use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.
the class BatchSubsystemSecurityTestCase method testRestart_Allowed.
/**
* Test restarting failed jobs by a user who has the permission to do it.
*/
@Test
public void testRestart_Allowed() throws Exception {
final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
Properties params = new Properties();
params.put("should.fail", "true");
final Long executionId = user1.runAs((Callable<Long>) () -> operator.start("failing-batchlet", params));
waitForJobEnd(executionId, 10);
Assert.assertEquals(BatchStatus.FAILED, operator.getJobExecution(executionId).getBatchStatus());
params.put("should.fail", "false");
final Long executionIdAfterRestart = user1.runAs((Callable<Long>) () -> operator.restart(executionId, params));
waitForJobEnd(executionIdAfterRestart, 10);
Assert.assertEquals(BatchStatus.COMPLETED, operator.getJobExecution(executionIdAfterRestart).getBatchStatus());
}
use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.
the class BatchSubsystemSecurityTestCase method testAbandon_NotAllowed.
/**
* Abandoning an execution by a user who doesn't have the permission to do it.
*/
@Test
public void testAbandon_NotAllowed() throws Exception {
final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
final SecurityIdentity user2 = getSecurityIdentity("user2", "password2");
final Long id = user1.runAs((Callable<Long>) () -> operator.start("assert-identity", new Properties()));
waitForJobEnd(id, 10);
try {
user2.runAs(() -> operator.abandon(id));
Assert.fail("user2 should not be allowed to abandon job executions");
} catch (JobSecurityException e) {
// OK
}
Assert.assertEquals(operator.getJobExecution(id).getBatchStatus(), BatchStatus.COMPLETED);
}
use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.
the class BatchSubsystemSecurityTestCase method testAbandon_Allowed.
/**
* Abandoning an execution by a user who has the permission to do it.
*/
@Test
public void testAbandon_Allowed() throws Exception {
final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
final Long id = user1.runAs((Callable<Long>) () -> operator.start("assert-identity", new Properties()));
waitForJobEnd(id, 10);
user1.runAs(() -> operator.abandon(id));
Assert.assertEquals(operator.getJobExecution(id).getBatchStatus(), BatchStatus.ABANDONED);
}
use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.
the class AssociationImpl method invokeMethod.
static Object invokeMethod(final ComponentView componentView, final Method method, final InvocationRequest incomingInvocation, final InvocationRequest.Resolved content, final CancellationFlag cancellationFlag) throws Exception {
final InterceptorContext interceptorContext = new InterceptorContext();
interceptorContext.setParameters(content.getParameters());
interceptorContext.setMethod(method);
interceptorContext.putPrivateData(Component.class, componentView.getComponent());
interceptorContext.putPrivateData(ComponentView.class, componentView);
interceptorContext.putPrivateData(InvocationType.class, InvocationType.REMOTE);
interceptorContext.setBlockingCaller(false);
// setup the contextData on the (spec specified) InvocationContext
final Map<String, Object> invocationContextData = new HashMap<String, Object>();
interceptorContext.setContextData(invocationContextData);
if (content.getAttachments() != null) {
// attach the attachments which were passed from the remote client
for (final Map.Entry<String, Object> attachment : content.getAttachments().entrySet()) {
if (attachment == null) {
continue;
}
final String key = attachment.getKey();
final Object value = attachment.getValue();
// application, so add these attachments to the privateData of the InterceptorContext
if (EJBClientInvocationContext.PRIVATE_ATTACHMENTS_KEY.equals(key)) {
final Map<?, ?> privateAttachments = (Map<?, ?>) value;
for (final Map.Entry<?, ?> privateAttachment : privateAttachments.entrySet()) {
interceptorContext.putPrivateData(privateAttachment.getKey(), privateAttachment.getValue());
}
} else {
// add it to the InvocationContext which will be visible to the target bean and the
// application specific interceptors
invocationContextData.put(key, value);
}
}
}
// add the session id to the interceptor context, if it's a stateful ejb locator
final EJBLocator<?> ejbLocator = content.getEJBLocator();
if (ejbLocator.isStateful()) {
interceptorContext.putPrivateData(SessionID.class, ejbLocator.asStateful().getSessionId());
}
// add transaction
if (content.hasTransaction()) {
interceptorContext.setTransactionSupplier(content::getTransaction);
}
// add security identity
final SecurityIdentity securityIdentity = incomingInvocation.getSecurityIdentity();
final boolean isAsync = componentView.isAsynchronous(method);
final boolean oneWay = isAsync && method.getReturnType() == void.class;
final boolean isSessionBean = componentView.getComponent() instanceof SessionBeanComponent;
if (isAsync && isSessionBean) {
if (!oneWay) {
interceptorContext.putPrivateData(CancellationFlag.class, cancellationFlag);
}
final Object result = invokeWithIdentity(componentView, interceptorContext, securityIdentity);
return result == null ? null : ((Future<?>) result).get();
} else {
return invokeWithIdentity(componentView, interceptorContext, securityIdentity);
}
}
use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.
the class IdentityOutflowInterceptor method processInvocation.
public Object processInvocation(final InterceptorContext context) throws Exception {
if (identityOutflowFunction != null) {
final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class);
final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity();
Set<SecurityIdentity> outflowedIdentities = identityOutflowFunction.apply(currentIdentity);
SecurityIdentity[] newIdentities;
if (category != null && roleMapper != null) {
// Propagate the runAsRole or any extra principal roles that are configured
// (TODO: ensure this is the desired behaviour)
newIdentities = outflowedIdentities.stream().map(outflowedIdentity -> {
final RoleMapper mergeMapper = roleMapper.or((roles) -> outflowedIdentity.getRoles(category));
return outflowedIdentity.withRoleMapper(category, mergeMapper);
}).toArray(SecurityIdentity[]::new);
} else {
newIdentities = outflowedIdentities.toArray(new SecurityIdentity[outflowedIdentities.size()]);
}
return SecurityIdentity.runAsAll(context, newIdentities);
} else {
return context.proceed();
}
}
Aggregations