Search in sources :

Example 26 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class BatchSubsystemSecurityTestCase method testRestart_Allowed.

/**
     * Test restarting failed jobs by a user who has the permission to do it.
     */
@Test
public void testRestart_Allowed() throws Exception {
    final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
    Properties params = new Properties();
    params.put("should.fail", "true");
    final Long executionId = user1.runAs((Callable<Long>) () -> operator.start("failing-batchlet", params));
    waitForJobEnd(executionId, 10);
    Assert.assertEquals(BatchStatus.FAILED, operator.getJobExecution(executionId).getBatchStatus());
    params.put("should.fail", "false");
    final Long executionIdAfterRestart = user1.runAs((Callable<Long>) () -> operator.restart(executionId, params));
    waitForJobEnd(executionIdAfterRestart, 10);
    Assert.assertEquals(BatchStatus.COMPLETED, operator.getJobExecution(executionIdAfterRestart).getBatchStatus());
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) Properties(java.util.Properties) Test(org.junit.Test)

Example 27 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class BatchSubsystemSecurityTestCase method testAbandon_NotAllowed.

/**
     * Abandoning an execution by a user who doesn't have the permission to do it.
     */
@Test
public void testAbandon_NotAllowed() throws Exception {
    final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
    final SecurityIdentity user2 = getSecurityIdentity("user2", "password2");
    final Long id = user1.runAs((Callable<Long>) () -> operator.start("assert-identity", new Properties()));
    waitForJobEnd(id, 10);
    try {
        user2.runAs(() -> operator.abandon(id));
        Assert.fail("user2 should not be allowed to abandon job executions");
    } catch (JobSecurityException e) {
    // OK
    }
    Assert.assertEquals(operator.getJobExecution(id).getBatchStatus(), BatchStatus.COMPLETED);
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) JobSecurityException(javax.batch.operations.JobSecurityException) Properties(java.util.Properties) Test(org.junit.Test)

Example 28 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class BatchSubsystemSecurityTestCase method testAbandon_Allowed.

/**
     * Abandoning an execution by a user who has the permission to do it.
     */
@Test
public void testAbandon_Allowed() throws Exception {
    final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
    final Long id = user1.runAs((Callable<Long>) () -> operator.start("assert-identity", new Properties()));
    waitForJobEnd(id, 10);
    user1.runAs(() -> operator.abandon(id));
    Assert.assertEquals(operator.getJobExecution(id).getBatchStatus(), BatchStatus.ABANDONED);
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) Properties(java.util.Properties) Test(org.junit.Test)

Example 29 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class AssociationImpl method invokeMethod.

static Object invokeMethod(final ComponentView componentView, final Method method, final InvocationRequest incomingInvocation, final InvocationRequest.Resolved content, final CancellationFlag cancellationFlag) throws Exception {
    final InterceptorContext interceptorContext = new InterceptorContext();
    interceptorContext.setParameters(content.getParameters());
    interceptorContext.setMethod(method);
    interceptorContext.putPrivateData(Component.class, componentView.getComponent());
    interceptorContext.putPrivateData(ComponentView.class, componentView);
    interceptorContext.putPrivateData(InvocationType.class, InvocationType.REMOTE);
    interceptorContext.setBlockingCaller(false);
    // setup the contextData on the (spec specified) InvocationContext
    final Map<String, Object> invocationContextData = new HashMap<String, Object>();
    interceptorContext.setContextData(invocationContextData);
    if (content.getAttachments() != null) {
        // attach the attachments which were passed from the remote client
        for (final Map.Entry<String, Object> attachment : content.getAttachments().entrySet()) {
            if (attachment == null) {
                continue;
            }
            final String key = attachment.getKey();
            final Object value = attachment.getValue();
            // application, so add these attachments to the privateData of the InterceptorContext
            if (EJBClientInvocationContext.PRIVATE_ATTACHMENTS_KEY.equals(key)) {
                final Map<?, ?> privateAttachments = (Map<?, ?>) value;
                for (final Map.Entry<?, ?> privateAttachment : privateAttachments.entrySet()) {
                    interceptorContext.putPrivateData(privateAttachment.getKey(), privateAttachment.getValue());
                }
            } else {
                // add it to the InvocationContext which will be visible to the target bean and the
                // application specific interceptors
                invocationContextData.put(key, value);
            }
        }
    }
    // add the session id to the interceptor context, if it's a stateful ejb locator
    final EJBLocator<?> ejbLocator = content.getEJBLocator();
    if (ejbLocator.isStateful()) {
        interceptorContext.putPrivateData(SessionID.class, ejbLocator.asStateful().getSessionId());
    }
    // add transaction
    if (content.hasTransaction()) {
        interceptorContext.setTransactionSupplier(content::getTransaction);
    }
    // add security identity
    final SecurityIdentity securityIdentity = incomingInvocation.getSecurityIdentity();
    final boolean isAsync = componentView.isAsynchronous(method);
    final boolean oneWay = isAsync && method.getReturnType() == void.class;
    final boolean isSessionBean = componentView.getComponent() instanceof SessionBeanComponent;
    if (isAsync && isSessionBean) {
        if (!oneWay) {
            interceptorContext.putPrivateData(CancellationFlag.class, cancellationFlag);
        }
        final Object result = invokeWithIdentity(componentView, interceptorContext, securityIdentity);
        return result == null ? null : ((Future<?>) result).get();
    } else {
        return invokeWithIdentity(componentView, interceptorContext, securityIdentity);
    }
}
Also used : HashMap(java.util.HashMap) SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) SessionBeanComponent(org.jboss.as.ejb3.component.session.SessionBeanComponent) InterceptorContext(org.jboss.invocation.InterceptorContext) Map(java.util.Map) HashMap(java.util.HashMap)

Example 30 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class IdentityOutflowInterceptor method processInvocation.

public Object processInvocation(final InterceptorContext context) throws Exception {
    if (identityOutflowFunction != null) {
        final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class);
        final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity();
        Set<SecurityIdentity> outflowedIdentities = identityOutflowFunction.apply(currentIdentity);
        SecurityIdentity[] newIdentities;
        if (category != null && roleMapper != null) {
            // Propagate the runAsRole or any extra principal roles that are configured
            // (TODO: ensure this is the desired behaviour)
            newIdentities = outflowedIdentities.stream().map(outflowedIdentity -> {
                final RoleMapper mergeMapper = roleMapper.or((roles) -> outflowedIdentity.getRoles(category));
                return outflowedIdentity.withRoleMapper(category, mergeMapper);
            }).toArray(SecurityIdentity[]::new);
        } else {
            newIdentities = outflowedIdentities.toArray(new SecurityIdentity[outflowedIdentities.size()]);
        }
        return SecurityIdentity.runAsAll(context, newIdentities);
    } else {
        return context.proceed();
    }
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) RoleMapper(org.wildfly.security.authz.RoleMapper) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)

Aggregations

SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)37 Test (org.junit.Test)10 Properties (java.util.Properties)8 SecurityDomain (org.wildfly.security.auth.server.SecurityDomain)8 Principal (java.security.Principal)7 PrivilegedActionException (java.security.PrivilegedActionException)5 JobSecurityException (javax.batch.operations.JobSecurityException)5 Component (org.jboss.as.ee.component.Component)4 EJBComponent (org.jboss.as.ejb3.component.EJBComponent)4 Connection (org.jboss.remoting3.Connection)4 HashSet (java.util.HashSet)3 RealmUser (org.jboss.as.core.security.RealmUser)3 InterceptorContext (org.jboss.invocation.InterceptorContext)3 SecurityContext (org.jboss.security.SecurityContext)3 PrivilegedAction (java.security.PrivilegedAction)2 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)2 ManagedTask (javax.enterprise.concurrent.ManagedTask)2 Subject (javax.security.auth.Subject)2 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)2 SessionBeanComponent (org.jboss.as.ejb3.component.session.SessionBeanComponent)2