Example 26 with SecurityContext
use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class WildFlySecurityManager method validateUserAndRole.
@Override
public boolean validateUserAndRole(final String username, final String password, final Set<Role> roles, final CheckType checkType) {
if (defaultUser.equals(username) && defaultPassword.equals(password))
return true;
if (securityDomainContext == null)
throw MessagingLogger.ROOT_LOGGER.securityDomainContextNotSet();
final Subject subject = new Subject();
// The authentication call here changes the subject and that subject must be used later. That is why we don't call validateUser(String, String) here.
boolean authenticated = securityDomainContext.getAuthenticationManager().isValid(new SimplePrincipal(username), password, subject);
if (authenticated) {
authenticated = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
@Override
public Boolean run() {
final SimplePrincipal principal = new SimplePrincipal(username);
// push a new security context if there is not one.
final SecurityContext currentSecurityContext = SecurityContextAssociation.getSecurityContext();
final SecurityContext securityContext;
if (currentSecurityContext == null) {
try {
securityContext = SecurityContextFactory.createSecurityContext(principal, password, subject, securityDomainContext.getAuthenticationManager().getSecurityDomain());
} catch (Exception e) {
throw new RuntimeException(e);
}
} else {
securityContext = currentSecurityContext;
securityContext.getUtil().createSubjectInfo(principal, password, subject);
}
SecurityContextAssociation.setSecurityContext(securityContext);
final Set<Principal> principals = new HashSet<Principal>();
for (Role role : roles) {
if (checkType.hasRole(role)) {
principals.add(new SimplePrincipal(role.getName()));
}
}
final boolean authenticated = securityDomainContext.getAuthorizationManager().doesUserHaveRole(new SimplePrincipal(username), principals);
// restore the previous security context if any
SecurityContextAssociation.setSecurityContext(currentSecurityContext);
return authenticated;
}
});
}
return authenticated;
}
Also used :
Role(org.apache.activemq.artemis.core.security.Role)
PrivilegedAction(java.security.PrivilegedAction)
SecurityContext(org.jboss.security.SecurityContext)
Subject(javax.security.auth.Subject)
SimplePrincipal(org.jboss.security.SimplePrincipal)
Principal(java.security.Principal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
HashSet(java.util.HashSet)
Aggregations
SecurityContext (org.jboss.security.SecurityContext)26
Subject (javax.security.auth.Subject)10
Principal (java.security.Principal)9
SimplePrincipal (org.jboss.security.SimplePrincipal)7
RunAs (org.jboss.security.RunAs)5
RunAsIdentity (org.jboss.security.RunAsIdentity)5
Connection (org.jboss.remoting3.Connection)4
SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)4
IOException (java.io.IOException)3
PrivilegedAction (java.security.PrivilegedAction)3
ArrayList (java.util.ArrayList)3
HashMap (java.util.HashMap)3
HashSet (java.util.HashSet)3
InterceptorContext (org.jboss.invocation.InterceptorContext)3
Set (java.util.Set)2
StartupCountdown (org.jboss.as.ee.component.deployers.StartupCountdown)2
SessionBeanComponent (org.jboss.as.ejb3.component.session.SessionBeanComponent)2
RemotingConnectionCredential (org.jboss.as.security.remoting.RemotingConnectionCredential)2
SecurityContextUtil (org.jboss.security.SecurityContextUtil)2
EJBResource (org.jboss.security.authorization.resources.EJBResource)2
