/** * <p> * Returns the method roles as a set of {@code Principal} instances. All roles specified in the method-permissions or * via {@code RolesAllowed} for this method are wrapped by a {@code SimplePrincipal}. If the method has been added to * the exclude-list or annotated with {@code DenyAll}, a NOBODY_PRINCIPAL is returned. If the method has been added * to the unchecked list or annotated with {@code PermitAll}, an ANYBODY_PRINCIPAL is returned. * </p> * * @return the constructed set of role principals. */ protected Set<Principal> getMethodRolesAsPrincipals() { Set<Principal> methodRoles = new HashSet<Principal>(); if (this.ejbMethodSecurityMetaData.isDenyAll()) methodRoles.add(NobodyPrincipal.NOBODY_PRINCIPAL); else if (this.ejbMethodSecurityMetaData.isPermitAll()) methodRoles.add(AnybodyPrincipal.ANYBODY_PRINCIPAL); else { for (String role : this.ejbMethodSecurityMetaData.getRolesAllowed()) methodRoles.add(new SimplePrincipal(role)); } return methodRoles; }
/** * Get a HashSet of roles as SimplePrincipal * * @param assignedRoles a comma seperated list of roles * @return */ private HashSet getSetOfRoles(String assignedRoles) { if(trace) log.trace("AssignedRolesString="+assignedRoles); HashSet set = new HashSet(); StringTokenizer st = new StringTokenizer(assignedRoles,","); while(st.hasMoreTokens()) { String aRole = st.nextToken(); set.add(new SimplePrincipal(aRole)); } if(trace) log.trace("roles set="+set); return set; }
@Override protected void authorize(LoginContext context) throws LoginException { HashSet<String> required = new HashSet<>(requiredRoles); Set<Group> groups = context.getSubject().getPrincipals(Group.class); if (groups != null) { for (Group group : groups) { if ("Roles".equals(group.getName())) { for (String role : requiredRoles) { if (group.isMember(new SimplePrincipal(role))) { required.remove(role); } } } } } if (!required.isEmpty()) throw new LoginException("User does not have required roles: " + required); } }
@Override public Boolean run() { final SimplePrincipal principal = new SimplePrincipal(username); // push a new security context if there is not one. final SecurityContext currentSecurityContext = SecurityContextAssociation.getSecurityContext(); final SecurityContext securityContext; if (currentSecurityContext == null) { try { securityContext = SecurityContextFactory.createSecurityContext(principal, password, subject, securityDomainContext.getAuthenticationManager().getSecurityDomain()); } catch (Exception e) { throw new RuntimeException(e); } } else { securityContext = currentSecurityContext; securityContext.getUtil().createSubjectInfo(principal, password, subject); } SecurityContextAssociation.setSecurityContext(securityContext); final Set<Principal> principals = new HashSet<Principal>(); for (Role role : roles) { if (checkType.hasRole(role)) { principals.add(new SimplePrincipal(role.getName())); } } final boolean authenticated = securityDomainContext.getAuthorizationManager().doesUserHaveRole(new SimplePrincipal(username), principals); // restore the previous security context if any SecurityContextAssociation.setSecurityContext(currentSecurityContext); return authenticated; } });
public RolesAuthorization() { requiredRoles.add(new SimplePrincipal("JBossAdmin")); } public void setRequiredRoles(HashSet requiredRoles)
@SuppressWarnings("unchecked") public boolean login() throws LoginException { if( super.login() == true ) return true; Principal principal = new SimplePrincipal(principalName); subject.getPrincipals().add(principal); // Put the principal name into the sharedState map sharedState.put("javax.security.auth.login.name", principalName); super.loginOk = true; return true; }
Subject subject = new Subject(); subject.getPrincipals().add(new SimplePrincipal("system")); subject.setReadOnly(); RunContext runContext = RunContexts.copyCurrent().withSubject(subject);
private void updateSubjectRoles(final org.jboss.security.SecurityContext jbossSct){ if (jbossSct == null) { throw UndertowLogger.ROOT_LOGGER.nullParamter("org.jboss.security.SecurityContext"); } RoleGroup contextRoleGroup = jbossSct.getUtil().getRoles(); if(contextRoleGroup == null){ return; } Collection<Role> contextRoles = contextRoleGroup.getRoles(); if(contextRoles.isEmpty()){ return; } Subject subject = jbossSct.getUtil().getSubject(); Set<Group> groupPrincipals = subject.getPrincipals(Group.class); Group subjectRoleGroup = null; for (Group candidate : groupPrincipals) { if (candidate.getName().equals(ROLES_IDENTIFIER)) { subjectRoleGroup = candidate; break; } } if (subjectRoleGroup == null) { subjectRoleGroup = new SimpleGroup(ROLES_IDENTIFIER); subject.getPrincipals().add(subjectRoleGroup); } for (Role role : contextRoles) { Principal rolePrincipal = new SimplePrincipal(role.getRoleName()); subjectRoleGroup.addMember(rolePrincipal); } }
Subject subject = new Subject(); Principal p = new SimplePrincipal(recoverUserName); subject.getPrincipals().add(p); subject.getPrivateCredentials().add(pc); securityContext.getSubjectInfo().setAuthenticatedSubject(unauthenticated);
public boolean validateUser(final String user, final String password) { SimplePrincipal principal = new SimplePrincipal(user); char[] passwordChars = null; if (password != null) { passwordChars = password.toCharArray(); } Subject subject = new Subject(); return authenticationManager.isValid(principal, passwordChars, subject); }
RoleGroup currentRoles = currentSC.getUtil().getRoles(); if (currentRoles != null) { currentRoles.addAll(roles.getRoles()); currentSC.getUtil().setRoles( roles ); Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject(); if (currentSubject != null) { subject.getPrincipals().addAll(currentSubject.getPrincipals()); subject.getPublicCredentials().addAll(currentSubject.getPublicCredentials()); subject.getPrivateCredentials().addAll(currentSubject.getPrivateCredentials()); callerPrincipal = new SimplePrincipal(callerPrincipalCallback.getName()); Identity identity = IdentityFactory.getIdentity(new SimplePrincipal(userName), password); currentSC.getSubjectInfo().addIdentity(identity);
public void push(final String securityDomain, String userName, char[] password, final Subject subject) { final SecurityContext previous = SecurityContextAssociation.getSecurityContext(); contexts.push(previous); SecurityContext current = establishSecurityContext(securityDomain); if (previous != null) { current.setSubjectInfo(previous.getSubjectInfo()); current.setIncomingRunAs(previous.getOutgoingRunAs()); } RunAs currentRunAs = current.getIncomingRunAs(); boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity; if (trusted == false) { SecurityContextUtil util = current.getUtil(); util.createSubjectInfo(new SimplePrincipal(userName), new String(password), subject); if (authenticate(current, subject) == false) { throw SecurityMessages.MESSAGES.invalidUserException(); } } if (previous != null && previous.getOutgoingRunAs() != null) { // Ensure the propagation continues. current.setOutgoingRunAs(previous.getOutgoingRunAs()); } }
@Override public boolean commit() throws LoginException { subject.getPrincipals().add(jwtPrincipal); SimpleGroup roles = new SimpleGroup("Roles"); for (String name : jwtPrincipal.getGroups()) { roles.addMember(new SimplePrincipal(name)); } subject.getPrincipals().add(roles); sharedState.put("JsonWebToken", jwtPrincipal); return super.commit(); }
if (!subject.getPrincipals().contains(userPrincipal)) { subject.getPrincipals().add(userPrincipal); Group rolesGroup = new SimpleGroup(SecurityHelper.ROLES_GROUP_NAME); String[] rolesArray = roles.split(","); for (String role : rolesArray) { rolesGroup.addMember(new SimplePrincipal(role)); subject.getPrincipals().add(rolesGroup);
protected String userIdFromSubject(Subject caller) { Set<SimplePrincipal> jaasUserPrincipals = caller.getPrincipals(SimplePrincipal.class); if (jaasUserPrincipals.isEmpty()) { return null; } else { for (SimplePrincipal p : jaasUserPrincipals) { // Use the first SimplePrincipal, which is not a SimpleGroup // SimpleGroup is subclass of SimplePrincipal if (p instanceof SimpleGroup) { continue; } else { return p.getName(); } } // userPrincipal not found return null; } }
for (Principal p : subject.getPrincipals()) { if (p instanceof Group && ROLES_GROUP_NAME.equalsIgnoreCase(p.getName())) { subjectRoles = (Group) p; if (subjectRoles.isMember(new SimplePrincipal(grantedRole))) { return;
protected Group[] getRoleSets() throws LoginException { Group[] roleSets = {new SimpleGroup("Roles")}; if( guestOnly == false ) roleSets[0].addMember(new SimplePrincipal("user")); roleSets[0].addMember(new SimplePrincipal("guest")); return roleSets; }
Set<Object> creds = subject.getPublicCredentials(); for(Object cred: creds) AssertionType assertion = (AssertionType) parser.parse(new ByteArrayInputStream(assertionStr.getBytes())); List<String> roles = AssertionUtil.getRoles(assertion, null); Group roleGroup = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER); for(String role: roles) roleGroup.addMember(new SimplePrincipal(role));
public void push(final String securityDomain, String userName, char[] password, final Subject subject) { final SecurityContext previous = SecurityContextAssociation.getSecurityContext(); contexts.push(previous); SecurityContext current = establishSecurityContext(securityDomain); if (propagate && previous != null) { current.setSubjectInfo(getSubjectInfo(previous)); current.setIncomingRunAs(previous.getOutgoingRunAs()); } RunAs currentRunAs = current.getIncomingRunAs(); boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity; if (trusted == false) { SecurityContextUtil util = current.getUtil(); util.createSubjectInfo(new SimplePrincipal(userName), new String(password), subject); } }
@Override protected Group[] getRoleSets() throws LoginException { SimpleGroup roles = new SimpleGroup("Roles"); for (String role : rolesList ) { roles.addMember( new SimplePrincipal(role)); } Group[] roleSets = { roles }; return roleSets; }