@SuppressWarnings("unchecked") @Override public <T> T remove(String key) { if(key == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("key"); Map<String,Object> contextMap = securityContext.getData(); if(RUNAS_IDENTITY_IDENTIFIER.equals(key)) { RunAs runAs = securityContext.getOutgoingRunAs(); //Move the caller RAI to current RAI securityContext.setOutgoingRunAs((RunAs) contextMap.get(CALLER_RAI_IDENTIFIER)); //Clear the Caller RAI contextMap.remove(CALLER_RAI_IDENTIFIER); return (T) runAs; } return (T) contextMap.remove(key); }
private LoginModuleControlFlag getControlFlag(String flag) { if("required".equalsIgnoreCase(flag)) return LoginModuleControlFlag.REQUIRED; if("sufficient".equalsIgnoreCase(flag)) return LoginModuleControlFlag.SUFFICIENT; if("optional".equalsIgnoreCase(flag)) return LoginModuleControlFlag.OPTIONAL; if("requisite".equalsIgnoreCase(flag)) return LoginModuleControlFlag.REQUISITE; throw PicketBoxMessages.MESSAGES.invalidControlFlag(flag); }
@Override public <T> void set(String key, T obj) { validateSecurityContext(); if(key == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("key"); if(obj != null) { if(RUNAS_IDENTITY_IDENTIFIER.equals(key) && obj instanceof RunAsIdentity == false) throw PicketBoxMessages.MESSAGES.invalidType(RunAsIdentity.class.getName()); if(ROLES_IDENTIFIER.equals(key) && obj instanceof Group == false) throw PicketBoxMessages.MESSAGES.invalidType(Group.class.getName()); } if(RUNAS_IDENTITY_IDENTIFIER.equals(key)) setRunAsIdentity( (RunAsIdentity) obj); else securityContext.getData().put(key, obj); }
public void performMapping(Map<String, Object> contextMap, RoleGroup mappedObject) { if (contextMap == null || contextMap.isEmpty()) throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextMap"); //Obtain the principal to roles mapping Principal principal = getCallerPrincipal(contextMap); if (principal != null) { String username = principal.getName(); Util.addRolesToGroup(username, mappedObject, roles); result.setMappedObject(mappedObject); } }
if(principal != null) String user = principal.getName(); throw PicketBoxMessages.MESSAGES.invalidNullArgument(BASE_CTX_DN); results = ctx.search(baseDN, baseFilter, filterArgs, constraints); if (results.hasMore() == false) throw PicketBoxMessages.MESSAGES.failedToFindBaseContextDN(baseDN); userDN = name + "," + baseDN; else throw PicketBoxMessages.MESSAGES.unableToFollowReferralForAuth(name);
/** * Get the Subject roles by looking for a Group called 'Roles' * * @param theSubject - the Subject to search for roles * @return the Group contain the subject roles if found, null otherwise */ public static Group getSubjectRoles(Subject theSubject) { if (theSubject == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("theSubject"); Set<Group> subjectGroups = theSubject.getPrincipals(Group.class); Iterator<Group> iter = subjectGroups.iterator(); Group roles = null; while (iter.hasNext()) { Group grp = iter.next(); String name = grp.getName(); if (name.equals("Roles")) roles = grp; } return roles; }
LoginException le = new LoginException(PicketBoxMessages.MESSAGES.failedToInstantiateClassMessage(Callback.class)); le.initCause(e); throw le; callbackHandler.handle(callbacks); LoginException le = PicketBoxMessages.MESSAGES.failedToInvokeCallbackHandler(); le.initCause(e); throw le; LoginException le = PicketBoxMessages.MESSAGES.failedToInvokeCallbackHandler(); le.initCause(e); throw le;
private RoleGroup getCurrentRoles(Principal principal, Subject subject, SecurityContext securityContext) throw PicketBoxMessages.MESSAGES.invalidNullArgument("subject"); if(securityContext == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("securityContext"); RoleGroup userRoles = securityContext.getUtil().getRoles(); MappingManager mm = securityContext.getMappingManager(); MappingContext<RoleGroup> mc = mm.getMappingContext(MappingType.ROLE.name()); contextMap.put(SecurityConstants.PRINCIPALS_SET_IDENTIFIER, subject.getPrincipals()); if (PicketBoxLogger.LOGGER.isTraceEnabled()) securityContext.getData().put(ROLES_IDENTIFIER, mappedUserRoles);
/** * Generic helper: Use JBoss SecurityActions to load a class, then create a new instance. * * @param <T> generic return type * @param name FQCN of the class to instantiate. * @param clazz Expected type, used for PicketBox logging. * @return Insance. On error/exception, this method registers the * exception via {{@link #setValidateError(Throwable)} and returns * <code>null</code>. */ @SuppressWarnings("unchecked") protected <T> T newInstance(final String name, final Class<T> clazz) { T r = null; try { Class<?> loadedClass = getClass().getClassLoader().loadClass(name); r = (T) loadedClass.newInstance(); } catch(Exception e) { LoginException le = new LoginException(PicketBoxMessages.MESSAGES.failedToInstantiateClassMessage(clazz)); le.initCause(e); setValidateError(le); } return r; } }
@SuppressWarnings({"unchecked", "rawtypes"}) private IdentityTrustModule instantiateModule(ClassLoader cl, String name, Map map) throws Exception { IdentityTrustModule im = null; try { Class clazz = SecurityActions.loadClass(cl, name); im = (IdentityTrustModule)clazz.newInstance(); } catch ( Exception e) { PicketBoxLogger.LOGGER.debugIgnoredException(e); } if(im == null) throw new LoginException(PicketBoxMessages.MESSAGES.failedToInstantiateClassMessage(IdentityTrustModule.class)); im.initialize(this.securityContext, this.callbackHandler, this.sharedState,map); return im; }
throw PicketBoxMessages.MESSAGES.invalidNullArgument("subject"); if(methodName == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("method"); Principal p = securityContext.getUtil().getUserPrincipal(); Object cred = securityContext.getUtil().getCredential(); boolean auth = securityContext.getAuthenticationManager().isValid(p, cred, subject); if(auth == false)
throw PicketBoxMessages.MESSAGES.invalidNullArgument("roleName"); if( ejbResource.getEjbName() == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("ejbName"); if( ejbResource.getPolicyContextID() == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextID"); AuthorizationManager am = securityContext.getAuthorizationManager(); throw PicketBoxMessages.MESSAGES.invalidNullProperty("AuthorizationManager"); RoleGroup callerRoles = am.getSubjectRoles( callerSubject, sch); int check = am.authorize(ejbResource, callerSubject, callerRoles); isAuthorized = (check == AuthorizationContext.PERMIT);
public void setSecurityContext(SecurityContext sc) { if(sc == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("security context"); this.securityContext = sc; }
/** * Get the current thread context info. If a security manager is present, * then this method calls the security manager's <code>checkPermission</code> * method with a <code> RuntimePermission("org.jboss.security.accessContextInfo", * "get") </code> permission to ensure it's ok to access context information. * If not, a <code>SecurityException</code> will be thrown. * @param key - the context key * @return the mapping for the key in the current thread context */ public static Object getContextInfo(String key) { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(GetContextInfo); if (key == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("key"); //SECURITY-459 get it from the current security context SecurityContext sc = getSecurityContext(); if (sc != null) return sc.getData().get(key); return null; }
throw PicketBoxMessages.MESSAGES.invalidType(EJBResource.class.getName()); EJBResource ejbResource = (EJBResource) resource; validateEJBResource( ejbResource ); AuthorizationManager am = securityContext.getAuthorizationManager(); if(am == null) throw PicketBoxMessages.MESSAGES.invalidNullProperty("AuthorizationManager"); RoleGroup callerRoles = am.getSubjectRoles( callerSubject, sch ); int check = am.authorize(ejbResource, callerSubject, callerRoles); isAuthorized = (check == AuthorizationContext.PERMIT); authorizationAudit((isAuthorized ? AuditLevel.SUCCESS : AuditLevel.FAILURE)
throw PicketBoxMessages.MESSAGES.invalidNullArgument("classLoader"); throw PicketBoxMessages.MESSAGES.invalidNullArgument("fqn"); throw new SecurityVaultException(PicketBoxMessages.MESSAGES.unableToLoadVaultMessage()); try throw new SecurityVaultException(PicketBoxMessages.MESSAGES.unableToCreateVaultMessage(), e);
URL url = loader.getResource(propertiesName); if (url == null) throw PicketBoxMessages.MESSAGES.unableToFindPropertiesFile(propertiesName); throw PicketBoxMessages.MESSAGES.unableToLoadPropertiesFile(propertiesName);
/** * Whether the current caller can be trusted? * @return true - trust the caller, false - otherwise * @throws IdentityTrustException */ public boolean isTrusted() throws IdentityTrustException { TrustDecision td = TrustDecision.NotApplicable; IdentityTrustManager itm = securityContext.getIdentityTrustManager(); if(itm != null) { td = itm.isTrusted(securityContext); if(td == TrustDecision.Deny) throw new IdentityTrustException(PicketBoxMessages.MESSAGES.deniedByIdentityTrustMessage()); } return td == TrustDecision.Permit; }
throw new SecurityVaultException(PicketBoxMessages.MESSAGES.unableToLoadVaultMessage()); try throw new SecurityVaultException(PicketBoxMessages.MESSAGES.unableToCreateVaultMessage(), e);
throw PicketBoxMessages.MESSAGES.invalidVaultStringFormat(vaultString); String[] tokens = tokens(vaultString); throw new SecurityVaultException(PicketBoxMessages.MESSAGES.vaultNotInitializedMessage()); return vault.retrieve(tokens[1], tokens[2], tokens[3].getBytes());