Search in sources :

Example 21 with SecurityContext

use of org.jboss.security.SecurityContext in project wildfly by wildfly.

the class SecurityContextAssociationHandler method handleRequest.

@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
    SecurityContext sc = exchange.getAttachment(UndertowSecurityAttachments.SECURITY_CONTEXT_ATTACHMENT);
    RunAsIdentityMetaData identity = null;
    RunAs old = null;
    try {
        final ServletChain servlet = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getCurrentServlet();
        identity = runAsIdentityMetaDataMap.get(servlet.getManagedServlet().getServletInfo().getName());
        RunAsIdentity runAsIdentity = null;
        if (identity != null) {
            UndertowLogger.ROOT_LOGGER.tracef("%s, runAs: %s", servlet.getManagedServlet().getServletInfo().getName(), identity);
            runAsIdentity = new RunAsIdentity(identity.getRoleName(), identity.getPrincipalName(), identity.getRunAsRoles());
        }
        old = SecurityActions.setRunAsIdentity(runAsIdentity, sc);
        // Perform the request
        next.handleRequest(exchange);
    } finally {
        if (identity != null) {
            SecurityActions.setRunAsIdentity(old, sc);
        }
    }
}
Also used : ServletChain(io.undertow.servlet.handlers.ServletChain) RunAs(org.jboss.security.RunAs) SecurityContext(org.jboss.security.SecurityContext) RunAsIdentity(org.jboss.security.RunAsIdentity) RunAsIdentityMetaData(org.jboss.metadata.javaee.jboss.RunAsIdentityMetaData)

Example 22 with SecurityContext

use of org.jboss.security.SecurityContext in project wildfly by wildfly.

the class SecurityContextHandle method setup.

@Override
public Handle setup() {
    final SecurityContext current = getSecurityContext();
    setSecurityContext(securityContext);
    return new Handle() {

        @Override
        public void tearDown() {
            setSecurityContext(current);
        }
    };
}
Also used : SecurityContext(org.jboss.security.SecurityContext)

Example 23 with SecurityContext

use of org.jboss.security.SecurityContext in project wildfly by wildfly.

the class SimpleSecurityManager method authenticate.

public void authenticate(final String runAs, final String runAsPrincipal, final Set<String> extraRoles) {
    SecurityContext current = SecurityContextAssociation.getSecurityContext();
    SecurityContext previous = contexts.peek();
    // skip reauthentication if the current context already has an authenticated subject (copied from the previous context
    // upon creation - see push method) and if both contexts use the same security domain.
    boolean skipReauthentication = current.getSubjectInfo() != null && current.getSubjectInfo().getAuthenticatedSubject() != null && previous != null && current.getSecurityDomain().equals(previous.getSecurityDomain());
    if (!skipReauthentication) {
        SecurityContextUtil util = current.getUtil();
        Object credential = util.getCredential();
        Subject subject = null;
        if (credential instanceof RemotingConnectionCredential) {
            subject = ((RemotingConnectionCredential) credential).getSubject();
        }
        if (authenticate(current, subject) == false) {
            throw SecurityLogger.ROOT_LOGGER.invalidUserException();
        }
    }
    // setup the run-as identity.
    if (runAs != null) {
        RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles);
        current.setOutgoingRunAs(runAsIdentity);
    } else if (propagate && previous != null && previous.getOutgoingRunAs() != null) {
        // Ensure the propagation continues.
        current.setOutgoingRunAs(previous.getOutgoingRunAs());
    }
}
Also used : SecurityContextUtil(org.jboss.security.SecurityContextUtil) RunAs(org.jboss.security.RunAs) SecurityContext(org.jboss.security.SecurityContext) RunAsIdentity(org.jboss.security.RunAsIdentity) RemotingConnectionCredential(org.jboss.as.security.remoting.RemotingConnectionCredential) Subject(javax.security.auth.Subject)

Example 24 with SecurityContext

use of org.jboss.security.SecurityContext in project wildfly by wildfly.

the class SimpleSecurityManager method push.

public void push(final String securityDomain, String userName, char[] password, final Subject subject) {
    final SecurityContext previous = SecurityContextAssociation.getSecurityContext();
    contexts.push(previous);
    SecurityContext current = establishSecurityContext(securityDomain);
    if (propagate && previous != null) {
        current.setSubjectInfo(getSubjectInfo(previous));
        current.setIncomingRunAs(previous.getOutgoingRunAs());
    }
    RunAs currentRunAs = current.getIncomingRunAs();
    boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;
    if (trusted == false) {
        SecurityContextUtil util = current.getUtil();
        util.createSubjectInfo(new SimplePrincipal(userName), new String(password), subject);
    }
}
Also used : SecurityContextUtil(org.jboss.security.SecurityContextUtil) RunAs(org.jboss.security.RunAs) SecurityContext(org.jboss.security.SecurityContext) RunAsIdentity(org.jboss.security.RunAsIdentity) SimplePrincipal(org.jboss.security.SimplePrincipal)

Example 25 with SecurityContext

use of org.jboss.security.SecurityContext in project wildfly by wildfly.

the class SecurityActions method getPrincipal.

static Principal getPrincipal() {
    if (WildFlySecurityManager.isChecking()) {
        return doPrivileged(new PrivilegedAction<Principal>() {

            public Principal run() {
                Principal principal = null;
                SecurityContext sc = getSecurityContext();
                if (sc != null) {
                    principal = sc.getUtil().getUserPrincipal();
                }
                return principal;
            }
        });
    } else {
        Principal principal = null;
        SecurityContext sc = getSecurityContext();
        if (sc != null) {
            principal = sc.getUtil().getUserPrincipal();
        }
        return principal;
    }
}
Also used : SecurityContext(org.jboss.security.SecurityContext) Principal(java.security.Principal)

Aggregations

SecurityContext (org.jboss.security.SecurityContext)26 Subject (javax.security.auth.Subject)10 Principal (java.security.Principal)9 SimplePrincipal (org.jboss.security.SimplePrincipal)7 RunAs (org.jboss.security.RunAs)5 RunAsIdentity (org.jboss.security.RunAsIdentity)5 Connection (org.jboss.remoting3.Connection)4 SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)4 IOException (java.io.IOException)3 PrivilegedAction (java.security.PrivilegedAction)3 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3 HashSet (java.util.HashSet)3 InterceptorContext (org.jboss.invocation.InterceptorContext)3 Set (java.util.Set)2 StartupCountdown (org.jboss.as.ee.component.deployers.StartupCountdown)2 SessionBeanComponent (org.jboss.as.ejb3.component.session.SessionBeanComponent)2 RemotingConnectionCredential (org.jboss.as.security.remoting.RemotingConnectionCredential)2 SecurityContextUtil (org.jboss.security.SecurityContextUtil)2 EJBResource (org.jboss.security.authorization.resources.EJBResource)2