final Principal finalPrincipal = identityPrincipal != null ? identityPrincipal : principal; if (WildFlySecurityManager.isChecking()) { legacyContext = AccessController.doPrivileged((PrivilegedExceptionAction<SecurityContext>) () -> { SecurityContext sc = SecurityContextFactory.createSecurityContext(this.legacySecurityDomain); sc.getUtil().createSubjectInfo(finalPrincipal, finalCredential, null); return sc; }); } else { legacyContext = SecurityContextFactory.createSecurityContext(this.legacySecurityDomain); legacyContext.getUtil().createSubjectInfo(finalPrincipal, finalCredential, null);
static Principal getPrincipal() { if (WildFlySecurityManager.isChecking()) { return doPrivileged(new PrivilegedAction<Principal>() { public Principal run() { Principal principal = null; SecurityContext sc = getSecurityContext(); if (sc != null) { principal = sc.getUtil().getUserPrincipal(); } return principal; } }); } else { Principal principal = null; SecurityContext sc = getSecurityContext(); if (sc != null) { principal = sc.getUtil().getUserPrincipal(); } return principal; } }
static Object getCredential() { if (WildFlySecurityManager.isChecking()) { return doPrivileged(new PrivilegedAction<Object>() { public Object run() { Object credential = null; SecurityContext sc = getSecurityContext(); if (sc != null) { credential = sc.getUtil().getCredential(); } return credential; } }); } else { Object credential = null; SecurityContext sc = getSecurityContext(); if (sc != null) { credential = sc.getUtil().getCredential(); } return credential; } }
Principal userPrincipal = jbossSct.getUtil().getUserPrincipal(); if (userPrincipal == null) { return null; jbossSct.getUtil().createSubjectInfo(userPrincipal, ((AccountImpl) cachedAccount).getCredential(), jbossSct.getUtil().getSubject()); RoleGroup roleGroup = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER); for (String role : cachedAccount.getRoles()) roleGroup.addRole(new SimpleRole(role)); jbossSct.getUtil().setRoles(roleGroup); return cachedAccount; RoleGroup roleGroup = jbossSct.getUtil().getRoles(); if (roleGroup != null) { for (Role role : roleGroup.getRoles()) { Object credential = jbossSct.getUtil().getCredential(); Principal original = null; if(cachedAccount != null) {
private void updateSubjectRoles(final org.jboss.security.SecurityContext jbossSct){ if (jbossSct == null) { throw UndertowLogger.ROOT_LOGGER.nullParamter("org.jboss.security.SecurityContext"); } RoleGroup contextRoleGroup = jbossSct.getUtil().getRoles(); if(contextRoleGroup == null){ return; } Collection<Role> contextRoles = contextRoleGroup.getRoles(); if(contextRoles.isEmpty()){ return; } Subject subject = jbossSct.getUtil().getSubject(); Set<Group> groupPrincipals = subject.getPrincipals(Group.class); Group subjectRoleGroup = null; for (Group candidate : groupPrincipals) { if (candidate.getName().equals(ROLES_IDENTIFIER)) { subjectRoleGroup = candidate; break; } } if (subjectRoleGroup == null) { subjectRoleGroup = new SimpleGroup(ROLES_IDENTIFIER); subject.getPrincipals().add(subjectRoleGroup); } for (Role role : contextRoles) { Principal rolePrincipal = new SimplePrincipal(role.getRoleName()); subjectRoleGroup.addMember(rolePrincipal); } }
private boolean authenticate(SecurityContext context, Subject subject) { SecurityContextUtil util = context.getUtil(); SubjectInfo subjectInfo = getSubjectInfo(context); if (subject == null) { subject = new Subject(); Principal principal = util.getUserPrincipal(); Principal auditPrincipal = principal; Object credential = util.getCredential(); Identity unauthenticatedIdentity = null; subjectInfo.addIdentity(unauthenticatedIdentity); auditPrincipal = unauthenticatedIdentity.asPrincipal(); subject.getPrincipals().add(auditPrincipal); authenticated = true; } else { subject.getPrincipals().add(principal); AuthenticationManager authenticationManager = context.getAuthenticationManager(); authenticated = authenticationManager.isValid(principal, credential, subject); AuditManager auditManager = context.getAuditManager(); if (auditManager != null) { audit(authenticated ? AuditLevel.SUCCESS : AuditLevel.FAILURE, auditManager, auditPrincipal);
/** * Get the {@link Subject} from the {@link SecurityContextAssociation} * * @return authenticated subject or null */ static Subject getAuthenticatedSubject() { SecurityManager sm = System.getSecurityManager(); if (sm != null) { return AccessController.doPrivileged(new PrivilegedAction<Subject>() { public Subject run() { SecurityContext sc = SecurityContextAssociation.getSecurityContext(); if (sc != null) { return sc.getUtil().getSubject(); } return null; } }); } else { SecurityContext sc = SecurityContextAssociation.getSecurityContext(); if (sc != null) { return sc.getUtil().getSubject(); } return null; } }
static Subject getSubject() { if (WildFlySecurityManager.isChecking()) { return doPrivileged(new PrivilegedAction<Subject>() { public Subject run() { Subject subject = null; SecurityContext sc = getSecurityContext(); if (sc != null) { subject = sc.getUtil().getSubject(); } return subject; } }); } else { Subject subject = null; SecurityContext sc = getSecurityContext(); if (sc != null) { subject = sc.getUtil().getSubject(); } return subject; } } }
public boolean authorize(String ejbName, CodeSource ejbCodeSource, String ejbMethodIntf, Method ejbMethod, Set<Principal> methodRoles, String contextID) { final SecurityContext securityContext = doPrivileged(securityContext()); if (securityContext == null) { return false; } EJBResource resource = new EJBResource(new HashMap<String, Object>()); resource.setEjbName(ejbName); resource.setEjbMethod(ejbMethod); resource.setEjbMethodInterface(ejbMethodIntf); resource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles)); resource.setCodeSource(ejbCodeSource); resource.setPolicyContextID(contextID); resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs()); resource.setCallerSubject(securityContext.getUtil().getSubject()); Principal userPrincipal = securityContext.getUtil().getUserPrincipal(); resource.setPrincipal(userPrincipal); try { AbstractEJBAuthorizationHelper helper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext); return helper.authorize(resource); } catch (Exception e) { throw new RuntimeException(e); } }
public void push(final String securityDomain, String userName, char[] password, final Subject subject) { final SecurityContext previous = SecurityContextAssociation.getSecurityContext(); contexts.push(previous); SecurityContext current = establishSecurityContext(securityDomain); if (propagate && previous != null) { current.setSubjectInfo(getSubjectInfo(previous)); current.setIncomingRunAs(previous.getOutgoingRunAs()); } RunAs currentRunAs = current.getIncomingRunAs(); boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity; if (trusted == false) { SecurityContextUtil util = current.getUtil(); util.createSubjectInfo(new SimplePrincipal(userName), new String(password), subject); } }
public static void propagateSessionInfo(KeycloakAccount account) { Subject subject = new Subject(); Set<Principal> principals = subject.getPrincipals(); principals.add(account.getPrincipal()); Group[] roleSets = getRoleSets(account.getRoles()); callerGroup.addMember(account.getPrincipal()); principals.add(callerGroup); org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext(); Principal userPrincipal = getPrincipal(subject); sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
public void authenticate(final String runAs, final String runAsPrincipal, final Set<String> extraRoles) { SecurityContext current = SecurityContextAssociation.getSecurityContext(); SecurityContext previous = contexts.peek(); // skip reauthentication if the current context already has an authenticated subject (copied from the previous context // upon creation - see push method) and both contexts use the same security domain or there is an incoming RunAs of RunAsIdentity type boolean skipReauthentication = current.getSubjectInfo() != null && current.getSubjectInfo().getAuthenticatedSubject() != null && !current.getSubjectInfo().getAuthenticatedSubject().getPrincipals().isEmpty() && ( (previous != null && current.getSecurityDomain().equals(previous.getSecurityDomain())) || current.getIncomingRunAs() instanceof RunAsIdentity ); if (!skipReauthentication) { SecurityContextUtil util = current.getUtil(); Object credential = util.getCredential(); Subject subject = null; if (credential instanceof RemotingConnectionCredential) { subject = ((RemotingConnectionCredential) credential).getSubject(); } if (authenticate(current, subject) == false) { throw SecurityLogger.ROOT_LOGGER.invalidUserException(); } } // setup the run-as identity. if (runAs != null) { RunAs runAsIdentity = new RunAsIdentity(runAs, runAsPrincipal, extraRoles); current.setOutgoingRunAs(runAsIdentity); } else if (propagate && previous != null && previous.getOutgoingRunAs() != null) { // Ensure the propagation continues. current.setOutgoingRunAs(previous.getOutgoingRunAs()); } }
RoleGroup currentRoles = currentSC.getUtil().getRoles(); if (currentRoles != null) { currentRoles.addAll(roles.getRoles()); currentSC.getUtil().setRoles( roles ); Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject(); if (currentSubject != null) { subject.getPrincipals().addAll(currentSubject.getPrincipals()); subject.getPublicCredentials().addAll(currentSubject.getPublicCredentials()); subject.getPrivateCredentials().addAll(currentSubject.getPrivateCredentials()); callerPrincipal = new SimplePrincipal(callerPrincipalCallback.getName()); Identity identity = IdentityFactory.getIdentity(new SimplePrincipal(userName), password); currentSC.getSubjectInfo().addIdentity(identity);
Subject callerSubject = sc.getUtil().getSubject(); callerSubject = new Subject();
RoleGroup userRoles = sc.getUtil().getRoles(); MappingManager mm = sc.getMappingManager(); MappingContext<RoleGroup> mc = mm.getMappingContext(RoleGroup.class); contextMap.put(SecurityConstants.PRINCIPALS_SET_IDENTIFIER, subject.getPrincipals()); if(trace) log.trace("Roles before mapping:"+ userRoles); log.trace("Roles after mapping:"+ userRoles); sc.getData().put(ROLES_IDENTIFIER, mappedUserRoles); if(sc.getUtil().getRoles() == null) sc.getUtil().setRoles(userRoles);
private Account verifyCredential(final AccountImpl account, final Object credential) { final AuthenticationManager authenticationManager = securityDomainContext.getAuthenticationManager(); final AuthorizationManager authorizationManager = securityDomainContext.getAuthorizationManager(); final SecurityContext sc = SecurityActions.getSecurityContext(); Principal incomingPrincipal = account.getOriginalPrincipal(); Subject subject = new Subject(); try { boolean isValid = authenticationManager.isValid(incomingPrincipal, credential, subject); if (isValid) { UndertowLogger.ROOT_LOGGER.tracef("User: %s is authenticated", incomingPrincipal); if (sc == null) { throw UndertowLogger.ROOT_LOGGER.noSecurityContext(); } Principal userPrincipal = getPrincipal(subject); sc.getUtil().createSubjectInfo(incomingPrincipal, credential, subject); SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(sc); RoleGroup roles = authorizationManager.getSubjectRoles(subject, scb); Set<String> roleSet = new HashSet<>(); for (Role role : roles.getRoles()) { roleSet.add(role.getRoleName()); } return new AccountImpl(userPrincipal, roleSet, credential, account.getOriginalPrincipal()); } } catch (Exception e) { throw new RuntimeException(e); } return null; }
public Object run() throws Exception { SecurityContext sc = SecurityContextFactory.createSecurityContext(domain); sc.getUtil().createSubjectInfo(p, cred, subject); SecurityContextAssociation.setSecurityContext(sc); return null; }}); }
public static void setCredential(Object credential) { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(SetSecurityContextPermission); SecurityContext securityContext = SecurityContextAssociation.getSecurityContext(); if (securityContext == null) { try { securityContext = SecurityContextFactory.createSecurityContext("CLIENT_SIDE"); } catch (Exception e) { throw new RuntimeException(e); } SecurityContextAssociation.setSecurityContext(securityContext); } Principal principal = securityContext.getUtil().getUserPrincipal(); Subject subj = securityContext.getUtil().getSubject(); securityContext.getUtil().createSubjectInfo(principal, credential, subj); } }
public static void setPrincipal(Principal principal) { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(SetSecurityContextPermission); SecurityContext securityContext = SecurityContextAssociation.getSecurityContext(); if (securityContext == null) { try { securityContext = SecurityContextFactory.createSecurityContext("CLIENT_SIDE"); } catch (Exception e) { throw new RuntimeException(e); } SecurityContextAssociation.setSecurityContext(securityContext); } Object credential = securityContext.getUtil().getCredential(); Subject subj = securityContext.getUtil().getSubject(); securityContext.getUtil().createSubjectInfo(principal, credential, subj); }
public Void run() { final SecurityContext securityContext = SecurityContextAssociation.getSecurityContext(); if (securityContext == null) { throw new IllegalStateException("Security Context is null"); } securityContext.getUtil().createSubjectInfo(principal, credential, subject); return null; } });