/** * * @return The principal that was associated with the SSE request */ public Principal getPrincipal() { Account account = getAccount(); if (account != null) { return account.getPrincipal(); } return null; }
private boolean verifyCredential(Account account, Credential credential) { if (credential instanceof PasswordCredential) { char[] password = ((PasswordCredential) credential).getPassword(); char[] expectedPassword = users.get(account.getPrincipal().getName()); return Arrays.equals(password, expectedPassword); } return false; }
private Principal[] getGrantedRoles(Account account, Deployment deployment) { if (account == null) { return new Principal[] {}; } Set<String> roles = new HashSet<>(account.getRoles()); Map<String, Set<String>> principalVersusRolesMap = deployment.getDeploymentInfo().getPrincipalVersusRolesMap(); roles.addAll(principalVersusRolesMap.getOrDefault(account.getPrincipal().getName(), Collections.emptySet())); Principal[] principals = new Principal[roles.size()]; int index = 0; for (String role : roles) { principals[index++] = () -> role; } return principals; } }
@Override public Principal getUserPrincipal() { SecurityContext sc = exchange.getSecurityContext(); if(sc == null) { return null; } Account authenticatedAccount = sc.getAuthenticatedAccount(); if(authenticatedAccount == null) { return null; } return authenticatedAccount.getPrincipal(); }
protected void authenticationComplete(Account account, String mechanism, boolean programatic, final boolean cachingRequired) { this.account = account; this.mechanismName = mechanism; UndertowLogger.SECURITY_LOGGER.debugf("Authenticated as %s, roles %s", account.getPrincipal().getName(), account.getRoles()); sendNoticiation(new SecurityNotification(exchange, EventType.AUTHENTICATED, account, mechanism, programatic, MESSAGES.userAuthenticated(account.getPrincipal().getName()), cachingRequired)); }
@Override public SingleSignOn createSingleSignOn(Account account, String mechanism) { String id = SECURE_RANDOM_SESSION_ID_GENERATOR.createSessionId(); SingleSignOn entry = new SimpleSingleSignOnEntry(id, account, mechanism); this.ssoEntries.put(id, entry); if(log.isTraceEnabled()) { log.tracef("Creating SSO ID %s for Principal %s and Roles %s.", id, account.getPrincipal().getName(), account.getRoles().toString()); } return entry; }
@Override public String readAttribute(final HttpServerExchange exchange) { SecurityContext sc = exchange.getSecurityContext(); if (sc == null || !sc.isAuthenticated()) { return null; } return sc.getAuthenticatedAccount().getPrincipal().getName(); }
private void clearAccount(Account account) { Principal principal = (account instanceof AccountImpl) ? ((AccountImpl) account).getOriginalPrincipal() : account.getPrincipal(); if (principal != null) { // perform the logout of the principal using the subject currently set in the security context. Subject subject = SecurityActions.getSubject(); this.manager.logout(principal, subject); } } }
@Override public void logout() { Account authenticatedAccount = getAuthenticatedAccount(); if(authenticatedAccount != null) { UndertowLogger.SECURITY_LOGGER.debugf("Logging out user %s for %s", authenticatedAccount.getPrincipal().getName(), exchange); } else { UndertowLogger.SECURITY_LOGGER.debugf("Logout called with no authenticated user in exchange %s", exchange); } super.logout(); this.authenticationState = AuthenticationState.NOT_ATTEMPTED; }
@Override public void logout() { if (!isAuthenticated()) { return; } UndertowLogger.SECURITY_LOGGER.debugf("Logged out %s", exchange); sendNoticiation(new SecurityNotification(exchange, SecurityNotification.EventType.LOGGED_OUT, account, mechanismName, true, MESSAGES.userLoggedOut(account.getPrincipal().getName()), true)); this.account = null; this.mechanismName = null; }
@Override public void handleNotification(SecurityNotification notification) { EventType event = notification.getEventType(); if (event == EventType.AUTHENTICATED || event == EventType.FAILED_AUTHENTICATION) { AuditEvent auditEvent = new AuditEvent(event == EventType.AUTHENTICATED ? AuditLevel.SUCCESS : AuditLevel.FAILURE); Map<String, Object> ctxMap = new HashMap<String, Object>(); Account account = notification.getAccount(); if (account != null) { ctxMap.put("principal", account.getPrincipal().getName()); } ctxMap.put("message", notification.getMessage()); ServletRequestContext src = notification.getExchange().getAttachment(ServletRequestContext.ATTACHMENT_KEY); if(src != null) { ServletRequest hsr = src.getServletRequest(); if (hsr instanceof HttpServletRequest) { ctxMap.put("request", deriveUsefulInfo((HttpServletRequest) hsr)); } } ctxMap.put("Source", getClass().getCanonicalName()); auditEvent.setContextMap(ctxMap); auditManager.audit(auditEvent); } }
if (sc.isAuthenticated()) { sb.append(" authType=" + sc.getMechanismName() + "\n"); sb.append(" principle=" + sc.getAuthenticatedAccount().getPrincipal() + "\n"); } else { sb.append(" authType=none" + "\n");
if (sc.isAuthenticated()) { sb.append(" authType=" + sc.getMechanismName() + "\n"); sb.append(" principle=" + sc.getAuthenticatedAccount().getPrincipal() + "\n"); } else { sb.append(" authType=none" + "\n");
jdbcLogAttribute.user = null; } else { jdbcLogAttribute.user = sc.getAuthenticatedAccount().getPrincipal().getName();
if (account != null) { securityContext.authenticationComplete(account, name, false); UndertowLogger.SECURITY_LOGGER.debugf("Authenticated as user %s with existing GSSAPI negotiation context for %s", account.getPrincipal().getName(), exchange); return AuthenticationMechanismOutcome.AUTHENTICATED; } else {
log.tracef("Authenticated account %s using SSO", verified.getPrincipal().getName()); return AuthenticationMechanismOutcome.AUTHENTICATED;
if (cachedAccount != null && cachedAccount.getPrincipal() == userPrincipal) { Principal original = null; if(cachedAccount != null) { original = cachedAccount.getPrincipal();
if (account != null) { securityContext.authenticationComplete(account, name, true); UndertowLogger.SECURITY_LOGGER.debugf("Authenticated user %s using for auth for %s", account.getPrincipal().getName(), exchange); outcome = AuthenticationMechanismOutcome.AUTHENTICATED; } else {
@Override public void handleNotification(SecurityNotification notification) { if (notification.getEventType() == SecurityNotification.EventType.LOGGED_OUT) { Account account = notification.getAccount(); Principal principal = (account instanceof AccountImpl) ? ((AccountImpl) account).getOriginalPrincipal() : account.getPrincipal(); if (principal != null) { // perform the logout of the principal using the subject currently set in the security context. Subject subject = SecurityActions.getSubject(); this.manager.logout(principal, subject); } // Clear old context SecurityActions.clearSecurityContext(); SecurityActions.setSecurityRoles(null); // Set a new one in case re-authentication is done within the same thread org.jboss.security.SecurityContext securityContext = SecurityActions.createSecurityContext(securityDomain); notification.getExchange().putAttachment(UndertowSecurityAttachments.SECURITY_CONTEXT_ATTACHMENT, securityContext); SecurityActions.setSecurityContextOnAssociation(securityContext); } } }
authzDecision = helper.hasRole(roleName, account.getPrincipal(), servletName, getPrincipalRoles(account), PolicyContext.getContextID(), callerSubject, new ArrayList<String>(account.getRoles()));