protected String getUserName(Crypto crypto, Message message) { SecurityContext sc = message.get(SecurityContext.class); if (sc != null && sc.getUserPrincipal() != null) { return sc.getUserPrincipal().getName(); } return RSSecurityUtils.getUserName(crypto, null); }
public final boolean isUserInRole(final String role) { SecurityContext ctx = (SecurityContext)getMessageContext().get(SecurityContext.class.getName()); if (ctx == null) { return false; } return ctx.isUserInRole(role); }
@Override protected boolean isUserInRole(SecurityContext sc, List<String> roles, boolean deny) { if (!checkConfiguredRolesOnly && !super.isUserInRole(sc, roles, deny)) { return false; } // Additional check. if (!userRolesMap.isEmpty()) { List<String> userRoles = userRolesMap.get(sc.getUserPrincipal().getName()); if (userRoles == null) { return false; } for (String role : roles) { if (userRoles.contains(role)) { return true; } } return false; } return !checkConfiguredRolesOnly; }
Exchange exchange = message.getExchange(); Endpoint ep = exchange.get(Endpoint.class); EJBMethodSecurityAttributeProvider attributeProvider = ep if (attributeProvider != null) //ejb endpoints only can be associated with this... SecurityContext secCtx = message.get(SecurityContext.class); BindingOperationInfo bop = exchange.getBindingOperationInfo(); MethodDispatcher md = (MethodDispatcher) exchange.getService().get(MethodDispatcher.class.getName()); if (secCtx.isUserInRole(role)) final Principal p = secCtx.getUserPrincipal(); ctx.put(KEY, true); throw MESSAGES.authorizationFailed(p != null ? p.getName() : null);
public void handleMessage(final Message message) throws Fault { if (allowNamedPrincipals) { SecurityContext sc = message.get(SecurityContext.class); if (sc != null && sc.getUserPrincipal() != null && sc.getUserPrincipal().getName() != null) { return; Subject subject = ctx.getSubject(); String name = getUsername(handler); message.put(SecurityContext.class, createSecurityContext(name, subject));
public void handleMessage(Message message) throws Fault { SecurityToken token = message.get(SecurityToken.class); if (token == null) { reportSecurityException("Security Token is not available on the current message"); } SecurityContext context = message.get(SecurityContext.class); if (context == null || context.getUserPrincipal() == null) { reportSecurityException("User Principal is not available on the current message"); } Subject subject = null; try { subject = createSubject(token); } catch (Exception ex) { reportSecurityException("Failed Authentication : Subject has not been created, " + ex.getMessage()); } if (subject == null || subject.getPrincipals().size() == 0) { reportSecurityException("Failed Authentication : Invalid Subject"); } Principal principal = getPrincipal(context.getUserPrincipal(), subject); SecurityContext sc = createSecurityContext(principal, subject); message.put(SecurityContext.class, sc); }
@Override public void handleMessage(Message message) throws Fault Endpoint ep = message.getExchange().get(Endpoint.class); SecurityDomainContext sdc = ep.getSecurityDomainContext(); SecurityContext context = message.get(SecurityContext.class); if (context == null || context.getUserPrincipal() == null) SecurityToken token = message.get(SecurityToken.class); Subject subject = null; if (token != null) Principal p = context.getUserPrincipal(); if (!(p instanceof UsernameTokenPrincipal)) { throw Messages.MESSAGES.couldNotGetSubjectInfo(); Principal principal = getPrincipal(context.getUserPrincipal(), subject); message.put(SecurityContext.class, createSecurityContext(principal, subject));
@Override public void filter(ContainerRequestContext requestContext) throws IOException { Message m = JAXRSUtils.getCurrentMessage(); final Method method = (Method) m.get("org.apache.cxf.resource.method"); if (!JaxRsAnnotationScanner.hasAnnotation(method, LoggedIn.class)) { LoggedInFilter.LOGGER.debug("No login mandatory"); return; } LoggedInFilter.LOGGER.debug("Login mandatory"); SecurityContext securityContext = m.get(SecurityContext.class); if (securityContext == null || securityContext.getUserPrincipal() == null) { requestContext.abortWith(Response.status(Status.UNAUTHORIZED).build()); } }
SecurityContext securityContext = cxfMessage.get(SecurityContext.class); if (securityContext instanceof LoginSecurityContext && ((LoginSecurityContext)securityContext).getSubject() != null) { ((LoginSecurityContext)securityContext).getSubject()); } else if (securityContext != null) { Principal user = securityContext.getUserPrincipal(); if (user != null) { Subject subject = new Subject(); Object value = cxfMessage.get(Client.REQUEST_CONTEXT); if (value != null && !headerFilterStrategy.applyFilterToExternalHeaders( Client.REQUEST_CONTEXT, value, camelExchange)) { if (cxfMessage.getAttachments() != null && !camelExchange.getProperty(CxfConstants.DATA_FORMAT_PROPERTY, DataFormat.class).equals(DataFormat.POJO)) { for (Attachment attachment : cxfMessage.getAttachments()) {
@Override public void filter(ContainerRequestContext requestContext) throws IOException { Message m = JAXRSUtils.getCurrentMessage(); final Method method = (Method) m.get("org.apache.cxf.resource.method"); final String[] needed = this.searchRoles(method); if (needed.length == 0) { // No roles needed RolesFilter.LOGGER.debug("No roles needed"); return; } RolesFilter.LOGGER.debug("Needs: {}", Joiner.on(",").join(needed)); final SecurityContext securityContext = m.get(SecurityContext.class); if (securityContext != null) { for (final String need : needed) { if (securityContext.isUserInRole(need)) { // Let it pass RolesFilter.LOGGER.debug("Passed with role {}", need); return; } } } String text = "Missing at least one of the following roles: " + Joiner.on(",").join(needed); requestContext.abortWith(Response.status(Status.FORBIDDEN).entity(text).build()); }
public Principal getPrincipal() { return sc.getUserPrincipal(); } @Override
@Override protected boolean isUserInRole(SecurityContext sc, List<String> roles, boolean deny) { if (!checkConfiguredRolesOnly && !super.isUserInRole(sc, roles, deny)) { return false; } // Additional check. if (!userRolesMap.isEmpty()) { List<String> userRoles = userRolesMap.get(sc.getUserPrincipal().getName()); if (userRoles == null) { return false; } for (String role : roles) { if (userRoles.contains(role)) { return true; } } return false; } return !checkConfiguredRolesOnly; }
if (!isRestMessage) { messageInfo.setMessageId(getMessageId(message)); ServiceInfo serviceInfo = message.getExchange().getBinding().getBindingInfo().getService(); if (null != serviceInfo) { String portTypeName = serviceInfo.getInterface().getName().toString(); messageInfo.setOperationName(getOperationName(message)); SoapBinding soapBinding = (SoapBinding) message.getExchange().getBinding(); if (soapBinding.getBindingInfo() instanceof SoapBindingInfo) { SoapBindingInfo soapBindingInfo = (SoapBindingInfo) soapBinding.getBindingInfo(); messageInfo.setPortType(message.getExchange().getEndpoint().getEndpointInfo().getName() .toString()); String opName = getRestOperationName(message); SecurityContext sc = message.get(SecurityContext.class); if (sc != null && sc.getUserPrincipal() != null) { originator.setPrincipal(sc.getUserPrincipal().getName());
public void handleMessage(final Message message) throws Fault { if (allowNamedPrincipals) { SecurityContext sc = message.get(SecurityContext.class); if (sc != null && sc.getUserPrincipal() != null && sc.getUserPrincipal().getName() != null) { return; Subject subject = ctx.getSubject(); String name = getUsername(handler); message.put(SecurityContext.class, createSecurityContext(name, subject));
public void handleMessage(Message message) throws Fault { SecurityToken token = message.get(SecurityToken.class); if (token == null) { reportSecurityException("Security Token is not available on the current message"); } SecurityContext context = message.get(SecurityContext.class); if (context == null || context.getUserPrincipal() == null) { reportSecurityException("User Principal is not available on the current message"); } Subject subject = null; try { subject = createSubject(token); } catch (Exception ex) { reportSecurityException("Failed Authentication : Subject has not been created, " + ex.getMessage()); } if (subject == null || subject.getPrincipals().isEmpty()) { reportSecurityException("Failed Authentication : Invalid Subject"); } Principal principal = getPrincipal(context.getUserPrincipal(), subject); SecurityContext sc = createSecurityContext(principal, subject); message.put(SecurityContext.class, sc); }
SecurityContext securityContext = cxfMessage.get(SecurityContext.class); if (securityContext instanceof LoginSecurityContext && ((LoginSecurityContext)securityContext).getSubject() != null) { camelExchange.getIn().getHeaders().put(Exchange.AUTHENTICATION, ((LoginSecurityContext)securityContext).getSubject()); } else if (securityContext != null && securityContext.getUserPrincipal() != null) { Subject subject = new Subject(); subject.getPrincipals().add(securityContext.getUserPrincipal()); camelExchange.getIn().getHeaders().put(Exchange.AUTHENTICATION, subject);
@Override public void filter(ContainerRequestContext requestContext) throws IOException { Message m = JAXRSUtils.getCurrentMessage(); final Method method = (Method) m.get("org.apache.cxf.resource.method"); List<RolesAllowed> list = JaxRsAnnotationScanner.searchForAnnotation(method, RolesAllowed.class); final List<String> needed = new ArrayList<>(); for (RolesAllowed annotation : list) { needed.addAll(Lists.newArrayList(annotation.value())); } if (needed.isEmpty()) { // No roles needed RolesFilter.LOGGER.debug("No roles needed"); return; } if (RolesFilter.LOGGER.isDebugEnabled()) { RolesFilter.LOGGER.debug("Needs: {}", Joiner.on(",").join(needed)); } final SecurityContext securityContext = m.get(SecurityContext.class); if (securityContext != null) { for (final String need : needed) { if (securityContext.isUserInRole(need)) { // Let it pass RolesFilter.LOGGER.debug("Passed with role {}", need); return; } } } String text = "Missing at least one of the following roles: " + Joiner.on(",").join(needed); requestContext.abortWith(Response.status(Status.FORBIDDEN).entity(text).build()); }
public final Principal getUserPrincipal() { SecurityContext ctx = (SecurityContext)getMessageContext().get(SecurityContext.class.getName()); if (ctx == null) { return null; } return ctx.getUserPrincipal(); }
List<String> userRoles = userRolesMap.get(sc.getUserPrincipal().getName()); if (userRoles == null)
protected String getUserName(Crypto crypto, Message message) { SecurityContext sc = message.get(SecurityContext.class); if (sc != null && sc.getUserPrincipal() != null) { return sc.getUserPrincipal().getName(); } return RSSecurityUtils.getUserName(crypto, null); }