Search in sources :

Example 6 with SimplePrincipal

use of org.jboss.security.SimplePrincipal in project wildfly by wildfly.

the class CustomTestLoginModule method commit.

@Override
public boolean commit() throws LoginException {
    Set<Principal> principals = subject.getPrincipals();
    Group callerPrincipal = new SimpleGroup("CallerPrincipal");
    callerPrincipal.addMember(new SimplePrincipal(username));
    principals.add(callerPrincipal);
    Group roles = new SimpleGroup("Roles");
    if (username.equals("anil")) {
        roles.addMember(new SimplePrincipal("gooduser"));
    }
    if (username.equals("marcus")) {
        roles.addMember(new SimplePrincipal("superuser"));
    }
    principals.add(roles);
    return true;
}
Also used : SimpleGroup(org.jboss.security.SimpleGroup) Group(java.security.acl.Group) SimpleGroup(org.jboss.security.SimpleGroup) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) SimplePrincipal(org.jboss.security.SimplePrincipal)

Example 7 with SimplePrincipal

use of org.jboss.security.SimplePrincipal in project wildfly by wildfly.

the class ExternalLoginModule method getRoleSets.

@Override
protected Group[] getRoleSets() throws LoginException {
    Group roles = new SimpleGroup("Roles");
    Group[] groups = { roles };
    //group mapping would go here
    if (getIdentity().getName().equals("anil")) {
        roles.addMember(new SimplePrincipal("gooduser"));
    }
    roles.addMember(getIdentity());
    return groups;
}
Also used : SimpleGroup(org.jboss.security.SimpleGroup) Group(java.security.acl.Group) SimpleGroup(org.jboss.security.SimpleGroup) SimplePrincipal(org.jboss.security.SimplePrincipal)

Example 8 with SimplePrincipal

use of org.jboss.security.SimplePrincipal in project wildfly by wildfly.

the class CustomLoginModule method getRoleSets.

/**
     * Returns Roles and CallerPrincipal groups. The Roles group contains role defined as login module option. The
     * CallerPrincipal contains {@link CustomPrincipal} instance with fixed name {@value #CALLER_NAME}.
     *
     * @return
     * @throws LoginException
     * @see org.jboss.security.auth.spi.AbstractServerLoginModule#getRoleSets()
     */
@Override
protected Group[] getRoleSets() throws LoginException {
    try {
        Group roles = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
        roles.addMember(new SimplePrincipal(role));
        Group callerPrincipal = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
        callerPrincipal.addMember(new CustomPrincipal(CALLER_NAME));
        return new Group[] { roles, callerPrincipal };
    } catch (Exception e) {
        throw new LoginException(e.toString());
    }
}
Also used : SimpleGroup(org.jboss.security.SimpleGroup) Group(java.security.acl.Group) SimpleGroup(org.jboss.security.SimpleGroup) LoginException(javax.security.auth.login.LoginException) SimplePrincipal(org.jboss.security.SimplePrincipal) LoginException(javax.security.auth.login.LoginException)

Example 9 with SimplePrincipal

use of org.jboss.security.SimplePrincipal in project wildfly by wildfly.

the class ServerSecurityInterceptor method aroundInvoke.

@AroundInvoke
public Object aroundInvoke(final InvocationContext invocationContext) throws Exception {
    Principal desiredUser = null;
    RealmUser connectionUser = null;
    Map<String, Object> contextData = invocationContext.getContextData();
    if (contextData.containsKey(DELEGATED_USER_KEY)) {
        desiredUser = new SimplePrincipal((String) contextData.get(DELEGATED_USER_KEY));
        Connection con = RemotingContext.getConnection();
        if (con != null) {
            SecurityIdentity localIdentity = con.getLocalIdentity();
            if (localIdentity != null) {
                connectionUser = new RealmUser(localIdentity.getPrincipal().getName());
            }
        } else {
            throw new IllegalStateException("Delegation user requested but no user on connection found.");
        }
    }
    SecurityContext cachedSecurityContext = null;
    boolean contextSet = false;
    try {
        if (desiredUser != null && connectionUser != null && (desiredUser.getName().equals(connectionUser.getName()) == false)) {
            try {
                // The final part of this check is to verify that the change does actually indicate a change in user.
                // We have been requested to switch user and have successfully identified the user from the connection
                // so now we attempt the switch.
                cachedSecurityContext = SecurityContextAssociation.getSecurityContext();
                final SecurityContext nextContext = SecurityContextFactory.createSecurityContext(desiredUser, new CurrentUserCredential(connectionUser.getName()), new Subject(), "fooSecurityDomain");
                SecurityContextAssociation.setSecurityContext(nextContext);
                // keep track that we switched the security context
                contextSet = true;
                RemotingContext.clear();
            } catch (Exception e) {
                LOGGER.error("Failed to switch security context for user", e);
                // Don't propagate the exception stacktrace back to the client for security reasons
                throw new EJBAccessException("Unable to attempt switching of user.");
            }
        }
        return invocationContext.proceed();
    } finally {
        // switch back to original security context
        if (contextSet) {
            SecurityContextAssociation.setSecurityContext(cachedSecurityContext);
        }
    }
}
Also used : IllegalStateException(javax.resource.spi.IllegalStateException) RealmUser(org.jboss.as.core.security.RealmUser) Connection(org.jboss.remoting3.Connection) Subject(javax.security.auth.Subject) EJBAccessException(javax.ejb.EJBAccessException) IllegalStateException(javax.resource.spi.IllegalStateException) EJBAccessException(javax.ejb.EJBAccessException) SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) SecurityContext(org.jboss.security.SecurityContext) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) SimplePrincipal(org.jboss.security.SimplePrincipal) AroundInvoke(javax.interceptor.AroundInvoke)

Example 10 with SimplePrincipal

use of org.jboss.security.SimplePrincipal in project wildfly by wildfly.

the class ExternalLoginModule method login.

// Public methods --------------------------------------------------------
@SuppressWarnings("unchecked")
@Override
public boolean login() throws LoginException {
    if (super.login()) {
        log.debug("super.login()==true");
        return true;
    }
    // Time to see if this is a delegation request.
    NameCallback ncb = new NameCallback("Username:");
    ObjectCallback ocb = new ObjectCallback("Credential:");
    try {
        callbackHandler.handle(new Callback[] { ncb, ocb });
    } catch (Exception e) {
        if (e instanceof RuntimeException) {
            throw (RuntimeException) e;
        }
        // If the CallbackHandler can not handle the required callbacks then no chance.
        return false;
    }
    String name = ncb.getName();
    Object credential = ocb.getCredential();
    if (credential instanceof ExternalCredential) {
        identity = new SimplePrincipal(name);
        loginOk = true;
        return true;
    }
    // Attempted login but not successful.
    return false;
}
Also used : NameCallback(javax.security.auth.callback.NameCallback) ObjectCallback(org.jboss.security.auth.callback.ObjectCallback) LoginException(javax.security.auth.login.LoginException) ExternalCredential(io.undertow.security.idm.ExternalCredential) SimplePrincipal(org.jboss.security.SimplePrincipal)

Aggregations

SimplePrincipal (org.jboss.security.SimplePrincipal)14 Principal (java.security.Principal)7 SimpleGroup (org.jboss.security.SimpleGroup)7 Group (java.security.acl.Group)6 SecurityContext (org.jboss.security.SecurityContext)4 Subject (javax.security.auth.Subject)3 LoginException (javax.security.auth.login.LoginException)3 EJBAccessException (javax.ejb.EJBAccessException)2 AroundInvoke (javax.interceptor.AroundInvoke)2 IllegalStateException (javax.resource.spi.IllegalStateException)2 NameCallback (javax.security.auth.callback.NameCallback)2 Connection (org.jboss.remoting3.Connection)2 RunAs (org.jboss.security.RunAs)2 RunAsIdentity (org.jboss.security.RunAsIdentity)2 SecurityContextUtil (org.jboss.security.SecurityContextUtil)2 ObjectCallback (org.jboss.security.auth.callback.ObjectCallback)2 SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)2 ExternalCredential (io.undertow.security.idm.ExternalCredential)1 PrivilegedAction (java.security.PrivilegedAction)1 HashSet (java.util.HashSet)1