@Override public SubjectInfo run() { return context.getSubjectInfo(); } });
private SubjectInfo getSubjectInfo(final SecurityContext context) { if (System.getSecurityManager() == null) { return context.getSubjectInfo(); } return AccessController.doPrivileged(new PrivilegedAction<SubjectInfo>() { @Override public SubjectInfo run() { return context.getSubjectInfo(); } }); }
/** * <p> * Retrieves the authenticated subject from the underlying security context. * </p> * * @return a reference to the authenticated subject. */ private Subject getAuthenticatedSubject() { Subject subject = null; org.jboss.security.SecurityContext picketBoxContext = SecurityActions.getSecurityContext(); if (picketBoxContext != null && picketBoxContext.getSubjectInfo() != null) subject = picketBoxContext.getSubjectInfo().getAuthenticatedSubject(); return subject != null ? subject : new Subject(); } }
public void authenticate(final String runAs, final String runAsPrincipal, final Set<String> extraRoles) { SecurityContext current = SecurityContextAssociation.getSecurityContext(); SecurityContext previous = contexts.peek(); // skip reauthentication if the current context already has an authenticated subject (copied from the previous context // upon creation - see push method) and both contexts use the same security domain or there is an incoming RunAs of RunAsIdentity type boolean skipReauthentication = current.getSubjectInfo() != null && current.getSubjectInfo().getAuthenticatedSubject() != null && !current.getSubjectInfo().getAuthenticatedSubject().getPrincipals().isEmpty() && ( (previous != null && current.getSecurityDomain().equals(previous.getSecurityDomain())) || current.getIncomingRunAs() instanceof RunAsIdentity ); if (!skipReauthentication) { SecurityContextUtil util = current.getUtil(); Object credential = util.getCredential(); Subject subject = null; if (credential instanceof RemotingConnectionCredential) { subject = ((RemotingConnectionCredential) credential).getSubject(); } if (authenticate(current, subject) == false) { throw SecurityLogger.ROOT_LOGGER.invalidUserException(); } } // setup the run-as identity. if (runAs != null) { RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles); current.setOutgoingRunAs(runAsIdentity); } else if (propagate && previous != null && previous.getOutgoingRunAs() != null) { // Ensure the propagation continues. current.setOutgoingRunAs(previous.getOutgoingRunAs()); } }
private SubjectInfo getSubjectInfo(final SecurityContext context) { if (System.getSecurityManager() == null) { return context.getSubjectInfo(); } return AccessController.doPrivileged(new PrivilegedAction<SubjectInfo>() { @Override public SubjectInfo run() { return context.getSubjectInfo(); } }); }
/** * Set the Identities into the Security Context * @param idSet */ public void setIdentities(Set<Identity> idSet) { this.securityContext.getSubjectInfo().setIdentities(idSet); }
/** * Push the authenticated subject onto the security context * IMPORTANT - this needs to be done after the isValid call */ public void pushSubjectContext(Subject subject) { securityContext.getSubjectInfo().setAuthenticatedSubject(subject); } }
/** * Add an Identity to the Security Context * @param id */ public void addIdentity(Identity id) { this.securityContext.getSubjectInfo().addIdentity(id); }
// TODO: remove this when fixed in JBoss - WORKAROUND to get authentication to propagate to EJBs SecurityContext oldContext = SecurityContextAssociation.getSecurityContext(); SubjectInfo subjectInfo = oldContext.getSubjectInfo(); subjectInfo.setAuthenticatedSubject(serviceSubject); SecurityContextAssociation.setPrincipal(degroofPrincipal); serviceSubject.getPrincipals().add(degroofPrincipal);
/** * Set the Identities into the Security Context * @param idSet */ public void setIdentities(Set<Identity> idSet) { this.securityContext.getSubjectInfo().setIdentities(idSet); }
/** * Set the Identities into the Security Context * @param idSet */ public void setIdentities(Set<Identity> idSet) { this.securityContext.getSubjectInfo().setIdentities(idSet); }
public Subject getSubject() { final SecurityContext securityContext = doPrivileged(securityContext()); if (securityContext != null) { return securityContext.getSubjectInfo().getAuthenticatedSubject(); } return null; }
@Override public RoleGroup getRoles() { validateSecurityContext(); return securityContext.getSubjectInfo().getRoles(); }
@Override public void setRoles(RoleGroup roles) { validateSecurityContext(); securityContext.getSubjectInfo().setRoles(roles); }
public Subject getSubject() { validateSecurityContext(); Subject s = null; SubjectInfo subjectInfo = this.securityContext.getSubjectInfo(); if(subjectInfo != null) { s = subjectInfo.getAuthenticatedSubject(); } return s; }
@Override public void setRoles(RoleGroup roles) { validateSecurityContext(); securityContext.getSubjectInfo().setRoles(roles); }
private void rememberAuthInCookie(HttpServletRequest request, HttpServletResponse response, ClientID clientID, LoginSessionToken loginSessionToken) { String callerPrincipal = request.getUserPrincipal().getName(); SecurityContext context = SecurityContextAssociation.getSecurityContext(); SubjectInfo subjectInfo = context.getSubjectInfo(); Collection<Role> roles = new JBossSubjectInfo(subjectInfo).getRoles(); List<String> roleStrings = new ArrayList<>(); for (Role role : roles) { roleStrings.add(role.getRoleName()); } String encryptedToken = RememberMeTokenUtil.serialize(loginSessionToken, callerPrincipal, roleStrings); RememberMeCookieUtil.setLoginSessionCookie(request, response, encryptedToken, clientID); }
@Override public SecurityIdentity getSecurityIdentity() { return new SecurityIdentity(securityContext.getSubjectInfo(), securityContext.getOutgoingRunAs(), securityContext.getIncomingRunAs()); }
@Override public SecurityIdentity getSecurityIdentity() { return new SecurityIdentity(securityContext.getSubjectInfo(), securityContext.getOutgoingRunAs(), securityContext.getIncomingRunAs()); }
public Object getCredential() { validateSecurityContext(); Object cred = null; SubjectInfo subjectInfo = this.securityContext.getSubjectInfo(); if(subjectInfo != null) { CredentialIdentity<?> cIdentity = subjectInfo.getIdentity(CredentialIdentity.class); cred = cIdentity != null ? cIdentity.getCredential(): null; } return cred; }