Refine search
private Account verifyCredential(final AccountImpl account, final Object credential) { final AuthenticationManager authenticationManager = securityDomainContext.getAuthenticationManager(); final AuthorizationManager authorizationManager = securityDomainContext.getAuthorizationManager(); final SecurityContext sc = SecurityActions.getSecurityContext(); Principal incomingPrincipal = account.getOriginalPrincipal(); Subject subject = new Subject(); try { boolean isValid = authenticationManager.isValid(incomingPrincipal, credential, subject); if (isValid) { UndertowLogger.ROOT_LOGGER.tracef("User: %s is authenticated", incomingPrincipal); if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } Principal userPrincipal = getPrincipal(subject); sc.getUtil().createSubjectInfo(incomingPrincipal, credential, subject); SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(sc); RoleGroup roles = authorizationManager.getSubjectRoles(subject, scb); Set<String> roleSet = new HashSet<>(); for (Role role : roles.getRoles()) { roleSet.add(role.getRoleName()); } return new AccountImpl(userPrincipal, roleSet, credential, account.getOriginalPrincipal()); } } catch (Exception e) { throw new RuntimeException(e); } return null; }
@Override public Boolean run() { final SimplePrincipal principal = new SimplePrincipal(username); // push a new security context if there is not one. final SecurityContext currentSecurityContext = SecurityContextAssociation.getSecurityContext(); final SecurityContext securityContext; if (currentSecurityContext == null) { try { securityContext = SecurityContextFactory.createSecurityContext(principal, password, subject, securityDomainContext.getAuthenticationManager().getSecurityDomain()); } catch (Exception e) { throw new RuntimeException(e); } } else { securityContext = currentSecurityContext; securityContext.getUtil().createSubjectInfo(principal, password, subject); } SecurityContextAssociation.setSecurityContext(securityContext); final Set<Principal> principals = new HashSet<Principal>(); for (Role role : roles) { if (checkType.hasRole(role)) { principals.add(new SimplePrincipal(role.getName())); } } final boolean authenticated = securityDomainContext.getAuthorizationManager().doesUserHaveRole(new SimplePrincipal(username), principals); // restore the previous security context if any SecurityContextAssociation.setSecurityContext(currentSecurityContext); return authenticated; } });
RunAs runAs = securityContext.getIncomingRunAs(); if (runAs != null && runAs instanceof RunAsIdentity) { RunAsIdentity runAsIdentity = (RunAsIdentity) runAs; roleGroup = runAsIdentity.getRunAsRolesAsRoleGroup(); } else { AuthorizationManager am = securityContext.getAuthorizationManager(); SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(securityContext); roleGroup = am.getSubjectRoles(securityContext.getSubjectInfo().getAuthenticatedSubject(), scb);
throw PicketBoxMessages.MESSAGES.invalidNullArgument("roleName"); if(contextID == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextID"); if(callerSubject == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("callerSubject"); AuthorizationManager authzMgr = securityContext.getAuthorizationManager(); if(authzMgr == null) throw PicketBoxMessages.MESSAGES.invalidNullProperty("AuthorizationManager"); RoleGroup callerRoles = null; if (roles == null) callerRoles = authzMgr.getSubjectRoles(callerSubject, sch); else int permit = authzMgr.authorize(webResource, callerSubject, callerRoles); hasTheRole = (permit == AuthorizationContext.PERMIT); String level = (hasTheRole ? AuditLevel.SUCCESS : AuditLevel.FAILURE);
throw new IllegalArgumentException("response is null"); AuthorizationManager authzMgr = securityContext.getAuthorizationManager(); if(authzMgr == null) throw new IllegalStateException("Authorization Manager is null"); RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch); int permit = authzMgr.authorize(webResource, callerSubject, callerRoles); hasPerm = (permit == AuthorizationContext.PERMIT); String level = (hasPerm ? AuditLevel.SUCCESS : AuditLevel.FAILURE);
if(!authorizationManager.doesUserHaveRole(principal, expectedRoles )) builder.append(principal).append(":Expected Roles=").append(expectedRoles); SecurityContextCallbackHandler scbh = new SecurityContextCallbackHandler(sc); builder.append("::Actual Roles=").append(authorizationManager.getSubjectRoles(subject,scbh)); log.error(builder.toString() );
throw PicketBoxMessages.MESSAGES.invalidType(EJBResource.class.getName()); EJBResource ejbResource = (EJBResource) resource; validateEJBResource( ejbResource ); AuthorizationManager am = securityContext.getAuthorizationManager(); if(am == null) throw PicketBoxMessages.MESSAGES.invalidNullProperty("AuthorizationManager"); RoleGroup callerRoles = am.getSubjectRoles( callerSubject, sch ); int check = am.authorize(ejbResource, callerSubject, callerRoles); isAuthorized = (check == AuthorizationContext.PERMIT); authorizationAudit((isAuthorized ? AuditLevel.SUCCESS : AuditLevel.FAILURE)
throw PicketBoxMessages.MESSAGES.invalidSecurityAnnotationConfig(); boolean valid = authMgr.isValid(principal, credential, subject); if(!valid) throw new LoginException(PicketBoxMessages.MESSAGES.authenticationFailedMessage()); RoleGroup roles = authzMgr.getSubjectRoles(subject, cbh); if(roles == null) throw new PicketBoxProcessingException(PicketBoxMessages.MESSAGES.nullRolesInSubjectMessage()); int permit = authzMgr.authorize(new POJOResource(pojo), subject, roles); if(permit != AuthorizationContext.PERMIT) throw new AuthorizationException(PicketBoxMessages.MESSAGES.authorizationFailedMessage());
@Override public boolean doesUserHaveRole(Principal principal, Set<Principal> roles) { return context.getAuthorizationManager().doesUserHaveRole(principal, roles); }
@Override public Set<Principal> getUserRoles(Principal principal) { return context.getAuthorizationManager().getUserRoles(principal); }
/** * @see org.overlord.commons.auth.util.IRoleGenerator#generateRoles(javax.servlet.http.HttpServletRequest) */ @Override public Set<String> generateRoles(HttpServletRequest request) { try { Principal principal = SecurityContextAssociation.getPrincipal(); Set<Principal> userRoles = SecurityContextAssociation.getSecurityContext() .getAuthorizationManager().getUserRoles(principal); Set<String> roles = new HashSet<String>(); if (userRoles != null) { for (Principal role : userRoles) { roles.add(role.getName()); } } return roles; } catch (Exception e) { throw new RuntimeException(e); } }
@Override public boolean hasPermission( ExecutionContext context, String repositoryName, String repositorySourceName, String workspaceName, Path absPath, String... actions ) { if (absPath == null) { // we'll let all authenticated users to have rights on the workspaces return true; } try { // we don't care about the resource, this is just a simple example which checks the roles of the subject // against the configured roles in the configuration file authorizationManager.authorize(new POJOResource(absPath), this.authenticatedSubject); return true; } catch (AuthorizationException e) { return false; } }
@Override public Boolean run() { final SimplePrincipal principal = new SimplePrincipal(username); // push a new security context if there is not one. final SecurityContext currentSecurityContext = SecurityContextAssociation.getSecurityContext(); final SecurityContext securityContext; if (currentSecurityContext == null) { try { securityContext = SecurityContextFactory.createSecurityContext(principal, password, subject, securityDomainContext.getAuthenticationManager().getSecurityDomain()); } catch (Exception e) { throw new RuntimeException(e); } } else { securityContext = currentSecurityContext; securityContext.getUtil().createSubjectInfo(principal, password, subject); } SecurityContextAssociation.setSecurityContext(securityContext); final Set<Principal> principals = new HashSet<Principal>(); for (Role role : roles) { if (checkType.hasRole(role)) { principals.add(new SimplePrincipal(role.getName())); } } final boolean authenticated = securityDomainContext.getAuthorizationManager().doesUserHaveRole(new SimplePrincipal(username), principals); // restore the previous security context if any SecurityContextAssociation.setSecurityContext(currentSecurityContext); return authenticated; } });
RunAs runAs = securityContext.getIncomingRunAs(); if (runAs != null && runAs instanceof RunAsIdentity) { RunAsIdentity runAsIdentity = (RunAsIdentity) runAs; roleGroup = runAsIdentity.getRunAsRolesAsRoleGroup(); } else { AuthorizationManager am = securityContext.getAuthorizationManager(); SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(securityContext); roleGroup = am.getSubjectRoles(securityContext.getSubjectInfo().getAuthenticatedSubject(), scb);
throw PicketBoxMessages.MESSAGES.invalidNullArgument("roleName"); if( ejbResource.getEjbName() == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("ejbName"); if( ejbResource.getPolicyContextID() == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextID"); AuthorizationManager am = securityContext.getAuthorizationManager(); RoleGroup callerRoles = am.getSubjectRoles( callerSubject, sch); int check = am.authorize(ejbResource, callerSubject, callerRoles); isAuthorized = (check == AuthorizationContext.PERMIT);
throw new IllegalArgumentException("callerSubject is null"); AuthorizationManager authzMgr = securityContext.getAuthorizationManager(); if(authzMgr == null) throw new IllegalStateException("Authorization Manager is null"); RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch); int permit = authzMgr.authorize(webResource, callerSubject, callerRoles); hasTheRole = (permit == AuthorizationContext.PERMIT); String level = (hasTheRole ? AuditLevel.SUCCESS : AuditLevel.FAILURE);
if (!authorizationManager.doesUserHaveRole(null, expectedRoles)) { SecurityContext sc = SecurityActions.getSecurityContext(); StringBuilder builder = new StringBuilder("Authorization Failed:Subject="); builder.append(subject).append(":Expected Roles=").append(expectedRoles); SecurityContextCallbackHandler scbh = new SecurityContextCallbackHandler(sc); builder.append("::Actual Roles=").append(authorizationManager.getSubjectRoles(subject, scbh)); logger.error(builder.toString());
throw PicketBoxMessages.MESSAGES.invalidSecurityAnnotationConfig(); boolean valid = authMgr.isValid(principal, credential, subject); if(!valid) throw new LoginException(PicketBoxMessages.MESSAGES.authenticationFailedMessage()); RoleGroup roles = authzMgr.getSubjectRoles(subject, cbh); if(roles == null) throw new PicketBoxProcessingException(PicketBoxMessages.MESSAGES.nullRolesInSubjectMessage()); int permit = authzMgr.authorize(new POJOResource(pojo), subject, roles); if(permit != AuthorizationContext.PERMIT) throw new AuthorizationException(PicketBoxMessages.MESSAGES.authorizationFailedMessage());
@Override public boolean doesUserHaveRole(Principal principal, Set<Principal> roles) { return context.getAuthorizationManager().doesUserHaveRole(principal, roles); }
@Override public Set<Principal> getUserRoles(Principal principal) { return context.getAuthorizationManager().getUserRoles(principal); }