private SecurityIdentity getCallerSecurityIdentity() { if (incomingRunAsIdentity != null) { return incomingRunAsIdentity; } else if (securityRequired) { return securityDomain.getCurrentSecurityIdentity(); } else { // unsecured EJB return securityDomain.getAnonymousSecurityIdentity(); } }
private <V> V privilegedRunAs(final String user, final Callable<V> callable) throws Exception { final SecurityDomain securityDomain = getBatchEnvironment().getSecurityDomain(); if (securityDomain == null) { return callable.call(); } final SecurityIdentity securityIdentity; if (user != null) { if (WildFlySecurityManager.isChecking()) { securityIdentity = AccessController.doPrivileged((PrivilegedAction<SecurityIdentity>) () -> securityDomain.getAnonymousSecurityIdentity().createRunAsIdentity(user, false)); } else { securityIdentity = securityDomain.getAnonymousSecurityIdentity().createRunAsIdentity(user, false); } } else { securityIdentity = securityDomain.getCurrentSecurityIdentity(); } return securityIdentity.runAs(callable); }
@Override boolean authorizeAnonymous(final boolean requireLoginPermission) { final AtomicReference<State> stateRef = getStateRef(); final SecurityIdentity anonymousIdentity = getSecurityDomain().getAnonymousSecurityIdentity(); return (! requireLoginPermission || anonymousIdentity.implies(LoginPermission.getInstance())) && (stateRef.compareAndSet(this, new AnonymousAuthorizedState(anonymousIdentity)) || stateRef.get().authorizeAnonymous(requireLoginPermission)); }
public SecurityIdentity getLocalIdentity(final int id) { if (id == 1) { final SaslAuthenticationFactory authenticationFactory = this.authenticationFactory; return authenticationFactory == null ? null : authenticationFactory.getSecurityDomain().getAnonymousSecurityIdentity(); } else if (id == 0) { return getLocalIdentity(); } final Auth auth = authMap.get(id); return auth != null ? (SecurityIdentity) auth.getSaslServer().getNegotiatedProperty(WildFlySasl.SECURITY_IDENTITY) : null; }
connection.getRemoteConnectionProvider().addConnectionHandler(connectionHandler); final SecurityIdentity identity = (SecurityIdentity) saslServer.getNegotiatedProperty(WildFlySasl.SECURITY_IDENTITY); connection.setIdentity(identity == null ? saslAuthenticationFactory.getSecurityDomain().getAnonymousSecurityIdentity() : identity); connection.setReadListener(new RemoteReadListener(connectionHandler, connection), false); return connectionHandler;
AnonymousAuthorizedState newState = new AnonymousAuthorizedState(domain.getAnonymousSecurityIdentity()); return stateRef.compareAndSet(this, newState) || stateRef.get().importIdentity(importedIdentity);
if (this.securityDomain != null) { SecurityIdentity identity = this.securityDomain.getAnonymousSecurityIdentity(); AuthenticationConfiguration authenticationConfiguration = AuthenticationConfiguration.EMPTY; identity = this.securityDomain.getAnonymousSecurityIdentity().createRunAsIdentity(identityPrincipal.getName(), true);
throw SUBSYSTEM_RA_LOGGER.executionSubjectNotSetInHandler(); SecurityIdentity identity = this.securityDomain.getAnonymousSecurityIdentity();
private static SecurityIdentity[] performOutflow(SecurityIdentity identity, boolean outflowAnonymous, Set<SecurityDomain> outflowDomains) { List<SecurityIdentity> outflowIdentities = new ArrayList<>(outflowDomains.size()); for (SecurityDomain d : outflowDomains) { ServerAuthenticationContext sac = d.createNewAuthenticationContext(); try { if (sac.importIdentity(identity)) { outflowIdentities.add(sac.getAuthorizedIdentity()); } else if (outflowAnonymous) { outflowIdentities.add(d.getAnonymousSecurityIdentity()); } } catch (RealmUnavailableException e) { throw ROOT_LOGGER.unableToPerformOutflow(identity.getPrincipal().getName(), e); } } return outflowIdentities.toArray(new SecurityIdentity[outflowIdentities.size()]); }
private <V> V privilegedRunAs(final String user, final Callable<V> callable) throws Exception { final SecurityDomain securityDomain = getBatchEnvironment().getSecurityDomain(); if (securityDomain == null) { return callable.call(); } final SecurityIdentity securityIdentity; if (user != null) { if (WildFlySecurityManager.isChecking()) { securityIdentity = AccessController.doPrivileged((PrivilegedAction<SecurityIdentity>) () -> securityDomain.getAnonymousSecurityIdentity().createRunAsIdentity(user, false)); } else { securityIdentity = securityDomain.getAnonymousSecurityIdentity().createRunAsIdentity(user, false); } } else { securityIdentity = securityDomain.getCurrentSecurityIdentity(); } return securityIdentity.runAs(callable); }
@Override boolean authorizeAnonymous(final boolean requireLoginPermission) { final AtomicReference<State> stateRef = getStateRef(); final SecurityIdentity anonymousIdentity = getSecurityDomain().getAnonymousSecurityIdentity(); return (! requireLoginPermission || anonymousIdentity.implies(LoginPermission.getInstance())) && (stateRef.compareAndSet(this, new AnonymousAuthorizedState(anonymousIdentity)) || stateRef.get().authorizeAnonymous(requireLoginPermission)); }
@Override boolean authorizeAnonymous(final boolean requireLoginPermission) { final AtomicReference<State> stateRef = getStateRef(); final SecurityIdentity anonymousIdentity = getSecurityDomain().getAnonymousSecurityIdentity(); return (! requireLoginPermission || anonymousIdentity.implies(LoginPermission.getInstance())) && (stateRef.compareAndSet(this, new AnonymousAuthorizedState(anonymousIdentity)) || stateRef.get().authorizeAnonymous(requireLoginPermission)); }
@Override boolean authorizeAnonymous(final boolean requireLoginPermission) { final AtomicReference<State> stateRef = getStateRef(); final SecurityIdentity anonymousIdentity = getSecurityDomain().getAnonymousSecurityIdentity(); return (! requireLoginPermission || anonymousIdentity.implies(LoginPermission.getInstance())) && (stateRef.compareAndSet(this, new AnonymousAuthorizedState(anonymousIdentity)) || stateRef.get().authorizeAnonymous(requireLoginPermission)); }
private void doIt(ServletInfo servletInfo, LifecycleContext context) throws ServletException { RunAsIdentityMetaData runAsMetaData = runAsMapper.apply(servletInfo.getName()); if (runAsMetaData != null) { SecurityIdentity securityIdentity = performMapping(securityDomain.getAnonymousSecurityIdentity(), securityDomain, runAsMetaData); try { securityIdentity.runAs((PrivilegedExceptionAction<Void>) () -> { context.proceed(); return null; }); } catch (PrivilegedActionException e) { Throwable cause = e.getCause(); if (cause instanceof ServletException) { throw (ServletException) cause; } throw new ServletException(cause); } } else { context.proceed(); } }
public SecurityIdentity getLocalIdentity(final int id) { if (id == 1) { final SaslAuthenticationFactory authenticationFactory = this.authenticationFactory; return authenticationFactory == null ? null : authenticationFactory.getSecurityDomain().getAnonymousSecurityIdentity(); } else if (id == 0) { return getLocalIdentity(); } final Auth auth = authMap.get(id); return auth != null ? (SecurityIdentity) auth.getSaslServer().getNegotiatedProperty(WildFlySasl.SECURITY_IDENTITY) : null; }
static SecurityIdentity performMapping(SecurityIdentity securityIdentity, SecurityDomain securityDomain, RunAsIdentityMetaData runAsMetaData) { if (runAsMetaData != null) { SecurityIdentity newIdentity = securityIdentity != null ? securityIdentity : securityDomain.getAnonymousSecurityIdentity(); String runAsPrincipal = runAsMetaData.getPrincipalName(); if (runAsPrincipal.equals(ANONYMOUS_PRINCIPAL)) {
return anonymousSecurityDomain.getAnonymousSecurityIdentity(); return anonymousSecurityDomain.getAnonymousSecurityIdentity();
AnonymousAuthorizedState newState = new AnonymousAuthorizedState(domain.getAnonymousSecurityIdentity()); return stateRef.compareAndSet(this, newState) || stateRef.get().importIdentity(importedIdentity);
AnonymousAuthorizedState newState = new AnonymousAuthorizedState(domain.getAnonymousSecurityIdentity()); return stateRef.compareAndSet(this, newState) || stateRef.get().importIdentity(importedIdentity);
throw SUBSYSTEM_RA_LOGGER.executionSubjectNotSetInHandler(); SecurityIdentity identity = this.securityDomain.getAnonymousSecurityIdentity();