use of org.jboss.security.identity.plugins.SimpleRoleGroup in project wildfly by wildfly.
the class SimpleSecurityManager method authorize.
public boolean authorize(String ejbName, CodeSource ejbCodeSource, String ejbMethodIntf, Method ejbMethod, Set<Principal> methodRoles, String contextID) {
final SecurityContext securityContext = doPrivileged(securityContext());
if (securityContext == null) {
return false;
}
EJBResource resource = new EJBResource(new HashMap<String, Object>());
resource.setEjbName(ejbName);
resource.setEjbMethod(ejbMethod);
resource.setEjbMethodInterface(ejbMethodIntf);
resource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles));
resource.setCodeSource(ejbCodeSource);
resource.setPolicyContextID(contextID);
resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs());
resource.setCallerSubject(securityContext.getUtil().getSubject());
Principal userPrincipal = securityContext.getUtil().getUserPrincipal();
resource.setPrincipal(userPrincipal);
try {
AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext);
return helper.authorize(resource);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
use of org.jboss.security.identity.plugins.SimpleRoleGroup in project wildfly by wildfly.
the class JASPICAuthenticationMechanism method createAccount.
private Account createAccount(final Account cachedAccount, final org.jboss.security.SecurityContext jbossSct) {
if (jbossSct == null) {
throw UndertowLogger.ROOT_LOGGER.nullParamter("org.jboss.security.SecurityContext");
}
// null principal: SAM has opted out of the authentication process.
Principal userPrincipal = jbossSct.getUtil().getUserPrincipal();
if (userPrincipal == null) {
return null;
}
// SAM handled the same principal found in the cached account: indicates we must use the cached account.
if (cachedAccount != null && cachedAccount.getPrincipal() == userPrincipal) {
// populate the security context using the cached account data.
jbossSct.getUtil().createSubjectInfo(userPrincipal, ((AccountImpl) cachedAccount).getCredential(), jbossSct.getUtil().getSubject());
RoleGroup roleGroup = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
for (String role : cachedAccount.getRoles()) roleGroup.addRole(new SimpleRole(role));
jbossSct.getUtil().setRoles(roleGroup);
return cachedAccount;
}
// SAM handled a different principal or there is no cached account: build a new account.
Set<String> stringRoles = new HashSet<String>();
RoleGroup roleGroup = jbossSct.getUtil().getRoles();
if (roleGroup != null) {
for (Role role : roleGroup.getRoles()) {
stringRoles.add(role.getRoleName());
}
}
Object credential = jbossSct.getUtil().getCredential();
Principal original = null;
if (cachedAccount != null) {
original = cachedAccount.getPrincipal();
}
return new AccountImpl(userPrincipal, stringRoles, credential, original);
}
Aggregations