Examples with SecurityIdentity org.wildfly.security.auth.server.SecurityIdentity used on opensource projects

Example 56 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class SecurityIdentityUtils method doIdentityWrap.

static Runnable doIdentityWrap(final Runnable runnable) {
    if (runnable == null) {
        return null;
    }
    final SecurityIdentity securityIdentity = getSecurityIdentity();
    if (securityIdentity == null) {
        return runnable;
    }
    Runnable securedRunnable = () -> securityIdentity.runAs(runnable);
    return runnable instanceof ManagedTask ? new SecuredManagedRunnable(securedRunnable, (ManagedTask) runnable) : securedRunnable;
}

Example 57 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class EJBComponent method checkCallerSecurityIdentityRole.

private boolean checkCallerSecurityIdentityRole(String roleName) {
    final SecurityIdentity identity = getCallerSecurityIdentity();
    if ("**".equals(roleName)) {
        return !identity.isAnonymous();
    }
    Roles roles = identity.getRoles("ejb", true);
    if (roles != null) {
        if (roles.contains(roleName)) {
            return true;
        }
        if (securityMetaData.getSecurityRoleLinks() != null) {
            Collection<String> linked = securityMetaData.getSecurityRoleLinks().get(roleName);
            if (linked != null) {
                for (String role : roles) {
                    if (linked.contains(role)) {
                        return true;
                    }
                }
            }
        }
    }
    return false;
}

Example 58 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project eap-additional-testsuite by jboss-set.

the class BatchSubsystemSecurityTestCase method testRestart_Allowed.

/**
 * Test restarting failed jobs by a user who has the permission to do it.
 */
@Test
public void testRestart_Allowed() throws Exception {
    final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
    Properties params = new Properties();
    params.put("should.fail", "true");
    final Long executionId = user1.runAs((Callable<Long>) () -> operator.start("failing-batchlet", params));
    waitForJobEnd(executionId, 10);
    Assert.assertEquals(BatchStatus.FAILED, operator.getJobExecution(executionId).getBatchStatus());
    params.put("should.fail", "false");
    final Long executionIdAfterRestart = user1.runAs((Callable<Long>) () -> operator.restart(executionId, params));
    waitForJobEnd(executionIdAfterRestart, 10);
    Assert.assertEquals(BatchStatus.COMPLETED, operator.getJobExecution(executionIdAfterRestart).getBatchStatus());
}

Example 59 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project keycloak by keycloak.

the class SecurityIdentityUtil method authorize.

static final SecurityIdentity authorize(CallbackHandler callbackHandler, SamlPrincipal principal) {
    try {
        EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(new Evidence() {

            @Override
            public Principal getPrincipal() {
                return principal;
            }
        });
        callbackHandler.handle(new Callback[] { evidenceVerifyCallback });
        if (evidenceVerifyCallback.isVerified()) {
            AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null);
            try {
                callbackHandler.handle(new Callback[] { authorizeCallback });
            } catch (Exception e) {
                throw new HttpAuthenticationException(e);
            }
            if (authorizeCallback.isAuthorized()) {
                SecurityIdentityCallback securityIdentityCallback = new SecurityIdentityCallback();
                callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.SUCCEEDED, securityIdentityCallback });
                SecurityIdentity securityIdentity = securityIdentityCallback.getSecurityIdentity();
                return securityIdentity;
            }
        }
    } catch (UnsupportedCallbackException e) {
        throw new RuntimeException(e);
    } catch (IOException e) {
        throw new RuntimeException(e);
    }
    return null;
}

Example 60 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project keycloak by keycloak.

the class SecurityIdentityUtil method authorize.

static final SecurityIdentity authorize(CallbackHandler callbackHandler, Principal principal) {
    try {
        EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(new Evidence() {

            @Override
            public Principal getPrincipal() {
                return principal;
            }
        });
        callbackHandler.handle(new Callback[] { evidenceVerifyCallback });
        if (evidenceVerifyCallback.isVerified()) {
            AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null);
            try {
                callbackHandler.handle(new Callback[] { authorizeCallback });
                authorizeCallback.isAuthorized();
            } catch (Exception e) {
                throw new HttpAuthenticationException(e);
            }
            SecurityIdentityCallback securityIdentityCallback = new SecurityIdentityCallback();
            IdentityCredentialCallback credentialCallback = new IdentityCredentialCallback(new BearerTokenCredential(KeycloakPrincipal.class.cast(principal).getKeycloakSecurityContext().getTokenString()), true);
            callbackHandler.handle(new Callback[] { credentialCallback, AuthenticationCompleteCallback.SUCCEEDED, securityIdentityCallback });
            SecurityIdentity securityIdentity = securityIdentityCallback.getSecurityIdentity();
            return securityIdentity;
        }
    } catch (UnsupportedCallbackException e) {
        throw new RuntimeException(e);
    } catch (IOException e) {
        throw new RuntimeException(e);
    }
    return null;
}