use of org.jboss.security.SecurityContext in project wildfly by wildfly.
the class WildFlySecurityManager method validateUserAndRole.
@Override
public boolean validateUserAndRole(final String username, final String password, final Set<Role> roles, final CheckType checkType) {
if (defaultUser.equals(username) && defaultPassword.equals(password))
return true;
if (securityDomainContext == null)
throw MessagingLogger.ROOT_LOGGER.securityDomainContextNotSet();
final Subject subject = new Subject();
// The authentication call here changes the subject and that subject must be used later. That is why we don't call validateUser(String, String) here.
boolean authenticated = securityDomainContext.getAuthenticationManager().isValid(new SimplePrincipal(username), password, subject);
if (authenticated) {
authenticated = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
@Override
public Boolean run() {
final SimplePrincipal principal = new SimplePrincipal(username);
// push a new security context if there is not one.
final SecurityContext currentSecurityContext = SecurityContextAssociation.getSecurityContext();
final SecurityContext securityContext;
if (currentSecurityContext == null) {
try {
securityContext = SecurityContextFactory.createSecurityContext(principal, password, subject, securityDomainContext.getAuthenticationManager().getSecurityDomain());
} catch (Exception e) {
throw new RuntimeException(e);
}
} else {
securityContext = currentSecurityContext;
securityContext.getUtil().createSubjectInfo(principal, password, subject);
}
SecurityContextAssociation.setSecurityContext(securityContext);
final Set<Principal> principals = new HashSet<Principal>();
for (Role role : roles) {
if (checkType.hasRole(role)) {
principals.add(new SimplePrincipal(role.getName()));
}
}
final boolean authenticated = securityDomainContext.getAuthorizationManager().doesUserHaveRole(new SimplePrincipal(username), principals);
// restore the previous security context if any
SecurityContextAssociation.setSecurityContext(currentSecurityContext);
return authenticated;
}
});
}
return authenticated;
}
Aggregations