Example 11 with SimpleGroup
use of org.jboss.security.SimpleGroup in project keycloak by keycloak.
the class WildflyRequestAuthenticator method propagateKeycloakContext.
@Override
protected void propagateKeycloakContext(KeycloakUndertowAccount account) {
super.propagateKeycloakContext(account);
SecurityInfoHelper.propagateSessionInfo(account);
log.debug("propagate security context to wildfly");
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Group[] roleSets = getRoleSets(account.getRoles());
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(account.getPrincipal());
principals.add(callerGroup);
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
// Roles of subjectInfo are null, because is was constructed by
// org.jboss.security.identity.extensions.CredentialIdentityFactory
// .createIdentity(Principal [=userPrincipal], Object [=account], Role [=null]).
// Therefore the roles are only contained in the authenticatedSubject (member of subjectInfo)
// and subsequent logics do only access subjectInfo#roles instead of authenticatedSubject#roles.
mapGroupMembersOfAuthenticatedSubjectIntoSecurityContext(sc);
}
Also used :
SimpleGroup(org.jboss.security.SimpleGroup)
RoleGroup(org.jboss.security.identity.RoleGroup)
NestableGroup(org.jboss.security.NestableGroup)
Group(java.security.acl.Group)
SimpleRoleGroup(org.jboss.security.identity.plugins.SimpleRoleGroup)
SimpleGroup(org.jboss.security.SimpleGroup)
Subject(javax.security.auth.Subject)
NestableGroup(org.jboss.security.NestableGroup)
Principal(java.security.Principal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
Example 12 with SimpleGroup
use of org.jboss.security.SimpleGroup in project keycloak by keycloak.
the class SecurityInfoHelper method createGroup.
protected static Group createGroup(String name, Set<Principal> principals) {
Group roles = null;
Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) {
Object next = iter.next();
if (!(next instanceof Group))
continue;
Group grp = (Group) next;
if (grp.getName().equals(name)) {
roles = grp;
break;
}
}
// If we did not find a group create one
if (roles == null) {
roles = new SimpleGroup(name);
principals.add(roles);
}
return roles;
}
Also used :
SimpleGroup(org.jboss.security.SimpleGroup)
NestableGroup(org.jboss.security.NestableGroup)
Group(java.security.acl.Group)
SimpleGroup(org.jboss.security.SimpleGroup)
Principal(java.security.Principal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
Example 13 with SimpleGroup
use of org.jboss.security.SimpleGroup in project keycloak by keycloak.
the class SecurityInfoHelper method getRoleSets.
protected static Group[] getRoleSets(Collection<String> roleSet) {
SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = { roles };
for (String role : roleSet) {
roles.addMember(new SimplePrincipal(role));
}
return roleSets;
}
Also used :
SimpleGroup(org.jboss.security.SimpleGroup)
NestableGroup(org.jboss.security.NestableGroup)
Group(java.security.acl.Group)
SimpleGroup(org.jboss.security.SimpleGroup)
SimplePrincipal(org.jboss.security.SimplePrincipal)
Example 14 with SimpleGroup
use of org.jboss.security.SimpleGroup in project wildfly-swarm by wildfly-swarm.
the class JWTLoginModule method commit.
@Override
public boolean commit() throws LoginException {
subject.getPrincipals().add(jwtPrincipal);
SimpleGroup roles = new SimpleGroup("Roles");
for (String name : jwtPrincipal.getGroups()) {
roles.addMember(new SimplePrincipal(name));
}
subject.getPrincipals().add(roles);
sharedState.put("JsonWebToken", jwtPrincipal);
return super.commit();
}
Also used :
SimpleGroup(org.jboss.security.SimpleGroup)
SimplePrincipal(org.jboss.security.SimplePrincipal)
Example 15 with SimpleGroup
use of org.jboss.security.SimpleGroup in project wildfly by wildfly.
the class JASPICAuthenticationMechanism method updateSubjectRoles.
private void updateSubjectRoles(final org.jboss.security.SecurityContext jbossSct) {
if (jbossSct == null) {
throw UndertowLogger.ROOT_LOGGER.nullParamter("org.jboss.security.SecurityContext");
}
RoleGroup contextRoleGroup = jbossSct.getUtil().getRoles();
if (contextRoleGroup == null) {
return;
}
Collection<Role> contextRoles = contextRoleGroup.getRoles();
if (contextRoles.isEmpty()) {
return;
}
Subject subject = jbossSct.getUtil().getSubject();
Set<Group> groupPrincipals = subject.getPrincipals(Group.class);
Group subjectRoleGroup = null;
for (Group candidate : groupPrincipals) {
if (candidate.getName().equals(ROLES_IDENTIFIER)) {
subjectRoleGroup = candidate;
break;
}
}
if (subjectRoleGroup == null) {
subjectRoleGroup = new SimpleGroup(ROLES_IDENTIFIER);
subject.getPrincipals().add(subjectRoleGroup);
}
for (Role role : contextRoles) {
Principal rolePrincipal = new SimplePrincipal(role.getRoleName());
subjectRoleGroup.addMember(rolePrincipal);
}
}
Also used :
SimpleRole(org.jboss.security.identity.plugins.SimpleRole)
Role(org.jboss.security.identity.Role)
SimpleGroup(org.jboss.security.SimpleGroup)
RoleGroup(org.jboss.security.identity.RoleGroup)
SimpleRoleGroup(org.jboss.security.identity.plugins.SimpleRoleGroup)
Group(java.security.acl.Group)
SimpleGroup(org.jboss.security.SimpleGroup)
Subject(javax.security.auth.Subject)
Principal(java.security.Principal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
RoleGroup(org.jboss.security.identity.RoleGroup)
SimpleRoleGroup(org.jboss.security.identity.plugins.SimpleRoleGroup)
Aggregations
SimpleGroup (org.jboss.security.SimpleGroup)25
Group (java.security.acl.Group)22
SimplePrincipal (org.jboss.security.SimplePrincipal)21
Principal (java.security.Principal)12
NestableGroup (org.jboss.security.NestableGroup)12
Subject (javax.security.auth.Subject)5
RoleGroup (org.jboss.security.identity.RoleGroup)4
SimpleRoleGroup (org.jboss.security.identity.plugins.SimpleRoleGroup)4
LoginException (javax.security.auth.login.LoginException)2
GenericPrincipal (org.apache.catalina.realm.GenericPrincipal)2
JBossGenericPrincipal (org.jboss.as.web.security.JBossGenericPrincipal)2
IOException (java.io.IOException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1
RealmRole (org.jboss.as.core.security.RealmRole)1
RealmUser (org.jboss.as.core.security.RealmUser)1
SubjectUserInfo (org.jboss.as.core.security.SubjectUserInfo)1
AuthorizingCallbackHandler (org.jboss.as.domain.management.AuthorizingCallbackHandler)1
