Refine search
public void authenticate(final String runAs, final String runAsPrincipal, final Set<String> extraRoles) { SecurityContext current = SecurityContextAssociation.getSecurityContext(); SecurityContext previous = contexts.peek(); // skip reauthentication if the current context already has an authenticated subject (copied from the previous context // upon creation - see push method) and both contexts use the same security domain or there is an incoming RunAs of RunAsIdentity type boolean skipReauthentication = current.getSubjectInfo() != null && current.getSubjectInfo().getAuthenticatedSubject() != null && !current.getSubjectInfo().getAuthenticatedSubject().getPrincipals().isEmpty() && ( (previous != null && current.getSecurityDomain().equals(previous.getSecurityDomain())) || current.getIncomingRunAs() instanceof RunAsIdentity ); if (!skipReauthentication) { SecurityContextUtil util = current.getUtil(); Object credential = util.getCredential(); Subject subject = null; if (credential instanceof RemotingConnectionCredential) { subject = ((RemotingConnectionCredential) credential).getSubject(); } if (authenticate(current, subject) == false) { throw SecurityLogger.ROOT_LOGGER.invalidUserException(); } } // setup the run-as identity. if (runAs != null) { RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles); current.setOutgoingRunAs(runAsIdentity); } else if (propagate && previous != null && previous.getOutgoingRunAs() != null) { // Ensure the propagation continues. current.setOutgoingRunAs(previous.getOutgoingRunAs()); } }
private boolean authenticate(SecurityContext context, Subject subject) { SecurityContextUtil util = context.getUtil(); SubjectInfo subjectInfo = getSubjectInfo(context); if (subject == null) { if (principal == null) { unauthenticatedIdentity = getUnauthenticatedIdentity(); subjectInfo.addIdentity(unauthenticatedIdentity); auditPrincipal = unauthenticatedIdentity.asPrincipal(); subject.getPrincipals().add(auditPrincipal); AuthenticationManager authenticationManager = context.getAuthenticationManager(); authenticated = authenticationManager.isValid(principal, credential, subject); subjectInfo.setAuthenticatedSubject(subject); AuditManager auditManager = context.getAuditManager(); if (auditManager != null) { audit(authenticated ? AuditLevel.SUCCESS : AuditLevel.FAILURE, auditManager, auditPrincipal);
RoleGroup roleGroup = new SimpleRoleGroup(rolesGroup); Identity identity = CredentialIdentityFactory.createIdentity(principal, credential, roleGroup); new_jb_securityContext.getUtil().createSubjectInfo(identity, subject); new_jb_securityContext.getSubjectInfo().setRoles(roleGroup); } else { Identity identity = CredentialIdentityFactory.createIdentity(principal, credential); new_jb_securityContext.getUtil().createSubjectInfo(identity, subject); RoleGroup old_jb_roleGroup = old_jb_securityContext.getSubjectInfo().getRoles(); if (rolesGroup != null) { old_jb_securityContext.getSubjectInfo().setRoles(new SimpleRoleGroup(rolesGroup)); RunAs old_jb_runAs = old_jb_securityContext.getOutgoingRunAs();
/** * <p> * Retrieves the authenticated subject from the underlying security context. * </p> * * @return a reference to the authenticated subject. */ private Subject getAuthenticatedSubject() { Subject subject = null; org.jboss.security.SecurityContext picketBoxContext = SecurityActions.getSecurityContext(); if (picketBoxContext != null && picketBoxContext.getSubjectInfo() != null) subject = picketBoxContext.getSubjectInfo().getAuthenticatedSubject(); return subject != null ? subject : new Subject(); } }
public Boolean run() { SecurityContext sc = SecurityContextAssociation.getSecurityContext(); Principal principal = sc.getUtil().getUserPrincipal(); char[] passwordChars = (char[])sc.getUtil().getCredential(); Subject subject = sc.getSubjectInfo().getAuthenticatedSubject(); boolean authenticated = authenticationManager.isValid(principal, passwordChars, subject); if (authenticated) { Set<Principal> rolePrincipals = getRolePrincipals(checkType, roles); authenticated = realmMapping.doesUserHaveRole(principal, rolePrincipals); if (trace) { ActiveMQJBossLogger.LOGGER.trace("user " + principal.getName() + (authenticated ? " is " : " is NOT ") + "authorized"); } } return authenticated; }
currentSC.getUtil().setRoles( roles ); Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject(); if (currentSubject != null) { subject.getPrincipals().addAll(currentSubject.getPrincipals()); currentSC.getSubjectInfo().setAuthenticatedSubject(subject); Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject(); if (currentSubject != null) { subject.getPrincipals().addAll(currentSubject.getPrincipals()); currentSC.getSubjectInfo().setAuthenticatedSubject(subject); Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject(); if (currentSubject != null) currentSubject.getPrincipals().add(callerPrincipal); Identity principalBasedIdentity = IdentityFactory.getIdentity( callerPrincipal, null ); currentSC.getSubjectInfo().addIdentity( principalBasedIdentity ); Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject(); if (currentSubject != null) { subject.getPrincipals().addAll(currentSubject.getPrincipals()); currentSC.getSubjectInfo().setAuthenticatedSubject(subject); currentSC.getSubjectInfo().addIdentity(identity);
if(sc != null) SubjectInfo si = sc.getSubjectInfo(); Subject activeSubject = si.getAuthenticatedSubject(); RunAsIdentity callerRunAsIdentity = (RunAsIdentity)sc.getIncomingRunAs();
if(sctx != null) SubjectInfo si = sctx.getSubjectInfo(); if(si != null) si.setAuthenticatedSubject(subject); sctx.getUtil().createSubjectInfo(null, null, subject);
// TODO: remove this when fixed in JBoss - WORKAROUND to get authentication to propagate to EJBs SecurityContext oldContext = SecurityContextAssociation.getSecurityContext(); SubjectInfo subjectInfo = oldContext.getSubjectInfo(); subjectInfo.setAuthenticatedSubject(serviceSubject); SecurityContextAssociation.setPrincipal(degroofPrincipal); serviceSubject.getPrincipals().add(degroofPrincipal);
RunAs runAs = securityContext.getIncomingRunAs(); if (runAs != null && runAs instanceof RunAsIdentity) { RunAsIdentity runAsIdentity = (RunAsIdentity) runAs; roleGroup = runAsIdentity.getRunAsRolesAsRoleGroup(); } else { AuthorizationManager am = securityContext.getAuthorizationManager(); SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(securityContext); roleGroup = am.getSubjectRoles(securityContext.getSubjectInfo().getAuthenticatedSubject(), scb);
Principal userPrincipal = sc.getUtil().getUserPrincipal(); String unauthenticatedPrincipal = domain.unauthenticatedPrincipal(); if(userPrincipal == null && unauthenticatedPrincipal !=null && sc.getSubjectInfo().addIdentity(unauthenticatedIdentity); subject.getPrincipals().add(unauthenticatedIdentity.asPrincipal());
/** * Get a set of identities of a particular type * @param clazz * @return */ public Set<Identity> getIdentities(Class<?> clazz) { Set<Identity> resultSet = new HashSet<Identity>(); Set<Identity> ids = this.securityContext.getSubjectInfo().getIdentities(); if(ids != null) { Iterator<Identity> iter = ids.iterator(); while(iter.hasNext()) { Identity id = iter.next(); if(clazz.isAssignableFrom(id.getClass())) resultSet.add(id); } } return resultSet; }
/** * Clear Identities of a particular type * @param clazz */ public void clearIdentities(Class<?> clazz) { Set<Identity> ids = this.securityContext.getSubjectInfo().getIdentities(); if(ids != null) { Iterator<Identity> iter = ids.iterator(); while(iter.hasNext()) { Identity id = iter.next(); if(clazz.isAssignableFrom(id.getClass())) this.securityContext.getSubjectInfo().removeIdentity(id); } } }
public Object getCredential() { validateSecurityContext(); Object cred = null; SubjectInfo subjectInfo = this.securityContext.getSubjectInfo(); if(subjectInfo != null) { CredentialIdentity<?> cIdentity = subjectInfo.getIdentity(CredentialIdentity.class); cred = cIdentity != null ? cIdentity.getCredential(): null; } return cred; }
/** * Add an Identity to the Security Context * @param id */ public void addIdentity(Identity id) { this.securityContext.getSubjectInfo().addIdentity(id); }
/** * createUserInfo */ public UserInfo createUserInfo(HttpServletRequest servletRequest) { Object object = servletRequest.getAttribute("userInfo"); if (object != null && object instanceof UserInfo) { return (UserInfo) object; } SecurityContext context = SecurityContextAssociation.getSecurityContext(); SubjectInfo subjectInfo = context.getSubjectInfo(); String name = principal.getName(); List<String> roles = new ArrayList<>(); UserInfo userInfo = new UserInfo(new Subject(name)); userInfo.setName(name); if (subjectInfo.getRoles() != null) { for (Role role : new JBossSubjectInfo(subjectInfo).getRoles()) { roles.add(role.getRoleName()); } userInfo.setClaim("groups", roles); } // add non role groups as claim to userinfo if (subjectInfo.getAuthenticatedSubject() != null) { addCustomGroups(userInfo, subjectInfo.getAuthenticatedSubject().getPrincipals()); } return userInfo; }
public Subject getSubject() { final SecurityContext securityContext = doPrivileged(securityContext()); if (securityContext != null) { return getSubjectInfo(securityContext).getAuthenticatedSubject(); } return null; }
public Principal getCallerPrincipal() { final SecurityContext securityContext = doPrivileged(securityContext()); if (securityContext == null) { return getUnauthenticatedIdentity().asPrincipal(); } /* * final Principal principal = getPrincipal(securityContext.getUtil().getSubject()); */ Principal principal = securityContext.getIncomingRunAs(); if (principal == null) principal = getPrincipal(getSubjectInfo(securityContext).getAuthenticatedSubject()); if (principal == null) return getUnauthenticatedIdentity().asPrincipal(); return principal; }
@Override public RoleGroup getRoles() { validateSecurityContext(); return securityContext.getSubjectInfo().getRoles(); }
/** * Create SubjectInfo and set it in the current security context * @param principal * @param credential * @param subject */ public void createSubjectInfo(Principal principal, Object credential,Subject subject) { SubjectInfo si = new SubjectInfo(principal, credential, subject); this.securityContext.setSubjectInfo(si); }