static SecurityContext getSecurityContext() { if (WildFlySecurityManager.isChecking()) { return doPrivileged(new PrivilegedAction<SecurityContext>() { public SecurityContext run() { return SecurityContextAssociation.getSecurityContext(); } }); } else { return SecurityContextAssociation.getSecurityContext(); } }
private static void setSecurityContextOnAssociation(final SecurityContext sc) { AccessController.doPrivileged((PrivilegedAction<Void>) () -> { SecurityContextAssociation.setSecurityContext(sc); return null; }); }
private static void clearSecurityContextOnAssociation() { AccessController.doPrivileged((PrivilegedAction<Void>) () -> { SecurityContextAssociation.clearSecurityContext(); return null; }); }
private SecurityContext setupSecurityContext() { final SecurityContext previous = SecurityContextAssociation.getSecurityContext(); SecurityContextAssociation.setSecurityContext(securityContext); return previous; } }
/** * Push a new {@link Principal} and Credential pair. * * This method is to be called before an EJB invocation is passed through it's security interceptor, at that point the * Principal and Credential pair can be verified. * * Note: This method should be called from within a {@link PrivilegedAction}. * * @param principal - The alternative {@link Principal} to use in verification before the next EJB is called. * @param credential - The credential to verify with the {@linl Principal} * @return A {@link ContextStateCache} that can later be used to pop the identity pushed here and restore internal state to it's previous values. * @throws Exception If there is a problem associating the new {@link Principal} and Credential pair. */ public static ContextStateCache pushIdentity(final Principal principal, final Object credential) throws Exception { SecurityContext current = SecurityContextAssociation.getSecurityContext(); SecurityContext nextContext = SecurityContextFactory.createSecurityContext(principal, credential, new Subject(), "USER_DELEGATION"); SecurityContextAssociation.setSecurityContext(nextContext); RemoteConnection con = RemotingContext.getRemoteConnection(); RemotingContext.clear(); return new ContextStateCache(con, current); }
static Principal getPrincipal() { if (System.getSecurityManager() == null) { return SecurityContextAssociation.getPrincipal(); } return AccessController.doPrivileged(new PrivilegedAction<Principal>() { public Principal run() { return SecurityContextAssociation.getPrincipal(); } }); }
static Principal getPrincipal() { if(WildFlySecurityManager.isChecking()) { return AccessController.doPrivileged(GET_PRINCIPLE_ACTION); } else { return SecurityContextAssociation.getPrincipal(); } }
@Override public void dissociate() { if (WildFlySecurityManager.isChecking()) { AccessController.doPrivileged((PrivilegedAction<Void>)() -> { SecurityContextAssociation.clearSecurityContext(); return null; }); } else { SecurityContextAssociation.clearSecurityContext(); } }
private static void setSecurityContext(final SecurityContext securityContext) { if (WildFlySecurityManager.isChecking()) { AccessController.doPrivileged(new PrivilegedAction<Void>() { @Override public Void run() { SecurityContextAssociation.setSecurityContext(securityContext); return null; } }); } else { SecurityContextAssociation.setSecurityContext(securityContext); } } }
config.setClassCloner(new LocalInvocationClassCloner(WildFlySecurityManager.getClassLoaderPrivileged(invocation.getInvokedProxy().getClass()))); final ObjectCloner resultCloner = createCloner(config); if (async) { if (WildFlySecurityManager.isChecking()) { securityContext = AccessController.doPrivileged((PrivilegedAction<SecurityContext>) SecurityContextAssociation::getSecurityContext); securityDomain = AccessController.doPrivileged((PrivilegedAction<SecurityDomain>) SecurityDomain::getCurrent); } else { securityContext = SecurityContextAssociation.getSecurityContext(); securityDomain = SecurityDomain.getCurrent();
static SecurityContext getSecurityContext() { if (System.getSecurityManager() != null) { return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() { public SecurityContext run() { return SecurityContextAssociation.getSecurityContext(); } }); } else { return SecurityContextAssociation.getSecurityContext(); } }
public Object run() throws Exception { SecurityContext sc = SecurityContextFactory.createSecurityContext(domain); sc.getUtil().createSubjectInfo(p, cred, subject); SecurityContextAssociation.setSecurityContext(sc); return null; }}); }
public static void setCredential(Object credential) { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(SetSecurityContextPermission); SecurityContext securityContext = SecurityContextAssociation.getSecurityContext(); if (securityContext == null) { try { securityContext = SecurityContextFactory.createSecurityContext("CLIENT_SIDE"); } catch (Exception e) { throw new RuntimeException(e); } SecurityContextAssociation.setSecurityContext(securityContext); } Principal principal = securityContext.getUtil().getUserPrincipal(); Subject subj = securityContext.getUtil().getSubject(); securityContext.getUtil().createSubjectInfo(principal, credential, subj); } }
public static void setPrincipal(Principal principal) { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(SetSecurityContextPermission); SecurityContext securityContext = SecurityContextAssociation.getSecurityContext(); if (securityContext == null) { try { securityContext = SecurityContextFactory.createSecurityContext("CLIENT_SIDE"); } catch (Exception e) { throw new RuntimeException(e); } SecurityContextAssociation.setSecurityContext(securityContext); } Object credential = securityContext.getUtil().getCredential(); Subject subj = securityContext.getUtil().getSubject(); securityContext.getUtil().createSubjectInfo(principal, credential, subj); }
public Subject run() { SecurityContext sc = SecurityContextAssociation.getSecurityContext(); if (sc != null) { return sc.getUtil().getSubject(); } return null; } });
public void push(final String securityDomain, String userName, char[] password, final Subject subject) { final SecurityContext previous = SecurityContextAssociation.getSecurityContext(); contexts.push(previous); SecurityContext current = establishSecurityContext(securityDomain); if (propagate && previous != null) { current.setSubjectInfo(getSubjectInfo(previous)); current.setIncomingRunAs(previous.getOutgoingRunAs()); } RunAs currentRunAs = current.getIncomingRunAs(); boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity; if (trusted == false) { SecurityContextUtil util = current.getUtil(); util.createSubjectInfo(new SimplePrincipal(userName), new String(password), subject); } }
public Void run() { final SecurityContext securityContext = SecurityContextAssociation.getSecurityContext(); if (securityContext == null) { throw new IllegalStateException("Security Context is null"); } securityContext.getUtil().createSubjectInfo(principal, credential, subject); return null; } });
public void authenticate(final String runAs, final String runAsPrincipal, final Set<String> extraRoles) { SecurityContext current = SecurityContextAssociation.getSecurityContext(); SecurityContext previous = contexts.peek(); // skip reauthentication if the current context already has an authenticated subject (copied from the previous context // upon creation - see push method) and both contexts use the same security domain or there is an incoming RunAs of RunAsIdentity type boolean skipReauthentication = current.getSubjectInfo() != null && current.getSubjectInfo().getAuthenticatedSubject() != null && !current.getSubjectInfo().getAuthenticatedSubject().getPrincipals().isEmpty() && ( (previous != null && current.getSecurityDomain().equals(previous.getSecurityDomain())) || current.getIncomingRunAs() instanceof RunAsIdentity ); if (!skipReauthentication) { SecurityContextUtil util = current.getUtil(); Object credential = util.getCredential(); Subject subject = null; if (credential instanceof RemotingConnectionCredential) { subject = ((RemotingConnectionCredential) credential).getSubject(); } if (authenticate(current, subject) == false) { throw SecurityLogger.ROOT_LOGGER.invalidUserException(); } } // setup the run-as identity. if (runAs != null) { RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles); current.setOutgoingRunAs(runAsIdentity); } else if (propagate && previous != null && previous.getOutgoingRunAs() != null) { // Ensure the propagation continues. current.setOutgoingRunAs(previous.getOutgoingRunAs()); } }
public Void run() { org.jboss.security.SecurityContext oldSecurityContext = SecurityContextAssociation.getSecurityContext(); org.jboss.security.SecurityContext securityContext = createSecurityContext(domain); setSecurityContextOnAssociation(securityContext); securityContext.getUtil().createSubjectInfo(oldSecurityContext.getUtil().getUserPrincipal(), oldSecurityContext.getUtil().getCredential(), oldSecurityContext.getUtil().getSubject()); return null; } });
public Principal getPrincipal() { SecurityContext sc = SecurityContextAssociation.getSecurityContext(); return sc.getUtil().getUserPrincipal(); }