/** * Create a new security identity which is the same as this one, but which includes the given credential as a * public credential. * * @param credential the credential (must not be {@code null}) * @return the new identity */ public SecurityIdentity withPublicCredential(Credential credential) { Assert.checkNotNullParam("credential", credential); return new SecurityIdentity(this, credential, false); }
/** * Create a new security identity which is the same as this one, but which includes the given credential as a * private credential. * * @param credential the credential (must not be {@code null}) * @return the new identity */ public SecurityIdentity withPrivateCredential(Credential credential) { Assert.checkNotNullParam("credential", credential); return new SecurityIdentity(this, credential, true); }
/** * Create a new security identity which is the same as this one, but which includes the given credentials as * private credentials. * * @param credentials the credential set (must not be {@code null}) * @return the new identity */ public SecurityIdentity withPrivateCredentials(final IdentityCredentials credentials) { Assert.checkNotNullParam("credentials", credentials); return credentials == IdentityCredentials.NONE ? this : new SecurityIdentity(this, credentials, true); }
/** * Create a new security identity which is the same as this one, but which includes the given credentials as * public credentials. * * @param credentials the credential set (must not be {@code null}) * @return the new identity */ public SecurityIdentity withPublicCredentials(final IdentityCredentials credentials) { Assert.checkNotNullParam("credentials", credentials); return credentials == IdentityCredentials.NONE ? this : new SecurityIdentity(this, credentials, false); }
/** * Create an empty ad-hoc identity. The identity will have no authorization information and no credentials associated * with it. * * Calling with enabled security manager requires {@code createAdHocIdentity} {@link ElytronPermission}. * * @param principal the identity principal (must not be {@code null}) * @return the ad-hoc identity */ public SecurityIdentity createAdHocIdentity(Principal principal) { checkNotNullParam("principal", principal); final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(CREATE_AD_HOC_IDENTITY); } return new SecurityIdentity(this, principal, EMPTY_REALM_INFO, AuthorizationIdentity.EMPTY, emptyMap(), IdentityCredentials.NONE, IdentityCredentials.NONE); }
/** * Attempt to create a new identity that is the same as this identity but with a {@link Supplier Supplier<SecurityIdentity[]>} to supply identities that will be associated with all 'run' calls. * * Any existing individual identities associated with this identity will be dropped. * * The supplier will be called for each run call so were possible should handle it's own optimisation. * * @param securityIdentities a {@link Supplier Supplier<SecurityIdentity[]>} for identities to be associated with every run call. * @return the new identity * @throws IllegalArgumentException if the supplied identity */ public SecurityIdentity withSecurityIdentitySupplier(Supplier<SecurityIdentity[]> securityIdentities) { Assert.checkNotNullParam("securityIdentities", securityIdentities); if (this.withSuppliedIdentities == securityIdentities) { return this; } return new SecurityIdentity(this, securityIdentities); }
/** * Attempt to create a new identity which wraps the default roles with a default role mapper. * * @param roleMapper the roleMapper to map the roles. * @return the new identity * @throws SecurityException if the calling class is not granted the withDefaultRoleMapper permission. */ public SecurityIdentity withDefaultRoleMapper(final RoleMapper roleMapper) { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(WITH_DEFAULT_ROLE_MAPPER_PERMISSION); } return new SecurityIdentity(this, (SecurityIdentity si) -> roleMapper.mapRoles(this.getRoles())); }
/** * Create a new security identity which is the same as this one, but which limits authorization privileges to the * intersection of the current privileges and the given verifier. * * @param verifier the restricted verifier (must not be {@code null}) * @return the restricted identity */ public SecurityIdentity intersectWith(PermissionVerifier verifier) { Assert.checkNotNullParam("verifier", verifier); return new SecurityIdentity(this, this.verifier.and(verifier)); }
SecurityDomain(Builder builder, final LinkedHashMap<String, RealmInfo> realmMap) { this.realmMap = realmMap; this.defaultRealmName = builder.defaultRealmName; this.preRealmPrincipalRewriter = builder.principalDecoder.andThen(builder.preRealmRewriter); this.realmMapper = builder.realmMapper; this.roleMapper = builder.roleMapper; this.permissionMapper = builder.permissionMapper; this.postRealmPrincipalRewriter = builder.postRealmRewriter; this.securityIdentityTransformer = builder.securityIdentityTransformer; this.trustedSecurityDomain = builder.trustedSecurityDomain; this.securityEventListener = builder.securityEventListener; final Map<String, RoleMapper> originalRoleMappers = builder.categoryRoleMappers; final Map<String, RoleMapper> copiedRoleMappers; if (originalRoleMappers.isEmpty()) { copiedRoleMappers = emptyMap(); } else if (originalRoleMappers.size() == 1) { final Map.Entry<String, RoleMapper> entry = originalRoleMappers.entrySet().iterator().next(); copiedRoleMappers = Collections.singletonMap(entry.getKey(), entry.getValue()); } else { copiedRoleMappers = new LinkedHashMap<>(originalRoleMappers); } this.categoryRoleMappers = copiedRoleMappers; // todo configurable anonymousIdentity = Assert.assertNotNull(securityIdentityTransformer.apply(new SecurityIdentity(this, AnonymousPrincipal.getInstance(), EMPTY_REALM_INFO, AuthorizationIdentity.EMPTY, copiedRoleMappers, IdentityCredentials.NONE, IdentityCredentials.NONE))); currentSecurityIdentity = ThreadLocal.withInitial(() -> anonymousIdentity); }
return new SecurityIdentity(this, withIdentities.toArray(new SecurityIdentity[0]));
newMap.put(category, roleMapper); return new SecurityIdentity(this, newMap);
final SecurityDomain domain = capturedIdentity.getSecurityDomain(); SecurityIdentity authorizedIdentity = Assert.assertNotNull(domain.transform(new SecurityIdentity(domain, authenticationPrincipal, realmInfo, authorizationIdentity, domain.getCategoryRoleMappers(), IdentityCredentials.NONE, IdentityCredentials.NONE))); authorizedIdentity = authorizedIdentity.withPublicCredentials(publicCredentials).withPrivateCredentials(privateCredentials); if (log.isTraceEnabled()) {
/** * Create a new security identity which is the same as this one, but which includes the given credential as a * public credential. * * @param credential the credential (must not be {@code null}) * @return the new identity */ public SecurityIdentity withPublicCredential(Credential credential) { Assert.checkNotNullParam("credential", credential); return new SecurityIdentity(this, credential, false); }
/** * Create a new security identity which is the same as this one, but which includes the given credential as a * private credential. * * @param credential the credential (must not be {@code null}) * @return the new identity */ public SecurityIdentity withPrivateCredential(Credential credential) { Assert.checkNotNullParam("credential", credential); return new SecurityIdentity(this, credential, true); }
/** * Create a new security identity which is the same as this one, but which includes the given credentials as * private credentials. * * @param credentials the credential set (must not be {@code null}) * @return the new identity */ public SecurityIdentity withPrivateCredentials(final IdentityCredentials credentials) { Assert.checkNotNullParam("credentials", credentials); return credentials == IdentityCredentials.NONE ? this : new SecurityIdentity(this, credentials, true); }
/** * Create a new security identity which is the same as this one, but which includes the given credentials as * private credentials. * * @param credentials the credential set (must not be {@code null}) * @return the new identity */ public SecurityIdentity withPrivateCredentials(final IdentityCredentials credentials) { Assert.checkNotNullParam("credentials", credentials); return credentials == IdentityCredentials.NONE ? this : new SecurityIdentity(this, credentials, true); }
/** * Create a new security identity which is the same as this one, but which includes the given credential as a * public credential. * * @param credential the credential (must not be {@code null}) * @return the new identity */ public SecurityIdentity withPublicCredential(Credential credential) { Assert.checkNotNullParam("credential", credential); return new SecurityIdentity(this, credential, false); }
/** * Create a new security identity which is the same as this one, but which includes the given credential as a * private credential. * * @param credential the credential (must not be {@code null}) * @return the new identity */ public SecurityIdentity withPrivateCredential(Credential credential) { Assert.checkNotNullParam("credential", credential); return new SecurityIdentity(this, credential, true); }
/** * Create a new security identity which is the same as this one, but which includes the given credential as a * public credential. * * @param credential the credential (must not be {@code null}) * @return the new identity */ public SecurityIdentity withPublicCredential(Credential credential) { Assert.checkNotNullParam("credential", credential); return new SecurityIdentity(this, credential, false); }
/** * Create a new security identity which is the same as this one, but which limits authorization privileges to the * intersection of the current privileges and the given verifier. * * @param verifier the restricted verifier (must not be {@code null}) * @return the restricted identity */ public SecurityIdentity intersectWith(PermissionVerifier verifier) { Assert.checkNotNullParam("verifier", verifier); return new SecurityIdentity(this, this.verifier.and(verifier)); }