use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class SecurityActions method getSubject.
static Subject getSubject() {
if (WildFlySecurityManager.isChecking()) {
return doPrivileged(new PrivilegedAction<Subject>() {
public Subject run() {
Subject subject = null;
SecurityContext sc = getSecurityContext();
if (sc != null) {
subject = sc.getUtil().getSubject();
}
return subject;
}
});
} else {
Subject subject = null;
SecurityContext sc = getSecurityContext();
if (sc != null) {
subject = sc.getUtil().getSubject();
}
return subject;
}
}
use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class JAASIdentityManagerImpl method verifyCredential.
private Account verifyCredential(final AccountImpl account, final Object credential) {
final AuthenticationManager authenticationManager = securityDomainContext.getAuthenticationManager();
final AuthorizationManager authorizationManager = securityDomainContext.getAuthorizationManager();
final SecurityContext sc = SecurityActions.getSecurityContext();
Principal incomingPrincipal = account.getOriginalPrincipal();
Subject subject = new Subject();
try {
boolean isValid = authenticationManager.isValid(incomingPrincipal, credential, subject);
if (isValid) {
UndertowLogger.ROOT_LOGGER.tracef("User: %s is authenticated", incomingPrincipal);
if (sc == null) {
throw UndertowLogger.ROOT_LOGGER.noSecurityContext();
}
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(incomingPrincipal, credential, subject);
SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(sc);
RoleGroup roles = authorizationManager.getSubjectRoles(subject, scb);
Set<String> roleSet = new HashSet<>();
for (Role role : roles.getRoles()) {
roleSet.add(role.getRoleName());
}
return new AccountImpl(userPrincipal, roleSet, credential, account.getOriginalPrincipal());
}
} catch (Exception e) {
throw new RuntimeException(e);
}
return null;
}
use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class JbossAuthorizationManager method isUserInRole.
@Override
public boolean isUserInRole(String role, Account account, ServletInfo servletInfo, HttpServletRequest request, Deployment deployment) {
boolean authzDecision = true;
boolean baseDecision = delegate.isUserInRole(role, account, servletInfo, request, deployment);
// if the RealmBase check has passed, then we can go to authz framework
if (baseDecision) {
String servletName = servletInfo.getName();
String roleName = role;
List<SecurityRoleRef> roleRefs = servletInfo.getSecurityRoleRefs();
if (roleRefs != null) {
for (SecurityRoleRef ref : roleRefs) {
if (ref.getLinkedRole().equals(role)) {
roleName = ref.getRole();
break;
}
}
}
SecurityContext sc = SecurityActions.getSecurityContext();
AbstractWebAuthorizationHelper helper = null;
try {
helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
} catch (Exception e) {
UndertowLogger.ROOT_LOGGER.noAuthorizationHelper(e);
return false;
}
Subject callerSubject = sc.getUtil().getSubject();
//if (callerSubject == null) {
// // During hasResourcePermission check, Catalina calls hasRole. But we have not established
// // a subject yet in the security context. So we will get the subject from the cached principal
// callerSubject = getSubjectFromRequestPrincipal(principal);
//}
authzDecision = helper.hasRole(roleName, account.getPrincipal(), servletName, getPrincipalRoles(account), PolicyContext.getContextID(), callerSubject, new ArrayList<String>(account.getRoles()));
}
boolean finalDecision = baseDecision && authzDecision;
UndertowLogger.ROOT_LOGGER.tracef("hasRole:RealmBase says: %s ::Authz framework says: %s :final= %s", baseDecision, authzDecision, finalDecision);
return finalDecision;
}
use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class JbossAuthorizationManager method hasUserDataPermission.
public boolean hasUserDataPermission(HttpServletRequest request, HttpServletResponse response, Account account, List<SingleConstraintMatch> constraints) {
Map<String, Object> map = new HashMap<String, Object>();
map.put("securityConstraints", constraints);
map.put(ResourceKeys.USERDATA_PERM_CHECK, Boolean.TRUE);
SecurityContext sc = SecurityActions.getSecurityContext();
AbstractWebAuthorizationHelper helper = null;
try {
helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
} catch (Exception e) {
UndertowLogger.ROOT_LOGGER.noAuthorizationHelper(e);
return false;
}
Subject callerSubject = sc.getUtil().getSubject();
// JBAS-6419:CallerSubject has no bearing on the user data permission check
if (callerSubject == null) {
callerSubject = new Subject();
}
ArrayList<String> roles = new ArrayList<String>();
if (account != null) {
roles.addAll(account.getRoles());
}
boolean ok = helper.hasUserDataPermission(map, request, response, PolicyContext.getContextID(), callerSubject, roles);
//If the status of the response has already been changed (it is different from the default Response.SC_OK) we should not attempt to change it.
if (!ok && response.getStatus() == HttpServletResponse.SC_OK) {
try {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
return ok;
}
use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class SecurityActions method getSubject.
static Subject getSubject() {
if (WildFlySecurityManager.isChecking()) {
return doPrivileged(new PrivilegedAction<Subject>() {
public Subject run() {
Subject subject = null;
SecurityContext sc = getSecurityContext();
if (sc != null) {
subject = sc.getUtil().getSubject();
}
return subject;
}
});
} else {
Subject subject = null;
SecurityContext sc = getSecurityContext();
if (sc != null) {
subject = sc.getUtil().getSubject();
}
return subject;
}
}
Aggregations