static Subject getSubject() { if (WildFlySecurityManager.isChecking()) { return doPrivileged(new PrivilegedAction<Subject>() { public Subject run() { Subject subject = null; SecurityContext sc = getSecurityContext(); if (sc != null) { subject = sc.getUtil().getSubject(); } return subject; } }); } else { Subject subject = null; SecurityContext sc = getSecurityContext(); if (sc != null) { subject = sc.getUtil().getSubject(); } return subject; } } }
private SubjectInfo getSubjectInfo(final SecurityContext context) { if (System.getSecurityManager() == null) { return context.getSubjectInfo(); } return AccessController.doPrivileged(new PrivilegedAction<SubjectInfo>() { @Override public SubjectInfo run() { return context.getSubjectInfo(); } }); }
/** * Removes the run as identity * * @return the identity removed */ static RunAs popRunAsIdentity(final SecurityContext sc) { if (WildFlySecurityManager.isChecking()) { return AccessController.doPrivileged(new PrivilegedAction<RunAs>() { @Override public RunAs run() { if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } RunAs principal = sc.getOutgoingRunAs(); sc.setOutgoingRunAs(null); return principal; } }); } else { if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } RunAs principal = sc.getOutgoingRunAs(); sc.setOutgoingRunAs(null); return principal; } }
@Override public RunAs run() { if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } RunAs old = sc.getOutgoingRunAs(); sc.setOutgoingRunAs(principal); return old; } });
public void push(final String securityDomain, String userName, char[] password, final Subject subject) { final SecurityContext previous = SecurityContextAssociation.getSecurityContext(); contexts.push(previous); SecurityContext current = establishSecurityContext(securityDomain); if (propagate && previous != null) { current.setSubjectInfo(getSubjectInfo(previous)); current.setIncomingRunAs(previous.getOutgoingRunAs()); } RunAs currentRunAs = current.getIncomingRunAs(); boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity; if (trusted == false) { SecurityContextUtil util = current.getUtil(); util.createSubjectInfo(new SimplePrincipal(userName), new String(password), subject); } }
public void authenticate(final String runAs, final String runAsPrincipal, final Set<String> extraRoles) { SecurityContext current = SecurityContextAssociation.getSecurityContext(); SecurityContext previous = contexts.peek(); // skip reauthentication if the current context already has an authenticated subject (copied from the previous context // upon creation - see push method) and both contexts use the same security domain or there is an incoming RunAs of RunAsIdentity type boolean skipReauthentication = current.getSubjectInfo() != null && current.getSubjectInfo().getAuthenticatedSubject() != null && !current.getSubjectInfo().getAuthenticatedSubject().getPrincipals().isEmpty() && ( (previous != null && current.getSecurityDomain().equals(previous.getSecurityDomain())) || current.getIncomingRunAs() instanceof RunAsIdentity ); if (!skipReauthentication) { SecurityContextUtil util = current.getUtil(); Object credential = util.getCredential(); Subject subject = null; if (credential instanceof RemotingConnectionCredential) { subject = ((RemotingConnectionCredential) credential).getSubject(); } if (authenticate(current, subject) == false) { throw SecurityLogger.ROOT_LOGGER.invalidUserException(); } } // setup the run-as identity. if (runAs != null) { RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles); current.setOutgoingRunAs(runAsIdentity); } else if (propagate && previous != null && previous.getOutgoingRunAs() != null) { // Ensure the propagation continues. current.setOutgoingRunAs(previous.getOutgoingRunAs()); } }
public boolean authorize(String ejbName, CodeSource ejbCodeSource, String ejbMethodIntf, Method ejbMethod, Set<Principal> methodRoles, String contextID) { final SecurityContext securityContext = doPrivileged(securityContext()); if (securityContext == null) { return false; } EJBResource resource = new EJBResource(new HashMap<String, Object>()); resource.setEjbName(ejbName); resource.setEjbMethod(ejbMethod); resource.setEjbMethodInterface(ejbMethodIntf); resource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles)); resource.setCodeSource(ejbCodeSource); resource.setPolicyContextID(contextID); resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs()); resource.setCallerSubject(securityContext.getUtil().getSubject()); Principal userPrincipal = securityContext.getUtil().getUserPrincipal(); resource.setPrincipal(userPrincipal); try { AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext); return helper.authorize(resource); } catch (Exception e) { throw new RuntimeException(e); } }
static Principal getPrincipal() { if (WildFlySecurityManager.isChecking()) { return doPrivileged(new PrivilegedAction<Principal>() { public Principal run() { Principal principal = null; SecurityContext sc = getSecurityContext(); if (sc != null) { principal = sc.getUtil().getUserPrincipal(); } return principal; } }); } else { Principal principal = null; SecurityContext sc = getSecurityContext(); if (sc != null) { principal = sc.getUtil().getUserPrincipal(); } return principal; } }
static Object getCredential() { if (WildFlySecurityManager.isChecking()) { return doPrivileged(new PrivilegedAction<Object>() { public Object run() { Object credential = null; SecurityContext sc = getSecurityContext(); if (sc != null) { credential = sc.getUtil().getCredential(); } return credential; } }); } else { Object credential = null; SecurityContext sc = getSecurityContext(); if (sc != null) { credential = sc.getUtil().getCredential(); } return credential; } }
public static RunAs getRunAsIdentity(final SecurityContext sc) { if (WildFlySecurityManager.isChecking()) { return AccessController.doPrivileged(new PrivilegedAction<RunAs>() { @Override public RunAs run() { if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } return sc.getOutgoingRunAs(); } }); } else { if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } return sc.getOutgoingRunAs(); } } static Subject getSubject() {
public Principal getCallerPrincipal() { final SecurityContext securityContext = doPrivileged(securityContext()); if (securityContext == null) { return getUnauthenticatedIdentity().asPrincipal(); } /* * final Principal principal = getPrincipal(securityContext.getUtil().getSubject()); */ Principal principal = securityContext.getIncomingRunAs(); if (principal == null) principal = getPrincipal(getSubjectInfo(securityContext).getAuthenticatedSubject()); if (principal == null) return getUnauthenticatedIdentity().asPrincipal(); return principal; }
final Principal finalPrincipal = identityPrincipal != null ? identityPrincipal : principal; if (WildFlySecurityManager.isChecking()) { legacyContext = AccessController.doPrivileged((PrivilegedExceptionAction<SecurityContext>) () -> { SecurityContext sc = SecurityContextFactory.createSecurityContext(this.legacySecurityDomain); sc.getUtil().createSubjectInfo(finalPrincipal, finalCredential, null); return sc; }); } else { legacyContext = SecurityContextFactory.createSecurityContext(this.legacySecurityDomain); legacyContext.getUtil().createSubjectInfo(finalPrincipal, finalCredential, null);
private boolean authenticate(SecurityContext context, Subject subject) { SecurityContextUtil util = context.getUtil(); SubjectInfo subjectInfo = getSubjectInfo(context); if (subject == null) { subject = new Subject(); Principal principal = util.getUserPrincipal(); Principal auditPrincipal = principal; Object credential = util.getCredential(); Identity unauthenticatedIdentity = null; if (principal == null) { unauthenticatedIdentity = getUnauthenticatedIdentity(); subjectInfo.addIdentity(unauthenticatedIdentity); auditPrincipal = unauthenticatedIdentity.asPrincipal(); subject.getPrincipals().add(auditPrincipal); authenticated = true; } else { subject.getPrincipals().add(principal); AuthenticationManager authenticationManager = context.getAuthenticationManager(); authenticated = authenticationManager.isValid(principal, credential, subject); subjectInfo.setAuthenticatedSubject(subject); AuditManager auditManager = context.getAuditManager(); if (auditManager != null) { audit(authenticated ? AuditLevel.SUCCESS : AuditLevel.FAILURE, auditManager, auditPrincipal);
private void updateSubjectRoles(final org.jboss.security.SecurityContext jbossSct){ if (jbossSct == null) { throw UndertowLogger.ROOT_LOGGER.nullParamter("org.jboss.security.SecurityContext"); } RoleGroup contextRoleGroup = jbossSct.getUtil().getRoles(); if(contextRoleGroup == null){ return; } Collection<Role> contextRoles = contextRoleGroup.getRoles(); if(contextRoles.isEmpty()){ return; } Subject subject = jbossSct.getUtil().getSubject(); Set<Group> groupPrincipals = subject.getPrincipals(Group.class); Group subjectRoleGroup = null; for (Group candidate : groupPrincipals) { if (candidate.getName().equals(ROLES_IDENTIFIER)) { subjectRoleGroup = candidate; break; } } if (subjectRoleGroup == null) { subjectRoleGroup = new SimpleGroup(ROLES_IDENTIFIER); subject.getPrincipals().add(subjectRoleGroup); } for (Role role : contextRoles) { Principal rolePrincipal = new SimplePrincipal(role.getRoleName()); subjectRoleGroup.addMember(rolePrincipal); } }
AuthConfigProvider provider = factory.getConfigProvider(layer, appContext, null); if(provider == null) throw PicketBoxMessages.MESSAGES.invalidNullAuthConfigProviderForLayer(layer, appContext); SecurityContextAssociation.getSecurityContext().getData().put(AuthException.class.getName(), ae); PicketBoxLogger.LOGGER.errorGettingServerAuthConfig(layer, appContext, ae); return; properties.setProperty("security-domain", super.getSecurityDomain()); if (serviceSubject == null) serviceSubject = new Subject(); ServerAuthContext sctx = null; try SecurityContextAssociation.getSecurityContext().getData().put(AuthException.class.getName(), ae); PicketBoxLogger.LOGGER.errorGettingServerAuthContext(authContextId, super.getSecurityDomain(), ae); return; SecurityContextAssociation.getSecurityContext().getData().put(AuthException.class.getName(), ae); PicketBoxLogger.LOGGER.debugIgnoredException(ae);
Subject callerSubject = sc.getUtil().getSubject(); callerSubject = new Subject();
/** * <p> * Retrieves the authenticated subject from the underlying security context. * </p> * * @return a reference to the authenticated subject. */ private Subject getAuthenticatedSubject() { Subject subject = null; org.jboss.security.SecurityContext picketBoxContext = SecurityActions.getSecurityContext(); if (picketBoxContext != null && picketBoxContext.getSubjectInfo() != null) subject = picketBoxContext.getSubjectInfo().getAuthenticatedSubject(); return subject != null ? subject : new Subject(); } }
public Object run() throws Exception { SecurityContext sc = SecurityContextFactory.createSecurityContext(domain); sc.getUtil().createSubjectInfo(p, cred, subject); SecurityContextAssociation.setSecurityContext(sc); return null; }}); }
private Account verifyCredential(final AccountImpl account, final Object credential) { final AuthenticationManager authenticationManager = securityDomainContext.getAuthenticationManager(); final AuthorizationManager authorizationManager = securityDomainContext.getAuthorizationManager(); final SecurityContext sc = SecurityActions.getSecurityContext(); Principal incomingPrincipal = account.getOriginalPrincipal(); Subject subject = new Subject(); try { boolean isValid = authenticationManager.isValid(incomingPrincipal, credential, subject); if (isValid) { UndertowLogger.ROOT_LOGGER.tracef("User: %s is authenticated", incomingPrincipal); if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } Principal userPrincipal = getPrincipal(subject); sc.getUtil().createSubjectInfo(incomingPrincipal, credential, subject); SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(sc); RoleGroup roles = authorizationManager.getSubjectRoles(subject, scb); Set<String> roleSet = new HashSet<>(); for (Role role : roles.getRoles()) { roleSet.add(role.getRoleName()); } return new AccountImpl(userPrincipal, roleSet, credential, account.getOriginalPrincipal()); } } catch (Exception e) { throw new RuntimeException(e); } return null; }
public static void setCredential(Object credential) { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(SetSecurityContextPermission); SecurityContext securityContext = SecurityContextAssociation.getSecurityContext(); if (securityContext == null) { try { securityContext = SecurityContextFactory.createSecurityContext("CLIENT_SIDE"); } catch (Exception e) { throw new RuntimeException(e); } SecurityContextAssociation.setSecurityContext(securityContext); } Principal principal = securityContext.getUtil().getUserPrincipal(); Subject subj = securityContext.getUtil().getSubject(); securityContext.getUtil().createSubjectInfo(principal, credential, subj); } }