Search in sources :

Example 1 with SecurityContextUtil

use of org.jboss.security.SecurityContextUtil in project wildfly by wildfly.

the class SimpleSecurityManager method push.

/**
     * Must be called from within a privileged action.
     *
     * @param securityDomain
     */
public void push(final String securityDomain) {
    // TODO - Handle a null securityDomain here? Yes I think so.
    final SecurityContext previous = SecurityContextAssociation.getSecurityContext();
    contexts.push(previous);
    SecurityContext current = establishSecurityContext(securityDomain);
    if (propagate && previous != null) {
        current.setSubjectInfo(getSubjectInfo(previous));
        current.setIncomingRunAs(previous.getOutgoingRunAs());
    }
    RunAs currentRunAs = current.getIncomingRunAs();
    boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;
    if (trusted == false) {
        /*
             * We should only be switching to a context based on an identity from the Remoting connection if we don't already
             * have a trusted identity - this allows for beans to reauthenticate as a different identity.
             */
        if (SecurityActions.remotingContextIsSet()) {
            // In this case the principal and credential will not have been set to set some random values.
            SecurityContextUtil util = current.getUtil();
            Connection connection = SecurityActions.remotingContextGetConnection();
            Principal p = null;
            Object credential = null;
            SecurityIdentity localIdentity = connection.getLocalIdentity();
            if (localIdentity != null) {
                p = new SimplePrincipal(localIdentity.getPrincipal().getName());
                IdentityCredentials privateCredentials = localIdentity.getPrivateCredentials();
                PasswordCredential passwordCredential = privateCredentials.getCredential(PasswordCredential.class, ClearPassword.ALGORITHM_CLEAR);
                if (passwordCredential != null) {
                    credential = new String(passwordCredential.getPassword(ClearPassword.class).getPassword());
                } else {
                    credential = new RemotingConnectionCredential(connection);
                }
            } else {
                throw SecurityLogger.ROOT_LOGGER.noUserPrincipalFound();
            }
            SecurityActions.remotingContextClear();
            util.createSubjectInfo(p, credential, null);
        }
    }
}
Also used : ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) SecurityContextUtil(org.jboss.security.SecurityContextUtil) RunAs(org.jboss.security.RunAs) RunAsIdentity(org.jboss.security.RunAsIdentity) Connection(org.jboss.remoting3.Connection) PasswordCredential(org.wildfly.security.credential.PasswordCredential) SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) SecurityContext(org.jboss.security.SecurityContext) RemotingConnectionCredential(org.jboss.as.security.remoting.RemotingConnectionCredential) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) SimplePrincipal(org.jboss.security.SimplePrincipal) IdentityCredentials(org.wildfly.security.auth.server.IdentityCredentials)

Example 2 with SecurityContextUtil

use of org.jboss.security.SecurityContextUtil in project wildfly by wildfly.

the class SimpleSecurityManager method authenticate.

private boolean authenticate(SecurityContext context, Subject subject) {
    SecurityContextUtil util = context.getUtil();
    SubjectInfo subjectInfo = getSubjectInfo(context);
    if (subject == null) {
        subject = new Subject();
    }
    Principal principal = util.getUserPrincipal();
    Principal auditPrincipal = principal;
    Object credential = util.getCredential();
    Identity unauthenticatedIdentity = null;
    boolean authenticated = false;
    if (principal == null) {
        unauthenticatedIdentity = getUnauthenticatedIdentity();
        subjectInfo.addIdentity(unauthenticatedIdentity);
        auditPrincipal = unauthenticatedIdentity.asPrincipal();
        subject.getPrincipals().add(auditPrincipal);
        authenticated = true;
    } else {
        subject.getPrincipals().add(principal);
    }
    if (authenticated == false) {
        AuthenticationManager authenticationManager = context.getAuthenticationManager();
        authenticated = authenticationManager.isValid(principal, credential, subject);
    }
    if (authenticated == true) {
        subjectInfo.setAuthenticatedSubject(subject);
    }
    AuditManager auditManager = context.getAuditManager();
    if (auditManager != null) {
        audit(authenticated ? AuditLevel.SUCCESS : AuditLevel.FAILURE, auditManager, auditPrincipal);
    }
    return authenticated;
}
Also used : AuthenticationManager(org.jboss.security.AuthenticationManager) SecurityContextUtil(org.jboss.security.SecurityContextUtil) SubjectInfo(org.jboss.security.SubjectInfo) SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) Identity(org.jboss.security.identity.Identity) SimpleIdentity(org.jboss.security.identity.plugins.SimpleIdentity) RunAsIdentity(org.jboss.security.RunAsIdentity) Subject(javax.security.auth.Subject) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) AuditManager(org.jboss.security.audit.AuditManager)

Example 3 with SecurityContextUtil

use of org.jboss.security.SecurityContextUtil in project wildfly by wildfly.

the class SimpleSecurityManager method authenticate.

public void authenticate(final String runAs, final String runAsPrincipal, final Set<String> extraRoles) {
    SecurityContext current = SecurityContextAssociation.getSecurityContext();
    SecurityContext previous = contexts.peek();
    // skip reauthentication if the current context already has an authenticated subject (copied from the previous context
    // upon creation - see push method) and if both contexts use the same security domain.
    boolean skipReauthentication = current.getSubjectInfo() != null && current.getSubjectInfo().getAuthenticatedSubject() != null && previous != null && current.getSecurityDomain().equals(previous.getSecurityDomain());
    if (!skipReauthentication) {
        SecurityContextUtil util = current.getUtil();
        Object credential = util.getCredential();
        Subject subject = null;
        if (credential instanceof RemotingConnectionCredential) {
            subject = ((RemotingConnectionCredential) credential).getSubject();
        }
        if (authenticate(current, subject) == false) {
            throw SecurityLogger.ROOT_LOGGER.invalidUserException();
        }
    }
    // setup the run-as identity.
    if (runAs != null) {
        RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles);
        current.setOutgoingRunAs(runAsIdentity);
    } else if (propagate && previous != null && previous.getOutgoingRunAs() != null) {
        // Ensure the propagation continues.
        current.setOutgoingRunAs(previous.getOutgoingRunAs());
    }
}
Also used : SecurityContextUtil(org.jboss.security.SecurityContextUtil) RunAs(org.jboss.security.RunAs) SecurityContext(org.jboss.security.SecurityContext) RunAsIdentity(org.jboss.security.RunAsIdentity) RemotingConnectionCredential(org.jboss.as.security.remoting.RemotingConnectionCredential) Subject(javax.security.auth.Subject)

Example 4 with SecurityContextUtil

use of org.jboss.security.SecurityContextUtil in project wildfly by wildfly.

the class SimpleSecurityManager method push.

public void push(final String securityDomain, String userName, char[] password, final Subject subject) {
    final SecurityContext previous = SecurityContextAssociation.getSecurityContext();
    contexts.push(previous);
    SecurityContext current = establishSecurityContext(securityDomain);
    if (propagate && previous != null) {
        current.setSubjectInfo(getSubjectInfo(previous));
        current.setIncomingRunAs(previous.getOutgoingRunAs());
    }
    RunAs currentRunAs = current.getIncomingRunAs();
    boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;
    if (trusted == false) {
        SecurityContextUtil util = current.getUtil();
        util.createSubjectInfo(new SimplePrincipal(userName), new String(password), subject);
    }
}
Also used : SecurityContextUtil(org.jboss.security.SecurityContextUtil) RunAs(org.jboss.security.RunAs) SecurityContext(org.jboss.security.SecurityContext) RunAsIdentity(org.jboss.security.RunAsIdentity) SimplePrincipal(org.jboss.security.SimplePrincipal)

Aggregations

RunAsIdentity (org.jboss.security.RunAsIdentity)4 SecurityContextUtil (org.jboss.security.SecurityContextUtil)4 RunAs (org.jboss.security.RunAs)3 SecurityContext (org.jboss.security.SecurityContext)3 SimplePrincipal (org.jboss.security.SimplePrincipal)3 Principal (java.security.Principal)2 Subject (javax.security.auth.Subject)2 RemotingConnectionCredential (org.jboss.as.security.remoting.RemotingConnectionCredential)2 SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)2 Connection (org.jboss.remoting3.Connection)1 AuthenticationManager (org.jboss.security.AuthenticationManager)1 SubjectInfo (org.jboss.security.SubjectInfo)1 AuditManager (org.jboss.security.audit.AuditManager)1 Identity (org.jboss.security.identity.Identity)1 SimpleIdentity (org.jboss.security.identity.plugins.SimpleIdentity)1 IdentityCredentials (org.wildfly.security.auth.server.IdentityCredentials)1 PasswordCredential (org.wildfly.security.credential.PasswordCredential)1 ClearPassword (org.wildfly.security.password.interfaces.ClearPassword)1