Examples with SimplePrincipal - org.jboss.security.SimplePrincipal

Example 1 with SimplePrincipal

use of org.jboss.security.SimplePrincipal in project adempiere by adempiere.

the class AdempiereLoginModule method commit.

/**
	 * commit/complete the authentication project, add identity and roles to subject.
	 */
public boolean commit() throws LoginException {
    //note that jboss require all user role to be put under the group Roles
    if (roles == null || roles.length == 0) {
        //not authenticated or authentication failed
        subject.getPrincipals().add(new SimplePrincipal(unauthenticatedIdentity));
        SimpleGroup roleGroup = new SimpleGroup("Roles");
        subject.getPrincipals().add(roleGroup);
    } else {
        subject.getPrincipals().add(new SimplePrincipal(name));
        SimpleGroup roleGroup = new SimpleGroup("Roles");
        //fixed role use in ejb deployment descriptor
        roleGroup.addMember(new SimplePrincipal("adempiereUsers"));
        //additional security check
        for (int i = 0; i < roles.length; i++) {
            roleGroup.addMember(new SimplePrincipal(roles[i].getName()));
        }
        subject.getPrincipals().add(roleGroup);
    }
    return true;
}

Also used : SimpleGroup(org.jboss.security.SimpleGroup) SimplePrincipal(org.jboss.security.SimplePrincipal)

Example 2 with SimplePrincipal

use of org.jboss.security.SimplePrincipal in project wildfly by wildfly.

the class SimpleSecurityManager method push.

/**
     * Must be called from within a privileged action.
     *
     * @param securityDomain
     */
public void push(final String securityDomain) {
    // TODO - Handle a null securityDomain here? Yes I think so.
    final SecurityContext previous = SecurityContextAssociation.getSecurityContext();
    contexts.push(previous);
    SecurityContext current = establishSecurityContext(securityDomain);
    if (propagate && previous != null) {
        current.setSubjectInfo(getSubjectInfo(previous));
        current.setIncomingRunAs(previous.getOutgoingRunAs());
    }
    RunAs currentRunAs = current.getIncomingRunAs();
    boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;
    if (trusted == false) {
        /*
             * We should only be switching to a context based on an identity from the Remoting connection if we don't already
             * have a trusted identity - this allows for beans to reauthenticate as a different identity.
             */
        if (SecurityActions.remotingContextIsSet()) {
            // In this case the principal and credential will not have been set to set some random values.
            SecurityContextUtil util = current.getUtil();
            Connection connection = SecurityActions.remotingContextGetConnection();
            Principal p = null;
            Object credential = null;
            SecurityIdentity localIdentity = connection.getLocalIdentity();
            if (localIdentity != null) {
                p = new SimplePrincipal(localIdentity.getPrincipal().getName());
                IdentityCredentials privateCredentials = localIdentity.getPrivateCredentials();
                PasswordCredential passwordCredential = privateCredentials.getCredential(PasswordCredential.class, ClearPassword.ALGORITHM_CLEAR);
                if (passwordCredential != null) {
                    credential = new String(passwordCredential.getPassword(ClearPassword.class).getPassword());
                } else {
                    credential = new RemotingConnectionCredential(connection);
                }
            } else {
                throw SecurityLogger.ROOT_LOGGER.noUserPrincipalFound();
            }
            SecurityActions.remotingContextClear();
            util.createSubjectInfo(p, credential, null);
        }
    }
}

Also used : ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) SecurityContextUtil(org.jboss.security.SecurityContextUtil) RunAs(org.jboss.security.RunAs) RunAsIdentity(org.jboss.security.RunAsIdentity) Connection(org.jboss.remoting3.Connection) PasswordCredential(org.wildfly.security.credential.PasswordCredential) SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) SecurityContext(org.jboss.security.SecurityContext) RemotingConnectionCredential(org.jboss.as.security.remoting.RemotingConnectionCredential) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) SimplePrincipal(org.jboss.security.SimplePrincipal) IdentityCredentials(org.wildfly.security.auth.server.IdentityCredentials)

Example 3 with SimplePrincipal

use of org.jboss.security.SimplePrincipal in project wildfly by wildfly.

the class GuestDelegationLoginModule method login.

// Public methods --------------------------------------------------------
@SuppressWarnings("unchecked")
@Override
public boolean login() throws LoginException {
    if (super.login() == true) {
        log.debug("super.login()==true");
        return true;
    }
    // Time to see if this is a delegation request.
    NameCallback ncb = new NameCallback("Username:");
    ObjectCallback ocb = new ObjectCallback("Password:");
    try {
        callbackHandler.handle(new Callback[] { ncb, ocb });
    } catch (Exception e) {
        if (e instanceof RuntimeException) {
            throw (RuntimeException) e;
        }
        // If the CallbackHandler can not handle the required callbacks then no chance.
        return false;
    }
    String name = ncb.getName();
    Object credential = ocb.getCredential();
    if (credential instanceof CurrentUserCredential) {
        // This credential type will only be seen for a delegation request, if not seen then the request is not for us.
        final CurrentUserCredential cuCredential = (CurrentUserCredential) credential;
        // only the "guest" can be switched to another identity
        if ("guest".equals(cuCredential.getUser())) {
            identity = new SimplePrincipal(name);
            if (getUseFirstPass()) {
                String userName = identity.getName();
                if (log.isDebugEnabled())
                    log.debug("Storing username '" + userName + "' and empty password");
                // Add the username and an empty password to the shared state map
                sharedState.put("javax.security.auth.login.name", identity);
                sharedState.put("javax.security.auth.login.password", "");
            }
            loginOk = true;
            return true;
        }
    }
    // Attempted login but not successful.
    return false;
}

Also used : NameCallback(javax.security.auth.callback.NameCallback) ObjectCallback(org.jboss.security.auth.callback.ObjectCallback) LoginException(javax.security.auth.login.LoginException) SimplePrincipal(org.jboss.security.SimplePrincipal)

Example 4 with SimplePrincipal

use of org.jboss.security.SimplePrincipal in project wildfly by wildfly.

the class ServerSecurityInterceptor method aroundInvoke.

@AroundInvoke
public Object aroundInvoke(final InvocationContext invocationContext) throws Exception {
    Principal desiredUser = null;
    UserPrincipal connectionUser = null;
    Map<String, Object> contextData = invocationContext.getContextData();
    if (contextData.containsKey(DELEGATED_USER_KEY)) {
        desiredUser = new SimplePrincipal((String) contextData.get(DELEGATED_USER_KEY));
        Collection<Principal> principals = ConnectionSecurityContext.getConnectionPrincipals();
        if (principals != null) {
            for (Principal current : principals) {
                if (current instanceof UserPrincipal) {
                    connectionUser = (UserPrincipal) current;
                    break;
                }
            }
        } else {
            throw new IllegalStateException("Delegation user requested but no user on connection found.");
        }
    }
    ContextStateCache stateCache = null;
    try {
        if (desiredUser != null && connectionUser != null && (desiredUser.getName().equals(connectionUser.getName()) == false)) {
            try {
                // The final part of this check is to verify that the change does actually indicate a change in user.
                // We have been requested to switch user and have successfully identified the user from the connection
                // so now we attempt the switch.
                stateCache = ConnectionSecurityContext.pushIdentity(desiredUser, new CurrentUserCredential(connectionUser.getName()));
            } catch (Exception e) {
                LOGGER.error("Failed to switch security context for user", e);
                // Don't propagate the exception stacktrace back to the client for security reasons
                throw new EJBAccessException("Unable to attempt switching of user.");
            }
        }
        return invocationContext.proceed();
    } finally {
        // switch back to original security context
        if (stateCache != null) {
            ConnectionSecurityContext.popIdentity(stateCache);
        }
    }
}

Also used : IllegalStateException(javax.resource.spi.IllegalStateException) ContextStateCache(org.jboss.as.security.api.ContextStateCache) CurrentUserCredential(org.jboss.as.test.integration.ejb.container.interceptor.security.CurrentUserCredential) UserPrincipal(org.jboss.as.core.security.api.UserPrincipal) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) UserPrincipal(org.jboss.as.core.security.api.UserPrincipal) SimplePrincipal(org.jboss.security.SimplePrincipal) EJBAccessException(javax.ejb.EJBAccessException) IllegalStateException(javax.resource.spi.IllegalStateException) EJBAccessException(javax.ejb.EJBAccessException) AroundInvoke(javax.interceptor.AroundInvoke)

Example 5 with SimplePrincipal

use of org.jboss.security.SimplePrincipal in project wildfly by wildfly.

the class CustomEjbAccessingLoginModule method commit.

public boolean commit() throws LoginException {
    Set<Principal> principals = subject.getPrincipals();
    Group callerPrincipal = new SimpleGroup("CallerPrincipal");
    callerPrincipal.addMember(new SimplePrincipal(username));
    principals.add(callerPrincipal);
    Group roles = new SimpleGroup("Roles");
    if (username.equals("anil")) {
        roles.addMember(new SimplePrincipal("gooduser"));
    }
    if (username.equals("marcus")) {
        roles.addMember(new SimplePrincipal("superuser"));
    }
    principals.add(roles);
    return true;
}

Also used : SimpleGroup(org.jboss.security.SimpleGroup) Group(java.security.acl.Group) SimpleGroup(org.jboss.security.SimpleGroup) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) SimplePrincipal(org.jboss.security.SimplePrincipal)

Aggregations

SimplePrincipal (org.jboss.security.SimplePrincipal)14 Principal (java.security.Principal)7 SimpleGroup (org.jboss.security.SimpleGroup)7 Group (java.security.acl.Group)6 SecurityContext (org.jboss.security.SecurityContext)4 Subject (javax.security.auth.Subject)3 LoginException (javax.security.auth.login.LoginException)3 EJBAccessException (javax.ejb.EJBAccessException)2 AroundInvoke (javax.interceptor.AroundInvoke)2 IllegalStateException (javax.resource.spi.IllegalStateException)2 NameCallback (javax.security.auth.callback.NameCallback)2 Connection (org.jboss.remoting3.Connection)2 RunAs (org.jboss.security.RunAs)2 RunAsIdentity (org.jboss.security.RunAsIdentity)2 SecurityContextUtil (org.jboss.security.SecurityContextUtil)2 ObjectCallback (org.jboss.security.auth.callback.ObjectCallback)2 SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)2 ExternalCredential (io.undertow.security.idm.ExternalCredential)1 PrivilegedAction (java.security.PrivilegedAction)1 HashSet (java.util.HashSet)1