Examples with SecurityDomain org.wildfly.security.auth.server.SecurityDomain used on opensource projects

Search in sources :

Example 11 with SecurityDomain

use of org.wildfly.security.auth.server.SecurityDomain in project wildfly by wildfly.

the class JaccInterceptor method processInvocation.

@Override
public Object processInvocation(InterceptorContext context) throws Exception {
    Component component = context.getPrivateData(Component.class);
    final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class);
    Assert.checkNotNullParam("securityDomain", securityDomain);
    final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity();
    if (component instanceof EJBComponent == false) {
        throw EjbLogger.ROOT_LOGGER.unexpectedComponent(component, EJBComponent.class);
    }
    Method invokedMethod = context.getMethod();
    ComponentView componentView = context.getPrivateData(ComponentView.class);
    String viewClassOfInvokedMethod = componentView.getViewClass().getName();
    // shouldn't really happen if the interceptor was setup correctly. But let's be safe and do a check
    if (!viewClassName.equals(viewClassOfInvokedMethod) || !viewMethod.equals(invokedMethod)) {
        throw EjbLogger.ROOT_LOGGER.failProcessInvocation(getClass().getName(), invokedMethod, viewClassOfInvokedMethod, viewMethod, viewClassName);
    }
    EJBComponent ejbComponent = (EJBComponent) component;
    if (WildFlySecurityManager.isChecking()) {
        try {
            AccessController.doPrivileged((PrivilegedExceptionAction<Object>) () -> {
                hasPermission(ejbComponent, componentView, invokedMethod, currentIdentity);
                return null;
            });
        } catch (PrivilegedActionException e) {
            throw e.getException();
        }
    } else {
        hasPermission(ejbComponent, componentView, invokedMethod, currentIdentity);
    }
    // successful authorization, let the invocation proceed
    return context.proceed();
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) ComponentView(org.jboss.as.ee.component.ComponentView) PrivilegedActionException(java.security.PrivilegedActionException) Method(java.lang.reflect.Method) EJBComponent(org.jboss.as.ejb3.component.EJBComponent) Component(org.jboss.as.ee.component.Component) EJBComponent(org.jboss.as.ejb3.component.EJBComponent) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)

Example 12 with SecurityDomain

use of org.wildfly.security.auth.server.SecurityDomain in project wildfly by wildfly.

the class RunAsPrincipalInterceptor method processInvocation.

public Object processInvocation(final InterceptorContext context) throws Exception {
    final Component component = context.getPrivateData(Component.class);
    if (component instanceof EJBComponent == false) {
        throw EjbLogger.ROOT_LOGGER.unexpectedComponent(component, EJBComponent.class);
    }
    final EJBComponent ejbComponent = (EJBComponent) component;
    // Set the incomingRunAsIdentity before switching users
    final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class);
    Assert.checkNotNullParam("securityDomain", securityDomain);
    final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity();
    final SecurityIdentity oldIncomingRunAsIdentity = ejbComponent.getIncomingRunAsIdentity();
    SecurityIdentity newIdentity;
    try {
        // run as a user with the given name or if the caller has sufficient permission
        if (runAsPrincipal.equals(ANONYMOUS_PRINCIPAL)) {
            try {
                newIdentity = currentIdentity.createRunAsAnonymous();
            } catch (AuthorizationFailureException ex) {
                newIdentity = currentIdentity.createRunAsAnonymous(false);
            }
        } else {
            try {
                newIdentity = currentIdentity.createRunAsIdentity(runAsPrincipal);
            } catch (AuthorizationFailureException ex) {
                newIdentity = currentIdentity.createRunAsIdentity(runAsPrincipal, false);
            }
        }
        ejbComponent.setIncomingRunAsIdentity(currentIdentity);
        return newIdentity.runAs(context);
    } catch (PrivilegedActionException e) {
        Throwable cause = e.getCause();
        if (cause != null) {
            if (cause instanceof Exception) {
                throw (Exception) cause;
            } else {
                throw new RuntimeException(e);
            }
        } else {
            throw e;
        }
    } finally {
        ejbComponent.setIncomingRunAsIdentity(oldIncomingRunAsIdentity);
    }
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) AuthorizationFailureException(org.wildfly.security.authz.AuthorizationFailureException) PrivilegedActionException(java.security.PrivilegedActionException) EJBComponent(org.jboss.as.ejb3.component.EJBComponent) Component(org.jboss.as.ee.component.Component) EJBComponent(org.jboss.as.ejb3.component.EJBComponent) PrivilegedActionException(java.security.PrivilegedActionException) AuthorizationFailureException(org.wildfly.security.authz.AuthorizationFailureException) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)

Example 13 with SecurityDomain

use of org.wildfly.security.auth.server.SecurityDomain in project wildfly by wildfly.

the class SecurityRolesAddingInterceptor method processInvocation.

public Object processInvocation(final InterceptorContext context) throws Exception {
    final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class);
    Assert.checkNotNullParam("securityDomain", securityDomain);
    final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity();
    final Set<String> securityRoles = principalVsRolesMap.get(currentIdentity.getPrincipal().getName());
    if (securityRoles != null && !securityRoles.isEmpty()) {
        final RoleMapper roleMapper = RoleMapper.constant(Roles.fromSet(securityRoles));
        final RoleMapper mergeMapper = roleMapper.or((roles) -> currentIdentity.getRoles(category));
        final SecurityIdentity newIdentity;
        if (WildFlySecurityManager.isChecking()) {
            newIdentity = AccessController.doPrivileged((PrivilegedAction<SecurityIdentity>) () -> currentIdentity.withRoleMapper(category, mergeMapper));
        } else {
            newIdentity = currentIdentity.withRoleMapper(category, mergeMapper);
        }
        try {
            return newIdentity.runAs(context);
        } catch (PrivilegedActionException e) {
            Throwable cause = e.getCause();
            if (cause != null) {
                if (cause instanceof Exception) {
                    throw (Exception) cause;
                } else {
                    throw new RuntimeException(e);
                }
            } else {
                throw e;
            }
        }
    } else {
        return context.proceed();
    }
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) RoleMapper(org.wildfly.security.authz.RoleMapper) PrivilegedAction(java.security.PrivilegedAction) PrivilegedActionException(java.security.PrivilegedActionException) PrivilegedActionException(java.security.PrivilegedActionException) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)

Aggregations

SecurityDomain (org.wildfly.security.auth.server.SecurityDomain)13 SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)8 PrivilegedActionException (java.security.PrivilegedActionException)4 Component (org.jboss.as.ee.component.Component)4 EJBComponent (org.jboss.as.ejb3.component.EJBComponent)4 RoleMapper (org.wildfly.security.authz.RoleMapper)3 PrivilegedAction (java.security.PrivilegedAction)2 AnonymousPrincipal (org.wildfly.security.auth.principal.AnonymousPrincipal)2 Method (java.lang.reflect.Method)1 InetSocketAddress (java.net.InetSocketAddress)1 URI (java.net.URI)1 URISyntaxException (java.net.URISyntaxException)1 Principal (java.security.Principal)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1 DataSource (javax.sql.DataSource)1 BroadcastGroupConfiguration (org.apache.activemq.artemis.api.core.BroadcastGroupConfiguration)1 DiscoveryGroupConfiguration (org.apache.activemq.artemis.api.core.DiscoveryGroupConfiguration)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial