Examples with SecurityContextUtil org.jboss.security.SecurityContextUtil used on opensource projects
Example 1 with SecurityContextUtil
use of org.jboss.security.SecurityContextUtil in project wildfly by wildfly.
the class SimpleSecurityManager method push.
/**
* Must be called from within a privileged action.
*
* @param securityDomain
*/
public void push(final String securityDomain) {
// TODO - Handle a null securityDomain here? Yes I think so.
final SecurityContext previous = SecurityContextAssociation.getSecurityContext();
contexts.push(previous);
SecurityContext current = establishSecurityContext(securityDomain);
if (propagate && previous != null) {
current.setSubjectInfo(getSubjectInfo(previous));
current.setIncomingRunAs(previous.getOutgoingRunAs());
}
RunAs currentRunAs = current.getIncomingRunAs();
boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;
if (trusted == false) {
/*
* We should only be switching to a context based on an identity from the Remoting connection if we don't already
* have a trusted identity - this allows for beans to reauthenticate as a different identity.
*/
if (SecurityActions.remotingContextIsSet()) {
// In this case the principal and credential will not have been set to set some random values.
SecurityContextUtil util = current.getUtil();
Connection connection = SecurityActions.remotingContextGetConnection();
Principal p = null;
Object credential = null;
SecurityIdentity localIdentity = connection.getLocalIdentity();
if (localIdentity != null) {
p = new SimplePrincipal(localIdentity.getPrincipal().getName());
IdentityCredentials privateCredentials = localIdentity.getPrivateCredentials();
PasswordCredential passwordCredential = privateCredentials.getCredential(PasswordCredential.class, ClearPassword.ALGORITHM_CLEAR);
if (passwordCredential != null) {
credential = new String(passwordCredential.getPassword(ClearPassword.class).getPassword());
} else {
credential = new RemotingConnectionCredential(connection);
}
} else {
throw SecurityLogger.ROOT_LOGGER.noUserPrincipalFound();
}
SecurityActions.remotingContextClear();
util.createSubjectInfo(p, credential, null);
}
}
}
Also used :
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
SecurityContextUtil(org.jboss.security.SecurityContextUtil)
RunAs(org.jboss.security.RunAs)
RunAsIdentity(org.jboss.security.RunAsIdentity)
Connection(org.jboss.remoting3.Connection)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity)
SecurityContext(org.jboss.security.SecurityContext)
RemotingConnectionCredential(org.jboss.as.security.remoting.RemotingConnectionCredential)
Principal(java.security.Principal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
IdentityCredentials(org.wildfly.security.auth.server.IdentityCredentials)
Example 2 with SecurityContextUtil
use of org.jboss.security.SecurityContextUtil in project wildfly by wildfly.
the class SimpleSecurityManager method authenticate.
private boolean authenticate(SecurityContext context, Subject subject) {
SecurityContextUtil util = context.getUtil();
SubjectInfo subjectInfo = getSubjectInfo(context);
if (subject == null) {
subject = new Subject();
}
Principal principal = util.getUserPrincipal();
Principal auditPrincipal = principal;
Object credential = util.getCredential();
Identity unauthenticatedIdentity = null;
boolean authenticated = false;
if (principal == null) {
unauthenticatedIdentity = getUnauthenticatedIdentity();
subjectInfo.addIdentity(unauthenticatedIdentity);
auditPrincipal = unauthenticatedIdentity.asPrincipal();
subject.getPrincipals().add(auditPrincipal);
authenticated = true;
} else {
subject.getPrincipals().add(principal);
}
if (authenticated == false) {
AuthenticationManager authenticationManager = context.getAuthenticationManager();
authenticated = authenticationManager.isValid(principal, credential, subject);
}
if (authenticated == true) {
subjectInfo.setAuthenticatedSubject(subject);
}
AuditManager auditManager = context.getAuditManager();
if (auditManager != null) {
audit(authenticated ? AuditLevel.SUCCESS : AuditLevel.FAILURE, auditManager, auditPrincipal);
}
return authenticated;
}
Also used :
AuthenticationManager(org.jboss.security.AuthenticationManager)
SecurityContextUtil(org.jboss.security.SecurityContextUtil)
SubjectInfo(org.jboss.security.SubjectInfo)
SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity)
Identity(org.jboss.security.identity.Identity)
SimpleIdentity(org.jboss.security.identity.plugins.SimpleIdentity)
RunAsIdentity(org.jboss.security.RunAsIdentity)
Subject(javax.security.auth.Subject)
Principal(java.security.Principal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
AuditManager(org.jboss.security.audit.AuditManager)
Example 3 with SecurityContextUtil
use of org.jboss.security.SecurityContextUtil in project wildfly by wildfly.
the class SimpleSecurityManager method authenticate.
public void authenticate(final String runAs, final String runAsPrincipal, final Set<String> extraRoles) {
SecurityContext current = SecurityContextAssociation.getSecurityContext();
SecurityContext previous = contexts.peek();
// skip reauthentication if the current context already has an authenticated subject (copied from the previous context
// upon creation - see push method) and if both contexts use the same security domain.
boolean skipReauthentication = current.getSubjectInfo() != null && current.getSubjectInfo().getAuthenticatedSubject() != null && previous != null && current.getSecurityDomain().equals(previous.getSecurityDomain());
if (!skipReauthentication) {
SecurityContextUtil util = current.getUtil();
Object credential = util.getCredential();
Subject subject = null;
if (credential instanceof RemotingConnectionCredential) {
subject = ((RemotingConnectionCredential) credential).getSubject();
}
if (authenticate(current, subject) == false) {
throw SecurityLogger.ROOT_LOGGER.invalidUserException();
}
}
// setup the run-as identity.
if (runAs != null) {
RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles);
current.setOutgoingRunAs(runAsIdentity);
} else if (propagate && previous != null && previous.getOutgoingRunAs() != null) {
// Ensure the propagation continues.
current.setOutgoingRunAs(previous.getOutgoingRunAs());
}
}
Also used :
SecurityContextUtil(org.jboss.security.SecurityContextUtil)
RunAs(org.jboss.security.RunAs)
SecurityContext(org.jboss.security.SecurityContext)
RunAsIdentity(org.jboss.security.RunAsIdentity)
RemotingConnectionCredential(org.jboss.as.security.remoting.RemotingConnectionCredential)
Subject(javax.security.auth.Subject)
Example 4 with SecurityContextUtil
use of org.jboss.security.SecurityContextUtil in project wildfly by wildfly.
the class SimpleSecurityManager method push.
public void push(final String securityDomain, String userName, char[] password, final Subject subject) {
final SecurityContext previous = SecurityContextAssociation.getSecurityContext();
contexts.push(previous);
SecurityContext current = establishSecurityContext(securityDomain);
if (propagate && previous != null) {
current.setSubjectInfo(getSubjectInfo(previous));
current.setIncomingRunAs(previous.getOutgoingRunAs());
}
RunAs currentRunAs = current.getIncomingRunAs();
boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;
if (trusted == false) {
SecurityContextUtil util = current.getUtil();
util.createSubjectInfo(new SimplePrincipal(userName), new String(password), subject);
}
}
Also used :
SecurityContextUtil(org.jboss.security.SecurityContextUtil)
RunAs(org.jboss.security.RunAs)
SecurityContext(org.jboss.security.SecurityContext)
RunAsIdentity(org.jboss.security.RunAsIdentity)
SimplePrincipal(org.jboss.security.SimplePrincipal)
Aggregations
RunAsIdentity (org.jboss.security.RunAsIdentity)4
SecurityContextUtil (org.jboss.security.SecurityContextUtil)4
RunAs (org.jboss.security.RunAs)3
SecurityContext (org.jboss.security.SecurityContext)3
SimplePrincipal (org.jboss.security.SimplePrincipal)3
Principal (java.security.Principal)2
Subject (javax.security.auth.Subject)2
RemotingConnectionCredential (org.jboss.as.security.remoting.RemotingConnectionCredential)2
SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)2
Connection (org.jboss.remoting3.Connection)1
AuthenticationManager (org.jboss.security.AuthenticationManager)1
SubjectInfo (org.jboss.security.SubjectInfo)1
AuditManager (org.jboss.security.audit.AuditManager)1
Identity (org.jboss.security.identity.Identity)1
SimpleIdentity (org.jboss.security.identity.plugins.SimpleIdentity)1
IdentityCredentials (org.wildfly.security.auth.server.IdentityCredentials)1
PasswordCredential (org.wildfly.security.credential.PasswordCredential)1
ClearPassword (org.wildfly.security.password.interfaces.ClearPassword)1
