Search in sources :

Example 1 with SimpleRoleGroup

use of org.jboss.security.identity.plugins.SimpleRoleGroup in project wildfly by wildfly.

the class SimpleSecurityManager method authorize.

public boolean authorize(String ejbName, CodeSource ejbCodeSource, String ejbMethodIntf, Method ejbMethod, Set<Principal> methodRoles, String contextID) {
    final SecurityContext securityContext = doPrivileged(securityContext());
    if (securityContext == null) {
        return false;
    }
    EJBResource resource = new EJBResource(new HashMap<String, Object>());
    resource.setEjbName(ejbName);
    resource.setEjbMethod(ejbMethod);
    resource.setEjbMethodInterface(ejbMethodIntf);
    resource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles));
    resource.setCodeSource(ejbCodeSource);
    resource.setPolicyContextID(contextID);
    resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs());
    resource.setCallerSubject(securityContext.getUtil().getSubject());
    Principal userPrincipal = securityContext.getUtil().getUserPrincipal();
    resource.setPrincipal(userPrincipal);
    try {
        AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext);
        return helper.authorize(resource);
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : EJBResource(org.jboss.security.authorization.resources.EJBResource) AbstractEJBAuthorizationHelper(org.jboss.security.javaee.AbstractEJBAuthorizationHelper) SecurityContext(org.jboss.security.SecurityContext) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) SimpleRoleGroup(org.jboss.security.identity.plugins.SimpleRoleGroup)

Example 2 with SimpleRoleGroup

use of org.jboss.security.identity.plugins.SimpleRoleGroup in project wildfly by wildfly.

the class JASPICAuthenticationMechanism method createAccount.

private Account createAccount(final Account cachedAccount, final org.jboss.security.SecurityContext jbossSct) {
    if (jbossSct == null) {
        throw UndertowLogger.ROOT_LOGGER.nullParamter("org.jboss.security.SecurityContext");
    }
    // null principal: SAM has opted out of the authentication process.
    Principal userPrincipal = jbossSct.getUtil().getUserPrincipal();
    if (userPrincipal == null) {
        return null;
    }
    // SAM handled the same principal found in the cached account: indicates we must use the cached account.
    if (cachedAccount != null && cachedAccount.getPrincipal() == userPrincipal) {
        // populate the security context using the cached account data.
        jbossSct.getUtil().createSubjectInfo(userPrincipal, ((AccountImpl) cachedAccount).getCredential(), jbossSct.getUtil().getSubject());
        RoleGroup roleGroup = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
        for (String role : cachedAccount.getRoles()) roleGroup.addRole(new SimpleRole(role));
        jbossSct.getUtil().setRoles(roleGroup);
        return cachedAccount;
    }
    // SAM handled a different principal or there is no cached account: build a new account.
    Set<String> stringRoles = new HashSet<String>();
    RoleGroup roleGroup = jbossSct.getUtil().getRoles();
    if (roleGroup != null) {
        for (Role role : roleGroup.getRoles()) {
            stringRoles.add(role.getRoleName());
        }
    }
    Object credential = jbossSct.getUtil().getCredential();
    Principal original = null;
    if (cachedAccount != null) {
        original = cachedAccount.getPrincipal();
    }
    return new AccountImpl(userPrincipal, stringRoles, credential, original);
}
Also used : SimpleRole(org.jboss.security.identity.plugins.SimpleRole) Role(org.jboss.security.identity.Role) SimpleRole(org.jboss.security.identity.plugins.SimpleRole) AccountImpl(org.wildfly.extension.undertow.security.AccountImpl) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) RoleGroup(org.jboss.security.identity.RoleGroup) SimpleRoleGroup(org.jboss.security.identity.plugins.SimpleRoleGroup) SimpleRoleGroup(org.jboss.security.identity.plugins.SimpleRoleGroup) HashSet(java.util.HashSet)

Aggregations

Principal (java.security.Principal)2 SimplePrincipal (org.jboss.security.SimplePrincipal)2 SimpleRoleGroup (org.jboss.security.identity.plugins.SimpleRoleGroup)2 HashSet (java.util.HashSet)1 SecurityContext (org.jboss.security.SecurityContext)1 EJBResource (org.jboss.security.authorization.resources.EJBResource)1 Role (org.jboss.security.identity.Role)1 RoleGroup (org.jboss.security.identity.RoleGroup)1 SimpleRole (org.jboss.security.identity.plugins.SimpleRole)1 AbstractEJBAuthorizationHelper (org.jboss.security.javaee.AbstractEJBAuthorizationHelper)1 AccountImpl (org.wildfly.extension.undertow.security.AccountImpl)1