use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.
the class BatchSubsystemSecurityTestCase method testAbandon_Allowed.
/**
* Abandoning an execution by a user who has the permission to do it.
*/
@Test
public void testAbandon_Allowed() throws Exception {
final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
final Long id = user1.runAs((Callable<Long>) () -> operator.start("assert-identity", new Properties()));
waitForJobEnd(id, 10);
user1.runAs(() -> operator.abandon(id));
Assert.assertEquals(operator.getJobExecution(id).getBatchStatus(), BatchStatus.ABANDONED);
}
use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.
the class BatchSubsystemSecurityTestCase method testAbandon_NotAllowed.
/**
* Abandoning an execution by a user who doesn't have the permission to do it.
*/
@Test
public void testAbandon_NotAllowed() throws Exception {
final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
final SecurityIdentity user2 = getSecurityIdentity("user2", "password2");
final Long id = user1.runAs((Callable<Long>) () -> operator.start("assert-identity", new Properties()));
waitForJobEnd(id, 10);
try {
user2.runAs(() -> operator.abandon(id));
Assert.fail("user2 should not be allowed to abandon job executions");
} catch (JobSecurityException e) {
// OK
}
Assert.assertEquals(operator.getJobExecution(id).getBatchStatus(), BatchStatus.COMPLETED);
}
use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.
the class ElytronSecurityDomainContextImpl method isValid.
@Override
public boolean isValid(Principal principal, Object password, Subject subject) {
if (subject == null) {
subject = new Subject();
}
String username = principal.getName();
if (!(password instanceof String)) {
throw new java.lang.IllegalArgumentException("only string password accepted");
}
SecurityIdentity identity = authenticate(username, (String) password);
if (identity == null) {
return false;
}
this.currentIdentity.set(identity);
SubjectUtil.fromSecurityIdentity(identity, subject);
return true;
}
use of org.wildfly.security.auth.server.SecurityIdentity in project quickstart by wildfly.
the class ElytronIdentityStore method validate.
@Override
public CredentialValidationResult validate(Credential credential) {
if (credential instanceof UsernamePasswordCredential) {
UsernamePasswordCredential upc = (UsernamePasswordCredential) credential;
SecurityIdentity result;
try {
result = securityDomain.authenticate(upc.getCaller(), new PasswordGuessEvidence(upc.getPassword().getValue()));
} catch (RealmUnavailableException e) {
return NOT_VALIDATED_RESULT;
} catch (SecurityException e) {
return INVALID_RESULT;
}
final HashSet<String> groups = new HashSet<>();
result.getRoles().forEach(groups::add);
return new CredentialValidationResult(result.getPrincipal().getName(), groups);
}
return INVALID_RESULT;
}
use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.
the class IdentityOutflowInterceptor method processInvocation.
public Object processInvocation(final InterceptorContext context) throws Exception {
if (identityOutflowFunction != null) {
final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class);
final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity();
Set<SecurityIdentity> outflowedIdentities = identityOutflowFunction.apply(currentIdentity);
SecurityIdentity[] newIdentities;
if (category != null && roleMapper != null) {
// Propagate the runAsRole or any extra principal roles that are configured
// (TODO: ensure this is the desired behaviour)
newIdentities = outflowedIdentities.stream().map(outflowedIdentity -> {
final RoleMapper mergeMapper = roleMapper.or((roles) -> outflowedIdentity.getRoles(category));
return outflowedIdentity.withRoleMapper(category, mergeMapper);
}).toArray(SecurityIdentity[]::new);
} else {
newIdentities = outflowedIdentities.toArray(new SecurityIdentity[outflowedIdentities.size()]);
}
return SecurityIdentity.runAsAll(context, newIdentities);
} else {
return context.proceed();
}
}
Aggregations