@Override protected void runWork() throws WorkCompletedException { // if there is security and elytron is enabled, we need to let the context run the remainder of the work // so the context can run the work as the specified Elytron identity if (securityIntegration.getSecurityContext() != null && ((CallbackImpl) workManager.getCallbackSecurity()).isElytronEnabled()) ((ElytronSecurityContext) securityIntegration.getSecurityContext()).runWork(() -> { try { WildflyWorkWrapper.super.runWork(); } catch (WorkCompletedException e) { ConnectorLogger.ROOT_LOGGER.unexceptedWorkerCompletionError(e.getLocalizedMessage(),e); } }); // delegate to super class if there is no elytron enabled else super.runWork(); } }
@Override public CallbackHandler createCallbackHandler(final Callback callback) { assert callback != null; // TODO switch to use the elytron security domain once the callback has that info available. final String securityDomainName = callback.getDomain(); // get domain reference from the service container and create the callback handler using the domain. if (securityDomainName != null) { final ServiceContainer container = this.currentServiceContainer(); final ServiceName securityDomainServiceName = SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName(securityDomainName); final SecurityDomain securityDomain = (SecurityDomain) container.getRequiredService(securityDomainServiceName).getValue(); return new ElytronCallbackHandler(securityDomain, callback); } // TODO use subsystem logger for the exception. throw ConnectorLogger.ROOT_LOGGER.invalidCallbackSecurityDomain(); }
if (this.mappings != null && this.mappings.isMappingRequired()) callbacks = this.mappings.mapCallbacks(callbacks);
if (workManager.getCallbackSecurity() != null) cbh = securityIntegration.createCallbackHandler(workManager.getCallbackSecurity()); cbh = securityIntegration.createCallbackHandler(); if (securityIntegration.getSecurityContext() == null || workManager.getCallbackSecurity().getDomain() != null) String scDomain = workManager.getCallbackSecurity().getDomain(); sc = securityIntegration.createSecurityContext(scDomain); securityIntegration.setSecurityContext(sc); sc = securityIntegration.getSecurityContext(); executionSubject = sc.getAuthenticatedSubject(); if (workManager.getCallbackSecurity().getDefaultPrincipal() != null) Principal defaultPrincipal = workManager.getCallbackSecurity().getDefaultPrincipal(); if (workManager.getCallbackSecurity().getDefaultGroups() != null) String[] defaultGroups = workManager.getCallbackSecurity().getDefaultGroups(); sc.setAuthenticatedSubject(executionSubject);
SecurityActions.setThreadContextClassLoader(work.getClass().getClassLoader()); org.jboss.jca.core.spi.security.SecurityContext oldSC = securityIntegration.getSecurityContext(); securityIntegration.setSecurityContext(oldSC); SecurityActions.setThreadContextClassLoader(oldCL);
public Subject run() { return subjectFactory.createSubject(domain); } });
@Override public void stop(StopContext context) { value.shutdown(); try { if (callback != null) callback.stop(); } catch (Throwable t) { ROOT_LOGGER.debug(t.getMessage(), t); } }
/** * {@inheritDoc} */ public void handle(javax.security.auth.callback.Callback[] callbacks) throws UnsupportedCallbackException, IOException { if (log.isTraceEnabled()) log.tracef("handle(%s)", Arrays.toString(callbacks)); if (callbacks != null && callbacks.length > 0) { if (mappings != null && mappings.isMappingRequired()) { callbacks = mappings.mapCallbacks(callbacks); } JASPICallbackHandler jaspi = new JASPICallbackHandler(); jaspi.handle(callbacks); } }
@Override public CallbackHandler createCallbackHandler(final Callback callback) { assert callback != null; // TODO switch to use the elytron security domain once the callback has that info available. final String securityDomainName = callback.getDomain(); // get domain reference from the service container and create the callback handler using the domain. if (securityDomainName != null) { final ServiceContainer container = this.currentServiceContainer(); final ServiceName securityDomainServiceName = SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName(securityDomainName); final SecurityDomain securityDomain = (SecurityDomain) container.getRequiredService(securityDomainServiceName).getValue(); return new ElytronCallbackHandler(securityDomain, callback); } // TODO use subsystem logger for the exception. throw ConnectorLogger.ROOT_LOGGER.invalidCallbackSecurityDomain(); }
@Override protected void runWork() throws WorkCompletedException { // if there is security and elytron is enabled, we need to let the context run the remainder of the work // so the context can run the work as the specified Elytron identity if (securityIntegration.getSecurityContext() != null && ((CallbackImpl) workManager.getCallbackSecurity()).isElytronEnabled()) ((ElytronSecurityContext) securityIntegration.getSecurityContext()).runWork(() -> { try { WildflyWorkWrapper.super.runWork(); } catch (WorkCompletedException e) { ConnectorLogger.ROOT_LOGGER.unexceptedWorkerCompletionError(e.getLocalizedMessage(),e); } }); // delegate to super class if there is no elytron enabled else super.runWork(); } }
public Subject run() { return subjectFactory.createSubject(domain); } });
if (this.mappings != null && this.mappings.isMappingRequired()) callbacks = this.mappings.mapCallbacks(callbacks);
/** * Get a Subject instance * @param subjectFactory The subject factory * @param domain The domain * @return The instance */ static Subject createSubject(final SubjectFactory subjectFactory, final String domain) { if (System.getSecurityManager() == null) return subjectFactory.createSubject(domain); return AccessController.doPrivileged(new PrivilegedAction<Subject>() { public Subject run() { return subjectFactory.createSubject(domain); } }); }
/** * Get a Subject instance * @param subjectFactory The subject factory * @param domain The domain * @return The instance */ static Subject createSubject(final SubjectFactory subjectFactory, final String domain) { if (System.getSecurityManager() == null) return subjectFactory.createSubject(domain); return AccessController.doPrivileged(new PrivilegedAction<Subject>() { public Subject run() { return subjectFactory.createSubject(domain); } }); }
public Subject run() { try { Subject subject = subjectFactory.createSubject(securityDomain); Set<PasswordCredential> pcs = subject.getPrivateCredentials(PasswordCredential.class); if (pcs.size() > 0) { for (PasswordCredential pc : pcs) { pc.setManagedConnectionFactory(mcf); } } return subject; } catch (Throwable t) { log.exceptionDuringCreateSubject(jndiName, t.getMessage(), t); } return null; } });