/** * Get the Principal given the authenticated Subject. Currently the first principal that is not of type {@code Group} is * considered or the single principal inside the CallerPrincipal group. * * @param subject * @return the authenticated principal */ private Principal getPrincipal(Subject subject) { Principal principal = null; Principal callerPrincipal = null; if (subject != null) { Set<Principal> principals = subject.getPrincipals(); if (principals != null && !principals.isEmpty()) { for (Principal p : principals) { if (!(p instanceof Group) && principal == null) { principal = p; } if (p instanceof Group) { Group g = Group.class.cast(p); if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) { Enumeration<? extends Principal> e = g.members(); if (e.hasMoreElements()) callerPrincipal = e.nextElement(); } } } } } return callerPrincipal == null ? principal : callerPrincipal; }
private void updateSubjectRoles(final org.jboss.security.SecurityContext jbossSct){ if (jbossSct == null) { throw UndertowLogger.ROOT_LOGGER.nullParamter("org.jboss.security.SecurityContext"); } RoleGroup contextRoleGroup = jbossSct.getUtil().getRoles(); if(contextRoleGroup == null){ return; } Collection<Role> contextRoles = contextRoleGroup.getRoles(); if(contextRoles.isEmpty()){ return; } Subject subject = jbossSct.getUtil().getSubject(); Set<Group> groupPrincipals = subject.getPrincipals(Group.class); Group subjectRoleGroup = null; for (Group candidate : groupPrincipals) { if (candidate.getName().equals(ROLES_IDENTIFIER)) { subjectRoleGroup = candidate; break; } } if (subjectRoleGroup == null) { subjectRoleGroup = new SimpleGroup(ROLES_IDENTIFIER); subject.getPrincipals().add(subjectRoleGroup); } for (Role role : contextRoles) { Principal rolePrincipal = new SimplePrincipal(role.getRoleName()); subjectRoleGroup.addMember(rolePrincipal); } }
@Override public boolean isMember(Principal member) { if (_members.containsKey(member)) { return true; } for (Principal principal : _members.values()) { if (principal instanceof Group) { Group group = (Group)principal; if (group.isMember(member)) { return true; } } } return false; }
@Override public boolean equals(Object obj) { if (obj instanceof Group && super.equals(obj)) { Group that = (Group) obj; Enumeration<? extends Principal> thatEnum = that.members(); int count = 0; while (thatEnum.hasMoreElements()) { Principal thatPrinc = thatEnum.nextElement(); count++; if (! this.members.contains(thatPrinc)) { return false; } } return count == this.members.size(); } else { return false; } }
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) { Subject subject = new Subject(); Set<Principal> principals = subject.getPrincipals(); principals.add(identity); Group[] roleSets = getRoleSets(roleSet); for (int g = 0; g < roleSets.length; g++) { Group group = roleSets[g]; String name = group.getName(); Group subjectGroup = createGroup(name, principals); // Copy the group members to the Subject group Enumeration<? extends Principal> members = group.members(); while (members.hasMoreElements()) { Principal role = (Principal) members.nextElement(); subjectGroup.addMember(role); } } Principal userPrincipal = getPrincipal(subject); List<String> rolesAsStringList = new ArrayList<String>(); rolesAsStringList.addAll(roleSet); GenericPrincipal principal = createPrincipal(userPrincipal, rolesAsStringList); return principal; }
private boolean isMemberRecurse(Principal principal, Vector<Principal> vector) { for(Enumeration<Principal> enumeration = members(); enumeration.hasMoreElements();) { boolean flag = false; Principal principal1 = (Principal)enumeration.nextElement(); if(principal1.equals(principal)) return true; if(principal1 instanceof SecurityGroup) { SecurityGroup groupimpl = (SecurityGroup)principal1; vector.addElement(this); if(!vector.contains(groupimpl)) flag = groupimpl.isMemberRecurse(principal, vector); } else if(principal1 instanceof Group) { Group group1 = (Group)principal1; if(!vector.contains(group1)) flag = group1.isMember(principal); } if(flag) return flag; } return false; }//-------------------------------------------- @Override
/** * Add principals passed via an enumeration into a group * @param grp * @param en * @return */ public static Group addPrincipals(Group grp, Enumeration<? extends Principal> en) { while(en.hasMoreElements()) grp.addMember(en.nextElement()); return grp; }
/** * Process the group with the roles that are mapped in the * properies file * @param group Group that needs to be processed * @param props Properties file */ private void processRoles(Group group,Properties props) throws Exception { Enumeration<?> enumer = props.propertyNames(); while(enumer.hasMoreElements()) { String roleKey = (String)enumer.nextElement(); String comma_separated_roles = props.getProperty(roleKey); Principal pIdentity = createIdentity(roleKey); if(group.isMember(pIdentity)) Util.parseGroupMembers(group,comma_separated_roles,this); if(REPLACE_ROLE) group.removeMember(pIdentity); } } }
public void addCustomGroups(UserInfo userInfo, Set<Principal> principals) { if (userInfo == null || principals == null) { LOG.error("Userinfo or Principals null"); return; } List<Group> unknownGroups = getUnknownGroups(principals); for (Group prince : unknownGroups) { Principal other = prince.members().nextElement(); userInfo.setClaim(prince.getName(), other.toString()); //json prince } }
@Override protected void authorize(LoginContext context) throws LoginException { HashSet<String> required = new HashSet<>(requiredRoles); Set<Group> groups = context.getSubject().getPrincipals(Group.class); if (groups != null) { for (Group group : groups) { if ("Roles".equals(group.getName())) { for (String role : requiredRoles) { if (group.isMember(new SimplePrincipal(role))) { required.remove(role); } } } } } if (!required.isEmpty()) throw new LoginException("User does not have required roles: " + required); } }
private Group getSubjectRoles(final Subject subject) { Set<Group> subjectGroups = subject.getPrincipals(Group.class); Iterator<Group> iter = subjectGroups.iterator(); Group roles = null; while (iter.hasNext()) { Group grp = iter.next(); String name = grp.getName(); if (name.equals("Roles")) { roles = grp; } } return roles; }
@Override protected Group[] getRoleSets() throws LoginException { Group roles = new SimpleGroup("Roles"); Group callerPrincipal = new SimpleGroup("CallerPrincipal"); Group[] groups = { roles, callerPrincipal }; callerPrincipal.addMember(getIdentity()); return groups; }
@Override public Enumeration<? extends Principal> members() { return GroupPrincipals.transform(group.members()); } }
private void appendRoles( Group group ) { if( ! group.getName().equals( SecurityConstants.ROLES_IDENTIFIER ) ) return; if(additionalRoles != null && !additionalRoles.isEmpty()) { StringTokenizer st = new StringTokenizer( additionalRoles , "," ); while(st.hasMoreTokens()) { group.addMember( new SimplePrincipal( st.nextToken().trim() ) ); } } } private void safeClose(InputStream fis)
@Override public String getName() { return group.getName(); }
@Override protected Group[] getRoleSets() throws LoginException { Group group = new SimpleGroup("Roles"); List<String> roles = OpenIDProcessor.cachedRoles.get(); if (roles != null) { for (String role : roles) { group.addMember(new SimplePrincipal(role)); } } roles = FacebookProcessor.cachedRoles.get(); if (roles != null) { for (String role : roles) { Principal rolePrincipal = new SimplePrincipal(role); if (group.isMember(rolePrincipal) == false) { group.addMember(rolePrincipal); } } } return new Group[] { group }; } }
private static Class<?> getPrincipalClass(Group roles) { //Assume that the roles all belong to the same principal class Class<?> principalClass = SimplePrincipal.class; Enumeration<? extends Principal> en = roles.members(); if(en.hasMoreElements()) { principalClass = roles.members().nextElement().getClass(); } return principalClass; } }
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) { Subject subject = new Subject(); Set<Principal> principals = subject.getPrincipals(); principals.add(identity); Group[] roleSets = getRoleSets(roleSet); for (int g = 0; g < roleSets.length; g++) { Group group = roleSets[g]; String name = group.getName(); Group subjectGroup = createGroup(name, principals); // Copy the group members to the Subject group Enumeration<? extends Principal> members = group.members(); while (members.hasMoreElements()) { Principal role = (Principal) members.nextElement(); subjectGroup.addMember(role); } } Principal userPrincipal = getPrincipal(subject); List<String> rolesAsStringList = new ArrayList<String>(); rolesAsStringList.addAll(roleSet); GenericPrincipal principal = createPrincipal(userPrincipal, rolesAsStringList); return principal; }
boolean isMemberRecurse(Principal member, Vector<Group> alreadySeen) { Enumeration<? extends Principal> e = members(); while (e.hasMoreElements()) { boolean mem = false; Principal p = e.nextElement(); if (p.equals(member)) { return true; } else if (p instanceof GroupImpl) { Group g = (Group) p; if (!alreadySeen.contains(g)) { mem = g.isMember(member);