use of org.jboss.security.SimplePrincipal in project wildfly by wildfly.
the class CustomTestLoginModule method commit.
@Override
public boolean commit() throws LoginException {
Set<Principal> principals = subject.getPrincipals();
Group callerPrincipal = new SimpleGroup("CallerPrincipal");
callerPrincipal.addMember(new SimplePrincipal(username));
principals.add(callerPrincipal);
Group roles = new SimpleGroup("Roles");
if (username.equals("anil")) {
roles.addMember(new SimplePrincipal("gooduser"));
}
if (username.equals("marcus")) {
roles.addMember(new SimplePrincipal("superuser"));
}
principals.add(roles);
return true;
}
use of org.jboss.security.SimplePrincipal in project wildfly by wildfly.
the class ExternalLoginModule method getRoleSets.
@Override
protected Group[] getRoleSets() throws LoginException {
Group roles = new SimpleGroup("Roles");
Group[] groups = { roles };
//group mapping would go here
if (getIdentity().getName().equals("anil")) {
roles.addMember(new SimplePrincipal("gooduser"));
}
roles.addMember(getIdentity());
return groups;
}
use of org.jboss.security.SimplePrincipal in project wildfly by wildfly.
the class CustomLoginModule method getRoleSets.
/**
* Returns Roles and CallerPrincipal groups. The Roles group contains role defined as login module option. The
* CallerPrincipal contains {@link CustomPrincipal} instance with fixed name {@value #CALLER_NAME}.
*
* @return
* @throws LoginException
* @see org.jboss.security.auth.spi.AbstractServerLoginModule#getRoleSets()
*/
@Override
protected Group[] getRoleSets() throws LoginException {
try {
Group roles = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
roles.addMember(new SimplePrincipal(role));
Group callerPrincipal = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerPrincipal.addMember(new CustomPrincipal(CALLER_NAME));
return new Group[] { roles, callerPrincipal };
} catch (Exception e) {
throw new LoginException(e.toString());
}
}
use of org.jboss.security.SimplePrincipal in project wildfly by wildfly.
the class ServerSecurityInterceptor method aroundInvoke.
@AroundInvoke
public Object aroundInvoke(final InvocationContext invocationContext) throws Exception {
Principal desiredUser = null;
RealmUser connectionUser = null;
Map<String, Object> contextData = invocationContext.getContextData();
if (contextData.containsKey(DELEGATED_USER_KEY)) {
desiredUser = new SimplePrincipal((String) contextData.get(DELEGATED_USER_KEY));
Connection con = RemotingContext.getConnection();
if (con != null) {
SecurityIdentity localIdentity = con.getLocalIdentity();
if (localIdentity != null) {
connectionUser = new RealmUser(localIdentity.getPrincipal().getName());
}
} else {
throw new IllegalStateException("Delegation user requested but no user on connection found.");
}
}
SecurityContext cachedSecurityContext = null;
boolean contextSet = false;
try {
if (desiredUser != null && connectionUser != null && (desiredUser.getName().equals(connectionUser.getName()) == false)) {
try {
// The final part of this check is to verify that the change does actually indicate a change in user.
// We have been requested to switch user and have successfully identified the user from the connection
// so now we attempt the switch.
cachedSecurityContext = SecurityContextAssociation.getSecurityContext();
final SecurityContext nextContext = SecurityContextFactory.createSecurityContext(desiredUser, new CurrentUserCredential(connectionUser.getName()), new Subject(), "fooSecurityDomain");
SecurityContextAssociation.setSecurityContext(nextContext);
// keep track that we switched the security context
contextSet = true;
RemotingContext.clear();
} catch (Exception e) {
LOGGER.error("Failed to switch security context for user", e);
// Don't propagate the exception stacktrace back to the client for security reasons
throw new EJBAccessException("Unable to attempt switching of user.");
}
}
return invocationContext.proceed();
} finally {
// switch back to original security context
if (contextSet) {
SecurityContextAssociation.setSecurityContext(cachedSecurityContext);
}
}
}
use of org.jboss.security.SimplePrincipal in project wildfly by wildfly.
the class ExternalLoginModule method login.
// Public methods --------------------------------------------------------
@SuppressWarnings("unchecked")
@Override
public boolean login() throws LoginException {
if (super.login()) {
log.debug("super.login()==true");
return true;
}
// Time to see if this is a delegation request.
NameCallback ncb = new NameCallback("Username:");
ObjectCallback ocb = new ObjectCallback("Credential:");
try {
callbackHandler.handle(new Callback[] { ncb, ocb });
} catch (Exception e) {
if (e instanceof RuntimeException) {
throw (RuntimeException) e;
}
// If the CallbackHandler can not handle the required callbacks then no chance.
return false;
}
String name = ncb.getName();
Object credential = ocb.getCredential();
if (credential instanceof ExternalCredential) {
identity = new SimplePrincipal(name);
loginOk = true;
return true;
}
// Attempted login but not successful.
return false;
}
Aggregations