use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class SimpleSecurityManager method isCallerInRole.
/**
* @param ejbName The name of the EJB component where isCallerInRole was invoked.
* @param incommingMappedRoles The principal vs roles mapping (if any). Can be null.
* @param roleLinks The role link map where the key is an alias role name and the value is the collection of
* role names, that alias represents. Can be null.
* @param roleNames The role names for which the caller is being checked for
* @return true if the user is in <b>any</b> one of the <code>roleNames</code>. Else returns false
*/
public boolean isCallerInRole(final String ejbName, final String policyContextID, final Object incommingMappedRoles, final Map<String, Collection<String>> roleLinks, final String... roleNames) {
final SecurityContext securityContext = doPrivileged(securityContext());
if (securityContext == null) {
return false;
}
final EJBResource resource = new EJBResource(new HashMap<String, Object>());
resource.setEjbName(ejbName);
resource.setPolicyContextID(policyContextID);
resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs());
resource.setCallerSubject(securityContext.getUtil().getSubject());
Principal userPrincipal = securityContext.getUtil().getUserPrincipal();
resource.setPrincipal(userPrincipal);
if (roleLinks != null) {
final Set<SecurityRoleRef> roleRefs = new HashSet<SecurityRoleRef>();
for (String key : roleLinks.keySet()) {
Collection<String> values = roleLinks.get(key);
if (values != null) {
for (String value : values) roleRefs.add(new SecurityRoleRef(key, value));
}
}
resource.setSecurityRoleReferences(roleRefs);
}
Map<String, Set<String>> previousRolesAssociationMap = null;
try {
// ensure the security roles association contains the incoming principal x roles map.
if (incommingMappedRoles != null) {
SecurityRolesMetaData rolesMetaData = (SecurityRolesMetaData) incommingMappedRoles;
previousRolesAssociationMap = this.setSecurityRolesAssociation(rolesMetaData.getPrincipalVersusRolesMap());
}
AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext);
for (String roleName : roleNames) {
if (helper.isCallerInRole(resource, roleName)) {
return true;
}
}
return false;
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
// reset the security roles association state.
if (incommingMappedRoles != null) {
this.setSecurityRolesAssociation(previousRolesAssociationMap);
}
}
}
use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class SimpleSecurityManager method pop.
/**
* Must be called from within a privileged action.
*/
public void pop() {
final SecurityContext sc = contexts.pop();
SecurityContextAssociation.setSecurityContext(sc);
}
use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class SimpleSecurityManager method establishSecurityContext.
private SecurityContext establishSecurityContext(final String securityDomain) {
// Do not use SecurityFactory.establishSecurityContext, its static init is broken.
try {
final SecurityContext securityContext = SecurityContextFactory.createSecurityContext(securityDomain);
if (securityManagement == null)
throw SecurityLogger.ROOT_LOGGER.securityManagementNotInjected();
securityContext.setSecurityManagement(securityManagement);
SecurityContextAssociation.setSecurityContext(securityContext);
return securityContext;
} catch (Exception e) {
throw SecurityLogger.ROOT_LOGGER.securityException(e);
}
}
use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class SecurityActions method getCredential.
static Object getCredential() {
if (WildFlySecurityManager.isChecking()) {
return doPrivileged(new PrivilegedAction<Object>() {
public Object run() {
Object credential = null;
SecurityContext sc = getSecurityContext();
if (sc != null) {
credential = sc.getUtil().getCredential();
}
return credential;
}
});
} else {
Object credential = null;
SecurityContext sc = getSecurityContext();
if (sc != null) {
credential = sc.getUtil().getCredential();
}
return credential;
}
}
use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class WildFlySecurityManager method validateUserAndRole.
@Override
public boolean validateUserAndRole(final String username, final String password, final Set<Role> roles, final CheckType checkType) {
if (defaultUser.equals(username) && defaultPassword.equals(password))
return true;
if (securityDomainContext == null)
throw MessagingLogger.ROOT_LOGGER.securityDomainContextNotSet();
final Subject subject = new Subject();
// The authentication call here changes the subject and that subject must be used later. That is why we don't call validateUser(String, String) here.
boolean authenticated = securityDomainContext.getAuthenticationManager().isValid(new SimplePrincipal(username), password, subject);
if (authenticated) {
authenticated = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
@Override
public Boolean run() {
final SimplePrincipal principal = new SimplePrincipal(username);
// push a new security context if there is not one.
final SecurityContext currentSecurityContext = SecurityContextAssociation.getSecurityContext();
final SecurityContext securityContext;
if (currentSecurityContext == null) {
try {
securityContext = SecurityContextFactory.createSecurityContext(principal, password, subject, securityDomainContext.getAuthenticationManager().getSecurityDomain());
} catch (Exception e) {
throw new RuntimeException(e);
}
} else {
securityContext = currentSecurityContext;
securityContext.getUtil().createSubjectInfo(principal, password, subject);
}
SecurityContextAssociation.setSecurityContext(securityContext);
final Set<Principal> principals = new HashSet<Principal>();
for (Role role : roles) {
if (checkType.hasRole(role)) {
principals.add(new SimplePrincipal(role.getName()));
}
}
final boolean authenticated = securityDomainContext.getAuthorizationManager().doesUserHaveRole(new SimplePrincipal(username), principals);
// restore the previous security context if any
SecurityContextAssociation.setSecurityContext(currentSecurityContext);
return authenticated;
}
});
}
return authenticated;
}
Aggregations