Search in sources :

Example 11 with SecurityContext

use of org.jboss.security.SecurityContext in project wildfly by wildfly.

the class SimpleSecurityManager method isCallerInRole.

/**
     * @param ejbName              The name of the EJB component where isCallerInRole was invoked.
     * @param incommingMappedRoles The principal vs roles mapping (if any). Can be null.
     * @param roleLinks            The role link map where the key is an alias role name and the value is the collection of
     *                             role names, that alias represents. Can be null.
     * @param roleNames            The role names for which the caller is being checked for
     * @return true if the user is in <b>any</b> one of the <code>roleNames</code>. Else returns false
     */
public boolean isCallerInRole(final String ejbName, final String policyContextID, final Object incommingMappedRoles, final Map<String, Collection<String>> roleLinks, final String... roleNames) {
    final SecurityContext securityContext = doPrivileged(securityContext());
    if (securityContext == null) {
        return false;
    }
    final EJBResource resource = new EJBResource(new HashMap<String, Object>());
    resource.setEjbName(ejbName);
    resource.setPolicyContextID(policyContextID);
    resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs());
    resource.setCallerSubject(securityContext.getUtil().getSubject());
    Principal userPrincipal = securityContext.getUtil().getUserPrincipal();
    resource.setPrincipal(userPrincipal);
    if (roleLinks != null) {
        final Set<SecurityRoleRef> roleRefs = new HashSet<SecurityRoleRef>();
        for (String key : roleLinks.keySet()) {
            Collection<String> values = roleLinks.get(key);
            if (values != null) {
                for (String value : values) roleRefs.add(new SecurityRoleRef(key, value));
            }
        }
        resource.setSecurityRoleReferences(roleRefs);
    }
    Map<String, Set<String>> previousRolesAssociationMap = null;
    try {
        // ensure the security roles association contains the incoming principal x roles map.
        if (incommingMappedRoles != null) {
            SecurityRolesMetaData rolesMetaData = (SecurityRolesMetaData) incommingMappedRoles;
            previousRolesAssociationMap = this.setSecurityRolesAssociation(rolesMetaData.getPrincipalVersusRolesMap());
        }
        AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext);
        for (String roleName : roleNames) {
            if (helper.isCallerInRole(resource, roleName)) {
                return true;
            }
        }
        return false;
    } catch (Exception e) {
        throw new RuntimeException(e);
    } finally {
        // reset the security roles association state.
        if (incommingMappedRoles != null) {
            this.setSecurityRolesAssociation(previousRolesAssociationMap);
        }
    }
}
Also used : EJBResource(org.jboss.security.authorization.resources.EJBResource) HashSet(java.util.HashSet) Set(java.util.Set) SecurityRolesMetaData(org.jboss.metadata.javaee.spec.SecurityRolesMetaData) SecurityRoleRef(org.jboss.security.javaee.SecurityRoleRef) AbstractEJBAuthorizationHelper(org.jboss.security.javaee.AbstractEJBAuthorizationHelper) SecurityContext(org.jboss.security.SecurityContext) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) HashSet(java.util.HashSet)

Example 12 with SecurityContext

use of org.jboss.security.SecurityContext in project wildfly by wildfly.

the class SimpleSecurityManager method pop.

/**
     * Must be called from within a privileged action.
     */
public void pop() {
    final SecurityContext sc = contexts.pop();
    SecurityContextAssociation.setSecurityContext(sc);
}
Also used : SecurityContext(org.jboss.security.SecurityContext)

Example 13 with SecurityContext

use of org.jboss.security.SecurityContext in project wildfly by wildfly.

the class SimpleSecurityManager method establishSecurityContext.

private SecurityContext establishSecurityContext(final String securityDomain) {
    // Do not use SecurityFactory.establishSecurityContext, its static init is broken.
    try {
        final SecurityContext securityContext = SecurityContextFactory.createSecurityContext(securityDomain);
        if (securityManagement == null)
            throw SecurityLogger.ROOT_LOGGER.securityManagementNotInjected();
        securityContext.setSecurityManagement(securityManagement);
        SecurityContextAssociation.setSecurityContext(securityContext);
        return securityContext;
    } catch (Exception e) {
        throw SecurityLogger.ROOT_LOGGER.securityException(e);
    }
}
Also used : SecurityContext(org.jboss.security.SecurityContext)

Example 14 with SecurityContext

use of org.jboss.security.SecurityContext in project wildfly by wildfly.

the class SecurityActions method getCredential.

static Object getCredential() {
    if (WildFlySecurityManager.isChecking()) {
        return doPrivileged(new PrivilegedAction<Object>() {

            public Object run() {
                Object credential = null;
                SecurityContext sc = getSecurityContext();
                if (sc != null) {
                    credential = sc.getUtil().getCredential();
                }
                return credential;
            }
        });
    } else {
        Object credential = null;
        SecurityContext sc = getSecurityContext();
        if (sc != null) {
            credential = sc.getUtil().getCredential();
        }
        return credential;
    }
}
Also used : SecurityContext(org.jboss.security.SecurityContext)

Example 15 with SecurityContext

use of org.jboss.security.SecurityContext in project wildfly by wildfly.

the class WildFlySecurityManager method validateUserAndRole.

@Override
public boolean validateUserAndRole(final String username, final String password, final Set<Role> roles, final CheckType checkType) {
    if (defaultUser.equals(username) && defaultPassword.equals(password))
        return true;
    if (securityDomainContext == null)
        throw MessagingLogger.ROOT_LOGGER.securityDomainContextNotSet();
    final Subject subject = new Subject();
    // The authentication call here changes the subject and that subject must be used later.  That is why we don't call validateUser(String, String) here.
    boolean authenticated = securityDomainContext.getAuthenticationManager().isValid(new SimplePrincipal(username), password, subject);
    if (authenticated) {
        authenticated = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {

            @Override
            public Boolean run() {
                final SimplePrincipal principal = new SimplePrincipal(username);
                // push a new security context if there is not one.
                final SecurityContext currentSecurityContext = SecurityContextAssociation.getSecurityContext();
                final SecurityContext securityContext;
                if (currentSecurityContext == null) {
                    try {
                        securityContext = SecurityContextFactory.createSecurityContext(principal, password, subject, securityDomainContext.getAuthenticationManager().getSecurityDomain());
                    } catch (Exception e) {
                        throw new RuntimeException(e);
                    }
                } else {
                    securityContext = currentSecurityContext;
                    securityContext.getUtil().createSubjectInfo(principal, password, subject);
                }
                SecurityContextAssociation.setSecurityContext(securityContext);
                final Set<Principal> principals = new HashSet<Principal>();
                for (Role role : roles) {
                    if (checkType.hasRole(role)) {
                        principals.add(new SimplePrincipal(role.getName()));
                    }
                }
                final boolean authenticated = securityDomainContext.getAuthorizationManager().doesUserHaveRole(new SimplePrincipal(username), principals);
                // restore the previous security context if any
                SecurityContextAssociation.setSecurityContext(currentSecurityContext);
                return authenticated;
            }
        });
    }
    return authenticated;
}
Also used : Role(org.apache.activemq.artemis.core.security.Role) PrivilegedAction(java.security.PrivilegedAction) SecurityContext(org.jboss.security.SecurityContext) Subject(javax.security.auth.Subject) SimplePrincipal(org.jboss.security.SimplePrincipal) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) HashSet(java.util.HashSet)

Aggregations

SecurityContext (org.jboss.security.SecurityContext)26 Subject (javax.security.auth.Subject)10 Principal (java.security.Principal)9 SimplePrincipal (org.jboss.security.SimplePrincipal)7 RunAs (org.jboss.security.RunAs)5 RunAsIdentity (org.jboss.security.RunAsIdentity)5 Connection (org.jboss.remoting3.Connection)4 SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)4 IOException (java.io.IOException)3 PrivilegedAction (java.security.PrivilegedAction)3 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3 HashSet (java.util.HashSet)3 InterceptorContext (org.jboss.invocation.InterceptorContext)3 Set (java.util.Set)2 StartupCountdown (org.jboss.as.ee.component.deployers.StartupCountdown)2 SessionBeanComponent (org.jboss.as.ejb3.component.session.SessionBeanComponent)2 RemotingConnectionCredential (org.jboss.as.security.remoting.RemotingConnectionCredential)2 SecurityContextUtil (org.jboss.security.SecurityContextUtil)2 EJBResource (org.jboss.security.authorization.resources.EJBResource)2