/** * Instantiate a Principal representing a principal * @param cls principal class * @param role Name of the role * @return */ public static Principal instantiatePrincipal(Class<?> cls, String role) { Principal p = null; try { Constructor<?> ctr = cls.getConstructor(new Class[] {String.class}); p = (Principal)ctr.newInstance(new Object[]{role}); } catch (Exception e) { PicketBoxLogger.LOGGER.debugIgnoredException(e); } return p; }
/** * <p> * Performs a JNDI lookup to retrieve the configured {@code PolicyRegistration}. * </p> * * @return a reference to the configured {@code PolicyRegistration} implementation, or {@code null} if the look up * fails. */ public static PolicyRegistration getPolicyRegistration() { String lookupURL = "java:/policyRegistration"; PolicyRegistration registration = null; try { InitialContext ic = new InitialContext(); registration = (PolicyRegistration) ic.lookup(lookupURL); } catch (Exception e) { PicketBoxLogger.LOGGER.debugIgnoredException(e); } return registration; } }
/** * Do a JNDI lookup to obtain the authentication manager * * @param securityDomain * @param baseContext the BaseContext for JNDI(Eg: "java:/jaas") * @return */ public static AuthenticationManager getAuthenticationManager(String securityDomain, String baseContext) { String securityMgrURL = "/securityMgr"; String lookupURL = null; if (securityDomain.startsWith(baseContext)) lookupURL = securityDomain + securityMgrURL; else lookupURL = baseContext + "/" + securityDomain + securityMgrURL; AuthenticationManager am = null; try { InitialContext ic = new InitialContext(); am = (AuthenticationManager) ic.lookup(lookupURL); } catch (Exception e) { PicketBoxLogger.LOGGER.debugIgnoredException(e); } return am; }
/** * Do a JNDI lookup to obtain the MappingManager * * @param securityDomain * @param baseContext the BaseContext for JNDI(Eg: "java:/jaas") * @return */ public static MappingManager getMappingManager(String securityDomain, String baseContext) { String mappingManagerURL = "/mappingMgr"; String lookupURL = null; if (securityDomain.startsWith(baseContext)) lookupURL = securityDomain + mappingManagerURL; else lookupURL = baseContext + "/" + securityDomain + mappingManagerURL; MappingManager am = null; try { InitialContext ic = new InitialContext(); am = (MappingManager) ic.lookup(lookupURL); } catch (Exception e) { PicketBoxLogger.LOGGER.debugIgnoredException(e); } return am; }
/** * Do a JNDI lookup to obtain the authorization manager * * @param securityDomain * @param baseContext the BaseContext for JNDI(Eg: "java:/jaas") * @return */ public static AuthorizationManager getAuthorizationManager(String securityDomain, String baseContext) { String authorizationMgrURL = "/authorizationMgr"; String lookupURL = null; if (securityDomain.startsWith(baseContext)) lookupURL = securityDomain + authorizationMgrURL; else lookupURL = baseContext + "/" + securityDomain + authorizationMgrURL; AuthorizationManager am = null; try { InitialContext ic = new InitialContext(); am = (AuthorizationManager) ic.lookup(lookupURL); } catch (Exception e) { PicketBoxLogger.LOGGER.debugIgnoredException(e); } return am; }
/** * Do a JNDI lookup to obtain the Audit Manager * * @param securityDomain * @param baseContext the BaseContext for JNDI(Eg: "java:/jaas") * @return */ public static AuditManager getAuditManager(String securityDomain, String baseContext) { String auditMgrURL = "/auditMgr"; String lookupURL = null; if (securityDomain.startsWith(baseContext)) lookupURL = securityDomain + auditMgrURL; else lookupURL = baseContext + "/" + securityDomain + auditMgrURL; AuditManager am = null; try { InitialContext ic = new InitialContext(); am = (AuditManager) ic.lookup(lookupURL); } catch (Exception e) { PicketBoxLogger.LOGGER.debugIgnoredException(e); } return am; }
/** * Do a JNDI lookup to obtain the IdentityTrust Manager * * @param securityDomain * @param baseContext the BaseContext for JNDI(Eg: "java:/jaas") * @return */ public static IdentityTrustManager getIdentityTrustManager(String securityDomain, String baseContext) { String identityTrustMgrURL = "/identityTrustMgr"; String lookupURL = null; if (securityDomain.startsWith(baseContext)) lookupURL = securityDomain + identityTrustMgrURL; else lookupURL = baseContext + "/" + securityDomain + identityTrustMgrURL; IdentityTrustManager am = null; try { InitialContext ic = new InitialContext(); am = (IdentityTrustManager) ic.lookup(lookupURL); } catch (Exception e) { PicketBoxLogger.LOGGER.debugIgnoredException(e); } return am; }
/** * @see PolicyRegistration#registerPolicy(String, String, InputStream) */ public void registerPolicy(String contextID, String type, InputStream stream) { if (PolicyRegistration.XACML.equalsIgnoreCase(type)) { try { XACMLPolicy policy = PolicyFactory.createPolicy(stream); Set<XACMLPolicy> policySet = this.contextIdToXACMLPolicy.get(contextID); if (policySet == null) { policySet = new HashSet<XACMLPolicy>(); } policySet.add(policy); this.contextIdToXACMLPolicy.put(contextID, policySet); } catch (Exception e) { PicketBoxLogger.LOGGER.debugIgnoredException(e); } } }
PicketBoxLogger.LOGGER.debugIgnoredException(ignore); if (transactionManager != null) tm = transactionManager;
PicketBoxLogger.LOGGER.debugIgnoredException(e);
@SuppressWarnings({"unchecked", "rawtypes"}) private IdentityTrustModule instantiateModule(ClassLoader cl, String name, Map map) throws Exception { IdentityTrustModule im = null; try { Class clazz = SecurityActions.loadClass(cl, name); im = (IdentityTrustModule)clazz.newInstance(); } catch ( Exception e) { PicketBoxLogger.LOGGER.debugIgnoredException(e); } if(im == null) throw new LoginException(PicketBoxMessages.MESSAGES.failedToInstantiateClassMessage(IdentityTrustModule.class)); im.initialize(this.securityContext, this.callbackHandler, this.sharedState,map); return im; }
/** * @see PolicyRegistration#registerPolicy(String, String, URL) */ public void registerPolicy(String contextID, String type, URL location) { InputStream is = null; try { if (PicketBoxLogger.LOGGER.isTraceEnabled()) { PicketBoxLogger.LOGGER.traceRegisterPolicy(contextID, type, location != null ? location.getPath() : null); } is = location.openStream(); registerPolicy(contextID, type, is); } catch (Exception e) { PicketBoxLogger.LOGGER.debugIgnoredException(e); } finally { safeClose(is); } }
@SuppressWarnings("unchecked") private <T> MappingProvider<T> getMappingProvider(ClassLoader cl, MappingModuleEntry mme) { MappingProvider<T> mp = null; try { String fqn = mme.getMappingModuleName(); Class<?> clazz = SecurityActions.loadClass(cl, fqn); mp = (MappingProvider<T>) clazz.newInstance(); mp.init(mme.getOptions()); } catch(Exception e) { PicketBoxLogger.LOGGER.debugIgnoredException(e); } return mp; } }
/** * @see IdentityTrustManager#isTrusted(org.jboss.security.SecurityContext) */ public TrustDecision isTrusted(SecurityContext securityContext) { if(securityContext == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("securityContext"); if(this.identityTrustContext == null) this.identityTrustContext = new JBossIdentityTrustContext(securityDomain, securityContext); TrustDecision td = TrustDecision.NotApplicable; if(this.identityTrustContext == null) throw PicketBoxMessages.MESSAGES.invalidNullProperty("identityTrustContext"); try { td = this.identityTrustContext.isTrusted(); } catch (IdentityTrustException e) { PicketBoxLogger.LOGGER.debugIgnoredException(e); } return td; }
/** * Perform hasUserDataPermission check for the realm. * If this module returns false, the base class (Realm) will * make the decision as to whether a redirection to the ssl * port needs to be done * @return * @throws IOException */ private boolean hasUserDataPermission() throws IOException { WebUserDataPermission perm = new WebUserDataPermission(this.canonicalRequestURI, request.getMethod()); boolean ok = false; try { Principal[] principals = null; ok = checkPolicy(perm, principals); } catch(Exception e) { PicketBoxLogger.LOGGER.debugIgnoredException(e); } if (PicketBoxLogger.LOGGER.isTraceEnabled()) { PicketBoxLogger.LOGGER.traceHasUserDataPermission(perm.toString(), ok); } return ok; }
PicketBoxLogger.LOGGER.debugIgnoredException(ae);
PicketBoxLogger.LOGGER.debugIgnoredException(e); result = AuthorizationContext.DENY;
/** * Process the ejb request * @param callerRoles * @return */ private int process(RoleGroup callerRoles) { int result = AuthorizationContext.DENY; EJBXACMLUtil util = new EJBXACMLUtil(); try { RequestContext requestCtx = util.createXACMLRequest(this.ejbName, this.ejbMethod, this.ejbPrincipal, callerRoles); PolicyDecisionPoint pdp = util.getPDP(policyRegistration, this.policyContextID); if(pdp == null) throw PicketBoxMessages.MESSAGES.invalidNullProperty("PDP"); ResponseContext response = pdp.evaluate(requestCtx); result = response.getDecision() == XACMLConstants.DECISION_PERMIT ? AuthorizationContext.PERMIT : AuthorizationContext.DENY; } catch(Exception e) { PicketBoxLogger.LOGGER.debugIgnoredException(e); result = AuthorizationContext.DENY; } return result; }
PicketBoxLogger.LOGGER.debugIgnoredException(e);
PicketBoxLogger.LOGGER.debugIgnoredException(e);