public Principal getCallerPrincipal() { final SecurityContext securityContext = doPrivileged(securityContext()); if (securityContext == null) { return getUnauthenticatedIdentity().asPrincipal(); } /* * final Principal principal = getPrincipal(securityContext.getUtil().getSubject()); */ Principal principal = securityContext.getIncomingRunAs(); if (principal == null) principal = getPrincipal(getSubjectInfo(securityContext).getAuthenticatedSubject()); if (principal == null) return getUnauthenticatedIdentity().asPrincipal(); return principal; }
public void push(final String securityDomain, String userName, char[] password, final Subject subject) { final SecurityContext previous = SecurityContextAssociation.getSecurityContext(); contexts.push(previous); SecurityContext current = establishSecurityContext(securityDomain); if (propagate && previous != null) { current.setSubjectInfo(getSubjectInfo(previous)); current.setIncomingRunAs(previous.getOutgoingRunAs()); } RunAs currentRunAs = current.getIncomingRunAs(); boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity; if (trusted == false) { SecurityContextUtil util = current.getUtil(); util.createSubjectInfo(new SimplePrincipal(userName), new String(password), subject); } }
resource.setEjbName(ejbName); resource.setPolicyContextID(policyContextID); resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs()); resource.setCallerSubject(securityContext.getUtil().getSubject()); Principal userPrincipal = securityContext.getUtil().getUserPrincipal();
public boolean authorize(String ejbName, CodeSource ejbCodeSource, String ejbMethodIntf, Method ejbMethod, Set<Principal> methodRoles, String contextID) { final SecurityContext securityContext = doPrivileged(securityContext()); if (securityContext == null) { return false; } EJBResource resource = new EJBResource(new HashMap<String, Object>()); resource.setEjbName(ejbName); resource.setEjbMethod(ejbMethod); resource.setEjbMethodInterface(ejbMethodIntf); resource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles)); resource.setCodeSource(ejbCodeSource); resource.setPolicyContextID(contextID); resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs()); resource.setCallerSubject(securityContext.getUtil().getSubject()); Principal userPrincipal = securityContext.getUtil().getUserPrincipal(); resource.setPrincipal(userPrincipal); try { AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext); return helper.authorize(resource); } catch (Exception e) { throw new RuntimeException(e); } }
public void authenticate(final String runAs, final String runAsPrincipal, final Set<String> extraRoles) { SecurityContext current = SecurityContextAssociation.getSecurityContext(); SecurityContext previous = contexts.peek(); // skip reauthentication if the current context already has an authenticated subject (copied from the previous context // upon creation - see push method) and both contexts use the same security domain or there is an incoming RunAs of RunAsIdentity type boolean skipReauthentication = current.getSubjectInfo() != null && current.getSubjectInfo().getAuthenticatedSubject() != null && !current.getSubjectInfo().getAuthenticatedSubject().getPrincipals().isEmpty() && ( (previous != null && current.getSecurityDomain().equals(previous.getSecurityDomain())) || current.getIncomingRunAs() instanceof RunAsIdentity ); if (!skipReauthentication) { SecurityContextUtil util = current.getUtil(); Object credential = util.getCredential(); Subject subject = null; if (credential instanceof RemotingConnectionCredential) { subject = ((RemotingConnectionCredential) credential).getSubject(); } if (authenticate(current, subject) == false) { throw SecurityLogger.ROOT_LOGGER.invalidUserException(); } } // setup the run-as identity. if (runAs != null) { RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles); current.setOutgoingRunAs(runAsIdentity); } else if (propagate && previous != null && previous.getOutgoingRunAs() != null) { // Ensure the propagation continues. current.setOutgoingRunAs(previous.getOutgoingRunAs()); } }
current.setIncomingRunAs(previous.getIncomingRunAs()); RunAs currentRunAs = current.getIncomingRunAs(); boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;
private boolean containsTrustableRunAs(SecurityContext sc) { RunAs incomingRunAs = sc.getIncomingRunAs(); return incomingRunAs != null && incomingRunAs instanceof RunAsIdentity; } }
private boolean hasIncomingRunAsIdentity(SecurityContext sc) { RunAs incomingRunAs = sc.getIncomingRunAs(); return incomingRunAs != null && incomingRunAs instanceof RunAsIdentity; } }
public RunAs run() { return sc.getIncomingRunAs(); } });
public RunAs run() { return sc.getIncomingRunAs(); } });
public RunAs run() { SecurityContext sc = SecurityContextAssociation.getSecurityContext(); if(sc == null) throw new IllegalStateException("Security Context is null"); return sc.getIncomingRunAs(); } });
@Override public TrustDecision isTrusted() throws IdentityTrustException { RunAs runAs = this.securityContext.getIncomingRunAs(); if(runAs instanceof RunAsIdentity ) { RunAsIdentity runAsIdentity = (RunAsIdentity)runAs; if(SecurityConstants.JAVAEE.equals(runAsIdentity.getProof())) return TrustDecision.Permit; } return TrustDecision.NotApplicable; } }
public String run() { StringBuilder sb = new StringBuilder(); sb.append(" Principal = " + sc.getUtil().getUserPrincipal()); sb.append(" Subject:"+sc.getUtil().getSubject()); sb.append(" Incoming run as:"+sc.getIncomingRunAs()); sb.append(" Outgoing run as:"+sc.getOutgoingRunAs()); return sb.toString(); } }
public Principal getCallerPrincipal(SecurityContext securityContext) { Principal caller = null; if(securityContext != null) { caller = securityContext.getIncomingRunAs(); //If there is no caller run as, use the call principal if(caller == null) caller = securityContext.getUtil().getUserPrincipal(); } return caller; }
public String run() { StringBuilder sb = new StringBuilder(); sb.append(" Principal = " + sc.getUtil().getUserPrincipal()); sb.append(" Subject:"+sc.getUtil().getSubject()); sb.append(" Incoming run as:"+sc.getIncomingRunAs()); sb.append(" Outgoing run as:"+sc.getOutgoingRunAs()); return sb.toString(); } }
public String run() { StringBuilder sb = new StringBuilder(); sb.append(" Principal = " + sc.getUtil().getUserPrincipal()); sb.append(" Subject:"+sc.getUtil().getSubject()); sb.append(" Incoming run as:"+sc.getIncomingRunAs()); sb.append(" Outgoing run as:"+sc.getOutgoingRunAs()); return sb.toString(); } }
public String run() { StringBuilder sb = new StringBuilder(); sb.append(" Principal = " + sc.getUtil().getUserPrincipal()); sb.append(" Subject:"+sc.getUtil().getSubject()); sb.append(" Incoming run as:"+sc.getIncomingRunAs()); sb.append(" Outgoing run as:"+sc.getOutgoingRunAs()); return sb.toString(); } }
public Principal run() { Principal caller = null; if(securityContext != null) { caller = securityContext.getIncomingRunAs(); //If there is no caller run as, use the call principal if(caller == null) caller = securityContext.getUtil().getUserPrincipal(); } return caller; } });
@Override public SecurityIdentity getSecurityIdentity() { return new SecurityIdentity(securityContext.getSubjectInfo(), securityContext.getOutgoingRunAs(), securityContext.getIncomingRunAs()); }
@Override public SecurityIdentity getSecurityIdentity() { return new SecurityIdentity(securityContext.getSubjectInfo(), securityContext.getOutgoingRunAs(), securityContext.getIncomingRunAs()); }