Search in sources :

Example 26 with SecurityContext

use of org.jboss.security.SecurityContext in project wildfly by wildfly.

the class WildFlySecurityManager method validateUserAndRole.

@Override
public boolean validateUserAndRole(final String username, final String password, final Set<Role> roles, final CheckType checkType) {
    if (defaultUser.equals(username) && defaultPassword.equals(password))
        return true;
    if (securityDomainContext == null)
        throw MessagingLogger.ROOT_LOGGER.securityDomainContextNotSet();
    final Subject subject = new Subject();
    // The authentication call here changes the subject and that subject must be used later.  That is why we don't call validateUser(String, String) here.
    boolean authenticated = securityDomainContext.getAuthenticationManager().isValid(new SimplePrincipal(username), password, subject);
    if (authenticated) {
        authenticated = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {

            @Override
            public Boolean run() {
                final SimplePrincipal principal = new SimplePrincipal(username);
                // push a new security context if there is not one.
                final SecurityContext currentSecurityContext = SecurityContextAssociation.getSecurityContext();
                final SecurityContext securityContext;
                if (currentSecurityContext == null) {
                    try {
                        securityContext = SecurityContextFactory.createSecurityContext(principal, password, subject, securityDomainContext.getAuthenticationManager().getSecurityDomain());
                    } catch (Exception e) {
                        throw new RuntimeException(e);
                    }
                } else {
                    securityContext = currentSecurityContext;
                    securityContext.getUtil().createSubjectInfo(principal, password, subject);
                }
                SecurityContextAssociation.setSecurityContext(securityContext);
                final Set<Principal> principals = new HashSet<Principal>();
                for (Role role : roles) {
                    if (checkType.hasRole(role)) {
                        principals.add(new SimplePrincipal(role.getName()));
                    }
                }
                final boolean authenticated = securityDomainContext.getAuthorizationManager().doesUserHaveRole(new SimplePrincipal(username), principals);
                // restore the previous security context if any
                SecurityContextAssociation.setSecurityContext(currentSecurityContext);
                return authenticated;
            }
        });
    }
    return authenticated;
}
Also used : Role(org.apache.activemq.artemis.core.security.Role) PrivilegedAction(java.security.PrivilegedAction) SecurityContext(org.jboss.security.SecurityContext) Subject(javax.security.auth.Subject) SimplePrincipal(org.jboss.security.SimplePrincipal) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) HashSet(java.util.HashSet)

Aggregations

SecurityContext (org.jboss.security.SecurityContext)26 Subject (javax.security.auth.Subject)10 Principal (java.security.Principal)9 SimplePrincipal (org.jboss.security.SimplePrincipal)7 RunAs (org.jboss.security.RunAs)5 RunAsIdentity (org.jboss.security.RunAsIdentity)5 Connection (org.jboss.remoting3.Connection)4 SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)4 IOException (java.io.IOException)3 PrivilegedAction (java.security.PrivilegedAction)3 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3 HashSet (java.util.HashSet)3 InterceptorContext (org.jboss.invocation.InterceptorContext)3 Set (java.util.Set)2 StartupCountdown (org.jboss.as.ee.component.deployers.StartupCountdown)2 SessionBeanComponent (org.jboss.as.ejb3.component.session.SessionBeanComponent)2 RemotingConnectionCredential (org.jboss.as.security.remoting.RemotingConnectionCredential)2 SecurityContextUtil (org.jboss.security.SecurityContextUtil)2 EJBResource (org.jboss.security.authorization.resources.EJBResource)2