@Override boolean authorize(final boolean requireLoginPermission) throws RealmUnavailableException { return ! requireLoginPermission || anonymousIdentity.implies(LoginPermission.getInstance()); }
@Override boolean authorize(final boolean requireLoginPermission) throws RealmUnavailableException { return ! requireLoginPermission || authorizedIdentity.implies(LoginPermission.getInstance()); }
private boolean impliesIdentityPermission(Permission permission) { SecurityIdentity actualIdentity = getCurrentSecurityIdentity(); return actualIdentity != null && actualIdentity.implies(permission); }
private void checkPermission(final String targetName) { if (permissionsCheckEnabled.get()) { final SecurityAwareBatchEnvironment environment = getBatchEnvironment(); final SecurityIdentity identity = environment.getIdentity(); if (identity != null) { final BatchPermission permission = BatchPermission.forName(targetName); if (!identity.implies(permission)) { throw BatchLogger.LOGGER.unauthorized(identity.getPrincipal().getName(), permission); } } } }
@Override boolean authorizeAnonymous(final boolean requireLoginPermission) { final AtomicReference<State> stateRef = getStateRef(); final SecurityIdentity anonymousIdentity = getSecurityDomain().getAnonymousSecurityIdentity(); return (! requireLoginPermission || anonymousIdentity.implies(LoginPermission.getInstance())) && (stateRef.compareAndSet(this, new AnonymousAuthorizedState(anonymousIdentity)) || stateRef.get().authorizeAnonymous(requireLoginPermission)); }
@Override boolean authorize(final boolean requireLoginPermission) throws RealmUnavailableException { final SecurityIdentity capturedIdentity = this.capturedIdentity; if (capturedIdentity.isAnonymous()) { return authorizeAnonymous(requireLoginPermission); } final AtomicReference<State> stateRef = getStateRef(); return (! requireLoginPermission || capturedIdentity.implies(LoginPermission.getInstance())) && (stateRef.compareAndSet(this, new AuthorizedState(capturedIdentity, capturedIdentity.getPrincipal(), capturedIdentity.getRealmInfo(), mechanismConfiguration, getMechanismRealmConfiguration())) || stateRef.get().authorize(requireLoginPermission)); }
private SecurityIdentity getSecurityIdentity(int msgId, int invId, int secContext, boolean hasSecContext) { SecurityIdentity securityIdentity; if (hasSecContext) { securityIdentity = channel.getConnection().getLocalIdentity(secContext); } else { securityIdentity = channel.getConnection().getLocalIdentity(); } if(!securityIdentity.implies(RemoteTransactionPermission.getInstance())) { writeExceptionResponse(msgId, invId, P_SEC_EXC, log.noPermission(securityIdentity.getPrincipal().getName(), RemoteTransactionPermission.getInstance())); return null; } return securityIdentity; }
if (authorizeRunAs && ! sourceIdentity.implies(new RunAsPrincipalPermission(nameAssignedState.getAuthenticationPrincipal().getName()))) { ElytronMessages.log.tracef("Authorization failed - source identity does not have RunAsPrincipalPermission"); return false;
try { String targetName = nameAssignedState.getAuthenticationPrincipal().getName(); if (authorizeRunAs && ! authorizedIdentity.implies(new RunAsPrincipalPermission(targetName))) { ElytronMessages.log.tracef("RunAs authorization failed - identity does not have required RunAsPrincipalPermission(%s)", targetName); return null;
if (! authorizedIdentity.implies(LoginPermission.getInstance())) { SecurityRealm.safeHandleRealmEvent(realmInfo.getSecurityRealm(), new RealmIdentityFailedAuthorizationEvent(authorizedIdentity.getAuthorizationIdentity(), authorizedIdentity.getPrincipal(), authenticationPrincipal)); ElytronMessages.log.trace("Authorization failed - identity does not have required LoginPermission");
@Override boolean authorize(final boolean requireLoginPermission) throws RealmUnavailableException { return ! requireLoginPermission || authorizedIdentity.implies(LoginPermission.getInstance()); }
@Override boolean authorize(final boolean requireLoginPermission) throws RealmUnavailableException { return ! requireLoginPermission || authorizedIdentity.implies(LoginPermission.getInstance()); }
@Override boolean authorize(final boolean requireLoginPermission) throws RealmUnavailableException { return ! requireLoginPermission || anonymousIdentity.implies(LoginPermission.getInstance()); }
private void checkPermission(final String targetName) { if (permissionsCheckEnabled.get()) { final SecurityAwareBatchEnvironment environment = getBatchEnvironment(); final SecurityIdentity identity = environment.getIdentity(); if (identity != null) { final BatchPermission permission = BatchPermission.forName(targetName); if (!identity.implies(permission)) { throw BatchLogger.LOGGER.unauthorized(identity.getPrincipal().getName(), permission); } } } }
@Override boolean authorizeAnonymous(final boolean requireLoginPermission) { final AtomicReference<State> stateRef = getStateRef(); final SecurityIdentity anonymousIdentity = getSecurityDomain().getAnonymousSecurityIdentity(); return (! requireLoginPermission || anonymousIdentity.implies(LoginPermission.getInstance())) && (stateRef.compareAndSet(this, new AnonymousAuthorizedState(anonymousIdentity)) || stateRef.get().authorizeAnonymous(requireLoginPermission)); }
@Override boolean authorizeAnonymous(final boolean requireLoginPermission) { final AtomicReference<State> stateRef = getStateRef(); final SecurityIdentity anonymousIdentity = getSecurityDomain().getAnonymousSecurityIdentity(); return (! requireLoginPermission || anonymousIdentity.implies(LoginPermission.getInstance())) && (stateRef.compareAndSet(this, new AnonymousAuthorizedState(anonymousIdentity)) || stateRef.get().authorizeAnonymous(requireLoginPermission)); }
@Override boolean authorizeAnonymous(final boolean requireLoginPermission) { final AtomicReference<State> stateRef = getStateRef(); final SecurityIdentity anonymousIdentity = getSecurityDomain().getAnonymousSecurityIdentity(); return (! requireLoginPermission || anonymousIdentity.implies(LoginPermission.getInstance())) && (stateRef.compareAndSet(this, new AnonymousAuthorizedState(anonymousIdentity)) || stateRef.get().authorizeAnonymous(requireLoginPermission)); }
@Override boolean authorize(final boolean requireLoginPermission) throws RealmUnavailableException { final SecurityIdentity capturedIdentity = this.capturedIdentity; if (capturedIdentity.isAnonymous()) { return authorizeAnonymous(requireLoginPermission); } final AtomicReference<State> stateRef = getStateRef(); return (! requireLoginPermission || capturedIdentity.implies(LoginPermission.getInstance())) && (stateRef.compareAndSet(this, new AuthorizedState(capturedIdentity, capturedIdentity.getPrincipal(), capturedIdentity.getRealmInfo(), mechanismConfiguration, getMechanismRealmConfiguration())) || stateRef.get().authorize(requireLoginPermission)); }
@Override boolean authorize(final boolean requireLoginPermission) throws RealmUnavailableException { final SecurityIdentity capturedIdentity = this.capturedIdentity; if (capturedIdentity.isAnonymous()) { return authorizeAnonymous(requireLoginPermission); } final AtomicReference<State> stateRef = getStateRef(); return (! requireLoginPermission || capturedIdentity.implies(LoginPermission.getInstance())) && (stateRef.compareAndSet(this, new AuthorizedState(capturedIdentity, capturedIdentity.getPrincipal(), capturedIdentity.getRealmInfo(), mechanismConfiguration, getMechanismRealmConfiguration())) || stateRef.get().authorize(requireLoginPermission)); }
@Override boolean authorize(final boolean requireLoginPermission) throws RealmUnavailableException { final SecurityIdentity capturedIdentity = this.capturedIdentity; if (capturedIdentity.isAnonymous()) { return authorizeAnonymous(requireLoginPermission); } final AtomicReference<State> stateRef = getStateRef(); return (! requireLoginPermission || capturedIdentity.implies(LoginPermission.getInstance())) && (stateRef.compareAndSet(this, new AuthorizedState(capturedIdentity, capturedIdentity.getPrincipal(), capturedIdentity.getRealmInfo(), mechanismConfiguration, getMechanismRealmConfiguration())) || stateRef.get().authorize(requireLoginPermission)); }