private boolean processAuthorization(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException { node = peek(node, AUTHORIZATION, CLASSIC, POLICY_MODULE); if (node == null) { return false; } AuthorizationInfo authzInfo = new AuthorizationInfo(securityDomain); for (Property moduleProperty : node.asPropertyList()) { ModelNode module = moduleProperty.getValue(); String codeName = extractCode(context, module, ModulesMap.AUTHORIZATION_MAP); String flag = LoginModuleResourceDefinition.FLAG.resolveModelAttribute(context, module).asString(); ControlFlag controlFlag = ControlFlag.valueOf(flag); Map<String, Object> options = extractOptions(context, module); AuthorizationModuleEntry authzModuleEntry = new AuthorizationModuleEntry(codeName, options); authzModuleEntry.setControlFlag(controlFlag); authzInfo.add(authzModuleEntry); ModelNode moduleName = LoginModuleResourceDefinition.MODULE.resolveModelAttribute(context, module); if (moduleName.isDefined() && !moduleName.asString().isEmpty()) { authzInfo.addJBossModuleName(moduleName.asString()); } else { authzInfo.addJBossModuleName(DEFAULT_MODULE); } } applicationPolicy.setAuthorizationInfo(authzInfo); return true; }
/** * <p> * Sets the {@link JACCAuthorizationManager} in the specified {@link DeploymentInfo} if the webapp security domain * has defined a JACC authorization module. * </p> * * @param deploymentInfo the {@link DeploymentInfo} instance. */ private void handleJACCAuthorization(final DeploymentInfo deploymentInfo) { // TODO make the authorization manager implementation configurable in Undertow or jboss-web.xml ApplicationPolicy applicationPolicy = SecurityConfiguration.getApplicationPolicy(this.securityDomain); if (applicationPolicy != null) { AuthorizationInfo authzInfo = applicationPolicy.getAuthorizationInfo(); if (authzInfo != null) { for (AuthorizationModuleEntry entry : authzInfo.getModuleEntries()) { if (JACCAuthorizationModule.class.getName().equals(entry.getPolicyModuleName())) { deploymentInfo.setAuthorizationManager(JACCAuthorizationManager.INSTANCE); break; } } } } }
public Object instantiate() { info = new AuthorizationInfo(authName); info.add(moduleEntries); return info; }
private boolean processAuthorization(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException { node = peek(node, AUTHORIZATION, CLASSIC, POLICY_MODULE); if (node == null) { return false; } AuthorizationInfo authzInfo = new AuthorizationInfo(securityDomain); for (Property moduleProperty : node.asPropertyList()) { ModelNode module = moduleProperty.getValue(); String codeName = extractCode(context, module, ModulesMap.AUTHORIZATION_MAP); String flag = LoginModuleResourceDefinition.FLAG.resolveModelAttribute(context, module).asString(); ControlFlag controlFlag = ControlFlag.valueOf(flag); Map<String, Object> options = extractOptions(context, module); AuthorizationModuleEntry authzModuleEntry = new AuthorizationModuleEntry(codeName, options); authzModuleEntry.setControlFlag(controlFlag); authzInfo.add(authzModuleEntry); ModelNode moduleName = LoginModuleResourceDefinition.MODULE.resolveModelAttribute(context, module); if (moduleName.isDefined() && moduleName.asString().length() > 0) { authzInfo.setJBossModuleName(moduleName.asString()); } } applicationPolicy.setAuthorizationInfo(authzInfo); return true; }
@Override protected BaseSecurityInfo<AuthorizationModuleEntry> create(String name) { return new AuthorizationInfo(name); }
public void addChild(AuthorizationInfo authInfo, AuthorizationModuleEntry entry, UnmarshallingContext navigator, String namespaceURI, String localName) { authInfo.add(entry); }
List<String> jbossModuleNames = authzInfo.getJBossModuleNames(); if(!jbossModuleNames.isEmpty()) AuthorizationModuleEntry[] entries = authzInfo.getAuthorizationModuleEntry(); int len = entries != null ? entries.length : 0; for (int i = 0; i < len; i++)
public AuthorizationInfo getAuthorizationInfo() { AuthorizationInfo bai = null; ApplicationPolicy ap = this.getBaseApplicationPolicy(); if (ap != null) bai = ap.getAuthorizationInfo(); if (bai != null && authorizationInfo == null) return bai; else if (bai != null) return (AuthorizationInfo) authorizationInfo.merge(bai); else return authorizationInfo; }
/** * Inject an ApplicationPolicy that contains AuthorizationInfo * @param aPolicy * @throws IllegalArgumentException if ApplicationPolicy is null or * does not contain AuthorizationInfo or domain name does not match */ public void setApplicationPolicy(ApplicationPolicy aPolicy) { if(aPolicy == null) throw new IllegalArgumentException("Application Policy is null:domain="+this.securityDomainName); AuthorizationInfo authzInfo = aPolicy.getAuthorizationInfo(); if( authzInfo == null) throw new IllegalArgumentException("Application Policy has no AuthorizationInfo"); if(!authzInfo.getName().equals(securityDomainName)) throw new IllegalArgumentException("Application Policy ->AuthorizationInfo:" + authzInfo.getName() + " does not match required domain name=" + this.securityDomainName); this.applicationPolicy = aPolicy; }
private void initializeModules(Resource resource, RoleGroup role) throws PrivilegedActionException { AuthorizationInfo authzInfo = getAuthorizationInfo(securityDomainName, resource); if(authzInfo == null) throw new IllegalStateException("Authorization Info is null"); AuthorizationModuleEntry[] entries = authzInfo.getAuthorizationModuleEntry(); int len = entries != null ? entries.length : 0; for(int i = 0 ; i < len; i++) { AuthorizationModuleEntry entry = entries[i]; ControlFlag flag = entry.getControlFlag(); if(flag == null) { if(trace) log.trace("Null Control flag for entry:"+entry+". Defaults to REQUIRED!"); flag = ControlFlag.REQUIRED; } else if(trace) log.trace("Control flag for entry:"+entry+"is:["+flag+"]"); this.controlFlags.add(flag); modules.add(instantiateModule(entry.getPolicyModuleName(), entry.getOptions(), role)); } }
private AuthorizationInfo getAuthorizationInfo(ResourceType layer) { AuthorizationInfo ai = null; if (layer == ResourceType.EJB) ai = SecurityConfiguration.getApplicationPolicy(EJB).getAuthorizationInfo(); else if (layer == ResourceType.WEB) ai = SecurityConfiguration.getApplicationPolicy(WEB).getAuthorizationInfo(); else { ai = new AuthorizationInfo(SecurityConstants.DEFAULT_APPLICATION_POLICY); ai.add(new AuthorizationModuleEntry(DelegatingAuthorizationModule.class.getName())); } return ai; }
private boolean processAuthorization(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException { node = peek(node, AUTHORIZATION, CLASSIC, POLICY_MODULE); if (node == null) { return false; } AuthorizationInfo authzInfo = new AuthorizationInfo(securityDomain); for (Property moduleProperty : node.asPropertyList()) { ModelNode module = moduleProperty.getValue(); String codeName = extractCode(context, module, ModulesMap.AUTHORIZATION_MAP); String flag = LoginModuleResourceDefinition.FLAG.resolveModelAttribute(context, module).asString(); ControlFlag controlFlag = ControlFlag.valueOf(flag); Map<String, Object> options = extractOptions(context, module); AuthorizationModuleEntry authzModuleEntry = new AuthorizationModuleEntry(codeName, options); authzModuleEntry.setControlFlag(controlFlag); authzInfo.add(authzModuleEntry); ModelNode moduleName = LoginModuleResourceDefinition.MODULE.resolveModelAttribute(context, module); if (moduleName.isDefined() && moduleName.asString().length() > 0) { authzInfo.setJBossModuleName(moduleName.asString()); } } applicationPolicy.setAuthorizationInfo(authzInfo); return true; }
@Override protected BaseSecurityInfo<AuthorizationModuleEntry> create(String name) { return new AuthorizationInfo(name); } }
public void addChild(AuthorizationInfo authInfo, AuthorizationConfigEntryHolder entryInfo, UnmarshallingContext navigator, String namespaceURI, String localName) { AuthorizationModuleEntry entry = entryInfo.getEntry(); authInfo.add(entry); if (trace) log.trace("addChild.AuthorizationInfo, name: " + entry.getPolicyModuleName()); }
public AuthorizationInfo getAuthorizationInfo() { AuthorizationInfo bai = null; ApplicationPolicy ap = this.getBaseApplicationPolicy(); if (ap != null) bai = ap.getAuthorizationInfo(); if (bai != null && authorizationInfo == null) return bai; else if (bai != null) return (AuthorizationInfo) authorizationInfo.merge(bai); else return authorizationInfo; }
/** * Inject an ApplicationPolicy that contains AuthorizationInfo * @param appPolicy * @throws IllegalArgumentException if ApplicationPolicy is null or * does not contain AuthorizationInfo or domain name does not match */ public void setApplicationPolicy(ApplicationPolicy appPolicy) { if (appPolicy == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("appPolicy"); AuthorizationInfo authzInfo = appPolicy.getAuthorizationInfo(); if (authzInfo == null) throw PicketBoxMessages.MESSAGES.failedToObtainInfoFromAppPolicy("AuthorizationInfo"); if (!authzInfo.getName().equals(securityDomainName)) throw PicketBoxMessages.MESSAGES.unexpectedSecurityDomainInInfo("AuthorizationInfo", this.securityDomainName); this.applicationPolicy = appPolicy; }
private AuthorizationInfo getAuthorizationInfo(ResourceType layer) { AuthorizationInfo ai = null; if(layer == ResourceType.EJB) ai = SecurityConfiguration.getApplicationPolicy(EJB).getAuthorizationInfo(); else if(layer == ResourceType.WEB) ai = SecurityConfiguration.getApplicationPolicy(WEB).getAuthorizationInfo(); else { if(log.isTraceEnabled()) log.trace("AuthorizationInfo not found. Providing default authorization info"); ai = new AuthorizationInfo(SecurityConstants.DEFAULT_APPLICATION_POLICY); ai.add(new AuthorizationModuleEntry(DelegatingAuthorizationModule.class.getName())); } return ai; }
private boolean processAuthorization(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException { node = peek(node, AUTHORIZATION, CLASSIC, POLICY_MODULE); if (node == null) { return false; } AuthorizationInfo authzInfo = new AuthorizationInfo(securityDomain); for (Property moduleProperty : node.asPropertyList()) { ModelNode module = moduleProperty.getValue(); String codeName = extractCode(context, module, ModulesMap.AUTHORIZATION_MAP); String flag = LoginModuleResourceDefinition.FLAG.resolveModelAttribute(context, module).asString(); ControlFlag controlFlag = ControlFlag.valueOf(flag); Map<String, Object> options = extractOptions(context, module); AuthorizationModuleEntry authzModuleEntry = new AuthorizationModuleEntry(codeName, options); authzModuleEntry.setControlFlag(controlFlag); authzInfo.add(authzModuleEntry); ModelNode moduleName = LoginModuleResourceDefinition.MODULE.resolveModelAttribute(context, module); if (moduleName.isDefined() && !moduleName.asString().isEmpty()) { authzInfo.addJBossModuleName(moduleName.asString()); } else { authzInfo.addJBossModuleName(DEFAULT_MODULE); } } applicationPolicy.setAuthorizationInfo(authzInfo); return true; }
if (child == null && "authorization".equals(localName)) child = new AuthorizationInfo(aPolicy.getName());
/** * <p> * Sets the {@link JACCAuthorizationManager} in the specified {@link DeploymentInfo} if the webapp security domain * has defined a JACC authorization module. * </p> * * @param deploymentInfo the {@link DeploymentInfo} instance. */ private void handleJACCAuthorization(final DeploymentInfo deploymentInfo) { // TODO make the authorization manager implementation configurable in Undertow or jboss-web.xml ApplicationPolicy applicationPolicy = SecurityConfiguration.getApplicationPolicy(this.securityDomain); if (applicationPolicy != null) { AuthorizationInfo authzInfo = applicationPolicy.getAuthorizationInfo(); if (authzInfo != null) { for (AuthorizationModuleEntry entry : authzInfo.getModuleEntries()) { if (JACCAuthorizationModule.class.getName().equals(entry.getPolicyModuleName())) { deploymentInfo.setAuthorizationManager(JACCAuthorizationManager.INSTANCE); break; } } } } }