Example 1 with RunAs
use of org.jboss.security.RunAs in project wildfly by wildfly.
the class SimpleSecurityManager method push.
/**
* Must be called from within a privileged action.
*
* @param securityDomain
*/
public void push(final String securityDomain) {
// TODO - Handle a null securityDomain here? Yes I think so.
final SecurityContext previous = SecurityContextAssociation.getSecurityContext();
contexts.push(previous);
SecurityContext current = establishSecurityContext(securityDomain);
if (propagate && previous != null) {
current.setSubjectInfo(getSubjectInfo(previous));
current.setIncomingRunAs(previous.getOutgoingRunAs());
}
RunAs currentRunAs = current.getIncomingRunAs();
boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;
if (trusted == false) {
/*
* We should only be switching to a context based on an identity from the Remoting connection if we don't already
* have a trusted identity - this allows for beans to reauthenticate as a different identity.
*/
if (SecurityActions.remotingContextIsSet()) {
// In this case the principal and credential will not have been set to set some random values.
SecurityContextUtil util = current.getUtil();
Connection connection = SecurityActions.remotingContextGetConnection();
Principal p = null;
Object credential = null;
SecurityIdentity localIdentity = connection.getLocalIdentity();
if (localIdentity != null) {
p = new SimplePrincipal(localIdentity.getPrincipal().getName());
IdentityCredentials privateCredentials = localIdentity.getPrivateCredentials();
PasswordCredential passwordCredential = privateCredentials.getCredential(PasswordCredential.class, ClearPassword.ALGORITHM_CLEAR);
if (passwordCredential != null) {
credential = new String(passwordCredential.getPassword(ClearPassword.class).getPassword());
} else {
credential = new RemotingConnectionCredential(connection);
}
} else {
throw SecurityLogger.ROOT_LOGGER.noUserPrincipalFound();
}
SecurityActions.remotingContextClear();
util.createSubjectInfo(p, credential, null);
}
}
}
Also used :
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
SecurityContextUtil(org.jboss.security.SecurityContextUtil)
RunAs(org.jboss.security.RunAs)
RunAsIdentity(org.jboss.security.RunAsIdentity)
Connection(org.jboss.remoting3.Connection)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity)
SecurityContext(org.jboss.security.SecurityContext)
RemotingConnectionCredential(org.jboss.as.security.remoting.RemotingConnectionCredential)
Principal(java.security.Principal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
IdentityCredentials(org.wildfly.security.auth.server.IdentityCredentials)
Example 2 with RunAs
use of org.jboss.security.RunAs in project wildfly by wildfly.
the class RunAsLifecycleInterceptor method handle.
private void handle(ServletInfo servletInfo, LifecycleContext context) throws ServletException {
RunAsIdentityMetaData identity = null;
RunAs old = null;
SecurityContext sc = SecurityActions.getSecurityContext();
if (sc == null) {
context.proceed();
return;
}
try {
identity = runAsIdentityMetaDataMap.get(servletInfo.getName());
RunAsIdentity runAsIdentity = null;
if (identity != null) {
UndertowLogger.ROOT_LOGGER.tracef("%s, runAs: %s", servletInfo.getName(), identity);
runAsIdentity = new RunAsIdentity(identity.getRoleName(), identity.getPrincipalName(), identity.getRunAsRoles());
}
old = SecurityActions.setRunAsIdentity(runAsIdentity, sc);
// Perform the request
context.proceed();
} finally {
if (identity != null) {
SecurityActions.setRunAsIdentity(old, sc);
}
}
}
Also used :
RunAs(org.jboss.security.RunAs)
SecurityContext(org.jboss.security.SecurityContext)
RunAsIdentity(org.jboss.security.RunAsIdentity)
RunAsIdentityMetaData(org.jboss.metadata.javaee.jboss.RunAsIdentityMetaData)
Example 3 with RunAs
use of org.jboss.security.RunAs in project wildfly by wildfly.
the class SecurityActions method popRunAsIdentity.
/**
* Removes the run as identity
*
* @return the identity removed
*/
static RunAs popRunAsIdentity(final SecurityContext sc) {
if (WildFlySecurityManager.isChecking()) {
return AccessController.doPrivileged(new PrivilegedAction<RunAs>() {
@Override
public RunAs run() {
if (sc == null) {
throw UndertowLogger.ROOT_LOGGER.noSecurityContext();
}
RunAs principal = sc.getOutgoingRunAs();
sc.setOutgoingRunAs(null);
return principal;
}
});
} else {
if (sc == null) {
throw UndertowLogger.ROOT_LOGGER.noSecurityContext();
}
RunAs principal = sc.getOutgoingRunAs();
sc.setOutgoingRunAs(null);
return principal;
}
}
Also used :
RunAs(org.jboss.security.RunAs)
Example 4 with RunAs
use of org.jboss.security.RunAs in project wildfly by wildfly.
the class SecurityActions method setRunAsIdentity.
/**
* Sets the run as identity
*
* @param principal the identity
*/
static RunAs setRunAsIdentity(final RunAs principal, final SecurityContext sc) {
if (WildFlySecurityManager.isChecking()) {
return WildFlySecurityManager.doUnchecked(new PrivilegedAction<RunAs>() {
@Override
public RunAs run() {
if (sc == null) {
throw UndertowLogger.ROOT_LOGGER.noSecurityContext();
}
RunAs old = sc.getOutgoingRunAs();
sc.setOutgoingRunAs(principal);
return old;
}
});
} else {
if (sc == null) {
throw UndertowLogger.ROOT_LOGGER.noSecurityContext();
}
RunAs old = sc.getOutgoingRunAs();
sc.setOutgoingRunAs(principal);
return old;
}
}
Also used :
RunAs(org.jboss.security.RunAs)
Example 5 with RunAs
use of org.jboss.security.RunAs in project wildfly by wildfly.
the class SecurityContextAssociationHandler method handleRequest.
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
SecurityContext sc = exchange.getAttachment(UndertowSecurityAttachments.SECURITY_CONTEXT_ATTACHMENT);
RunAsIdentityMetaData identity = null;
RunAs old = null;
try {
final ServletChain servlet = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getCurrentServlet();
identity = runAsIdentityMetaDataMap.get(servlet.getManagedServlet().getServletInfo().getName());
RunAsIdentity runAsIdentity = null;
if (identity != null) {
UndertowLogger.ROOT_LOGGER.tracef("%s, runAs: %s", servlet.getManagedServlet().getServletInfo().getName(), identity);
runAsIdentity = new RunAsIdentity(identity.getRoleName(), identity.getPrincipalName(), identity.getRunAsRoles());
}
old = SecurityActions.setRunAsIdentity(runAsIdentity, sc);
// Perform the request
next.handleRequest(exchange);
} finally {
if (identity != null) {
SecurityActions.setRunAsIdentity(old, sc);
}
}
}
Also used :
ServletChain(io.undertow.servlet.handlers.ServletChain)
RunAs(org.jboss.security.RunAs)
SecurityContext(org.jboss.security.SecurityContext)
RunAsIdentity(org.jboss.security.RunAsIdentity)
RunAsIdentityMetaData(org.jboss.metadata.javaee.jboss.RunAsIdentityMetaData)
Aggregations
RunAs (org.jboss.security.RunAs)8
RunAsIdentity (org.jboss.security.RunAsIdentity)5
SecurityContext (org.jboss.security.SecurityContext)5
SecurityContextUtil (org.jboss.security.SecurityContextUtil)3
Principal (java.security.Principal)2
RemotingConnectionCredential (org.jboss.as.security.remoting.RemotingConnectionCredential)2
RunAsIdentityMetaData (org.jboss.metadata.javaee.jboss.RunAsIdentityMetaData)2
SimplePrincipal (org.jboss.security.SimplePrincipal)2
ServletChain (io.undertow.servlet.handlers.ServletChain)1
Subject (javax.security.auth.Subject)1
Connection (org.jboss.remoting3.Connection)1
Any (org.omg.CORBA.Any)1
EstablishContext (org.omg.CSI.EstablishContext)1
IdentityToken (org.omg.CSI.IdentityToken)1
SASContextBody (org.omg.CSI.SASContextBody)1
CompoundSecMech (org.omg.CSIIOP.CompoundSecMech)1
InitialContextToken (org.omg.GSSUP.InitialContextToken)1
InvalidTypeForEncoding (org.omg.IOP.CodecPackage.InvalidTypeForEncoding)1
ServiceContext (org.omg.IOP.ServiceContext)1
IdentityCredentials (org.wildfly.security.auth.server.IdentityCredentials)1
