1
SimpleGroup (org.jboss.security.SimpleGroup)1
SimplePrincipal (org.jboss.security.SimplePrincipal)1
KeycloakAccount (org.keycloak.adapters.spi.KeycloakAccount)1
