ServerAuthenticationContext(final SecurityDomain domain, final MechanismConfigurationSelector mechanismConfigurationSelector) { this(domain.getCurrentSecurityIdentity(), mechanismConfigurationSelector); }
CredentialSource getCredentialSource() { if (authenticationCredentialsForwardSecurityDomain != null) { return doPrivileged((PrivilegedAction<IdentityCredentials>) () -> authenticationCredentialsForwardSecurityDomain.getCurrentSecurityIdentity().getPrivateCredentials(), capturedAccessContext); } else { return credentialSource; } }
/** * @param contextService * @param proxiedObject * @param executionProperties */ IdentityAwareProxyInvocationHandler(ContextServiceImpl contextService, Object proxiedObject, Map<String, String> executionProperties) { super(contextService, proxiedObject, executionProperties); SecurityDomain securityDomain = SecurityDomain.getCurrent(); securityIdentity = securityDomain != null ? securityDomain.getCurrentSecurityIdentity() : null; }
private SecurityIdentity getCallerSecurityIdentity() { if (incomingRunAsIdentity != null) { return incomingRunAsIdentity; } else if (securityRequired) { return securityDomain.getCurrentSecurityIdentity(); } else { // unsecured EJB return securityDomain.getAnonymousSecurityIdentity(); } }
Principal getPrincipal() { return authenticationNameForwardSecurityDomain != null ? authenticationNameForwardSecurityDomain.getCurrentSecurityIdentity().getPrincipal() : principal; }
/** * If the {@linkplain #getSecurityDomain() security domain} is not {@code null} the current identity is returned. * otherwise {@code null} is returned. * * @return the current identity or {@code null} */ default SecurityIdentity getIdentity() { final SecurityDomain securityDomain = getSecurityDomain(); if (securityDomain != null) { return securityDomain.getCurrentSecurityIdentity(); } return null; } }
Principal getAuthorizationPrincipal() { return authorizationNameForwardSecurityDomain != null ? authorizationNameForwardSecurityDomain.getCurrentSecurityIdentity().getPrincipal() : setAuthzPrincipal; }
private static SecurityIdentity getSecurityIdentity() { final SecurityManager sm = System.getSecurityManager(); final SecurityDomain securityDomain; if (sm != null) { securityDomain = AccessController.doPrivileged((PrivilegedAction<SecurityDomain>) () -> SecurityDomain.getCurrent()); } else { securityDomain = SecurityDomain.getCurrent(); } return securityDomain != null ? securityDomain.getCurrentSecurityIdentity() : null; }
@Override public Object getContext(String key, Object data) throws PolicyContextException { if (supports(key)) { PolicyConfiguration policyConfiguration = ElytronPolicyConfigurationFactory.getCurrentPolicyConfiguration(); SecurityDomain securityDomain = this.securityDomains.get(policyConfiguration.getContextID()); if (securityDomain != null) { return securityDomain.getCurrentSecurityIdentity(); } } return null; }
protected AbstractManagedThread createThread(final Runnable r, final ContextHandle contextHandleForSetup) { boolean checking = WildFlySecurityManager.isChecking(); SecurityDomain domain = checking ? AccessController.doPrivileged((PrivilegedAction<SecurityDomain>) SecurityDomain::getCurrent) : SecurityDomain.getCurrent(); SecurityIdentity identity = domain == null ? null : domain.getCurrentSecurityIdentity(); if (checking) { return AccessController.doPrivileged((PrivilegedAction<ElytronManagedThread>) () -> new ElytronManagedThread(r, contextHandleForSetup, identity) ); } else { return new ElytronManagedThread(r, contextHandleForSetup, identity); } }
@Override public Consumer<Runnable> getSecurityContextAssociator(){ SecurityDomain elytronDomain = getCurrentSecurityDomain(); if(elytronDomain != null) { // store the identity from the original thread and use it in callback which will be invoked in a different thread SecurityIdentity storedSecurityIdentity = elytronDomain.getCurrentSecurityIdentity(); return (action) -> storedSecurityIdentity.runAs(action); } else { return SecurityServices.super.getSecurityContextAssociator(); } }
public Object processInvocation(final InterceptorContext context) throws Exception { if (identityOutflowFunction != null) { final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class); final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity(); Set<SecurityIdentity> outflowedIdentities = identityOutflowFunction.apply(currentIdentity); SecurityIdentity[] newIdentities; if (category != null && roleMapper != null) { // Propagate the runAsRole or any extra principal roles that are configured // (TODO: ensure this is the desired behaviour) newIdentities = outflowedIdentities.stream().map(outflowedIdentity -> { final RoleMapper mergeMapper = roleMapper.or((roles) -> outflowedIdentity.getRoles(category)); return outflowedIdentity.withRoleMapper(category, mergeMapper); }).toArray(SecurityIdentity[]::new); } else { newIdentities = outflowedIdentities.toArray(new SecurityIdentity[outflowedIdentities.size()]); } return SecurityIdentity.runAsAll(context, newIdentities); } else { return context.proceed(); } } }
@Override public Principal getPrincipal() { SecurityDomain elytronDomain = getCurrentSecurityDomain(); if(elytronDomain != null) { return elytronDomain.getCurrentSecurityIdentity().getPrincipal(); } // Use 'Object' initially to avoid loading ServerSecurityManager (which may not be present) // until we know for sure we need it. final Object securityManager = securityManagerSupplier != null ? securityManagerSupplier.get() : null; if (securityManager == null) throw WeldLogger.ROOT_LOGGER.securityNotEnabled(); return ((ServerSecurityManager) securityManager).getCallerPrincipal(); }
public Object processInvocation(final InterceptorContext context) throws Exception { final Component component = context.getPrivateData(Component.class); if (! (component instanceof EJBComponent)) { throw EjbLogger.ROOT_LOGGER.unexpectedComponent(component, EJBComponent.class); } final Iterator<String> iterator = rolesAllowed.iterator(); if (iterator.hasNext()) { final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class); final SecurityIdentity identity = securityDomain.getCurrentSecurityIdentity(); final Roles ejbRoles = identity.getRoles("ejb", true); do { final String role = iterator.next(); if (ejbRoles.contains(role) || (role.equals("**") && !identity.isAnonymous())) { return context.proceed(); } } while (iterator.hasNext()); } throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(context.getMethod(), ((EJBComponent) component).getComponentName()); } }
public Object processInvocation(final InterceptorContext context) throws Exception { final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class); Assert.checkNotNullParam("securityDomain", securityDomain); final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity(); final RoleMapper mergeMapper = roleMapper.or((roles) -> currentIdentity.getRoles(category)); final SecurityIdentity newIdentity = currentIdentity.withRoleMapper(category, mergeMapper); try { return newIdentity.runAs(context); } catch (PrivilegedActionException e) { Throwable cause = e.getCause(); if(cause != null) { if(cause instanceof Exception) { throw (Exception) cause; } else { throw new RuntimeException(e); } } else { throw e; } } } }
private <V> V privilegedRunAs(final String user, final Callable<V> callable) throws Exception { final SecurityDomain securityDomain = getBatchEnvironment().getSecurityDomain(); if (securityDomain == null) { return callable.call(); } final SecurityIdentity securityIdentity; if (user != null) { if (WildFlySecurityManager.isChecking()) { securityIdentity = AccessController.doPrivileged((PrivilegedAction<SecurityIdentity>) () -> securityDomain.getAnonymousSecurityIdentity().createRunAsIdentity(user, false)); } else { securityIdentity = securityDomain.getAnonymousSecurityIdentity().createRunAsIdentity(user, false); } } else { securityIdentity = securityDomain.getCurrentSecurityIdentity(); } return securityIdentity.runAs(callable); }
final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class); Assert.checkNotNullParam("securityDomain", securityDomain); final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity();
public Object processInvocation(final InterceptorContext context) throws Exception { final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class); Assert.checkNotNullParam("securityDomain", securityDomain); final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity(); final Set<String> securityRoles = principalVsRolesMap.get(currentIdentity.getPrincipal().getName()); if (securityRoles != null && ! securityRoles.isEmpty()) {
private static AuthenticationConfiguration initializeConfiguration(final URI uri, AuthenticationConfiguration configuration) { final SecurityDomain authenticationNameForwardSecurityDomain = configuration.authenticationNameForwardSecurityDomain; final String userInfo = uri.getUserInfo(); if (userInfo != null && configuration.getPrincipal() == AnonymousPrincipal.getInstance() && authenticationNameForwardSecurityDomain == null) { configuration = configuration.useName(userInfo); } // capture forwards if (authenticationNameForwardSecurityDomain != null) { configuration = configuration.useForwardedAuthenticationIdentity(null).usePrincipal(authenticationNameForwardSecurityDomain.getCurrentSecurityIdentity().getPrincipal()); } final SecurityDomain authenticationCredentialsForwardSecurityDomain = configuration.authenticationCredentialsForwardSecurityDomain; if (authenticationCredentialsForwardSecurityDomain != null) { final SecurityIdentity securityIdentity = authenticationCredentialsForwardSecurityDomain.getCurrentSecurityIdentity(); final IdentityCredentials privateCredentials = securityIdentity.getPrivateCredentials(); final IdentityCredentials publicCredentials = securityIdentity.getPublicCredentials(); // private overrides public configuration = configuration.useForwardedAuthenticationCredentials(null).useCredentials(publicCredentials.with(privateCredentials)); } final SecurityDomain authorizationNameForwardSecurityDomain = configuration.authorizationNameForwardSecurityDomain; if (authorizationNameForwardSecurityDomain != null) { configuration = configuration.useForwardedAuthorizationIdentity(null).useAuthorizationPrincipal(authorizationNameForwardSecurityDomain.getCurrentSecurityIdentity().getPrincipal()); } final AccessControlContext capturedContext = configuration.getCapturedContext(); if (capturedContext == null) { configuration = configuration.withCapturedAccessControlContext(); } return configuration; }
final SecurityIdentity currentIdentity = securityDomain == null ? null : securityDomain.getCurrentSecurityIdentity();