public Object run() { Object credential = null; SecurityContext sc = getSecurityContext(); if (sc != null) { credential = sc.getUtil().getCredential(); } return credential; } });
public Principal run() { Principal principal = null; SecurityContext sc = getSecurityContext(); if (sc != null) { principal = sc.getUtil().getUserPrincipal(); } return principal; } });
public Subject run() { Subject subject = null; SecurityContext sc = getSecurityContext(); if (sc != null) { subject = sc.getUtil().getSubject(); } return subject; } });
public Subject run() { Subject subject = null; SecurityContext sc = getSecurityContext(); if (sc != null) { subject = sc.getUtil().getSubject(); } return subject; } });
static Principal getPrincipal() { if (WildFlySecurityManager.isChecking()) { return doPrivileged(new PrivilegedAction<Principal>() { public Principal run() { Principal principal = null; SecurityContext sc = getSecurityContext(); if (sc != null) { principal = sc.getUtil().getUserPrincipal(); } return principal; } }); } else { Principal principal = null; SecurityContext sc = getSecurityContext(); if (sc != null) { principal = sc.getUtil().getUserPrincipal(); } return principal; } }
static Object getCredential() { if (WildFlySecurityManager.isChecking()) { return doPrivileged(new PrivilegedAction<Object>() { public Object run() { Object credential = null; SecurityContext sc = getSecurityContext(); if (sc != null) { credential = sc.getUtil().getCredential(); } return credential; } }); } else { Object credential = null; SecurityContext sc = getSecurityContext(); if (sc != null) { credential = sc.getUtil().getCredential(); } return credential; } }
static Subject getSubject() { if (WildFlySecurityManager.isChecking()) { return doPrivileged(new PrivilegedAction<Subject>() { public Subject run() { Subject subject = null; SecurityContext sc = getSecurityContext(); if (sc != null) { subject = sc.getUtil().getSubject(); } return subject; } }); } else { Subject subject = null; SecurityContext sc = getSecurityContext(); if (sc != null) { subject = sc.getUtil().getSubject(); } return subject; } } }
static Subject getSubject() { if (WildFlySecurityManager.isChecking()) { return doPrivileged(new PrivilegedAction<Subject>() { public Subject run() { Subject subject = null; SecurityContext sc = getSecurityContext(); if (sc != null) { subject = sc.getUtil().getSubject(); } return subject; } }); } else { Subject subject = null; SecurityContext sc = getSecurityContext(); if (sc != null) { subject = sc.getUtil().getSubject(); } return subject; } } }
Subject callerSubject = sc.getUtil().getSubject();
private void updateSubjectRoles(final org.jboss.security.SecurityContext jbossSct){ if (jbossSct == null) { throw UndertowLogger.ROOT_LOGGER.nullParamter("org.jboss.security.SecurityContext"); } RoleGroup contextRoleGroup = jbossSct.getUtil().getRoles(); if(contextRoleGroup == null){ return; } Collection<Role> contextRoles = contextRoleGroup.getRoles(); if(contextRoles.isEmpty()){ return; } Subject subject = jbossSct.getUtil().getSubject(); Set<Group> groupPrincipals = subject.getPrincipals(Group.class); Group subjectRoleGroup = null; for (Group candidate : groupPrincipals) { if (candidate.getName().equals(ROLES_IDENTIFIER)) { subjectRoleGroup = candidate; break; } } if (subjectRoleGroup == null) { subjectRoleGroup = new SimpleGroup(ROLES_IDENTIFIER); subject.getPrincipals().add(subjectRoleGroup); } for (Role role : contextRoles) { Principal rolePrincipal = new SimplePrincipal(role.getRoleName()); subjectRoleGroup.addMember(rolePrincipal); } }
Principal userPrincipal = jbossSct.getUtil().getUserPrincipal(); if (userPrincipal == null) { return null; jbossSct.getUtil().createSubjectInfo(userPrincipal, ((AccountImpl) cachedAccount).getCredential(), jbossSct.getUtil().getSubject()); RoleGroup roleGroup = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER); for (String role : cachedAccount.getRoles()) roleGroup.addRole(new SimpleRole(role)); jbossSct.getUtil().setRoles(roleGroup); return cachedAccount; RoleGroup roleGroup = jbossSct.getUtil().getRoles(); if (roleGroup != null) { for (Role role : roleGroup.getRoles()) { Object credential = jbossSct.getUtil().getCredential(); Principal original = null; if(cachedAccount != null) {
private boolean authenticate(SecurityContext context, Subject subject) { SecurityContextUtil util = context.getUtil(); SubjectInfo subjectInfo = getSubjectInfo(context); if (subject == null) {
public boolean authorize(String ejbName, CodeSource ejbCodeSource, String ejbMethodIntf, Method ejbMethod, Set<Principal> methodRoles, String contextID) { final SecurityContext securityContext = doPrivileged(securityContext()); if (securityContext == null) { return false; } EJBResource resource = new EJBResource(new HashMap<String, Object>()); resource.setEjbName(ejbName); resource.setEjbMethod(ejbMethod); resource.setEjbMethodInterface(ejbMethodIntf); resource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles)); resource.setCodeSource(ejbCodeSource); resource.setPolicyContextID(contextID); resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs()); resource.setCallerSubject(securityContext.getUtil().getSubject()); Principal userPrincipal = securityContext.getUtil().getUserPrincipal(); resource.setPrincipal(userPrincipal); try { AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext); return helper.authorize(resource); } catch (Exception e) { throw new RuntimeException(e); } }
resource.setPolicyContextID(policyContextID); resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs()); resource.setCallerSubject(securityContext.getUtil().getSubject()); Principal userPrincipal = securityContext.getUtil().getUserPrincipal(); resource.setPrincipal(userPrincipal); if (roleLinks != null) {
public void push(final String securityDomain, String userName, char[] password, final Subject subject) { final SecurityContext previous = SecurityContextAssociation.getSecurityContext(); contexts.push(previous); SecurityContext current = establishSecurityContext(securityDomain); if (propagate && previous != null) { current.setSubjectInfo(getSubjectInfo(previous)); current.setIncomingRunAs(previous.getOutgoingRunAs()); } RunAs currentRunAs = current.getIncomingRunAs(); boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity; if (trusted == false) { SecurityContextUtil util = current.getUtil(); util.createSubjectInfo(new SimplePrincipal(userName), new String(password), subject); } }
Subject caller = sc.getUtil().getSubject();
private Account verifyCredential(final AccountImpl account, final Object credential) { final AuthenticationManager authenticationManager = securityDomainContext.getAuthenticationManager(); final AuthorizationManager authorizationManager = securityDomainContext.getAuthorizationManager(); final SecurityContext sc = SecurityActions.getSecurityContext(); Principal incomingPrincipal = account.getOriginalPrincipal(); Subject subject = new Subject(); try { boolean isValid = authenticationManager.isValid(incomingPrincipal, credential, subject); if (isValid) { UndertowLogger.ROOT_LOGGER.tracef("User: %s is authenticated", incomingPrincipal); if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } Principal userPrincipal = getPrincipal(subject); sc.getUtil().createSubjectInfo(incomingPrincipal, credential, subject); SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(sc); RoleGroup roles = authorizationManager.getSubjectRoles(subject, scb); Set<String> roleSet = new HashSet<>(); for (Role role : roles.getRoles()) { roleSet.add(role.getRoleName()); } return new AccountImpl(userPrincipal, roleSet, credential, account.getOriginalPrincipal()); } } catch (Exception e) { throw new RuntimeException(e); } return null; }
public void authenticate(final String runAs, final String runAsPrincipal, final Set<String> extraRoles) { SecurityContext current = SecurityContextAssociation.getSecurityContext(); SecurityContext previous = contexts.peek(); // skip reauthentication if the current context already has an authenticated subject (copied from the previous context // upon creation - see push method) and both contexts use the same security domain or there is an incoming RunAs of RunAsIdentity type boolean skipReauthentication = current.getSubjectInfo() != null && current.getSubjectInfo().getAuthenticatedSubject() != null && !current.getSubjectInfo().getAuthenticatedSubject().getPrincipals().isEmpty() && ( (previous != null && current.getSecurityDomain().equals(previous.getSecurityDomain())) || current.getIncomingRunAs() instanceof RunAsIdentity ); if (!skipReauthentication) { SecurityContextUtil util = current.getUtil(); Object credential = util.getCredential(); Subject subject = null; if (credential instanceof RemotingConnectionCredential) { subject = ((RemotingConnectionCredential) credential).getSubject(); } if (authenticate(current, subject) == false) { throw SecurityLogger.ROOT_LOGGER.invalidUserException(); } } // setup the run-as identity. if (runAs != null) { RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles); current.setOutgoingRunAs(runAsIdentity); } else if (propagate && previous != null && previous.getOutgoingRunAs() != null) { // Ensure the propagation continues. current.setOutgoingRunAs(previous.getOutgoingRunAs()); } }
Subject callerSubject = sc.getUtil().getSubject();
SecurityContextUtil util = current.getUtil();