Examples with NestableGroup org.jboss.security.NestableGroup used on opensource projects

Search in sources :

Example 1 with NestableGroup

use of org.jboss.security.NestableGroup in project keycloak by keycloak.

the class JBossWebPrincipalFactory method createPrincipal.

@Override
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) {
    KeycloakAccount account = new KeycloakAccount() {

        @Override
        public Principal getPrincipal() {
            return identity;
        }

        @Override
        public Set<String> getRoles() {
            return roleSet;
        }
    };
    Subject subject = new Subject();
    Set<Principal> principals = subject.getPrincipals();
    principals.add(identity);
    Group[] roleSets = getRoleSets(roleSet);
    for (int g = 0; g < roleSets.length; g++) {
        Group group = roleSets[g];
        String name = group.getName();
        Group subjectGroup = createGroup(name, principals);
        if (subjectGroup instanceof NestableGroup) {
            /* A NestableGroup only allows Groups to be added to it so we
                need to add a SimpleGroup to subjectRoles to contain the roles
                */
            SimpleGroup tmp = new SimpleGroup("Roles");
            subjectGroup.addMember(tmp);
            subjectGroup = tmp;
        }
        // Copy the group members to the Subject group
        Enumeration<? extends Principal> members = group.members();
        while (members.hasMoreElements()) {
            Principal role = (Principal) members.nextElement();
            subjectGroup.addMember(role);
        }
    }
    // add the CallerPrincipal group if none has been added in getRoleSets
    Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
    callerGroup.addMember(identity);
    principals.add(callerGroup);
    SecurityContext sc = SecurityContextAssociation.getSecurityContext();
    Principal userPrincipal = getPrincipal(subject);
    sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
    List<String> rolesAsStringList = new ArrayList<>(roleSet);
    try {
        return (GenericPrincipal) jbossWebPrincipalConstructor.newInstance(realm, userPrincipal.getName(), null, rolesAsStringList, userPrincipal, null, account, null, subject);
    } catch (Throwable t) {
        throw new RuntimeException("Failed to create JBossGenericPrincipal", t);
    }
}
Also used : SimpleGroup(org.jboss.security.SimpleGroup) NestableGroup(org.jboss.security.NestableGroup) Group(java.security.acl.Group) ArrayList(java.util.ArrayList) KeycloakAccount(org.keycloak.adapters.spi.KeycloakAccount) SimpleGroup(org.jboss.security.SimpleGroup) Subject(javax.security.auth.Subject) NestableGroup(org.jboss.security.NestableGroup) GenericPrincipal(org.apache.catalina.realm.GenericPrincipal) JBossGenericPrincipal(org.jboss.as.web.security.JBossGenericPrincipal) SecurityContext(org.jboss.security.SecurityContext) GenericPrincipal(org.apache.catalina.realm.GenericPrincipal) JBossGenericPrincipal(org.jboss.as.web.security.JBossGenericPrincipal) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal)

Example 2 with NestableGroup

use of org.jboss.security.NestableGroup in project keycloak by keycloak.

the class WildflyRequestAuthenticator method propagateKeycloakContext.

@Override
protected void propagateKeycloakContext(KeycloakUndertowAccount account) {
    super.propagateKeycloakContext(account);
    SecurityInfoHelper.propagateSessionInfo(account);
    log.debug("propagate security context to wildfly");
    Subject subject = new Subject();
    Set<Principal> principals = subject.getPrincipals();
    principals.add(account.getPrincipal());
    Group[] roleSets = getRoleSets(account.getRoles());
    for (int g = 0; g < roleSets.length; g++) {
        Group group = roleSets[g];
        String name = group.getName();
        Group subjectGroup = createGroup(name, principals);
        if (subjectGroup instanceof NestableGroup) {
            /* A NestableGroup only allows Groups to be added to it so we
                need to add a SimpleGroup to subjectRoles to contain the roles
                */
            SimpleGroup tmp = new SimpleGroup("Roles");
            subjectGroup.addMember(tmp);
            subjectGroup = tmp;
        }
        // Copy the group members to the Subject group
        Enumeration<? extends Principal> members = group.members();
        while (members.hasMoreElements()) {
            Principal role = (Principal) members.nextElement();
            subjectGroup.addMember(role);
        }
    }
    // add the CallerPrincipal group if none has been added in getRoleSets
    Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
    callerGroup.addMember(account.getPrincipal());
    principals.add(callerGroup);
    org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
    Principal userPrincipal = getPrincipal(subject);
    sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
    // Roles of subjectInfo are null, because is was constructed by
    // org.jboss.security.identity.extensions.CredentialIdentityFactory
    // .createIdentity(Principal [=userPrincipal], Object [=account], Role [=null]).
    // Therefore the roles are only contained in the authenticatedSubject (member of subjectInfo)
    // and subsequent logics do only access subjectInfo#roles instead of authenticatedSubject#roles.
    mapGroupMembersOfAuthenticatedSubjectIntoSecurityContext(sc);
}
Also used : SimpleGroup(org.jboss.security.SimpleGroup) RoleGroup(org.jboss.security.identity.RoleGroup) NestableGroup(org.jboss.security.NestableGroup) Group(java.security.acl.Group) SimpleRoleGroup(org.jboss.security.identity.plugins.SimpleRoleGroup) SimpleGroup(org.jboss.security.SimpleGroup) Subject(javax.security.auth.Subject) NestableGroup(org.jboss.security.NestableGroup) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal)

Example 3 with NestableGroup

use of org.jboss.security.NestableGroup in project keycloak by keycloak.

the class SecurityInfoHelper method propagateSessionInfo.

public static void propagateSessionInfo(KeycloakAccount account) {
    Subject subject = new Subject();
    Set<Principal> principals = subject.getPrincipals();
    principals.add(account.getPrincipal());
    Group[] roleSets = getRoleSets(account.getRoles());
    for (int g = 0; g < roleSets.length; g++) {
        Group group = roleSets[g];
        String name = group.getName();
        Group subjectGroup = createGroup(name, principals);
        if (subjectGroup instanceof NestableGroup) {
            /* A NestableGroup only allows Groups to be added to it so we
                need to add a SimpleGroup to subjectRoles to contain the roles
                */
            SimpleGroup tmp = new SimpleGroup("Roles");
            subjectGroup.addMember(tmp);
            subjectGroup = tmp;
        }
        // Copy the group members to the Subject group
        Enumeration<? extends Principal> members = group.members();
        while (members.hasMoreElements()) {
            Principal role = (Principal) members.nextElement();
            subjectGroup.addMember(role);
        }
    }
    // add the CallerPrincipal group if none has been added in getRoleSets
    Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
    callerGroup.addMember(account.getPrincipal());
    principals.add(callerGroup);
    org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
    Principal userPrincipal = getPrincipal(subject);
    sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
}
Also used : SimpleGroup(org.jboss.security.SimpleGroup) NestableGroup(org.jboss.security.NestableGroup) Group(java.security.acl.Group) SimpleGroup(org.jboss.security.SimpleGroup) Subject(javax.security.auth.Subject) NestableGroup(org.jboss.security.NestableGroup) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal)

Example 4 with NestableGroup

use of org.jboss.security.NestableGroup in project keycloak by keycloak.

the class SecurityInfoHelper method propagateSessionInfo.

public static void propagateSessionInfo(KeycloakAccount account) {
    Subject subject = new Subject();
    Set<Principal> principals = subject.getPrincipals();
    principals.add(account.getPrincipal());
    Group[] roleSets = getRoleSets(account.getRoles());
    for (int g = 0; g < roleSets.length; g++) {
        Group group = roleSets[g];
        String name = group.getName();
        Group subjectGroup = createGroup(name, principals);
        if (subjectGroup instanceof NestableGroup) {
            /* A NestableGroup only allows Groups to be added to it so we
                need to add a SimpleGroup to subjectRoles to contain the roles
                */
            SimpleGroup tmp = new SimpleGroup("Roles");
            subjectGroup.addMember(tmp);
            subjectGroup = tmp;
        }
        // Copy the group members to the Subject group
        Enumeration<? extends Principal> members = group.members();
        while (members.hasMoreElements()) {
            Principal role = (Principal) members.nextElement();
            subjectGroup.addMember(role);
        }
    }
    // add the CallerPrincipal group if none has been added in getRoleSets
    Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
    callerGroup.addMember(account.getPrincipal());
    principals.add(callerGroup);
    org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
    Principal userPrincipal = getPrincipal(subject);
    sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
}
Also used : SimpleGroup(org.jboss.security.SimpleGroup) NestableGroup(org.jboss.security.NestableGroup) Group(java.security.acl.Group) SimpleGroup(org.jboss.security.SimpleGroup) Subject(javax.security.auth.Subject) NestableGroup(org.jboss.security.NestableGroup) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal)

Aggregations

Principal (java.security.Principal)4 Group (java.security.acl.Group)4 Subject (javax.security.auth.Subject)4 NestableGroup (org.jboss.security.NestableGroup)4 SimpleGroup (org.jboss.security.SimpleGroup)4 SimplePrincipal (org.jboss.security.SimplePrincipal)4 ArrayList (java.util.ArrayList)1 GenericPrincipal (org.apache.catalina.realm.GenericPrincipal)1 JBossGenericPrincipal (org.jboss.as.web.security.JBossGenericPrincipal)1 SecurityContext (org.jboss.security.SecurityContext)1 RoleGroup (org.jboss.security.identity.RoleGroup)1 SimpleRoleGroup (org.jboss.security.identity.plugins.SimpleRoleGroup)1 KeycloakAccount (org.keycloak.adapters.spi.KeycloakAccount)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial