public void authenticate(final String runAs, final String runAsPrincipal, final Set<String> extraRoles) { SecurityContext current = SecurityContextAssociation.getSecurityContext(); SecurityContext previous = contexts.peek(); // skip reauthentication if the current context already has an authenticated subject (copied from the previous context // upon creation - see push method) and both contexts use the same security domain or there is an incoming RunAs of RunAsIdentity type boolean skipReauthentication = current.getSubjectInfo() != null && current.getSubjectInfo().getAuthenticatedSubject() != null && !current.getSubjectInfo().getAuthenticatedSubject().getPrincipals().isEmpty() && ( (previous != null && current.getSecurityDomain().equals(previous.getSecurityDomain())) || current.getIncomingRunAs() instanceof RunAsIdentity ); if (!skipReauthentication) { SecurityContextUtil util = current.getUtil(); Object credential = util.getCredential(); Subject subject = null; if (credential instanceof RemotingConnectionCredential) { subject = ((RemotingConnectionCredential) credential).getSubject(); } if (authenticate(current, subject) == false) { throw SecurityLogger.ROOT_LOGGER.invalidUserException(); } } // setup the run-as identity. if (runAs != null) { RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles); current.setOutgoingRunAs(runAsIdentity); } else if (propagate && previous != null && previous.getOutgoingRunAs() != null) { // Ensure the propagation continues. current.setOutgoingRunAs(previous.getOutgoingRunAs()); } }
/** * {@inheritDoc} */ @Override public void clear(ServiceSecurity serviceSecurity, SecurityContext securityContext) { super.clear(serviceSecurity, securityContext); try { org.jboss.security.SecurityContext jb_securityContext = SecurityContextAssociation.getSecurityContext(); if (jb_securityContext != null) { String sy_securityDomain = serviceSecurity.getSecurityDomain(); String jb_securityDomain = jb_securityContext.getSecurityDomain(); if (sy_securityDomain.equals(jb_securityDomain)) { SecurityContextAssociation.clearSecurityContext(); } } } catch (Throwable t) { JBossSecurityLogger.ROOT_LOGGER.clearSecurityContextAssociation(t); } }
/** * {@inheritDoc} */ @Override public void clear(ServiceSecurity serviceSecurity, SecurityContext securityContext) { super.clear(serviceSecurity, securityContext); try { org.jboss.security.SecurityContext jb_securityContext = SecurityContextAssociation.getSecurityContext(); if (jb_securityContext != null) { String sy_securityDomain = serviceSecurity.getSecurityDomain(); String jb_securityDomain = jb_securityContext.getSecurityDomain(); if (sy_securityDomain.equals(jb_securityDomain)) { SecurityContextAssociation.clearSecurityContext(); } } } catch (Throwable t) { JBossSecurityLogger.ROOT_LOGGER.clearSecurityContextAssociation(t); } }
if(securityContext == null) throw new IllegalStateException("Security Context is null"); String secDomain = securityContext.getSecurityDomain();
public void authenticate(final String runAs, final String runAsPrincipal, final Set<String> extraRoles) { SecurityContext current = SecurityContextAssociation.getSecurityContext(); SecurityContext previous = contexts.peek(); // skip reauthentication if the current context already has an authenticated subject (copied from the previous context // upon creation - see push method) and both contexts use the same security domain or there is an incoming RunAs of RunAsIdentity type boolean skipReauthentication = current.getSubjectInfo() != null && current.getSubjectInfo().getAuthenticatedSubject() != null && !current.getSubjectInfo().getAuthenticatedSubject().getPrincipals().isEmpty() && ( (previous != null && current.getSecurityDomain().equals(previous.getSecurityDomain())) || current.getIncomingRunAs() instanceof RunAsIdentity ); if (!skipReauthentication) { SecurityContextUtil util = current.getUtil(); Object credential = util.getCredential(); Subject subject = null; if (credential instanceof RemotingConnectionCredential) { subject = ((RemotingConnectionCredential) credential).getSubject(); } if (authenticate(current, subject) == false) { throw SecurityLogger.ROOT_LOGGER.invalidUserException(); } } // setup the run-as identity. if (runAs != null) { RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles); current.setOutgoingRunAs(runAsIdentity); } else if (propagate && previous != null && previous.getOutgoingRunAs() != null) { // Ensure the propagation continues. current.setOutgoingRunAs(previous.getOutgoingRunAs()); } }
if (securityContext != null) secDomain = securityContext.getSecurityDomain();
incomingDomain = sc.getSecurityDomain();
if (jb_securityContext != null) { String jb_securityDomain = jb_securityContext.getSecurityDomain(); if (!sy_securityDomain.equals(jb_securityDomain)) { pushSubjectContext(sy_securityDomain);
if (jb_securityContext != null) { String jb_securityDomain = jb_securityContext.getSecurityDomain(); if (!sy_securityDomain.equals(jb_securityDomain)) { pushSubjectContext(sy_securityDomain);
sc.getSecurityDomain().equals(configuredSecurityDomainName) == false)
sc.getSecurityDomain().equals(configuredSecurityDomainName) == false)
if (trace) log.trace("Authenticated principal=" + principal + " in security domain=" + sc.getSecurityDomain());