Search in sources :

Example 36 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class HttpInvokerHostService method secureAccess.

private static HttpHandler secureAccess(HttpHandler domainHandler, final HttpAuthenticationFactory httpAuthenticationFactory) {
    domainHandler = new AuthenticationCallHandler(domainHandler);
    domainHandler = new AuthenticationConstraintHandler(domainHandler);
    Supplier<List<HttpServerAuthenticationMechanism>> mechanismSupplier = () -> httpAuthenticationFactory.getMechanismNames().stream().map(s -> {
        try {
            return httpAuthenticationFactory.createMechanism(s);
        } catch (Exception e) {
            return null;
        }
    }).collect(Collectors.toList());
    domainHandler = ElytronContextAssociationHandler.builder().setNext(domainHandler).setMechanismSupplier(mechanismSupplier).setHttpExchangeSupplier(h -> new ElytronHttpExchange(h) {

        @Override
        public void authenticationComplete(SecurityIdentity securityIdentity, String mechanismName) {
            super.authenticationComplete(securityIdentity, mechanismName);
            h.putAttachment(ElytronIdentityHandler.IDENTITY_KEY, securityIdentity);
        }
    }).build();
    return domainHandler;
}
Also used : Service(org.jboss.msc.service.Service) StopContext(org.jboss.msc.service.StopContext) HttpServerExchange(io.undertow.server.HttpServerExchange) AuthenticationConstraintHandler(io.undertow.security.handlers.AuthenticationConstraintHandler) AttachmentKey(io.undertow.util.AttachmentKey) StartContext(org.jboss.msc.service.StartContext) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) HttpAuthenticationFactory(org.wildfly.security.auth.server.HttpAuthenticationFactory) Supplier(java.util.function.Supplier) Collectors(java.util.stream.Collectors) HttpHandler(io.undertow.server.HttpHandler) List(java.util.List) PathHandler(io.undertow.server.handlers.PathHandler) ElytronContextAssociationHandler(org.wildfly.elytron.web.undertow.server.ElytronContextAssociationHandler) HttpServerAuthenticationMechanism(org.wildfly.security.http.HttpServerAuthenticationMechanism) ElytronHttpExchange(org.wildfly.elytron.web.undertow.server.ElytronHttpExchange) AuthenticationCallHandler(io.undertow.security.handlers.AuthenticationCallHandler) SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) InjectedValue(org.jboss.msc.value.InjectedValue) StartException(org.jboss.msc.service.StartException) ElytronHttpExchange(org.wildfly.elytron.web.undertow.server.ElytronHttpExchange) SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) AuthenticationConstraintHandler(io.undertow.security.handlers.AuthenticationConstraintHandler) AuthenticationCallHandler(io.undertow.security.handlers.AuthenticationCallHandler) List(java.util.List) StartException(org.jboss.msc.service.StartException)

Example 37 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class EJBComponent method checkCallerSecurityIdentityRole.

private boolean checkCallerSecurityIdentityRole(String roleName) {
    final SecurityIdentity identity = getCallerSecurityIdentity();
    if ("**".equals(roleName)) {
        return !identity.isAnonymous();
    }
    Roles roles = identity.getRoles("ejb", true);
    if (roles.contains(roleName)) {
        return true;
    }
    if (securityMetaData.getSecurityRoleLinks() != null) {
        Collection<String> linked = securityMetaData.getSecurityRoleLinks().get(roleName);
        if (linked != null) {
            for (String role : roles) {
                if (linked.contains(role)) {
                    return true;
                }
            }
        }
    }
    return false;
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) Roles(org.wildfly.security.authz.Roles)

Aggregations

SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)37 Test (org.junit.Test)10 Properties (java.util.Properties)8 SecurityDomain (org.wildfly.security.auth.server.SecurityDomain)8 Principal (java.security.Principal)7 PrivilegedActionException (java.security.PrivilegedActionException)5 JobSecurityException (javax.batch.operations.JobSecurityException)5 Component (org.jboss.as.ee.component.Component)4 EJBComponent (org.jboss.as.ejb3.component.EJBComponent)4 Connection (org.jboss.remoting3.Connection)4 HashSet (java.util.HashSet)3 RealmUser (org.jboss.as.core.security.RealmUser)3 InterceptorContext (org.jboss.invocation.InterceptorContext)3 SecurityContext (org.jboss.security.SecurityContext)3 PrivilegedAction (java.security.PrivilegedAction)2 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)2 ManagedTask (javax.enterprise.concurrent.ManagedTask)2 Subject (javax.security.auth.Subject)2 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)2 SessionBeanComponent (org.jboss.as.ejb3.component.session.SessionBeanComponent)2