Search in sources :

Example 56 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class SecurityIdentityUtils method doIdentityWrap.

static Runnable doIdentityWrap(final Runnable runnable) {
    if (runnable == null) {
        return null;
    }
    final SecurityIdentity securityIdentity = getSecurityIdentity();
    if (securityIdentity == null) {
        return runnable;
    }
    Runnable securedRunnable = () -> securityIdentity.runAs(runnable);
    return runnable instanceof ManagedTask ? new SecuredManagedRunnable(securedRunnable, (ManagedTask) runnable) : securedRunnable;
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) ManagedTask(javax.enterprise.concurrent.ManagedTask)

Example 57 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class EJBComponent method checkCallerSecurityIdentityRole.

private boolean checkCallerSecurityIdentityRole(String roleName) {
    final SecurityIdentity identity = getCallerSecurityIdentity();
    if ("**".equals(roleName)) {
        return !identity.isAnonymous();
    }
    Roles roles = identity.getRoles("ejb", true);
    if (roles != null) {
        if (roles.contains(roleName)) {
            return true;
        }
        if (securityMetaData.getSecurityRoleLinks() != null) {
            Collection<String> linked = securityMetaData.getSecurityRoleLinks().get(roleName);
            if (linked != null) {
                for (String role : roles) {
                    if (linked.contains(role)) {
                        return true;
                    }
                }
            }
        }
    }
    return false;
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) Roles(org.wildfly.security.authz.Roles)

Example 58 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project eap-additional-testsuite by jboss-set.

the class BatchSubsystemSecurityTestCase method testRestart_Allowed.

/**
 * Test restarting failed jobs by a user who has the permission to do it.
 */
@Test
public void testRestart_Allowed() throws Exception {
    final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
    Properties params = new Properties();
    params.put("should.fail", "true");
    final Long executionId = user1.runAs((Callable<Long>) () -> operator.start("failing-batchlet", params));
    waitForJobEnd(executionId, 10);
    Assert.assertEquals(BatchStatus.FAILED, operator.getJobExecution(executionId).getBatchStatus());
    params.put("should.fail", "false");
    final Long executionIdAfterRestart = user1.runAs((Callable<Long>) () -> operator.restart(executionId, params));
    waitForJobEnd(executionIdAfterRestart, 10);
    Assert.assertEquals(BatchStatus.COMPLETED, operator.getJobExecution(executionIdAfterRestart).getBatchStatus());
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) Properties(java.util.Properties) Test(org.junit.Test)

Example 59 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project keycloak by keycloak.

the class SecurityIdentityUtil method authorize.

static final SecurityIdentity authorize(CallbackHandler callbackHandler, SamlPrincipal principal) {
    try {
        EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(new Evidence() {

            @Override
            public Principal getPrincipal() {
                return principal;
            }
        });
        callbackHandler.handle(new Callback[] { evidenceVerifyCallback });
        if (evidenceVerifyCallback.isVerified()) {
            AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null);
            try {
                callbackHandler.handle(new Callback[] { authorizeCallback });
            } catch (Exception e) {
                throw new HttpAuthenticationException(e);
            }
            if (authorizeCallback.isAuthorized()) {
                SecurityIdentityCallback securityIdentityCallback = new SecurityIdentityCallback();
                callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.SUCCEEDED, securityIdentityCallback });
                SecurityIdentity securityIdentity = securityIdentityCallback.getSecurityIdentity();
                return securityIdentity;
            }
        }
    } catch (UnsupportedCallbackException e) {
        throw new RuntimeException(e);
    } catch (IOException e) {
        throw new RuntimeException(e);
    }
    return null;
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) SecurityIdentityCallback(org.wildfly.security.auth.callback.SecurityIdentityCallback) HttpAuthenticationException(org.wildfly.security.http.HttpAuthenticationException) Evidence(org.wildfly.security.evidence.Evidence) EvidenceVerifyCallback(org.wildfly.security.auth.callback.EvidenceVerifyCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) SamlPrincipal(org.keycloak.adapters.saml.SamlPrincipal) Principal(java.security.Principal) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) HttpAuthenticationException(org.wildfly.security.http.HttpAuthenticationException)

Example 60 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project keycloak by keycloak.

the class SecurityIdentityUtil method authorize.

static final SecurityIdentity authorize(CallbackHandler callbackHandler, Principal principal) {
    try {
        EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(new Evidence() {

            @Override
            public Principal getPrincipal() {
                return principal;
            }
        });
        callbackHandler.handle(new Callback[] { evidenceVerifyCallback });
        if (evidenceVerifyCallback.isVerified()) {
            AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null);
            try {
                callbackHandler.handle(new Callback[] { authorizeCallback });
                authorizeCallback.isAuthorized();
            } catch (Exception e) {
                throw new HttpAuthenticationException(e);
            }
            SecurityIdentityCallback securityIdentityCallback = new SecurityIdentityCallback();
            IdentityCredentialCallback credentialCallback = new IdentityCredentialCallback(new BearerTokenCredential(KeycloakPrincipal.class.cast(principal).getKeycloakSecurityContext().getTokenString()), true);
            callbackHandler.handle(new Callback[] { credentialCallback, AuthenticationCompleteCallback.SUCCEEDED, securityIdentityCallback });
            SecurityIdentity securityIdentity = securityIdentityCallback.getSecurityIdentity();
            return securityIdentity;
        }
    } catch (UnsupportedCallbackException e) {
        throw new RuntimeException(e);
    } catch (IOException e) {
        throw new RuntimeException(e);
    }
    return null;
}
Also used : SecurityIdentityCallback(org.wildfly.security.auth.callback.SecurityIdentityCallback) HttpAuthenticationException(org.wildfly.security.http.HttpAuthenticationException) BearerTokenCredential(org.wildfly.security.credential.BearerTokenCredential) IOException(java.io.IOException) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) HttpAuthenticationException(org.wildfly.security.http.HttpAuthenticationException) SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) IdentityCredentialCallback(org.wildfly.security.auth.callback.IdentityCredentialCallback) Evidence(org.wildfly.security.evidence.Evidence) EvidenceVerifyCallback(org.wildfly.security.auth.callback.EvidenceVerifyCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) KeycloakPrincipal(org.keycloak.KeycloakPrincipal) Principal(java.security.Principal)

Aggregations

SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)60 Test (org.junit.Test)20 Properties (java.util.Properties)16 SecurityDomain (org.wildfly.security.auth.server.SecurityDomain)15 Principal (java.security.Principal)10 JobSecurityException (javax.batch.operations.JobSecurityException)10 PrivilegedActionException (java.security.PrivilegedActionException)6 HashSet (java.util.HashSet)6 EJBComponent (org.jboss.as.ejb3.component.EJBComponent)6 Component (org.jboss.as.ee.component.Component)5 InterceptorContext (org.jboss.invocation.InterceptorContext)5 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)4 IOException (java.io.IOException)3 PrintWriter (java.io.PrintWriter)3 Method (java.lang.reflect.Method)3 PrivilegedAction (java.security.PrivilegedAction)3 HashMap (java.util.HashMap)3 Map (java.util.Map)3 SessionBeanComponent (org.jboss.as.ejb3.component.session.SessionBeanComponent)3 Connection (org.jboss.remoting3.Connection)3