@Override public AuthenticationResponse authenticate() { return atnClientBuilder().buildAndGet(); }
@Override public SecurityRequestBuilder<?> securityRequestBuilder() { return securityRequestBuilder(env()); }
@SuppressWarnings("unchecked") @Override public boolean isUserInRole(String role) { if (!isAuthenticated()) { return false; } Optional<AuthorizationProvider> authorizationProvider = security.providerSelectionPolicy() .selectProvider(AuthorizationProvider.class); return authorizationProvider.map(provider -> provider.isUserInRole(currentSubject, role)) .orElseGet(() -> user().map(Security::getRoles) .orElse(CollectionsHelper.setOf()) .stream() .anyMatch(role::equals)); }
if (response.status().isSuccess()) { context.audit(SecurityAuditEvent.success(AuditEvent.OUTBOUND_TYPE_PREFIX + ".outbound", "Provider %s. Request %s. Subject %s") .addParam(AuditEvent.AuditParam .addParam(AuditEvent.AuditParam.plain("request", this)) .addParam(AuditEvent.AuditParam .plain("subject", context.user().orElse(SecurityContext.ANONYMOUS)))); } else { context.audit(SecurityAuditEvent.failure(AuditEvent.OUTBOUND_TYPE_PREFIX + ".outbound", "Provider %s, Description %s, Request %s. Subject %s") .addParam(AuditEvent.AuditParam .plain("exception", response.throwable().orElse(null))) .addParam(AuditEvent.AuditParam .plain("subject", context.user().orElse(SecurityContext.ANONYMOUS)))); context.audit(SecurityAuditEvent.error(AuditEvent.OUTBOUND_TYPE_PREFIX + ".outbound", "Provider %s, Description %s, Request %s. Subject %s") .addParam(AuditEvent.AuditParam.plain("provider", providerInstance.getClass().getName())) .addParam(AuditEvent.AuditParam.plain("exception", e)) .addParam(AuditEvent.AuditParam .plain("subject", context.user().orElse(SecurityContext.ANONYMOUS)))); throw new SecurityException("Failed to process security", e); });
@Override public void runAs(Subject subject, Runnable runnable) { audit(SecurityAuditEvent.info(AuditEvent.SECURITY_TYPE_PREFIX + ".runAs", "runAs(Subject,Runnable) invoked for %s") .addParam(AuditEvent.AuditParam.plain("subject", subject))); Subject original = currentSubject; try { currentSubject = subject; runnable.run(); } finally { currentSubject = original; } }
@Override public boolean isAuthenticated() { return user().isPresent(); }
@Override public AuthorizationResponse authorize(Object... resource) { atzChecked.set(true); SecurityClientBuilder<AuthorizationResponse> builder = atzClientBuilder(); for (int i = 0; i < resource.length; i++) { if (i == 0) { builder.object(resource[i]); } builder.object("object" + i, resource[i]); } return builder.buildAndGet(); }
@Override public SecurityContext build() { if (null == env) { env = SecurityEnvironment.builder(serverTime).build(); } if (null == ec) { ec = EndpointConfig.builder().build(); } return new SecurityContextImpl(this); }
@Override public void runAs(String role, Runnable runnable) { Subject currentSubject = this.currentSubject; Subject runAsSubject = Subject.builder() .principal(currentSubject.principal()) .addGrant(Role.create(role)) .build(); runAs(runAsSubject, runnable); }
context.audit(SecurityAuditEvent.success( AuditEvent.AUTHZ_TYPE_PREFIX + ".authorize", "Provider %s. Request %s. Subject %s") .addParam(AuditEvent.AuditParam.plain("request", this)) .addParam(AuditEvent.AuditParam.plain("subject", context.user() .orElse(SecurityContext.ANONYMOUS)))); } else { context.audit(SecurityAuditEvent.failure( AuditEvent.AUTHZ_TYPE_PREFIX + ".authorize", "Provider %s, Description %s, Request %s. Subject %s") .addParam(AuditEvent.AuditParam.plain("request", this)) .addParam(AuditEvent.AuditParam.plain("subject", context.user() .orElse(SecurityContext.ANONYMOUS))) .addParam(AuditEvent.AuditParam context.audit(SecurityAuditEvent.error( AuditEvent.AUTHZ_TYPE_PREFIX + ".authorize", "Provider %s, Description %s, Request %s. Subject %s. %s: %s") .addParam(AuditEvent.AuditParam.plain("request", this)) .addParam(AuditEvent.AuditParam.plain("subject", context.user() .orElse(SecurityContext.ANONYMOUS))) .addParam(AuditEvent.AuditParam.plain("message", throwable.getMessage()))
context.audit(SecurityAuditEvent .success( AuditEvent.AUTHN_TYPE_PREFIX + ".authenticate", context.audit(event); return response; }).exceptionally(throwable -> { context.audit(SecurityAuditEvent .error(AuditEvent.AUTHN_TYPE_PREFIX + ".authenticate", "Provider %s. Message: %s") .addParam(AuditEvent.AuditParam