Search in sources :

Example 1 with EJBResource

use of org.jboss.security.authorization.resources.EJBResource in project wildfly by wildfly.

the class SimpleSecurityManager method authorize.

public boolean authorize(String ejbName, CodeSource ejbCodeSource, String ejbMethodIntf, Method ejbMethod, Set<Principal> methodRoles, String contextID) {
    final SecurityContext securityContext = doPrivileged(securityContext());
    if (securityContext == null) {
        return false;
    }
    EJBResource resource = new EJBResource(new HashMap<String, Object>());
    resource.setEjbName(ejbName);
    resource.setEjbMethod(ejbMethod);
    resource.setEjbMethodInterface(ejbMethodIntf);
    resource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles));
    resource.setCodeSource(ejbCodeSource);
    resource.setPolicyContextID(contextID);
    resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs());
    resource.setCallerSubject(securityContext.getUtil().getSubject());
    Principal userPrincipal = securityContext.getUtil().getUserPrincipal();
    resource.setPrincipal(userPrincipal);
    try {
        AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext);
        return helper.authorize(resource);
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : EJBResource(org.jboss.security.authorization.resources.EJBResource) AbstractEJBAuthorizationHelper(org.jboss.security.javaee.AbstractEJBAuthorizationHelper) SecurityContext(org.jboss.security.SecurityContext) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) SimpleRoleGroup(org.jboss.security.identity.plugins.SimpleRoleGroup)

Example 2 with EJBResource

use of org.jboss.security.authorization.resources.EJBResource in project wildfly by wildfly.

the class SimpleSecurityManager method isCallerInRole.

/**
     * @param ejbName              The name of the EJB component where isCallerInRole was invoked.
     * @param incommingMappedRoles The principal vs roles mapping (if any). Can be null.
     * @param roleLinks            The role link map where the key is an alias role name and the value is the collection of
     *                             role names, that alias represents. Can be null.
     * @param roleNames            The role names for which the caller is being checked for
     * @return true if the user is in <b>any</b> one of the <code>roleNames</code>. Else returns false
     */
public boolean isCallerInRole(final String ejbName, final String policyContextID, final Object incommingMappedRoles, final Map<String, Collection<String>> roleLinks, final String... roleNames) {
    final SecurityContext securityContext = doPrivileged(securityContext());
    if (securityContext == null) {
        return false;
    }
    final EJBResource resource = new EJBResource(new HashMap<String, Object>());
    resource.setEjbName(ejbName);
    resource.setPolicyContextID(policyContextID);
    resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs());
    resource.setCallerSubject(securityContext.getUtil().getSubject());
    Principal userPrincipal = securityContext.getUtil().getUserPrincipal();
    resource.setPrincipal(userPrincipal);
    if (roleLinks != null) {
        final Set<SecurityRoleRef> roleRefs = new HashSet<SecurityRoleRef>();
        for (String key : roleLinks.keySet()) {
            Collection<String> values = roleLinks.get(key);
            if (values != null) {
                for (String value : values) roleRefs.add(new SecurityRoleRef(key, value));
            }
        }
        resource.setSecurityRoleReferences(roleRefs);
    }
    Map<String, Set<String>> previousRolesAssociationMap = null;
    try {
        // ensure the security roles association contains the incoming principal x roles map.
        if (incommingMappedRoles != null) {
            SecurityRolesMetaData rolesMetaData = (SecurityRolesMetaData) incommingMappedRoles;
            previousRolesAssociationMap = this.setSecurityRolesAssociation(rolesMetaData.getPrincipalVersusRolesMap());
        }
        AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext);
        for (String roleName : roleNames) {
            if (helper.isCallerInRole(resource, roleName)) {
                return true;
            }
        }
        return false;
    } catch (Exception e) {
        throw new RuntimeException(e);
    } finally {
        // reset the security roles association state.
        if (incommingMappedRoles != null) {
            this.setSecurityRolesAssociation(previousRolesAssociationMap);
        }
    }
}
Also used : EJBResource(org.jboss.security.authorization.resources.EJBResource) HashSet(java.util.HashSet) Set(java.util.Set) SecurityRolesMetaData(org.jboss.metadata.javaee.spec.SecurityRolesMetaData) SecurityRoleRef(org.jboss.security.javaee.SecurityRoleRef) AbstractEJBAuthorizationHelper(org.jboss.security.javaee.AbstractEJBAuthorizationHelper) SecurityContext(org.jboss.security.SecurityContext) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) HashSet(java.util.HashSet)

Aggregations

Principal (java.security.Principal)2 SecurityContext (org.jboss.security.SecurityContext)2 SimplePrincipal (org.jboss.security.SimplePrincipal)2 EJBResource (org.jboss.security.authorization.resources.EJBResource)2 AbstractEJBAuthorizationHelper (org.jboss.security.javaee.AbstractEJBAuthorizationHelper)2 HashSet (java.util.HashSet)1 Set (java.util.Set)1 SecurityRolesMetaData (org.jboss.metadata.javaee.spec.SecurityRolesMetaData)1 SimpleRoleGroup (org.jboss.security.identity.plugins.SimpleRoleGroup)1 SecurityRoleRef (org.jboss.security.javaee.SecurityRoleRef)1