Refine search
private ApplicationPolicy createApplicationPolicy(OperationContext context, String securityDomain, final ModelNode model) throws OperationFailedException { final ApplicationPolicy applicationPolicy = new ApplicationPolicy(securityDomain); boolean create; create = processClassicAuth(context, securityDomain, model, applicationPolicy); create |= processJASPIAuth(context, securityDomain, model, applicationPolicy); create |= processAuthorization(context, securityDomain, model, applicationPolicy); create |= processACL(context, securityDomain, model, applicationPolicy); create |= processAudit(context, securityDomain, model, applicationPolicy); create |= processIdentityTrust(context, securityDomain, model, applicationPolicy); create |= processMapping(context, securityDomain, model, applicationPolicy); return create ? applicationPolicy : null; }
private boolean processAudit(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException { node = peek(node, AUDIT, CLASSIC, PROVIDER_MODULE); if (node == null) { return false; } AuditInfo auditInfo = new AuditInfo(securityDomain); for (Property moduleProperty : node.asPropertyList()) { ModelNode module = moduleProperty.getValue(); String codeName = MappingProviderModuleDefinition.CODE.resolveModelAttribute(context, module).asString(); Map<String, Object> options = extractOptions(context, module); AuditProviderEntry entry = new AuditProviderEntry(codeName, options); auditInfo.add(entry); ModelNode moduleName = MappingProviderModuleDefinition.MODULE.resolveModelAttribute(context, module); if (moduleName.isDefined() && !moduleName.asString().isEmpty()) { auditInfo.addJBossModuleName(moduleName.asString()); } else { auditInfo.addJBossModuleName(DEFAULT_MODULE); } } applicationPolicy.setAuditInfo(auditInfo); return true; }
if(node.hasDefined(LOGIN_MODULE_STACK)){ List<Property> stacks = node.get(LOGIN_MODULE_STACK).asPropertyList(); for (Property stack : stacks) { String name = stack.getName(); applicationPolicy.setAuthenticationInfo(authenticationInfo); return true;
private boolean processMapping(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException { node = peek(node, MAPPING, CLASSIC, MAPPING_MODULE); if (node == null) { return false; } for (Property moduleProperty : node.asPropertyList()) { ModelNode module = moduleProperty.getValue(); MappingInfo mappingInfo = new MappingInfo(securityDomain); String codeName = extractCode(context, module, ModulesMap.MAPPING_MAP); String mappingType; if (module.hasDefined(TYPE)) { mappingType = MappingModuleDefinition.TYPE.resolveModelAttribute(context, module).asString(); } else { mappingType = MappingType.ROLE.toString(); } Map<String, Object> options = extractOptions(context, module); MappingModuleEntry entry = new MappingModuleEntry(codeName, options, mappingType); mappingInfo.add(entry); applicationPolicy.setMappingInfo(mappingType, mappingInfo); ModelNode moduleName = LoginModuleResourceDefinition.MODULE.resolveModelAttribute(context, module); if (moduleName.isDefined() && !moduleName.asString().isEmpty()) { mappingInfo.addJBossModuleName(moduleName.asString()); } else { mappingInfo.addJBossModuleName(DEFAULT_MODULE); } } return true; }
private boolean processAuthorization(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException { node = peek(node, AUTHORIZATION, CLASSIC, POLICY_MODULE); if (node == null) { return false; } AuthorizationInfo authzInfo = new AuthorizationInfo(securityDomain); for (Property moduleProperty : node.asPropertyList()) { ModelNode module = moduleProperty.getValue(); String codeName = extractCode(context, module, ModulesMap.AUTHORIZATION_MAP); String flag = LoginModuleResourceDefinition.FLAG.resolveModelAttribute(context, module).asString(); ControlFlag controlFlag = ControlFlag.valueOf(flag); Map<String, Object> options = extractOptions(context, module); AuthorizationModuleEntry authzModuleEntry = new AuthorizationModuleEntry(codeName, options); authzModuleEntry.setControlFlag(controlFlag); authzInfo.add(authzModuleEntry); ModelNode moduleName = LoginModuleResourceDefinition.MODULE.resolveModelAttribute(context, module); if (moduleName.isDefined() && !moduleName.asString().isEmpty()) { authzInfo.addJBossModuleName(moduleName.asString()); } else { authzInfo.addJBossModuleName(DEFAULT_MODULE); } } applicationPolicy.setAuthorizationInfo(authzInfo); return true; }
private boolean processIdentityTrust(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException { node = peek(node, IDENTITY_TRUST, CLASSIC, TRUST_MODULE); if (node == null) { return false; } IdentityTrustInfo identityTrustInfo = new IdentityTrustInfo(securityDomain); for (Property moduleProperty : node.asPropertyList()) { ModelNode module = moduleProperty.getValue(); String codeName = LoginModuleResourceDefinition.CODE.resolveModelAttribute(context, module).asString(); String flag = LoginModuleResourceDefinition.FLAG.resolveModelAttribute(context, module).asString(); ControlFlag controlFlag = ControlFlag.valueOf(flag); Map<String, Object> options = extractOptions(context, module); IdentityTrustModuleEntry entry = new IdentityTrustModuleEntry(codeName, options); entry.setControlFlag(controlFlag); identityTrustInfo.add(entry); ModelNode moduleName = LoginModuleResourceDefinition.MODULE.resolveModelAttribute(context, module); if (moduleName.isDefined() && !moduleName.asString().isEmpty()) { identityTrustInfo.addJBossModuleName(moduleName.asString()); } else { identityTrustInfo.addJBossModuleName(DEFAULT_MODULE); } } applicationPolicy.setIdentityTrustInfo(identityTrustInfo); return true; }
private boolean processACL(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException { node = peek(node, ACL, CLASSIC, ACL_MODULE); if (node == null) { return false; } ACLInfo aclInfo = new ACLInfo(securityDomain); for (Property moduleProperty : node.asPropertyList()) { ModelNode module = moduleProperty.getValue(); String codeName = LoginModuleResourceDefinition.CODE.resolveModelAttribute(context, module).asString(); String flag = LoginModuleResourceDefinition.FLAG.resolveModelAttribute(context, module).asString(); ControlFlag controlFlag = ControlFlag.valueOf(flag); Map<String, Object> options = extractOptions(context, module); ACLProviderEntry entry = new ACLProviderEntry(codeName, options); entry.setControlFlag(controlFlag); aclInfo.add(entry); ModelNode moduleName = LoginModuleResourceDefinition.MODULE.resolveModelAttribute(context, module); if (moduleName.isDefined() && !moduleName.asString().isEmpty()) { aclInfo.addJBossModuleName(moduleName.asString()); } else { aclInfo.addJBossModuleName(DEFAULT_MODULE); } } applicationPolicy.setAclInfo(aclInfo); return true; }
private boolean processClassicAuth(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException { node = peek(node, AUTHENTICATION, CLASSIC); if (node == null) { return false; } final AuthenticationInfo authenticationInfo = new AuthenticationInfo(securityDomain); if (node.hasDefined(Constants.LOGIN_MODULE)) { processLoginModules(context, node.get(LOGIN_MODULE), authenticationInfo, new LoginModuleContainer() { public void addAppConfigurationEntry(AppConfigurationEntry entry) { authenticationInfo.add(entry); } }); } //Check for module applicationPolicy.setAuthenticationInfo(authenticationInfo); return true; }
AuthenticationConfigParser parser = new AuthenticationConfigParser(); Set<AppConfigurationEntry> entries = parser.parse(xmlEventReader); AuthenticationInfo authInfo = new AuthenticationInfo(appPolicy.getName()); appPolicy.setAuthenticationInfo(authInfo); AuthenticationJASPIConfigParser parser = new AuthenticationJASPIConfigParser(); JASPIAuthenticationInfo authInfo = parser.parse(xmlEventReader); appPolicy.setAuthenticationInfo(authInfo); AuthorizationConfigParser parser = new AuthorizationConfigParser(); Set<AuthorizationModuleEntry> entries = parser.parse(xmlEventReader); AuthorizationInfo authInfo = new AuthorizationInfo(appPolicy.getName()); authInfo.add(new ArrayList(entries)); appPolicy.setAuthorizationInfo(authInfo); AclConfigParser parser = new AclConfigParser(); Set<ACLProviderEntry> entries = parser.parse(xmlEventReader); ACLInfo aclInfo = new ACLInfo(appPolicy.getName()); aclInfo.add(new ArrayList(entries)); appPolicy.setAclInfo(aclInfo); MappingConfigParser parser = new MappingConfigParser(); List<MappingModuleEntry> entries = parser.parse(xmlEventReader); MappingInfo mappingInfo = new MappingInfo(appPolicy.getName()); mappingInfo.add(entries); appPolicy.setMappingInfo(MappingType.ROLE.toString(), mappingInfo); MappingInfo mappingInfo = new MappingInfo(appPolicy.getName());
throw PicketBoxMessages.MESSAGES.invalidSecurityAnnotationConfig(); ApplicationPolicy aPolicy = new ApplicationPolicy(securityDomain); AuthenticationInfo authenticationInfo = getAuthenticationInfo(authenticationAnnotation, securityDomain); aPolicy.setAuthenticationInfo(authenticationInfo ); aPolicy.setAuthorizationInfo(authorizationInfo); aPolicy.setAuditInfo(auditInfo); for(MappingModuleEntry entry: entries) aPolicy.setMappingInfo(entry.getMappingModuleType(), mappingInfo); boolean valid = authMgr.isValid(principal, credential, subject); if(!valid) throw new LoginException(PicketBoxMessages.MESSAGES.authenticationFailedMessage()); throw new PicketBoxProcessingException(PicketBoxMessages.MESSAGES.nullRolesInSubjectMessage());
public Object instantiate() info = new ApplicationPolicy(authName); if (baseAppPolicyName != null) info.setBaseApplicationPolicyName(baseAppPolicyName); info.setAuthenticationInfo(binfo); for (LoginModuleStackHolder holder : this.loginModuleStackMap.values()) jaspiInfo.add(holder); info.setAuthenticationInfo(jaspiInfo); info.setAuthorizationInfo(ainfo); info.setAclInfo(this.aclInfo); info.setMappingInfo(type, this.mappingInfos.get(type)); info.setAuditInfo(auditInfo); info.setIdentityTrustInfo(identityTrustInfo);
public ApplicationPolicy map(org.jboss.security.config.jaxb.ApplicationPolicy appPolicy) { String appName = appPolicy.getName(); ApplicationPolicy result = new ApplicationPolicy(appName); result.setAuthenticationInfo(map(appName, appPolicy.getAuthentication())); result.setAuthorizationInfo(map(appName, appPolicy.getAuthorization())); result.setAuditInfo(map(appName, appPolicy.getAudit())); return result; }
public void addChild(ApplicationPolicy aPolicy, AuthenticationInfo authInfo, UnmarshallingContext navigator, String namespaceURI, String localName) { aPolicy.setAuthenticationInfo(authInfo); if (trace) log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName()); }
public void addChild(ApplicationPolicy aPolicy, AuthorizationInfo authInfo, UnmarshallingContext navigator, String namespaceURI, String localName) { aPolicy.setAuthorizationInfo(authInfo); if (trace) log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName()); }
public void addChild(ApplicationPolicy aPolicy, AuditInfo auditInfo, UnmarshallingContext navigator, String namespaceURI, String localName) { aPolicy.setAuditInfo(auditInfo); if (trace) log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName()); }
/** * <p>Adds to the deployment the {@link org.wildfly.extension.undertow.security.jaspi.JASPICAuthenticationMechanism}, if necessary. The handler will be added if the security domain * is configured with JASPI authentication.</p> * * @param deploymentInfo */ private void handleJASPIMechanism(final DeploymentInfo deploymentInfo) { ApplicationPolicy applicationPolicy = SecurityConfiguration.getApplicationPolicy(this.securityDomain); if (applicationPolicy != null && JASPIAuthenticationInfo.class.isInstance(applicationPolicy.getAuthenticationInfo())) { String authMethod = null; LoginConfig loginConfig = deploymentInfo.getLoginConfig(); if (loginConfig != null && loginConfig.getAuthMethods().size() > 0) { authMethod = loginConfig.getAuthMethods().get(0).getName(); } deploymentInfo.setJaspiAuthenticationMechanism(new JASPICAuthenticationMechanism(securityDomain, authMethod)); deploymentInfo.setSecurityContextFactory(new JASPICSecurityContextFactory(this.securityDomain)); deploymentInfo.addOuterHandlerChainWrapper(next -> new JASPICSecureResponseHandler(next)); } }
final ApplicationPolicyRegistration applicationPolicyRegistration = (ApplicationPolicyRegistration) configurationValue .getValue(); applicationPolicyRegistration.addApplicationPolicy(applicationPolicy.getName(), applicationPolicy);
public void addChild(ApplicationPolicy aPolicy, ACLInfo aclInfo, UnmarshallingContext navigator, String namespaceURI, String localName) { aPolicy.setAclInfo(aclInfo); if (trace) log.trace("Adding ACLInfo as a child of ApplicationPolicy " + aPolicy.getName()); }
public void addChild(ApplicationPolicy aPolicy, IdentityTrustInfo auditInfo, UnmarshallingContext navigator, String namespaceURI, String localName) { aPolicy.setIdentityTrustInfo(auditInfo); if (trace) log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName()); }
public Object newChild(PolicyConfig config, UnmarshallingContext navigator, String namespaceUri, String localName, Attributes attrs) { Object child = null; if (trace) log.trace("newChild.PolicyConfig, localName: " + localName); if ("application-policy".equals(localName)) { String name = attrs.getValue("name"); name = StringPropertyReplacer.replaceProperties(name); ApplicationPolicy aPolicy = new ApplicationPolicy(name); aPolicy.setPolicyConfig(config); String baseAppPolicyName = attrs.getValue("extends"); if (baseAppPolicyName != null) aPolicy.setBaseApplicationPolicyName(baseAppPolicyName); if (trace) log.trace("newChild.PolicyConfig, AuthenticationInfo: " + name); child = aPolicy; } return child; }