use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.
the class SecurityIdentityUtils method doIdentityWrap.
static Runnable doIdentityWrap(final Runnable runnable) {
if (runnable == null) {
return null;
}
final SecurityIdentity securityIdentity = getSecurityIdentity();
if (securityIdentity == null) {
return runnable;
}
Runnable securedRunnable = () -> securityIdentity.runAs(runnable);
return runnable instanceof ManagedTask ? new SecuredManagedRunnable(securedRunnable, (ManagedTask) runnable) : securedRunnable;
}
use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.
the class EJBComponent method checkCallerSecurityIdentityRole.
private boolean checkCallerSecurityIdentityRole(String roleName) {
final SecurityIdentity identity = getCallerSecurityIdentity();
if ("**".equals(roleName)) {
return !identity.isAnonymous();
}
Roles roles = identity.getRoles("ejb", true);
if (roles != null) {
if (roles.contains(roleName)) {
return true;
}
if (securityMetaData.getSecurityRoleLinks() != null) {
Collection<String> linked = securityMetaData.getSecurityRoleLinks().get(roleName);
if (linked != null) {
for (String role : roles) {
if (linked.contains(role)) {
return true;
}
}
}
}
}
return false;
}
use of org.wildfly.security.auth.server.SecurityIdentity in project eap-additional-testsuite by jboss-set.
the class BatchSubsystemSecurityTestCase method testRestart_Allowed.
/**
* Test restarting failed jobs by a user who has the permission to do it.
*/
@Test
public void testRestart_Allowed() throws Exception {
final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
Properties params = new Properties();
params.put("should.fail", "true");
final Long executionId = user1.runAs((Callable<Long>) () -> operator.start("failing-batchlet", params));
waitForJobEnd(executionId, 10);
Assert.assertEquals(BatchStatus.FAILED, operator.getJobExecution(executionId).getBatchStatus());
params.put("should.fail", "false");
final Long executionIdAfterRestart = user1.runAs((Callable<Long>) () -> operator.restart(executionId, params));
waitForJobEnd(executionIdAfterRestart, 10);
Assert.assertEquals(BatchStatus.COMPLETED, operator.getJobExecution(executionIdAfterRestart).getBatchStatus());
}
use of org.wildfly.security.auth.server.SecurityIdentity in project keycloak by keycloak.
the class SecurityIdentityUtil method authorize.
static final SecurityIdentity authorize(CallbackHandler callbackHandler, SamlPrincipal principal) {
try {
EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(new Evidence() {
@Override
public Principal getPrincipal() {
return principal;
}
});
callbackHandler.handle(new Callback[] { evidenceVerifyCallback });
if (evidenceVerifyCallback.isVerified()) {
AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null);
try {
callbackHandler.handle(new Callback[] { authorizeCallback });
} catch (Exception e) {
throw new HttpAuthenticationException(e);
}
if (authorizeCallback.isAuthorized()) {
SecurityIdentityCallback securityIdentityCallback = new SecurityIdentityCallback();
callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.SUCCEEDED, securityIdentityCallback });
SecurityIdentity securityIdentity = securityIdentityCallback.getSecurityIdentity();
return securityIdentity;
}
}
} catch (UnsupportedCallbackException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
return null;
}
use of org.wildfly.security.auth.server.SecurityIdentity in project keycloak by keycloak.
the class SecurityIdentityUtil method authorize.
static final SecurityIdentity authorize(CallbackHandler callbackHandler, Principal principal) {
try {
EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(new Evidence() {
@Override
public Principal getPrincipal() {
return principal;
}
});
callbackHandler.handle(new Callback[] { evidenceVerifyCallback });
if (evidenceVerifyCallback.isVerified()) {
AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null);
try {
callbackHandler.handle(new Callback[] { authorizeCallback });
authorizeCallback.isAuthorized();
} catch (Exception e) {
throw new HttpAuthenticationException(e);
}
SecurityIdentityCallback securityIdentityCallback = new SecurityIdentityCallback();
IdentityCredentialCallback credentialCallback = new IdentityCredentialCallback(new BearerTokenCredential(KeycloakPrincipal.class.cast(principal).getKeycloakSecurityContext().getTokenString()), true);
callbackHandler.handle(new Callback[] { credentialCallback, AuthenticationCompleteCallback.SUCCEEDED, securityIdentityCallback });
SecurityIdentity securityIdentity = securityIdentityCallback.getSecurityIdentity();
return securityIdentity;
}
} catch (UnsupportedCallbackException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
return null;
}
Aggregations