/** * Construct this security domain. * * Construction requires {@code createSecurityDomain} {@link ElytronPermission}. * * @return the new security domain */ public SecurityDomain build() { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(CREATE_SECURITY_DOMAIN); } final LinkedHashMap<String, RealmInfo> realmMap = new LinkedHashMap<>(realms.size()); for (RealmBuilder realmBuilder : realms.values()) { realmMap.put(realmBuilder.getName(), new RealmInfo(realmBuilder)); } if (defaultRealmName != null && !realmMap.containsKey(defaultRealmName)) { throw log.realmMapDoesNotContainDefault(defaultRealmName); } assertNotBuilt(); built = true; if(log.isTraceEnabled()) { log.tracef("Building security domain with defaultRealmName %s.", defaultRealmName); if(realmMap.size() > 1) { log.tracef("The following additional realms were added: %s.", realmMap.keySet().toString()); } } return new SecurityDomain(this, realmMap); }
final SecurityRealm securityRealm = getRealmInfo(realmNestedPrincipal.getRealmName()).getSecurityRealm(); if (realmType.isInstance(securityRealm)) { return fn.apply(realmType.cast(securityRealm), realmNestedPrincipal.getNestedPrincipal()); SecurityRealm securityRealm = realmInfo.getSecurityRealm(); assert securityRealm != null; Principal realmRewrittenPrincipal = realmInfo.getPrincipalRewriter().apply(postRealmPrincipal); if (realmRewrittenPrincipal == null) { throw log.invalidName();
Roles mapRoles(SecurityIdentity securityIdentity) { Assert.checkNotNullParam("securityIdentity", securityIdentity); AuthorizationIdentity identity = securityIdentity.getAuthorizationIdentity(); RealmInfo realmInfo = securityIdentity.getRealmInfo(); // zeroth role mapping, just grab roles from the identity Roles decodedRoles = realmInfo.getRoleDecoder().decodeRoles(identity); // apply the first level mapping, which is based on the role mapper associated with a realm. Roles realmMappedRoles = realmInfo.getRoleMapper().mapRoles(decodedRoles); // apply the second level mapping, which is based on the role mapper associated with this security domain. Roles domainMappedRoles = roleMapper.mapRoles(realmMappedRoles); if (log.isTraceEnabled()) { log.tracef("Role mapping: principal [%s] -> decoded roles [%s] -> realm mapped roles [%s] -> domain mapped roles [%s]", securityIdentity.getPrincipal(), String.join(", ", decodedRoles), String.join(", ", realmMappedRoles), String.join(", ", domainMappedRoles)); } return domainMappedRoles; }
SecurityRealm getRealm(final String realmName) { return getRealmInfo(realmName).getSecurityRealm(); }
private SupportLevel getSupportLevel(final Function<SecurityRealm, SupportLevel> getSupportLevel) { SupportLevel min, max; min = max = null; Iterator<RealmInfo> iterator = realmMap.values().iterator(); while (iterator.hasNext()) { RealmInfo realmInfo = iterator.next(); SecurityRealm realm = realmInfo.getSecurityRealm(); final SupportLevel support = getSupportLevel.apply(realm); if (support != null) { if (min == null || max == null) { min = max = support; } else { if (support.compareTo(min) < 0) { min = support; } if (support.compareTo(max) > 0) { max = support; } } } } if (min == null || max == null) { return SupportLevel.UNSUPPORTED; } else { return minMax(min, max); } }
@Override void fail(final boolean requireInProgress) { final SecurityIdentity authorizedIdentity = getSourceIdentity(); final AtomicReference<State> stateRef = getStateRef(); if (! stateRef.compareAndSet(this, FAILED)) { stateRef.get().fail(requireInProgress); return; } SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmFailedAuthenticationEvent(realmIdentity, null, null)); SecurityDomain.safeHandleSecurityEvent(authorizedIdentity.getSecurityDomain(), new SecurityAuthenticationFailedEvent(authorizedIdentity, realmIdentity.getRealmIdentityPrincipal())); realmIdentity.dispose(); }
return new InvalidNameState(capturedIdentity, mechanismConfiguration, mechanismRealmConfiguration, privateCredentials, publicCredentials); final Principal finalPrincipal = rewriteAll(postRealmPrincipal, mechanismRealmConfiguration.getFinalRewriter(), mechanismConfiguration.getFinalRewriter(), realmInfo.getPrincipalRewriter()); if (finalPrincipal == null) { log.tracef("Unable to rewrite principal [%s] by final rewritters", postRealmPrincipal); originalPrincipal, preRealmPrincipal, realmName, postRealmPrincipal, finalPrincipal); final SecurityRealm securityRealm = realmInfo.getSecurityRealm(); final RealmIdentity realmIdentity; if (exclusive) {
Roles mapRoles(SecurityIdentity securityIdentity) { Assert.checkNotNullParam("securityIdentity", securityIdentity); AuthorizationIdentity identity = securityIdentity.getAuthorizationIdentity(); RealmInfo realmInfo = securityIdentity.getRealmInfo(); // zeroth role mapping, just grab roles from the identity Roles decodedRoles = realmInfo.getRoleDecoder().decodeRoles(identity); // apply the first level mapping, which is based on the role mapper associated with a realm. Roles realmMappedRoles = realmInfo.getRoleMapper().mapRoles(decodedRoles); // apply the second level mapping, which is based on the role mapper associated with this security domain. Roles domainMappedRoles = roleMapper.mapRoles(realmMappedRoles); if (log.isTraceEnabled()) { log.tracef("Role mapping: principal [%s] -> decoded roles [%s] -> realm mapped roles [%s] -> domain mapped roles [%s]", securityIdentity.getPrincipal(), String.join(", ", decodedRoles), String.join(", ", realmMappedRoles), String.join(", ", domainMappedRoles)); } return domainMappedRoles; }
/** * Construct this security domain. * * Construction requires {@code createSecurityDomain} {@link ElytronPermission}. * * @return the new security domain */ public SecurityDomain build() { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(CREATE_SECURITY_DOMAIN); } final LinkedHashMap<String, RealmInfo> realmMap = new LinkedHashMap<>(realms.size()); for (RealmBuilder realmBuilder : realms.values()) { realmMap.put(realmBuilder.getName(), new RealmInfo(realmBuilder)); } if (defaultRealmName != null && !realmMap.containsKey(defaultRealmName)) { throw log.realmMapDoesNotContainDefault(defaultRealmName); } assertNotBuilt(); built = true; if(log.isTraceEnabled()) { log.tracef("Building security domain with defaultRealmName %s.", defaultRealmName); if(realmMap.size() > 1) { log.tracef("The following additional realms were added: %s.", realmMap.keySet().toString()); } } return new SecurityDomain(this, realmMap); }
@Override void fail(final boolean requireInProgress) { final SecurityIdentity capturedIdentity = getSourceIdentity(); final AtomicReference<State> stateRef = getStateRef(); if (! stateRef.compareAndSet(this, FAILED)) { stateRef.get().fail(requireInProgress); return; } SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmFailedAuthenticationEvent(realmIdentity, null, null)); SecurityDomain.safeHandleSecurityEvent(capturedIdentity.getSecurityDomain(), new SecurityAuthenticationFailedEvent(capturedIdentity, realmIdentity.getRealmIdentityPrincipal())); realmIdentity.dispose(); }
final SecurityRealm securityRealm = getRealmInfo(realmNestedPrincipal.getRealmName()).getSecurityRealm(); if (realmType.isInstance(securityRealm)) { return fn.apply(realmType.cast(securityRealm), realmNestedPrincipal.getNestedPrincipal()); SecurityRealm securityRealm = realmInfo.getSecurityRealm(); assert securityRealm != null; Principal realmRewrittenPrincipal = realmInfo.getPrincipalRewriter().apply(postRealmPrincipal); if (realmRewrittenPrincipal == null) { throw log.invalidName();
Roles mapRoles(SecurityIdentity securityIdentity) { Assert.checkNotNullParam("securityIdentity", securityIdentity); AuthorizationIdentity identity = securityIdentity.getAuthorizationIdentity(); RealmInfo realmInfo = securityIdentity.getRealmInfo(); // zeroth role mapping, just grab roles from the identity Roles decodedRoles = realmInfo.getRoleDecoder().decodeRoles(identity); // apply the first level mapping, which is based on the role mapper associated with a realm. Roles realmMappedRoles = realmInfo.getRoleMapper().mapRoles(decodedRoles); // apply the second level mapping, which is based on the role mapper associated with this security domain. Roles domainMappedRoles = roleMapper.mapRoles(realmMappedRoles); if (log.isTraceEnabled()) { log.tracef("Role mapping: principal [%s] -> decoded roles [%s] -> realm mapped roles [%s] -> domain mapped roles [%s]", securityIdentity.getPrincipal(), String.join(", ", decodedRoles), String.join(", ", realmMappedRoles), String.join(", ", domainMappedRoles)); } return domainMappedRoles; }
/** * Construct this security domain. * * Construction requires {@code createSecurityDomain} {@link ElytronPermission}. * * @return the new security domain */ public SecurityDomain build() { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(CREATE_SECURITY_DOMAIN); } final LinkedHashMap<String, RealmInfo> realmMap = new LinkedHashMap<>(realms.size()); for (RealmBuilder realmBuilder : realms.values()) { realmMap.put(realmBuilder.getName(), new RealmInfo(realmBuilder)); } if (defaultRealmName != null && !realmMap.containsKey(defaultRealmName)) { throw log.realmMapDoesNotContainDefault(defaultRealmName); } assertNotBuilt(); built = true; if(log.isTraceEnabled()) { log.tracef("Building security domain with defaultRealmName %s.", defaultRealmName); if(realmMap.size() > 1) { log.tracef("The following additional realms were added: %s.", realmMap.keySet().toString()); } } return new SecurityDomain(this, realmMap); }
@Override void succeed() { final SecurityIdentity authorizedIdentity = getSourceIdentity(); final AtomicReference<State> stateRef = getStateRef(); if (! stateRef.compareAndSet(this, new CompleteState(authorizedIdentity))) { stateRef.get().succeed(); return; } SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmSuccessfulAuthenticationEvent(realmIdentity, authorizedIdentity.getAuthorizationIdentity(), null, null)); SecurityDomain.safeHandleSecurityEvent(authorizedIdentity.getSecurityDomain(), new SecurityAuthenticationSuccessfulEvent(authorizedIdentity)); realmIdentity.dispose(); }
final SecurityRealm securityRealm = getRealmInfo(realmNestedPrincipal.getRealmName()).getSecurityRealm(); if (realmType.isInstance(securityRealm)) { return fn.apply(realmType.cast(securityRealm), realmNestedPrincipal.getNestedPrincipal()); SecurityRealm securityRealm = realmInfo.getSecurityRealm(); assert securityRealm != null; Principal realmRewrittenPrincipal = realmInfo.getPrincipalRewriter().apply(postRealmPrincipal); if (realmRewrittenPrincipal == null) { throw log.invalidName();
Roles mapRoles(SecurityIdentity securityIdentity) { Assert.checkNotNullParam("securityIdentity", securityIdentity); AuthorizationIdentity identity = securityIdentity.getAuthorizationIdentity(); RealmInfo realmInfo = securityIdentity.getRealmInfo(); // zeroth role mapping, just grab roles from the identity Roles decodedRoles = realmInfo.getRoleDecoder().decodeRoles(identity); // apply the first level mapping, which is based on the role mapper associated with a realm. Roles realmMappedRoles = realmInfo.getRoleMapper().mapRoles(decodedRoles); // apply the second level mapping, which is based on the role mapper associated with this security domain. Roles domainMappedRoles = roleMapper.mapRoles(realmMappedRoles); if (log.isTraceEnabled()) { log.tracef("Role mapping: principal [%s] -> decoded roles [%s] -> realm mapped roles [%s] -> domain mapped roles [%s]", securityIdentity.getPrincipal(), String.join(", ", decodedRoles), String.join(", ", realmMappedRoles), String.join(", ", domainMappedRoles)); } return domainMappedRoles; }
/** * Construct this security domain. * * Construction requires {@code createSecurityDomain} {@link ElytronPermission}. * * @return the new security domain */ public SecurityDomain build() { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(CREATE_SECURITY_DOMAIN); } final LinkedHashMap<String, RealmInfo> realmMap = new LinkedHashMap<>(realms.size()); for (RealmBuilder realmBuilder : realms.values()) { realmMap.put(realmBuilder.getName(), new RealmInfo(realmBuilder)); } if (defaultRealmName != null && !realmMap.containsKey(defaultRealmName)) { throw log.realmMapDoesNotContainDefault(defaultRealmName); } assertNotBuilt(); built = true; if(log.isTraceEnabled()) { log.tracef("Building security domain with defaultRealmName %s.", defaultRealmName); if(realmMap.size() > 1) { log.tracef("The following additional realms were added: %s.", realmMap.keySet().toString()); } } return new SecurityDomain(this, realmMap); }
final SecurityRealm evidenceSecurityRealm = evidenceRealmInfo.getSecurityRealm(); final SecurityDomain evidenceSecurityDomain = importedIdentity.getSecurityDomain(); final AtomicReference<State> stateRef = getStateRef(); try { if (! trusted) { if (nameState.getRealmInfo().getSecurityRealm() != evidenceSecurityRealm) {
final SecurityRealm securityRealm = getRealmInfo(realmNestedPrincipal.getRealmName()).getSecurityRealm(); if (realmType.isInstance(securityRealm)) { return fn.apply(realmType.cast(securityRealm), realmNestedPrincipal.getNestedPrincipal()); SecurityRealm securityRealm = realmInfo.getSecurityRealm(); assert securityRealm != null; Principal realmRewrittenPrincipal = realmInfo.getPrincipalRewriter().apply(postRealmPrincipal); if (realmRewrittenPrincipal == null) { throw log.invalidName();
RealmInfo realmInfo = null; for (RealmInfo info : realmInfos) { realmIdentity = info.getSecurityRealm().getRealmIdentity(evidence); if (realmIdentity.getEvidenceVerifySupport(evidenceType, algorithm).mayBeSupported()) { realmInfo = info;