Example 16 with SecurityContext
use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class SecurityActions method getSubject.
static Subject getSubject() {
if (WildFlySecurityManager.isChecking()) {
return doPrivileged(new PrivilegedAction<Subject>() {
public Subject run() {
Subject subject = null;
SecurityContext sc = getSecurityContext();
if (sc != null) {
subject = sc.getUtil().getSubject();
}
return subject;
}
});
} else {
Subject subject = null;
SecurityContext sc = getSecurityContext();
if (sc != null) {
subject = sc.getUtil().getSubject();
}
return subject;
}
}
Also used :
SecurityContext(org.jboss.security.SecurityContext)
Subject(javax.security.auth.Subject)
Example 17 with SecurityContext
use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class JAASIdentityManagerImpl method verifyCredential.
private Account verifyCredential(final AccountImpl account, final Object credential) {
final AuthenticationManager authenticationManager = securityDomainContext.getAuthenticationManager();
final AuthorizationManager authorizationManager = securityDomainContext.getAuthorizationManager();
final SecurityContext sc = SecurityActions.getSecurityContext();
Principal incomingPrincipal = account.getOriginalPrincipal();
Subject subject = new Subject();
try {
boolean isValid = authenticationManager.isValid(incomingPrincipal, credential, subject);
if (isValid) {
UndertowLogger.ROOT_LOGGER.tracef("User: %s is authenticated", incomingPrincipal);
if (sc == null) {
throw UndertowLogger.ROOT_LOGGER.noSecurityContext();
}
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(incomingPrincipal, credential, subject);
SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(sc);
RoleGroup roles = authorizationManager.getSubjectRoles(subject, scb);
Set<String> roleSet = new HashSet<>();
for (Role role : roles.getRoles()) {
roleSet.add(role.getRoleName());
}
return new AccountImpl(userPrincipal, roleSet, credential, account.getOriginalPrincipal());
}
} catch (Exception e) {
throw new RuntimeException(e);
}
return null;
}
Also used :
SecurityContextCallbackHandler(org.jboss.security.callbacks.SecurityContextCallbackHandler)
Subject(javax.security.auth.Subject)
RoleGroup(org.jboss.security.identity.RoleGroup)
AuthenticationManager(org.jboss.security.AuthenticationManager)
Role(org.jboss.security.identity.Role)
SecurityContext(org.jboss.security.SecurityContext)
AuthorizationManager(org.jboss.security.AuthorizationManager)
Principal(java.security.Principal)
HashSet(java.util.HashSet)
Example 18 with SecurityContext
use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class JbossAuthorizationManager method isUserInRole.
@Override
public boolean isUserInRole(String role, Account account, ServletInfo servletInfo, HttpServletRequest request, Deployment deployment) {
boolean authzDecision = true;
boolean baseDecision = delegate.isUserInRole(role, account, servletInfo, request, deployment);
// if the RealmBase check has passed, then we can go to authz framework
if (baseDecision) {
String servletName = servletInfo.getName();
String roleName = role;
List<SecurityRoleRef> roleRefs = servletInfo.getSecurityRoleRefs();
if (roleRefs != null) {
for (SecurityRoleRef ref : roleRefs) {
if (ref.getLinkedRole().equals(role)) {
roleName = ref.getRole();
break;
}
}
}
SecurityContext sc = SecurityActions.getSecurityContext();
AbstractWebAuthorizationHelper helper = null;
try {
helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
} catch (Exception e) {
UndertowLogger.ROOT_LOGGER.noAuthorizationHelper(e);
return false;
}
Subject callerSubject = sc.getUtil().getSubject();
//if (callerSubject == null) {
// // During hasResourcePermission check, Catalina calls hasRole. But we have not established
// // a subject yet in the security context. So we will get the subject from the cached principal
// callerSubject = getSubjectFromRequestPrincipal(principal);
//}
authzDecision = helper.hasRole(roleName, account.getPrincipal(), servletName, getPrincipalRoles(account), PolicyContext.getContextID(), callerSubject, new ArrayList<String>(account.getRoles()));
}
boolean finalDecision = baseDecision && authzDecision;
UndertowLogger.ROOT_LOGGER.tracef("hasRole:RealmBase says: %s ::Authz framework says: %s :final= %s", baseDecision, authzDecision, finalDecision);
return finalDecision;
}
Also used :
SecurityContext(org.jboss.security.SecurityContext)
ArrayList(java.util.ArrayList)
AbstractWebAuthorizationHelper(org.jboss.security.javaee.AbstractWebAuthorizationHelper)
SecurityRoleRef(io.undertow.servlet.api.SecurityRoleRef)
IOException(java.io.IOException)
Subject(javax.security.auth.Subject)
Example 19 with SecurityContext
use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class JbossAuthorizationManager method hasUserDataPermission.
public boolean hasUserDataPermission(HttpServletRequest request, HttpServletResponse response, Account account, List<SingleConstraintMatch> constraints) {
Map<String, Object> map = new HashMap<String, Object>();
map.put("securityConstraints", constraints);
map.put(ResourceKeys.USERDATA_PERM_CHECK, Boolean.TRUE);
SecurityContext sc = SecurityActions.getSecurityContext();
AbstractWebAuthorizationHelper helper = null;
try {
helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
} catch (Exception e) {
UndertowLogger.ROOT_LOGGER.noAuthorizationHelper(e);
return false;
}
Subject callerSubject = sc.getUtil().getSubject();
// JBAS-6419:CallerSubject has no bearing on the user data permission check
if (callerSubject == null) {
callerSubject = new Subject();
}
ArrayList<String> roles = new ArrayList<String>();
if (account != null) {
roles.addAll(account.getRoles());
}
boolean ok = helper.hasUserDataPermission(map, request, response, PolicyContext.getContextID(), callerSubject, roles);
//If the status of the response has already been changed (it is different from the default Response.SC_OK) we should not attempt to change it.
if (!ok && response.getStatus() == HttpServletResponse.SC_OK) {
try {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
return ok;
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
AbstractWebAuthorizationHelper(org.jboss.security.javaee.AbstractWebAuthorizationHelper)
IOException(java.io.IOException)
IOException(java.io.IOException)
Subject(javax.security.auth.Subject)
SecurityContext(org.jboss.security.SecurityContext)
Example 20 with SecurityContext
use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class SecurityActions method getSubject.
static Subject getSubject() {
if (WildFlySecurityManager.isChecking()) {
return doPrivileged(new PrivilegedAction<Subject>() {
public Subject run() {
Subject subject = null;
SecurityContext sc = getSecurityContext();
if (sc != null) {
subject = sc.getUtil().getSubject();
}
return subject;
}
});
} else {
Subject subject = null;
SecurityContext sc = getSecurityContext();
if (sc != null) {
subject = sc.getUtil().getSubject();
}
return subject;
}
}
Also used :
SecurityContext(org.jboss.security.SecurityContext)
Subject(javax.security.auth.Subject)
Aggregations
SecurityContext (org.jboss.security.SecurityContext)26
Subject (javax.security.auth.Subject)10
Principal (java.security.Principal)9
SimplePrincipal (org.jboss.security.SimplePrincipal)7
RunAs (org.jboss.security.RunAs)5
RunAsIdentity (org.jboss.security.RunAsIdentity)5
Connection (org.jboss.remoting3.Connection)4
SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)4
IOException (java.io.IOException)3
PrivilegedAction (java.security.PrivilegedAction)3
ArrayList (java.util.ArrayList)3
HashMap (java.util.HashMap)3
HashSet (java.util.HashSet)3
InterceptorContext (org.jboss.invocation.InterceptorContext)3
Set (java.util.Set)2
StartupCountdown (org.jboss.as.ee.component.deployers.StartupCountdown)2
SessionBeanComponent (org.jboss.as.ejb3.component.session.SessionBeanComponent)2
RemotingConnectionCredential (org.jboss.as.security.remoting.RemotingConnectionCredential)2
SecurityContextUtil (org.jboss.security.SecurityContextUtil)2
EJBResource (org.jboss.security.authorization.resources.EJBResource)2
