Search in sources :

Example 46 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class BatchSubsystemSecurityTestCase method testAbandon_Allowed.

/**
 * Abandoning an execution by a user who has the permission to do it.
 */
@Test
public void testAbandon_Allowed() throws Exception {
    final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
    final Long id = user1.runAs((Callable<Long>) () -> operator.start("assert-identity", new Properties()));
    waitForJobEnd(id, 10);
    user1.runAs(() -> operator.abandon(id));
    Assert.assertEquals(operator.getJobExecution(id).getBatchStatus(), BatchStatus.ABANDONED);
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) Properties(java.util.Properties) Test(org.junit.Test)

Example 47 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class BatchSubsystemSecurityTestCase method testAbandon_NotAllowed.

/**
 * Abandoning an execution by a user who doesn't have the permission to do it.
 */
@Test
public void testAbandon_NotAllowed() throws Exception {
    final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
    final SecurityIdentity user2 = getSecurityIdentity("user2", "password2");
    final Long id = user1.runAs((Callable<Long>) () -> operator.start("assert-identity", new Properties()));
    waitForJobEnd(id, 10);
    try {
        user2.runAs(() -> operator.abandon(id));
        Assert.fail("user2 should not be allowed to abandon job executions");
    } catch (JobSecurityException e) {
    // OK
    }
    Assert.assertEquals(operator.getJobExecution(id).getBatchStatus(), BatchStatus.COMPLETED);
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) JobSecurityException(javax.batch.operations.JobSecurityException) Properties(java.util.Properties) Test(org.junit.Test)

Example 48 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class ElytronSecurityDomainContextImpl method isValid.

@Override
public boolean isValid(Principal principal, Object password, Subject subject) {
    if (subject == null) {
        subject = new Subject();
    }
    String username = principal.getName();
    if (!(password instanceof String)) {
        throw new java.lang.IllegalArgumentException("only string password accepted");
    }
    SecurityIdentity identity = authenticate(username, (String) password);
    if (identity == null) {
        return false;
    }
    this.currentIdentity.set(identity);
    SubjectUtil.fromSecurityIdentity(identity, subject);
    return true;
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) Subject(javax.security.auth.Subject)

Example 49 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project quickstart by wildfly.

the class ElytronIdentityStore method validate.

@Override
public CredentialValidationResult validate(Credential credential) {
    if (credential instanceof UsernamePasswordCredential) {
        UsernamePasswordCredential upc = (UsernamePasswordCredential) credential;
        SecurityIdentity result;
        try {
            result = securityDomain.authenticate(upc.getCaller(), new PasswordGuessEvidence(upc.getPassword().getValue()));
        } catch (RealmUnavailableException e) {
            return NOT_VALIDATED_RESULT;
        } catch (SecurityException e) {
            return INVALID_RESULT;
        }
        final HashSet<String> groups = new HashSet<>();
        result.getRoles().forEach(groups::add);
        return new CredentialValidationResult(result.getPrincipal().getName(), groups);
    }
    return INVALID_RESULT;
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult) PasswordGuessEvidence(org.wildfly.security.evidence.PasswordGuessEvidence) RealmUnavailableException(org.wildfly.security.auth.server.RealmUnavailableException) UsernamePasswordCredential(javax.security.enterprise.credential.UsernamePasswordCredential) HashSet(java.util.HashSet)

Example 50 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class IdentityOutflowInterceptor method processInvocation.

public Object processInvocation(final InterceptorContext context) throws Exception {
    if (identityOutflowFunction != null) {
        final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class);
        final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity();
        Set<SecurityIdentity> outflowedIdentities = identityOutflowFunction.apply(currentIdentity);
        SecurityIdentity[] newIdentities;
        if (category != null && roleMapper != null) {
            // Propagate the runAsRole or any extra principal roles that are configured
            // (TODO: ensure this is the desired behaviour)
            newIdentities = outflowedIdentities.stream().map(outflowedIdentity -> {
                final RoleMapper mergeMapper = roleMapper.or((roles) -> outflowedIdentity.getRoles(category));
                return outflowedIdentity.withRoleMapper(category, mergeMapper);
            }).toArray(SecurityIdentity[]::new);
        } else {
            newIdentities = outflowedIdentities.toArray(new SecurityIdentity[outflowedIdentities.size()]);
        }
        return SecurityIdentity.runAsAll(context, newIdentities);
    } else {
        return context.proceed();
    }
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) RoleMapper(org.wildfly.security.authz.RoleMapper) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)

Aggregations

SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)60 Test (org.junit.Test)20 Properties (java.util.Properties)16 SecurityDomain (org.wildfly.security.auth.server.SecurityDomain)15 Principal (java.security.Principal)10 JobSecurityException (javax.batch.operations.JobSecurityException)10 PrivilegedActionException (java.security.PrivilegedActionException)6 HashSet (java.util.HashSet)6 EJBComponent (org.jboss.as.ejb3.component.EJBComponent)6 Component (org.jboss.as.ee.component.Component)5 InterceptorContext (org.jboss.invocation.InterceptorContext)5 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)4 IOException (java.io.IOException)3 PrintWriter (java.io.PrintWriter)3 Method (java.lang.reflect.Method)3 PrivilegedAction (java.security.PrivilegedAction)3 HashMap (java.util.HashMap)3 Map (java.util.Map)3 SessionBeanComponent (org.jboss.as.ejb3.component.session.SessionBeanComponent)3 Connection (org.jboss.remoting3.Connection)3