Search in sources :

Example 1 with RoleGroup

use of org.jboss.security.identity.RoleGroup in project wildfly by wildfly.

the class JAASIdentityManagerImpl method verifyCredential.

private Account verifyCredential(final AccountImpl account, final Object credential) {
    final AuthenticationManager authenticationManager = securityDomainContext.getAuthenticationManager();
    final AuthorizationManager authorizationManager = securityDomainContext.getAuthorizationManager();
    final SecurityContext sc = SecurityActions.getSecurityContext();
    Principal incomingPrincipal = account.getOriginalPrincipal();
    Subject subject = new Subject();
    try {
        boolean isValid = authenticationManager.isValid(incomingPrincipal, credential, subject);
        if (isValid) {
            UndertowLogger.ROOT_LOGGER.tracef("User: %s is authenticated", incomingPrincipal);
            if (sc == null) {
                throw UndertowLogger.ROOT_LOGGER.noSecurityContext();
            }
            Principal userPrincipal = getPrincipal(subject);
            sc.getUtil().createSubjectInfo(incomingPrincipal, credential, subject);
            SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(sc);
            RoleGroup roles = authorizationManager.getSubjectRoles(subject, scb);
            Set<String> roleSet = new HashSet<>();
            for (Role role : roles.getRoles()) {
                roleSet.add(role.getRoleName());
            }
            return new AccountImpl(userPrincipal, roleSet, credential, account.getOriginalPrincipal());
        }
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
    return null;
}
Also used : SecurityContextCallbackHandler(org.jboss.security.callbacks.SecurityContextCallbackHandler) Subject(javax.security.auth.Subject) RoleGroup(org.jboss.security.identity.RoleGroup) AuthenticationManager(org.jboss.security.AuthenticationManager) Role(org.jboss.security.identity.Role) SecurityContext(org.jboss.security.SecurityContext) AuthorizationManager(org.jboss.security.AuthorizationManager) Principal(java.security.Principal) HashSet(java.util.HashSet)

Example 2 with RoleGroup

use of org.jboss.security.identity.RoleGroup in project wildfly by wildfly.

the class JASPICAuthenticationMechanism method createAccount.

private Account createAccount(final Account cachedAccount, final org.jboss.security.SecurityContext jbossSct) {
    if (jbossSct == null) {
        throw UndertowLogger.ROOT_LOGGER.nullParamter("org.jboss.security.SecurityContext");
    }
    // null principal: SAM has opted out of the authentication process.
    Principal userPrincipal = jbossSct.getUtil().getUserPrincipal();
    if (userPrincipal == null) {
        return null;
    }
    // SAM handled the same principal found in the cached account: indicates we must use the cached account.
    if (cachedAccount != null && cachedAccount.getPrincipal() == userPrincipal) {
        // populate the security context using the cached account data.
        jbossSct.getUtil().createSubjectInfo(userPrincipal, ((AccountImpl) cachedAccount).getCredential(), jbossSct.getUtil().getSubject());
        RoleGroup roleGroup = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
        for (String role : cachedAccount.getRoles()) roleGroup.addRole(new SimpleRole(role));
        jbossSct.getUtil().setRoles(roleGroup);
        return cachedAccount;
    }
    // SAM handled a different principal or there is no cached account: build a new account.
    Set<String> stringRoles = new HashSet<String>();
    RoleGroup roleGroup = jbossSct.getUtil().getRoles();
    if (roleGroup != null) {
        for (Role role : roleGroup.getRoles()) {
            stringRoles.add(role.getRoleName());
        }
    }
    Object credential = jbossSct.getUtil().getCredential();
    Principal original = null;
    if (cachedAccount != null) {
        original = cachedAccount.getPrincipal();
    }
    return new AccountImpl(userPrincipal, stringRoles, credential, original);
}
Also used : SimpleRole(org.jboss.security.identity.plugins.SimpleRole) Role(org.jboss.security.identity.Role) SimpleRole(org.jboss.security.identity.plugins.SimpleRole) AccountImpl(org.wildfly.extension.undertow.security.AccountImpl) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) RoleGroup(org.jboss.security.identity.RoleGroup) SimpleRoleGroup(org.jboss.security.identity.plugins.SimpleRoleGroup) SimpleRoleGroup(org.jboss.security.identity.plugins.SimpleRoleGroup) HashSet(java.util.HashSet)

Example 3 with RoleGroup

use of org.jboss.security.identity.RoleGroup in project wildfly by wildfly.

the class JASPICAuthenticationMechanism method updateSubjectRoles.

private void updateSubjectRoles(final org.jboss.security.SecurityContext jbossSct) {
    if (jbossSct == null) {
        throw UndertowLogger.ROOT_LOGGER.nullParamter("org.jboss.security.SecurityContext");
    }
    RoleGroup contextRoleGroup = jbossSct.getUtil().getRoles();
    if (contextRoleGroup == null) {
        return;
    }
    Collection<Role> contextRoles = contextRoleGroup.getRoles();
    if (contextRoles.isEmpty()) {
        return;
    }
    Subject subject = jbossSct.getUtil().getSubject();
    Set<Group> groupPrincipals = subject.getPrincipals(Group.class);
    Group subjectRoleGroup = null;
    for (Group candidate : groupPrincipals) {
        if (candidate.getName().equals(ROLES_IDENTIFIER)) {
            subjectRoleGroup = candidate;
            break;
        }
    }
    if (subjectRoleGroup == null) {
        subjectRoleGroup = new SimpleGroup(ROLES_IDENTIFIER);
        subject.getPrincipals().add(subjectRoleGroup);
    }
    for (Role role : contextRoles) {
        Principal rolePrincipal = new SimplePrincipal(role.getRoleName());
        subjectRoleGroup.addMember(rolePrincipal);
    }
}
Also used : SimpleRole(org.jboss.security.identity.plugins.SimpleRole) Role(org.jboss.security.identity.Role) SimpleGroup(org.jboss.security.SimpleGroup) RoleGroup(org.jboss.security.identity.RoleGroup) SimpleRoleGroup(org.jboss.security.identity.plugins.SimpleRoleGroup) Group(java.security.acl.Group) SimpleGroup(org.jboss.security.SimpleGroup) Subject(javax.security.auth.Subject) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) SimplePrincipal(org.jboss.security.SimplePrincipal) RoleGroup(org.jboss.security.identity.RoleGroup) SimpleRoleGroup(org.jboss.security.identity.plugins.SimpleRoleGroup)

Aggregations

Principal (java.security.Principal)3 Role (org.jboss.security.identity.Role)3 RoleGroup (org.jboss.security.identity.RoleGroup)3 HashSet (java.util.HashSet)2 Subject (javax.security.auth.Subject)2 SimplePrincipal (org.jboss.security.SimplePrincipal)2 SimpleRole (org.jboss.security.identity.plugins.SimpleRole)2 SimpleRoleGroup (org.jboss.security.identity.plugins.SimpleRoleGroup)2 Group (java.security.acl.Group)1 AuthenticationManager (org.jboss.security.AuthenticationManager)1 AuthorizationManager (org.jboss.security.AuthorizationManager)1 SecurityContext (org.jboss.security.SecurityContext)1 SimpleGroup (org.jboss.security.SimpleGroup)1 SecurityContextCallbackHandler (org.jboss.security.callbacks.SecurityContextCallbackHandler)1 AccountImpl (org.wildfly.extension.undertow.security.AccountImpl)1