Examples with RoleMapper - org.wildfly.security.authz.RoleMapper

Example 1 with RoleMapper

use of org.wildfly.security.authz.RoleMapper in project wildfly by wildfly.

the class RoleAddingInterceptor method processInvocation.

public Object processInvocation(final InterceptorContext context) throws Exception {
    final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class);
    Assert.checkNotNullParam("securityDomain", securityDomain);
    final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity();
    final RoleMapper mergeMapper = roleMapper.or((roles) -> currentIdentity.getRoles(category));
    final SecurityIdentity newIdentity = currentIdentity.withRoleMapper(category, mergeMapper);
    try {
        return newIdentity.runAs(context);
    } catch (PrivilegedActionException e) {
        Throwable cause = e.getCause();
        if (cause != null) {
            if (cause instanceof Exception) {
                throw (Exception) cause;
            } else {
                throw new RuntimeException(e);
            }
        } else {
            throw e;
        }
    }
}

Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) RoleMapper(org.wildfly.security.authz.RoleMapper) PrivilegedActionException(java.security.PrivilegedActionException) PrivilegedActionException(java.security.PrivilegedActionException) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)

Example 2 with RoleMapper

use of org.wildfly.security.authz.RoleMapper in project wildfly by wildfly.

the class IdentityOutflowInterceptor method processInvocation.

public Object processInvocation(final InterceptorContext context) throws Exception {
    if (identityOutflowFunction != null) {
        final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class);
        final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity();
        Set<SecurityIdentity> outflowedIdentities = identityOutflowFunction.apply(currentIdentity);
        SecurityIdentity[] newIdentities;
        if (category != null && roleMapper != null) {
            // Propagate the runAsRole or any extra principal roles that are configured
            // (TODO: ensure this is the desired behaviour)
            newIdentities = outflowedIdentities.stream().map(outflowedIdentity -> {
                final RoleMapper mergeMapper = roleMapper.or((roles) -> outflowedIdentity.getRoles(category));
                return outflowedIdentity.withRoleMapper(category, mergeMapper);
            }).toArray(SecurityIdentity[]::new);
        } else {
            newIdentities = outflowedIdentities.toArray(new SecurityIdentity[outflowedIdentities.size()]);
        }
        return SecurityIdentity.runAsAll(context, newIdentities);
    } else {
        return context.proceed();
    }
}

Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) RoleMapper(org.wildfly.security.authz.RoleMapper) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)

Example 3 with RoleMapper

use of org.wildfly.security.authz.RoleMapper in project wildfly by wildfly.

the class SecurityRolesAddingInterceptor method processInvocation.

public Object processInvocation(final InterceptorContext context) throws Exception {
    final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class);
    Assert.checkNotNullParam("securityDomain", securityDomain);
    final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity();
    final Set<String> securityRoles = principalVsRolesMap.get(currentIdentity.getPrincipal().getName());
    if (securityRoles != null && !securityRoles.isEmpty()) {
        final RoleMapper roleMapper = RoleMapper.constant(Roles.fromSet(securityRoles));
        final RoleMapper mergeMapper = roleMapper.or((roles) -> currentIdentity.getRoles(category));
        final SecurityIdentity newIdentity;
        if (WildFlySecurityManager.isChecking()) {
            newIdentity = AccessController.doPrivileged((PrivilegedAction<SecurityIdentity>) () -> currentIdentity.withRoleMapper(category, mergeMapper));
        } else {
            newIdentity = currentIdentity.withRoleMapper(category, mergeMapper);
        }
        try {
            return newIdentity.runAs(context);
        } catch (PrivilegedActionException e) {
            Throwable cause = e.getCause();
            if (cause != null) {
                if (cause instanceof Exception) {
                    throw (Exception) cause;
                } else {
                    throw new RuntimeException(e);
                }
            } else {
                throw e;
            }
        }
    } else {
        return context.proceed();
    }
}

Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) RoleMapper(org.wildfly.security.authz.RoleMapper) PrivilegedAction(java.security.PrivilegedAction) PrivilegedActionException(java.security.PrivilegedActionException) PrivilegedActionException(java.security.PrivilegedActionException) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)

Aggregations

SecurityDomain (org.wildfly.security.auth.server.SecurityDomain)3 SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)3 RoleMapper (org.wildfly.security.authz.RoleMapper)3 PrivilegedActionException (java.security.PrivilegedActionException)2 PrivilegedAction (java.security.PrivilegedAction)1