Examples with SecurityIdentity org.wildfly.security.auth.server.SecurityIdentity used on opensource projects

Example 46 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class BatchSubsystemSecurityTestCase method testAbandon_Allowed.

/**
 * Abandoning an execution by a user who has the permission to do it.
 */
@Test
public void testAbandon_Allowed() throws Exception {
    final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
    final Long id = user1.runAs((Callable<Long>) () -> operator.start("assert-identity", new Properties()));
    waitForJobEnd(id, 10);
    user1.runAs(() -> operator.abandon(id));
    Assert.assertEquals(operator.getJobExecution(id).getBatchStatus(), BatchStatus.ABANDONED);
}

Example 47 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class BatchSubsystemSecurityTestCase method testAbandon_NotAllowed.

/**
 * Abandoning an execution by a user who doesn't have the permission to do it.
 */
@Test
public void testAbandon_NotAllowed() throws Exception {
    final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
    final SecurityIdentity user2 = getSecurityIdentity("user2", "password2");
    final Long id = user1.runAs((Callable<Long>) () -> operator.start("assert-identity", new Properties()));
    waitForJobEnd(id, 10);
    try {
        user2.runAs(() -> operator.abandon(id));
        Assert.fail("user2 should not be allowed to abandon job executions");
    } catch (JobSecurityException e) {
    // OK
    }
    Assert.assertEquals(operator.getJobExecution(id).getBatchStatus(), BatchStatus.COMPLETED);
}

Example 48 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class ElytronSecurityDomainContextImpl method isValid.

@Override
public boolean isValid(Principal principal, Object password, Subject subject) {
    if (subject == null) {
        subject = new Subject();
    }
    String username = principal.getName();
    if (!(password instanceof String)) {
        throw new java.lang.IllegalArgumentException("only string password accepted");
    }
    SecurityIdentity identity = authenticate(username, (String) password);
    if (identity == null) {
        return false;
    }
    this.currentIdentity.set(identity);
    SubjectUtil.fromSecurityIdentity(identity, subject);
    return true;
}

Example 49 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project quickstart by wildfly.

the class ElytronIdentityStore method validate.

@Override
public CredentialValidationResult validate(Credential credential) {
    if (credential instanceof UsernamePasswordCredential) {
        UsernamePasswordCredential upc = (UsernamePasswordCredential) credential;
        SecurityIdentity result;
        try {
            result = securityDomain.authenticate(upc.getCaller(), new PasswordGuessEvidence(upc.getPassword().getValue()));
        } catch (RealmUnavailableException e) {
            return NOT_VALIDATED_RESULT;
        } catch (SecurityException e) {
            return INVALID_RESULT;
        }
        final HashSet<String> groups = new HashSet<>();
        result.getRoles().forEach(groups::add);
        return new CredentialValidationResult(result.getPrincipal().getName(), groups);
    }
    return INVALID_RESULT;
}

Example 50 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class IdentityOutflowInterceptor method processInvocation.

public Object processInvocation(final InterceptorContext context) throws Exception {
    if (identityOutflowFunction != null) {
        final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class);
        final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity();
        Set<SecurityIdentity> outflowedIdentities = identityOutflowFunction.apply(currentIdentity);
        SecurityIdentity[] newIdentities;
        if (category != null && roleMapper != null) {
            // Propagate the runAsRole or any extra principal roles that are configured
            // (TODO: ensure this is the desired behaviour)
            newIdentities = outflowedIdentities.stream().map(outflowedIdentity -> {
                final RoleMapper mergeMapper = roleMapper.or((roles) -> outflowedIdentity.getRoles(category));
                return outflowedIdentity.withRoleMapper(category, mergeMapper);
            }).toArray(SecurityIdentity[]::new);
        } else {
            newIdentities = outflowedIdentities.toArray(new SecurityIdentity[outflowedIdentities.size()]);
        }
        return SecurityIdentity.runAsAll(context, newIdentities);
    } else {
        return context.proceed();
    }
}