Search in sources :

Example 16 with SecurityContext

use of org.jboss.security.SecurityContext in project wildfly by wildfly.

the class SecurityActions method getSubject.

static Subject getSubject() {
    if (WildFlySecurityManager.isChecking()) {
        return doPrivileged(new PrivilegedAction<Subject>() {

            public Subject run() {
                Subject subject = null;
                SecurityContext sc = getSecurityContext();
                if (sc != null) {
                    subject = sc.getUtil().getSubject();
                }
                return subject;
            }
        });
    } else {
        Subject subject = null;
        SecurityContext sc = getSecurityContext();
        if (sc != null) {
            subject = sc.getUtil().getSubject();
        }
        return subject;
    }
}
Also used : SecurityContext(org.jboss.security.SecurityContext) Subject(javax.security.auth.Subject)

Example 17 with SecurityContext

use of org.jboss.security.SecurityContext in project wildfly by wildfly.

the class JAASIdentityManagerImpl method verifyCredential.

private Account verifyCredential(final AccountImpl account, final Object credential) {
    final AuthenticationManager authenticationManager = securityDomainContext.getAuthenticationManager();
    final AuthorizationManager authorizationManager = securityDomainContext.getAuthorizationManager();
    final SecurityContext sc = SecurityActions.getSecurityContext();
    Principal incomingPrincipal = account.getOriginalPrincipal();
    Subject subject = new Subject();
    try {
        boolean isValid = authenticationManager.isValid(incomingPrincipal, credential, subject);
        if (isValid) {
            UndertowLogger.ROOT_LOGGER.tracef("User: %s is authenticated", incomingPrincipal);
            if (sc == null) {
                throw UndertowLogger.ROOT_LOGGER.noSecurityContext();
            }
            Principal userPrincipal = getPrincipal(subject);
            sc.getUtil().createSubjectInfo(incomingPrincipal, credential, subject);
            SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(sc);
            RoleGroup roles = authorizationManager.getSubjectRoles(subject, scb);
            Set<String> roleSet = new HashSet<>();
            for (Role role : roles.getRoles()) {
                roleSet.add(role.getRoleName());
            }
            return new AccountImpl(userPrincipal, roleSet, credential, account.getOriginalPrincipal());
        }
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
    return null;
}
Also used : SecurityContextCallbackHandler(org.jboss.security.callbacks.SecurityContextCallbackHandler) Subject(javax.security.auth.Subject) RoleGroup(org.jboss.security.identity.RoleGroup) AuthenticationManager(org.jboss.security.AuthenticationManager) Role(org.jboss.security.identity.Role) SecurityContext(org.jboss.security.SecurityContext) AuthorizationManager(org.jboss.security.AuthorizationManager) Principal(java.security.Principal) HashSet(java.util.HashSet)

Example 18 with SecurityContext

use of org.jboss.security.SecurityContext in project wildfly by wildfly.

the class JbossAuthorizationManager method isUserInRole.

@Override
public boolean isUserInRole(String role, Account account, ServletInfo servletInfo, HttpServletRequest request, Deployment deployment) {
    boolean authzDecision = true;
    boolean baseDecision = delegate.isUserInRole(role, account, servletInfo, request, deployment);
    // if the RealmBase check has passed, then we can go to authz framework
    if (baseDecision) {
        String servletName = servletInfo.getName();
        String roleName = role;
        List<SecurityRoleRef> roleRefs = servletInfo.getSecurityRoleRefs();
        if (roleRefs != null) {
            for (SecurityRoleRef ref : roleRefs) {
                if (ref.getLinkedRole().equals(role)) {
                    roleName = ref.getRole();
                    break;
                }
            }
        }
        SecurityContext sc = SecurityActions.getSecurityContext();
        AbstractWebAuthorizationHelper helper = null;
        try {
            helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
        } catch (Exception e) {
            UndertowLogger.ROOT_LOGGER.noAuthorizationHelper(e);
            return false;
        }
        Subject callerSubject = sc.getUtil().getSubject();
        //if (callerSubject == null) {
        //    // During hasResourcePermission check, Catalina calls hasRole. But we have not established
        //    // a subject yet in the security context. So we will get the subject from the cached principal
        //    callerSubject = getSubjectFromRequestPrincipal(principal);
        //}
        authzDecision = helper.hasRole(roleName, account.getPrincipal(), servletName, getPrincipalRoles(account), PolicyContext.getContextID(), callerSubject, new ArrayList<String>(account.getRoles()));
    }
    boolean finalDecision = baseDecision && authzDecision;
    UndertowLogger.ROOT_LOGGER.tracef("hasRole:RealmBase says: %s ::Authz framework says: %s :final= %s", baseDecision, authzDecision, finalDecision);
    return finalDecision;
}
Also used : SecurityContext(org.jboss.security.SecurityContext) ArrayList(java.util.ArrayList) AbstractWebAuthorizationHelper(org.jboss.security.javaee.AbstractWebAuthorizationHelper) SecurityRoleRef(io.undertow.servlet.api.SecurityRoleRef) IOException(java.io.IOException) Subject(javax.security.auth.Subject)

Example 19 with SecurityContext

use of org.jboss.security.SecurityContext in project wildfly by wildfly.

the class JbossAuthorizationManager method hasUserDataPermission.

public boolean hasUserDataPermission(HttpServletRequest request, HttpServletResponse response, Account account, List<SingleConstraintMatch> constraints) {
    Map<String, Object> map = new HashMap<String, Object>();
    map.put("securityConstraints", constraints);
    map.put(ResourceKeys.USERDATA_PERM_CHECK, Boolean.TRUE);
    SecurityContext sc = SecurityActions.getSecurityContext();
    AbstractWebAuthorizationHelper helper = null;
    try {
        helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
    } catch (Exception e) {
        UndertowLogger.ROOT_LOGGER.noAuthorizationHelper(e);
        return false;
    }
    Subject callerSubject = sc.getUtil().getSubject();
    // JBAS-6419:CallerSubject has no bearing on the user data permission check
    if (callerSubject == null) {
        callerSubject = new Subject();
    }
    ArrayList<String> roles = new ArrayList<String>();
    if (account != null) {
        roles.addAll(account.getRoles());
    }
    boolean ok = helper.hasUserDataPermission(map, request, response, PolicyContext.getContextID(), callerSubject, roles);
    //If the status of the response has already been changed (it is different from the default Response.SC_OK) we should not attempt to change it.
    if (!ok && response.getStatus() == HttpServletResponse.SC_OK) {
        try {
            response.sendError(HttpServletResponse.SC_FORBIDDEN);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
    return ok;
}
Also used : HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) AbstractWebAuthorizationHelper(org.jboss.security.javaee.AbstractWebAuthorizationHelper) IOException(java.io.IOException) IOException(java.io.IOException) Subject(javax.security.auth.Subject) SecurityContext(org.jboss.security.SecurityContext)

Example 20 with SecurityContext

use of org.jboss.security.SecurityContext in project wildfly by wildfly.

the class SecurityActions method getSubject.

static Subject getSubject() {
    if (WildFlySecurityManager.isChecking()) {
        return doPrivileged(new PrivilegedAction<Subject>() {

            public Subject run() {
                Subject subject = null;
                SecurityContext sc = getSecurityContext();
                if (sc != null) {
                    subject = sc.getUtil().getSubject();
                }
                return subject;
            }
        });
    } else {
        Subject subject = null;
        SecurityContext sc = getSecurityContext();
        if (sc != null) {
            subject = sc.getUtil().getSubject();
        }
        return subject;
    }
}
Also used : SecurityContext(org.jboss.security.SecurityContext) Subject(javax.security.auth.Subject)

Aggregations

SecurityContext (org.jboss.security.SecurityContext)26 Subject (javax.security.auth.Subject)10 Principal (java.security.Principal)9 SimplePrincipal (org.jboss.security.SimplePrincipal)7 RunAs (org.jboss.security.RunAs)5 RunAsIdentity (org.jboss.security.RunAsIdentity)5 Connection (org.jboss.remoting3.Connection)4 SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)4 IOException (java.io.IOException)3 PrivilegedAction (java.security.PrivilegedAction)3 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3 HashSet (java.util.HashSet)3 InterceptorContext (org.jboss.invocation.InterceptorContext)3 Set (java.util.Set)2 StartupCountdown (org.jboss.as.ee.component.deployers.StartupCountdown)2 SessionBeanComponent (org.jboss.as.ejb3.component.session.SessionBeanComponent)2 RemotingConnectionCredential (org.jboss.as.security.remoting.RemotingConnectionCredential)2 SecurityContextUtil (org.jboss.security.SecurityContextUtil)2 EJBResource (org.jboss.security.authorization.resources.EJBResource)2