use of org.jboss.security.identity.RoleGroup in project wildfly by wildfly.
the class JAASIdentityManagerImpl method verifyCredential.
private Account verifyCredential(final AccountImpl account, final Object credential) {
final AuthenticationManager authenticationManager = securityDomainContext.getAuthenticationManager();
final AuthorizationManager authorizationManager = securityDomainContext.getAuthorizationManager();
final SecurityContext sc = SecurityActions.getSecurityContext();
Principal incomingPrincipal = account.getOriginalPrincipal();
Subject subject = new Subject();
try {
boolean isValid = authenticationManager.isValid(incomingPrincipal, credential, subject);
if (isValid) {
UndertowLogger.ROOT_LOGGER.tracef("User: %s is authenticated", incomingPrincipal);
if (sc == null) {
throw UndertowLogger.ROOT_LOGGER.noSecurityContext();
}
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(incomingPrincipal, credential, subject);
SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(sc);
RoleGroup roles = authorizationManager.getSubjectRoles(subject, scb);
Set<String> roleSet = new HashSet<>();
for (Role role : roles.getRoles()) {
roleSet.add(role.getRoleName());
}
return new AccountImpl(userPrincipal, roleSet, credential, account.getOriginalPrincipal());
}
} catch (Exception e) {
throw new RuntimeException(e);
}
return null;
}
use of org.jboss.security.identity.RoleGroup in project wildfly by wildfly.
the class JASPICAuthenticationMechanism method createAccount.
private Account createAccount(final Account cachedAccount, final org.jboss.security.SecurityContext jbossSct) {
if (jbossSct == null) {
throw UndertowLogger.ROOT_LOGGER.nullParamter("org.jboss.security.SecurityContext");
}
// null principal: SAM has opted out of the authentication process.
Principal userPrincipal = jbossSct.getUtil().getUserPrincipal();
if (userPrincipal == null) {
return null;
}
// SAM handled the same principal found in the cached account: indicates we must use the cached account.
if (cachedAccount != null && cachedAccount.getPrincipal() == userPrincipal) {
// populate the security context using the cached account data.
jbossSct.getUtil().createSubjectInfo(userPrincipal, ((AccountImpl) cachedAccount).getCredential(), jbossSct.getUtil().getSubject());
RoleGroup roleGroup = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
for (String role : cachedAccount.getRoles()) roleGroup.addRole(new SimpleRole(role));
jbossSct.getUtil().setRoles(roleGroup);
return cachedAccount;
}
// SAM handled a different principal or there is no cached account: build a new account.
Set<String> stringRoles = new HashSet<String>();
RoleGroup roleGroup = jbossSct.getUtil().getRoles();
if (roleGroup != null) {
for (Role role : roleGroup.getRoles()) {
stringRoles.add(role.getRoleName());
}
}
Object credential = jbossSct.getUtil().getCredential();
Principal original = null;
if (cachedAccount != null) {
original = cachedAccount.getPrincipal();
}
return new AccountImpl(userPrincipal, stringRoles, credential, original);
}
use of org.jboss.security.identity.RoleGroup in project wildfly by wildfly.
the class JASPICAuthenticationMechanism method updateSubjectRoles.
private void updateSubjectRoles(final org.jboss.security.SecurityContext jbossSct) {
if (jbossSct == null) {
throw UndertowLogger.ROOT_LOGGER.nullParamter("org.jboss.security.SecurityContext");
}
RoleGroup contextRoleGroup = jbossSct.getUtil().getRoles();
if (contextRoleGroup == null) {
return;
}
Collection<Role> contextRoles = contextRoleGroup.getRoles();
if (contextRoles.isEmpty()) {
return;
}
Subject subject = jbossSct.getUtil().getSubject();
Set<Group> groupPrincipals = subject.getPrincipals(Group.class);
Group subjectRoleGroup = null;
for (Group candidate : groupPrincipals) {
if (candidate.getName().equals(ROLES_IDENTIFIER)) {
subjectRoleGroup = candidate;
break;
}
}
if (subjectRoleGroup == null) {
subjectRoleGroup = new SimpleGroup(ROLES_IDENTIFIER);
subject.getPrincipals().add(subjectRoleGroup);
}
for (Role role : contextRoles) {
Principal rolePrincipal = new SimplePrincipal(role.getRoleName());
subjectRoleGroup.addMember(rolePrincipal);
}
}
Aggregations