/** * Create a new authentication context for this security domain which can be used to carry out a single authentication * operation. * * Calling with enabled security manager requires {@code createServerAuthenticationContext} {@link ElytronPermission}. * * @return the new authentication context */ public ServerAuthenticationContext createNewAuthenticationContext() { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(CREATE_AUTH_CONTEXT); } return new ServerAuthenticationContext(this, MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY)); }
/** * Create a {@link MechanismConfigurationSelector} that is an aggregation of other selectors, when called the selectors will be called in order and the first * {@link MechanismConfiguration} returned will be used. * * @param configurationSelectors the {@link MechanismConfigurationSelector} instances to aggregate. * @return the {@link MechanismConfigurationSelector} that is an aggregation of the supplied selectors. */ static MechanismConfigurationSelector aggregate(final MechanismConfigurationSelector ... configurationSelectors) { return information -> { for (MechanismConfigurationSelector current : configurationSelectors) { MechanismConfiguration configuration = current.selectConfiguration(information); if (configuration != null) { return configuration; } } return null; }; }
static void buildMechanismConfiguration(List<ResolvedMechanismConfiguration> resolvedMechanismConfigurations, MechanismAuthenticationFactory.Builder factoryBuilder) { ArrayList<MechanismConfigurationSelector> mechanismConfigurationSelectors = new ArrayList<>(resolvedMechanismConfigurations.size()); for (ResolvedMechanismConfiguration resolvedMechanismConfiguration : resolvedMechanismConfigurations) { MechanismConfiguration.Builder builder = MechanismConfiguration.builder(); setPrincipalTransformer(resolvedMechanismConfiguration.preRealmPrincipalTranformer, builder::setPreRealmRewriter); setPrincipalTransformer(resolvedMechanismConfiguration.postRealmPrincipalTransformer, builder::setPostRealmRewriter); setPrincipalTransformer(resolvedMechanismConfiguration.finalPrincipalTransformer, builder::setFinalRewriter); setRealmMapper(resolvedMechanismConfiguration.realmMapper, builder::setRealmMapper); setSecurityFactory(resolvedMechanismConfiguration.securityFactory, builder::setServerCredential); for (Entry<String, ResolvedMechanismRealmConfiguration> currentMechRealmEntry : resolvedMechanismConfiguration.mechanismRealms.entrySet()) { MechanismRealmConfiguration.Builder mechRealmBuilder = MechanismRealmConfiguration.builder(); mechRealmBuilder.setRealmName(currentMechRealmEntry.getKey()); ResolvedMechanismRealmConfiguration resolvedMechanismRealmConfiguration = currentMechRealmEntry.getValue(); setPrincipalTransformer(resolvedMechanismRealmConfiguration.preRealmPrincipalTranformer, mechRealmBuilder::setPreRealmRewriter); setPrincipalTransformer(resolvedMechanismRealmConfiguration.postRealmPrincipalTransformer, mechRealmBuilder::setPostRealmRewriter); setPrincipalTransformer(resolvedMechanismRealmConfiguration.finalPrincipalTransformer, mechRealmBuilder::setFinalRewriter); setRealmMapper(resolvedMechanismRealmConfiguration.realmMapper, mechRealmBuilder::setRealmMapper); builder.addMechanismRealm(mechRealmBuilder.build()); } mechanismConfigurationSelectors.add(MechanismConfigurationSelector.predicateSelector(resolvedMechanismConfiguration.selectionPredicate, builder.build())); } factoryBuilder.setMechanismConfigurationSelector(MechanismConfigurationSelector.aggregate(mechanismConfigurationSelectors.toArray(new MechanismConfigurationSelector[mechanismConfigurationSelectors.size()]))); }
.build(); mechanismConfigurationSelectors.add(MechanismConfigurationSelector.predicateSelector(i -> mechanismName.equalsIgnoreCase(i.getMechanismName()), builder)); MechanismConfigurationSelector mechanismNamesSelector = MechanismConfigurationSelector.aggregate(mechanismConfigurationSelectors.toArray(new MechanismConfigurationSelector[mechanismConfigurationSelectors.size()]));
/** * Attempt to create a new identity that can be used to run as an anonymous user * * Calling with enabled security manager requires {@code setRunAsPrincipal} {@link ElytronPermission}. * * @param authorize whether to check the anonymous identity is authorized to log in * (has {@link org.wildfly.security.auth.permission.LoginPermission}) * @return the new security identity * @throws SecurityException if the caller does not have the {@code setRunAsPrincipal} * {@link ElytronPermission} or if the operation authorization failed for any other reason */ public SecurityIdentity createRunAsAnonymous(boolean authorize) throws SecurityException { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(SET_RUN_AS_PERMISSION); } try (final ServerAuthenticationContext context = securityDomain.createNewAuthenticationContext(this, MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY))) { if (! context.authorizeAnonymous(authorize)) { throw log.runAsAuthorizationFailed(principal, AnonymousPrincipal.getInstance(), null); } return context.getAuthorizedIdentity(); } }
private InitialState selectMechanismConfiguration() { MechanismConfiguration mechanismConfiguration = mechanismConfigurationSelector.selectConfiguration(mechanismInformation); if (mechanismConfiguration == null) { throw log.unableToSelectMechanismConfiguration(mechanismInformation.getMechanismType(), mechanismInformation.getMechanismName(), mechanismInformation.getHostName(), mechanismInformation.getProtocol()); } return new InitialState(capturedIdentity, mechanismConfiguration, mechanismConfigurationSelector, privateCredentials, publicCredentials); }
.build(); mechanismConfigurationSelectors.add(MechanismConfigurationSelector.predicateSelector(i -> mechanismName.equalsIgnoreCase(i.getMechanismName()), builder)); MechanismConfigurationSelector mechanismNamesSelector = MechanismConfigurationSelector.aggregate(mechanismConfigurationSelectors.toArray(new MechanismConfigurationSelector[mechanismConfigurationSelectors.size()]));
/** * Attempt to create a new identity that can be used to run as a user with the given principal. * * Calling with enabled security manager requires {@code setRunAsPrincipal} {@link ElytronPermission}. * * @param principal the principal to attempt to run as * @param authorize whether to check the current identity is authorized to run as a user * with the given principal (has {@link RunAsPrincipalPermission}) * @return the new security identity * @throws SecurityException if the caller does not have the {@code setRunAsPrincipal} * {@link ElytronPermission} or if the operation authorization failed for any other reason */ public SecurityIdentity createRunAsIdentity(Principal principal, boolean authorize) throws SecurityException { Assert.checkNotNullParam("principal", principal); final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(SET_RUN_AS_PERMISSION); } try (final ServerAuthenticationContext context = securityDomain.createNewAuthenticationContext(this, MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY))) { if (! (context.importIdentity(this) && context.authorize(principal, authorize))) { throw log.runAsAuthorizationFailed(this.principal, principal, null); } return context.getAuthorizedIdentity(); } catch (RealmUnavailableException e) { throw log.runAsAuthorizationFailed(this.principal, principal, e); } }
/** * Create a {@link MechanismConfigurationSelector} that is an aggregation of other selectors, when called the selectors will be called in order and the first * {@link MechanismConfiguration} returned will be used. * * @param configurationSelectors the {@link MechanismConfigurationSelector} instances to aggregate. * @return the {@link MechanismConfigurationSelector} that is an aggregation of the supplied selectors. */ static MechanismConfigurationSelector aggregate(final MechanismConfigurationSelector ... configurationSelectors) { return information -> { for (MechanismConfigurationSelector current : configurationSelectors) { MechanismConfiguration configuration = current.selectConfiguration(information); if (configuration != null) { return configuration; } } return null; }; }
ServerAuthenticationContext serverAuthenticationContext = new ServerAuthenticationContext(this, MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY)); if (principal != null) serverAuthenticationContext.setAuthenticationPrincipal(principal); if (serverAuthenticationContext.verifyEvidence(evidence)) {
/** * Create a {@link MechanismConfigurationSelector} that is an aggregation of other selectors, when called the selectors will be called in order and the first * {@link MechanismConfiguration} returned will be used. * * @param configurationSelectors the {@link MechanismConfigurationSelector} instances to aggregate. * @return the {@link MechanismConfigurationSelector} that is an aggregation of the supplied selectors. */ static MechanismConfigurationSelector aggregate(final MechanismConfigurationSelector ... configurationSelectors) { return information -> { for (MechanismConfigurationSelector current : configurationSelectors) { MechanismConfiguration configuration = current.selectConfiguration(information); if (configuration != null) { return configuration; } } return null; }; }
private static Function<String, HttpAuthenticationFactory> toHttpAuthenticationFactoryFunction(final Supplier<SecurityDomain> securityDomainSupplier) { final HttpServerAuthenticationMechanismFactory mechanismFactory = new FilterServerMechanismFactory(new ServerMechanismFactoryImpl(), SERVLET_MECHANISM); return (realmName) -> HttpAuthenticationFactory.builder().setFactory(mechanismFactory) .setSecurityDomain(securityDomainSupplier.get()) .setMechanismConfigurationSelector( MechanismConfigurationSelector.constantSelector(realmName == null ? MechanismConfiguration.EMPTY : MechanismConfiguration.builder() .addMechanismRealm( MechanismRealmConfiguration.builder().setRealmName(realmName).build()) .build())) .build(); }
/** * Create a {@link MechanismConfigurationSelector} that is an aggregation of other selectors, when called the selectors will be called in order and the first * {@link MechanismConfiguration} returned will be used. * * @param configurationSelectors the {@link MechanismConfigurationSelector} instances to aggregate. * @return the {@link MechanismConfigurationSelector} that is an aggregation of the supplied selectors. */ static MechanismConfigurationSelector aggregate(final MechanismConfigurationSelector ... configurationSelectors) { return information -> { for (MechanismConfigurationSelector current : configurationSelectors) { MechanismConfiguration configuration = current.selectConfiguration(information); if (configuration != null) { return configuration; } } return null; }; }
final MechanismConfigurationSelector mechanismConfigurationSelector = this.mechanismConfigurationSelector != null ? this.mechanismConfigurationSelector : MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY);
private InitialState selectMechanismConfiguration() { MechanismConfiguration mechanismConfiguration = mechanismConfigurationSelector.selectConfiguration(mechanismInformation); if (mechanismConfiguration == null) { throw log.unableToSelectMechanismConfiguration(mechanismInformation.getMechanismType(), mechanismInformation.getMechanismName(), mechanismInformation.getHostName(), mechanismInformation.getProtocol()); } return new InitialState(capturedIdentity, mechanismConfiguration, mechanismConfigurationSelector, privateCredentials, publicCredentials); }
/** * Create a new authentication context for this security domain which can be used to carry out a single authentication * operation. * * Calling with enabled security manager requires {@code createServerAuthenticationContext} {@link ElytronPermission}. * * @return the new authentication context */ public ServerAuthenticationContext createNewAuthenticationContext() { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(CREATE_AUTH_CONTEXT); } return new ServerAuthenticationContext(this, MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY)); }
private InitialState selectMechanismConfiguration() { MechanismConfiguration mechanismConfiguration = mechanismConfigurationSelector.selectConfiguration(mechanismInformation); if (mechanismConfiguration == null) { throw log.unableToSelectMechanismConfiguration(mechanismInformation.getMechanismType(), mechanismInformation.getMechanismName(), mechanismInformation.getHostName(), mechanismInformation.getProtocol()); } return new InitialState(capturedIdentity, mechanismConfiguration, mechanismConfigurationSelector, privateCredentials, publicCredentials); }
/** * Create a new authentication context for this security domain which can be used to carry out a single authentication * operation. * * Calling with enabled security manager requires {@code createServerAuthenticationContext} {@link ElytronPermission}. * * @return the new authentication context */ public ServerAuthenticationContext createNewAuthenticationContext() { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(CREATE_AUTH_CONTEXT); } return new ServerAuthenticationContext(this, MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY)); }
private InitialState selectMechanismConfiguration() { MechanismConfiguration mechanismConfiguration = mechanismConfigurationSelector.selectConfiguration(mechanismInformation); if (mechanismConfiguration == null) { throw log.unableToSelectMechanismConfiguration(mechanismInformation.getMechanismType(), mechanismInformation.getMechanismName(), mechanismInformation.getHostName(), mechanismInformation.getProtocol()); } return new InitialState(capturedIdentity, mechanismConfiguration, mechanismConfigurationSelector, privateCredentials, publicCredentials); }
/** * Create a new authentication context for this security domain which can be used to carry out a single authentication * operation. * * Calling with enabled security manager requires {@code createServerAuthenticationContext} {@link ElytronPermission}. * * @return the new authentication context */ public ServerAuthenticationContext createNewAuthenticationContext() { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(CREATE_AUTH_CONTEXT); } return new ServerAuthenticationContext(this, MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY)); }