@Override public RunAs run() { if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } return sc.getOutgoingRunAs(); } });
@Override public RunAs run() { if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } RunAs principal = sc.getOutgoingRunAs(); sc.setOutgoingRunAs(null); return principal; } });
@Override public RunAs run() { if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } RunAs old = sc.getOutgoingRunAs(); sc.setOutgoingRunAs(principal); return old; } });
public static RunAs getRunAsIdentity(final SecurityContext sc) { if (WildFlySecurityManager.isChecking()) { return AccessController.doPrivileged(new PrivilegedAction<RunAs>() { @Override public RunAs run() { if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } return sc.getOutgoingRunAs(); } }); } else { if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } return sc.getOutgoingRunAs(); } } static Subject getSubject() {
/** * Removes the run as identity * * @return the identity removed */ static RunAs popRunAsIdentity(final SecurityContext sc) { if (WildFlySecurityManager.isChecking()) { return AccessController.doPrivileged(new PrivilegedAction<RunAs>() { @Override public RunAs run() { if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } RunAs principal = sc.getOutgoingRunAs(); sc.setOutgoingRunAs(null); return principal; } }); } else { if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } RunAs principal = sc.getOutgoingRunAs(); sc.setOutgoingRunAs(null); return principal; } }
/** * Sets the run as identity * * @param principal the identity */ static RunAs setRunAsIdentity(final RunAs principal, final SecurityContext sc) { if (WildFlySecurityManager.isChecking()) { return WildFlySecurityManager.doUnchecked(new PrivilegedAction<RunAs>() { @Override public RunAs run() { if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } RunAs old = sc.getOutgoingRunAs(); sc.setOutgoingRunAs(principal); return old; } }); } else { if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } RunAs old = sc.getOutgoingRunAs(); sc.setOutgoingRunAs(principal); return old; } }
public void push(final String securityDomain, String userName, char[] password, final Subject subject) { final SecurityContext previous = SecurityContextAssociation.getSecurityContext(); contexts.push(previous); SecurityContext current = establishSecurityContext(securityDomain); if (propagate && previous != null) { current.setSubjectInfo(getSubjectInfo(previous)); current.setIncomingRunAs(previous.getOutgoingRunAs()); } RunAs currentRunAs = current.getIncomingRunAs(); boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity; if (trusted == false) { SecurityContextUtil util = current.getUtil(); util.createSubjectInfo(new SimplePrincipal(userName), new String(password), subject); } }
public void authenticate(final String runAs, final String runAsPrincipal, final Set<String> extraRoles) { SecurityContext current = SecurityContextAssociation.getSecurityContext(); SecurityContext previous = contexts.peek(); // skip reauthentication if the current context already has an authenticated subject (copied from the previous context // upon creation - see push method) and both contexts use the same security domain or there is an incoming RunAs of RunAsIdentity type boolean skipReauthentication = current.getSubjectInfo() != null && current.getSubjectInfo().getAuthenticatedSubject() != null && !current.getSubjectInfo().getAuthenticatedSubject().getPrincipals().isEmpty() && ( (previous != null && current.getSecurityDomain().equals(previous.getSecurityDomain())) || current.getIncomingRunAs() instanceof RunAsIdentity ); if (!skipReauthentication) { SecurityContextUtil util = current.getUtil(); Object credential = util.getCredential(); Subject subject = null; if (credential instanceof RemotingConnectionCredential) { subject = ((RemotingConnectionCredential) credential).getSubject(); } if (authenticate(current, subject) == false) { throw SecurityLogger.ROOT_LOGGER.invalidUserException(); } } // setup the run-as identity. if (runAs != null) { RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles); current.setOutgoingRunAs(runAsIdentity); } else if (propagate && previous != null && previous.getOutgoingRunAs() != null) { // Ensure the propagation continues. current.setOutgoingRunAs(previous.getOutgoingRunAs()); } }
if( previous.getOutgoingRunAs() != null ) { current.setIncomingRunAs(previous.getOutgoingRunAs());
public RunAs peek() { //return SecurityAssociation.peekRunAsIdentity(); SecurityContext sc = SecurityContextAssociation.getSecurityContext(); if(sc != null) return sc.getOutgoingRunAs(); else return null; }
public RunAs peek() { SecurityContext sc = getSecurityContext(); if(sc == null) throw new IllegalStateException("Security Context is null"); return sc.getOutgoingRunAs(); //return SecurityAssociation.peekRunAsIdentity(); }
public RunAs peek() { //return SecurityAssociation.peekRunAsIdentity(); SecurityContext sc = SecurityContextAssociation.getSecurityContext(); if(sc == null) throw new IllegalStateException("Security Context is null"); return sc.getOutgoingRunAs(); }
@SuppressWarnings("unchecked") @Override public <T> T get(String key) { validateSecurityContext(); if(RUNAS_IDENTITY_IDENTIFIER.equals(key)) return (T)securityContext.getOutgoingRunAs(); else return (T) securityContext.getData().get(key); }
public RunAs pop() { //return SecurityAssociation.popRunAsIdentity(); SecurityContext sc = getSecurityContext(); if(sc == null) throw new IllegalStateException("Security Context is null"); RunAs ra = sc.getOutgoingRunAs(); sc.setOutgoingRunAs(null); return ra; } };
public RunAs pop() { //Pop the RAI // return SecurityAssociation.popRunAsIdentity(); SecurityContext sc = SecurityContextAssociation.getSecurityContext(); if(sc == null) throw new IllegalStateException("Security Context is null"); RunAs ra = null; ra = sc.getOutgoingRunAs(); sc.setOutgoingRunAs(null); return ra; } };
private void setRunAsIdentity(RunAsIdentity rai) { Map<String,Object> contextMap = securityContext.getData(); //Move the current RAI on the sc into the caller rai RunAs currentRA = securityContext.getOutgoingRunAs(); contextMap.put(CALLER_RAI_IDENTIFIER, currentRA); securityContext.setOutgoingRunAs(rai); }
public String run() { StringBuilder sb = new StringBuilder(); sb.append(" Principal = " + sc.getUtil().getUserPrincipal()); sb.append(" Subject:"+sc.getUtil().getSubject()); sb.append(" Incoming run as:"+sc.getIncomingRunAs()); sb.append(" Outgoing run as:"+sc.getOutgoingRunAs()); return sb.toString(); } }
@Override public RunAs run() { if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } RunAs principal = sc.getOutgoingRunAs(); sc.setOutgoingRunAs(null); return principal; } });
@Override public SecurityIdentity getSecurityIdentity() { return new SecurityIdentity(securityContext.getSubjectInfo(), securityContext.getOutgoingRunAs(), securityContext.getIncomingRunAs()); }
@Override public SecurityIdentity getSecurityIdentity() { return new SecurityIdentity(securityContext.getSubjectInfo(), securityContext.getOutgoingRunAs(), securityContext.getIncomingRunAs()); }