private ServerAuthenticationContext createServerAuthenticationContext() { if (WildFlySecurityManager.isChecking()) { return AccessController.doPrivileged((PrivilegedAction<ServerAuthenticationContext>) () -> securityDomain.createNewAuthenticationContext()); } return securityDomain.createNewAuthenticationContext(); }
private Set<SecurityIdentity> outflowIdentity(final SecurityIdentity securityIdentity) { Set<SecurityIdentity> outflowedIdentities = new HashSet<>(outflowSecurityDomains.size()); if (securityIdentity != null) { // Attempt to outflow the established identity to each domain in the list for (SecurityDomain outflowSecurityDomain : outflowSecurityDomains) { try { ServerAuthenticationContext serverAuthenticationContext = outflowSecurityDomain.createNewAuthenticationContext(); if (serverAuthenticationContext.importIdentity(securityIdentity)) { outflowedIdentities.add(serverAuthenticationContext.getAuthorizedIdentity()); } } catch (RealmUnavailableException | IllegalStateException e) { // Ignored } } } return outflowedIdentities; }
/** * Attempt to create a new identity that can be used to run as an anonymous user * * Calling with enabled security manager requires {@code setRunAsPrincipal} {@link ElytronPermission}. * * @param authorize whether to check the anonymous identity is authorized to log in * (has {@link org.wildfly.security.auth.permission.LoginPermission}) * @return the new security identity * @throws SecurityException if the caller does not have the {@code setRunAsPrincipal} * {@link ElytronPermission} or if the operation authorization failed for any other reason */ public SecurityIdentity createRunAsAnonymous(boolean authorize) throws SecurityException { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(SET_RUN_AS_PERMISSION); } try (final ServerAuthenticationContext context = securityDomain.createNewAuthenticationContext(this, MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY))) { if (! context.authorizeAnonymous(authorize)) { throw log.runAsAuthorizationFailed(principal, AnonymousPrincipal.getInstance(), null); } return context.getAuthorizedIdentity(); } }
/** * Attempt to create a new identity that can be used to run as a user with the given principal. * * Calling with enabled security manager requires {@code setRunAsPrincipal} {@link ElytronPermission}. * * @param principal the principal to attempt to run as * @param authorize whether to check the current identity is authorized to run as a user * with the given principal (has {@link RunAsPrincipalPermission}) * @return the new security identity * @throws SecurityException if the caller does not have the {@code setRunAsPrincipal} * {@link ElytronPermission} or if the operation authorization failed for any other reason */ public SecurityIdentity createRunAsIdentity(Principal principal, boolean authorize) throws SecurityException { Assert.checkNotNullParam("principal", principal); final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(SET_RUN_AS_PERMISSION); } try (final ServerAuthenticationContext context = securityDomain.createNewAuthenticationContext(this, MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY))) { if (! (context.importIdentity(this) && context.authorize(principal, authorize))) { throw log.runAsAuthorizationFailed(this.principal, principal, null); } return context.getAuthorizedIdentity(); } catch (RealmUnavailableException e) { throw log.runAsAuthorizationFailed(this.principal, principal, e); } }
final ServerAuthenticationContext context = this.securityDomain.createNewAuthenticationContext(); final PasswordGuessEvidence evidence = new PasswordGuessEvidence(credential != null ? credential : null); try {
private boolean restoreIdentity() { if (securityDomain == null) { return false; } HttpScope sessionScope = httpExchangeSpi.getScope(Scope.SESSION); if (sessionScope != null && sessionScope.supportsAttachments()) { String principalName = sessionScope.getAttachment(AUTHENTICATED_PRINCIPAL_KEY, String.class); if (principalName != null) { ServerAuthenticationContext authenticationContext = securityDomain.createNewAuthenticationContext(); try { authenticationContext.setAuthenticationName(principalName); if (authenticationContext.authorize()) { SecurityIdentity authorizedIdentity = authenticationContext.getAuthorizedIdentity(); httpExchangeSpi.authenticationComplete(authorizedIdentity, programaticMechanismName); setupProgramaticLogout(sessionScope); return true; } else { sessionScope.setAttachment(AUTHENTICATED_PRINCIPAL_KEY, null); // Whatever was in there no longer works so just drop it. } } catch (IllegalArgumentException | RealmUnavailableException | IllegalStateException e) { httpExchangeSpi.authenticationFailed(e.getMessage(), programaticMechanismName); } } } return false; }
final ServerAuthenticationContext context = this.securityDomain.createNewAuthenticationContext(); final PasswordGuessEvidence evidence = new PasswordGuessEvidence(credential != null ? credential : null); try {
} else if (integrated) { ServerAuthenticationContext sac = securityDomain.createNewAuthenticationContext(); sac.importIdentity(securityIdentity); sac.authorize(); } else { if (integrated) { ServerAuthenticationContext sac = securityDomain.createNewAuthenticationContext(); sac.setAuthenticationPrincipal(callerPrincipal); if (sac.authorize()) {
throw ElytronMessages.log.notTrusted(null); try (final ServerAuthenticationContext authenticationContext = securityDomain.createNewAuthenticationContext(mechanismConfigurationSelector)) { authenticationContext.setAuthenticationPrincipal(principal); if (! authenticationContext.exists()) {
@Override public ServerAuthenticationContext createServerAuthenticationContext(final SecurityDomain securityDomain) { return securityDomain.createNewAuthenticationContext(); } };
@Override public ServerAuthenticationContext createServerAuthenticationContext(final SecurityDomain securityDomain) { return securityDomain.createNewAuthenticationContext(); } };
private ServerAuthenticationContext createServerAuthenticationContext() { if (getSecurityManager() != null) { return AccessController.doPrivileged((PrivilegedAction<ServerAuthenticationContext>) () -> securityDomain.createNewAuthenticationContext()); } return securityDomain.createNewAuthenticationContext(); }
private ServerAuthenticationContext createServerAuthenticationContext() { if (WildFlySecurityManager.isChecking()) { return AccessController.doPrivileged((PrivilegedAction<ServerAuthenticationContext>) () -> securityDomain.createNewAuthenticationContext()); } return securityDomain.createNewAuthenticationContext(); }
private ServerAuthenticationContext createServerAuthenticationContext() { if (WildFlySecurityManager.isChecking()) { return AccessController.doPrivileged((PrivilegedAction<ServerAuthenticationContext>) () -> securityDomain.createNewAuthenticationContext()); } return securityDomain.createNewAuthenticationContext(); }
private static SecurityIdentity[] performOutflow(SecurityIdentity identity, boolean outflowAnonymous, Set<SecurityDomain> outflowDomains) { List<SecurityIdentity> outflowIdentities = new ArrayList<>(outflowDomains.size()); for (SecurityDomain d : outflowDomains) { ServerAuthenticationContext sac = d.createNewAuthenticationContext(); try { if (sac.importIdentity(identity)) { outflowIdentities.add(sac.getAuthorizedIdentity()); } else if (outflowAnonymous) { outflowIdentities.add(d.getAnonymousSecurityIdentity()); } } catch (RealmUnavailableException e) { throw ROOT_LOGGER.unableToPerformOutflow(identity.getPrincipal().getName(), e); } } return outflowIdentities.toArray(new SecurityIdentity[outflowIdentities.size()]); }
private static SecurityIdentity createSecurityIdentity(Principal principal, Set<String> roles) { ServerAuthenticationContext serverAuthenticationContext = INFLOW_SECURITY_DOMAIN.createNewAuthenticationContext(); try { serverAuthenticationContext.verifyEvidence(new EvidenceWithRoles(principal, roles)); serverAuthenticationContext.authorize(); } catch (RealmUnavailableException e) { // As the domain is backed by a dummy realm that never throws this Exception it is impossible for it to be thrown. throw new IllegalStateException(e); } return serverAuthenticationContext.getAuthorizedIdentity(); }
private static SecurityIdentity createSecurityIdentity(Principal principal, Set<String> roles) { ServerAuthenticationContext serverAuthenticationContext = INFLOW_SECURITY_DOMAIN.createNewAuthenticationContext(); try { serverAuthenticationContext.verifyEvidence(new EvidenceWithRoles(principal, roles)); serverAuthenticationContext.authorize(); } catch (RealmUnavailableException e) { // As the domain is backed by a dummy realm that never throws this Exception it is impossible for it to be thrown. throw new IllegalStateException(e); } return serverAuthenticationContext.getAuthorizedIdentity(); }
/** * Attempt to create a new identity that can be used to run as an anonymous user * * Calling with enabled security manager requires {@code setRunAsPrincipal} {@link ElytronPermission}. * * @param authorize whether to check the anonymous identity is authorized to log in * (has {@link org.wildfly.security.auth.permission.LoginPermission}) * @return the new security identity * @throws SecurityException if the caller does not have the {@code setRunAsPrincipal} * {@link ElytronPermission} or if the operation authorization failed for any other reason */ public SecurityIdentity createRunAsAnonymous(boolean authorize) throws SecurityException { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(SET_RUN_AS_PERMISSION); } try (final ServerAuthenticationContext context = securityDomain.createNewAuthenticationContext(this, MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY))) { if (! context.authorizeAnonymous(authorize)) { throw log.runAsAuthorizationFailed(principal, AnonymousPrincipal.getInstance(), null); } return context.getAuthorizedIdentity(); } }
/** * Attempt to create a new identity that can be used to run as an anonymous user * * Calling with enabled security manager requires {@code setRunAsPrincipal} {@link ElytronPermission}. * * @param authorize whether to check the anonymous identity is authorized to log in * (has {@link org.wildfly.security.auth.permission.LoginPermission}) * @return the new security identity * @throws SecurityException if the caller does not have the {@code setRunAsPrincipal} * {@link ElytronPermission} or if the operation authorization failed for any other reason */ public SecurityIdentity createRunAsAnonymous(boolean authorize) throws SecurityException { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(SET_RUN_AS_PERMISSION); } try (final ServerAuthenticationContext context = securityDomain.createNewAuthenticationContext(this, MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY))) { if (! context.authorizeAnonymous(authorize)) { throw log.runAsAuthorizationFailed(principal, AnonymousPrincipal.getInstance(), null); } return context.getAuthorizedIdentity(); } }
/** * Attempt to create a new identity that can be used to run as an anonymous user * * Calling with enabled security manager requires {@code setRunAsPrincipal} {@link ElytronPermission}. * * @param authorize whether to check the anonymous identity is authorized to log in * (has {@link org.wildfly.security.auth.permission.LoginPermission}) * @return the new security identity * @throws SecurityException if the caller does not have the {@code setRunAsPrincipal} * {@link ElytronPermission} or if the operation authorization failed for any other reason */ public SecurityIdentity createRunAsAnonymous(boolean authorize) throws SecurityException { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(SET_RUN_AS_PERMISSION); } try (final ServerAuthenticationContext context = securityDomain.createNewAuthenticationContext(this, MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY))) { if (! context.authorizeAnonymous(authorize)) { throw log.runAsAuthorizationFailed(principal, AnonymousPrincipal.getInstance(), null); } return context.getAuthorizedIdentity(); } }