private Set<SecurityIdentity> outflowIdentity(final SecurityIdentity securityIdentity) { Set<SecurityIdentity> outflowedIdentities = new HashSet<>(outflowSecurityDomains.size()); if (securityIdentity != null) { // Attempt to outflow the established identity to each domain in the list for (SecurityDomain outflowSecurityDomain : outflowSecurityDomains) { try { ServerAuthenticationContext serverAuthenticationContext = outflowSecurityDomain.createNewAuthenticationContext(); if (serverAuthenticationContext.importIdentity(securityIdentity)) { outflowedIdentities.add(serverAuthenticationContext.getAuthorizedIdentity()); } } catch (RealmUnavailableException | IllegalStateException e) { // Ignored } } } return outflowedIdentities; }
/** * Attempt to create a new identity that can be used to run as a user with the given principal. * * Calling with enabled security manager requires {@code setRunAsPrincipal} {@link ElytronPermission}. * * @param principal the principal to attempt to run as * @param authorize whether to check the current identity is authorized to run as a user * with the given principal (has {@link RunAsPrincipalPermission}) * @return the new security identity * @throws SecurityException if the caller does not have the {@code setRunAsPrincipal} * {@link ElytronPermission} or if the operation authorization failed for any other reason */ public SecurityIdentity createRunAsIdentity(Principal principal, boolean authorize) throws SecurityException { Assert.checkNotNullParam("principal", principal); final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(SET_RUN_AS_PERMISSION); } try (final ServerAuthenticationContext context = securityDomain.createNewAuthenticationContext(this, MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY))) { if (! (context.importIdentity(this) && context.authorize(principal, authorize))) { throw log.runAsAuthorizationFailed(this.principal, principal, null); } return context.getAuthorizedIdentity(); } catch (RealmUnavailableException e) { throw log.runAsAuthorizationFailed(this.principal, principal, e); } }
sac.importIdentity(securityIdentity); sac.authorize(); authorizedIdentity = sac.getAuthorizedIdentity();
Principal principal = null; SecurityIdentity identity = authorizeCallback.getIdentity(); if (identity != null && importIdentity(identity)) { authorizedIdentity = getAuthorizedIdentity(); } else {
private static SecurityIdentity[] performOutflow(SecurityIdentity identity, boolean outflowAnonymous, Set<SecurityDomain> outflowDomains) { List<SecurityIdentity> outflowIdentities = new ArrayList<>(outflowDomains.size()); for (SecurityDomain d : outflowDomains) { ServerAuthenticationContext sac = d.createNewAuthenticationContext(); try { if (sac.importIdentity(identity)) { outflowIdentities.add(sac.getAuthorizedIdentity()); } else if (outflowAnonymous) { outflowIdentities.add(d.getAnonymousSecurityIdentity()); } } catch (RealmUnavailableException e) { throw ROOT_LOGGER.unableToPerformOutflow(identity.getPrincipal().getName(), e); } } return outflowIdentities.toArray(new SecurityIdentity[outflowIdentities.size()]); }
/** * Attempt to create a new identity that can be used to run as a user with the given principal. * * Calling with enabled security manager requires {@code setRunAsPrincipal} {@link ElytronPermission}. * * @param principal the principal to attempt to run as * @param authorize whether to check the current identity is authorized to run as a user * with the given principal (has {@link RunAsPrincipalPermission}) * @return the new security identity * @throws SecurityException if the caller does not have the {@code setRunAsPrincipal} * {@link ElytronPermission} or if the operation authorization failed for any other reason */ public SecurityIdentity createRunAsIdentity(Principal principal, boolean authorize) throws SecurityException { Assert.checkNotNullParam("principal", principal); final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(SET_RUN_AS_PERMISSION); } try (final ServerAuthenticationContext context = securityDomain.createNewAuthenticationContext(this, MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY))) { if (! (context.importIdentity(this) && context.authorize(principal, authorize))) { throw log.runAsAuthorizationFailed(this.principal, principal, null); } return context.getAuthorizedIdentity(); } catch (RealmUnavailableException e) { throw log.runAsAuthorizationFailed(this.principal, principal, e); } }
/** * Attempt to create a new identity that can be used to run as a user with the given principal. * * Calling with enabled security manager requires {@code setRunAsPrincipal} {@link ElytronPermission}. * * @param principal the principal to attempt to run as * @param authorize whether to check the current identity is authorized to run as a user * with the given principal (has {@link RunAsPrincipalPermission}) * @return the new security identity * @throws SecurityException if the caller does not have the {@code setRunAsPrincipal} * {@link ElytronPermission} or if the operation authorization failed for any other reason */ public SecurityIdentity createRunAsIdentity(Principal principal, boolean authorize) throws SecurityException { Assert.checkNotNullParam("principal", principal); final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(SET_RUN_AS_PERMISSION); } try (final ServerAuthenticationContext context = securityDomain.createNewAuthenticationContext(this, MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY))) { if (! (context.importIdentity(this) && context.authorize(principal, authorize))) { throw log.runAsAuthorizationFailed(this.principal, principal, null); } return context.getAuthorizedIdentity(); } catch (RealmUnavailableException e) { throw log.runAsAuthorizationFailed(this.principal, principal, e); } }
/** * Attempt to create a new identity that can be used to run as a user with the given principal. * * Calling with enabled security manager requires {@code setRunAsPrincipal} {@link ElytronPermission}. * * @param principal the principal to attempt to run as * @param authorize whether to check the current identity is authorized to run as a user * with the given principal (has {@link RunAsPrincipalPermission}) * @return the new security identity * @throws SecurityException if the caller does not have the {@code setRunAsPrincipal} * {@link ElytronPermission} or if the operation authorization failed for any other reason */ public SecurityIdentity createRunAsIdentity(Principal principal, boolean authorize) throws SecurityException { Assert.checkNotNullParam("principal", principal); final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(SET_RUN_AS_PERMISSION); } try (final ServerAuthenticationContext context = securityDomain.createNewAuthenticationContext(this, MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY))) { if (! (context.importIdentity(this) && context.authorize(principal, authorize))) { throw log.runAsAuthorizationFailed(this.principal, principal, null); } return context.getAuthorizedIdentity(); } catch (RealmUnavailableException e) { throw log.runAsAuthorizationFailed(this.principal, principal, e); } }
ServerAuthenticationContext serverAuthenticationContext = SecurityActions.createServerAuthenticationContext(configuredSecurityDomain); try { if (serverAuthenticationContext.importIdentity(securityIdentity)) { return serverAuthenticationContext.getAuthorizedIdentity(); if (serverAuthenticationContext.importIdentity(securityIdentity)) { return serverAuthenticationContext.getAuthorizedIdentity();
ServerAuthenticationContext serverAuthenticationContext = SecurityActions.createServerAuthenticationContext(configuredSecurityDomain); try { if (serverAuthenticationContext.importIdentity(securityIdentity)) { return serverAuthenticationContext.getAuthorizedIdentity(); if (serverAuthenticationContext.importIdentity(securityIdentity)) { return serverAuthenticationContext.getAuthorizedIdentity();
sac.importIdentity(securityIdentity); sac.authorize(); authorizedIdentity = sac.getAuthorizedIdentity();
sac.importIdentity(securityIdentity); sac.authorize(); authorizedIdentity = sac.getAuthorizedIdentity();
Principal principal = null; SecurityIdentity identity = authorizeCallback.getIdentity(); if (identity != null && importIdentity(identity)) { authorizedIdentity = getAuthorizedIdentity(); } else {
Principal principal = null; SecurityIdentity identity = authorizeCallback.getIdentity(); if (identity != null && importIdentity(identity)) { authorizedIdentity = getAuthorizedIdentity(); } else {
Principal principal = null; SecurityIdentity identity = authorizeCallback.getIdentity(); if (identity != null && importIdentity(identity)) { authorizedIdentity = getAuthorizedIdentity(); } else {