@Override SecurityDomain getSecurityDomain() { return authorizedIdentity.getSecurityDomain(); }
FlexibleIdentityAssociation(final SecurityDomain securityDomain, final SecurityIdentity securityIdentity) { assert securityIdentity != null && securityDomain == securityIdentity.getSecurityDomain(); this.securityDomain = securityDomain; this.securityIdentity = securityIdentity; }
@Override SecurityDomain getSecurityDomain() { return capturedIdentity.getSecurityDomain(); }
@Override SecurityDomain getSecurityDomain() { return anonymousIdentity.getSecurityDomain(); }
@Override SecurityDomain getSecurityDomain() { return capturedIdentity.getSecurityDomain(); }
@Override SecurityDomain getSecurityDomain() { return capturedIdentity.getSecurityDomain(); }
ServerAuthenticationContext createNewAuthenticationContext(SecurityIdentity capturedIdentity, MechanismConfigurationSelector mechanismConfigurationSelector) { assert capturedIdentity.getSecurityDomain() == this; return new ServerAuthenticationContext(capturedIdentity, mechanismConfigurationSelector); }
@SuppressWarnings("unchecked") private Supplier<SecurityIdentity>[] establishIdentities() { SecurityIdentity[] withIdentities = this.withIdentities != null ? this.withIdentities : withSuppliedIdentities != null ? withSuppliedIdentities.get() : NO_IDENTITIES; if (withIdentities.length == 0) { return NO_IDENTITIES; } Supplier<SecurityIdentity>[] oldIdentities = new Supplier[withIdentities.length]; for (int i = 0; i < withIdentities.length; i++) { Supplier<SecurityIdentity> securityIdentity = withIdentities[i]; oldIdentities[i] = securityIdentity.get().getSecurityDomain().getAndSetCurrentSecurityIdentity(securityIdentity); } return oldIdentities; }
/** * Get the security domain associated with the given identity. * * Obtaining security domain with enabled security manager requires {@code getSecurityDomain} {@link ElytronPermission}. * * @param identity the security identity (must not be {@code null}) * @return the identity's security domain (not {@code null}) */ public static SecurityDomain forIdentity(SecurityIdentity identity) { checkNotNullParam("identity", identity); final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(GET_SECURITY_DOMAIN); } return identity.getSecurityDomain(); }
/** * Set the current associated identity. * * @param securityIdentity the current associated identity (must not be {@code null}) */ public void setIdentity(SecurityIdentity securityIdentity) { Assert.checkNotNullParam("securityIdentity", securityIdentity); if (securityIdentity.getSecurityDomain() != securityDomain) { throw ElytronMessages.log.securityDomainMismatch(); } this.securityIdentity = securityIdentity; }
for (int i = 0; i < length; i++) { Supplier<SecurityIdentity> securityIdentity = identities[i]; SecurityDomain securityDomain = securityIdentity.get().getSecurityDomain(); oldIdentities[i] = securityDomain.getAndSetCurrentSecurityIdentity(securityIdentity); for (int i = 0; i < length; i++) { Supplier<SecurityIdentity> oldIdentity = oldIdentities[i]; SecurityDomain securityDomain = oldIdentity.get().getSecurityDomain(); securityDomain.setCurrentSecurityIdentity(oldIdentity);
@Override boolean isSamePrincipal(Principal principal) { final SecurityDomain domain = capturedIdentity.getSecurityDomain(); principal = rewriteAll(principal, mechanismRealmConfiguration.getPreRealmRewriter(), mechanismConfiguration.getPreRealmRewriter(), domain.getPreRealmRewriter()); return authenticationPrincipal.equals(principal); }
@Override boolean isSamePrincipal(Principal principal) { final SecurityDomain domain = authorizedIdentity.getSecurityDomain(); principal = rewriteAll(principal, mechanismRealmConfiguration.getPreRealmRewriter(), mechanismConfiguration.getPreRealmRewriter(), domain.getPreRealmRewriter()); return authenticationPrincipal.equals(principal); }
@Override void fail(final boolean requireInProgress) { final SecurityIdentity authorizedIdentity = getSourceIdentity(); final AtomicReference<State> stateRef = getStateRef(); if (! stateRef.compareAndSet(this, FAILED)) { stateRef.get().fail(requireInProgress); return; } SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmFailedAuthenticationEvent(realmIdentity, null, null)); SecurityDomain.safeHandleSecurityEvent(authorizedIdentity.getSecurityDomain(), new SecurityAuthenticationFailedEvent(authorizedIdentity, realmIdentity.getRealmIdentityPrincipal())); realmIdentity.dispose(); }
@Override void fail(final boolean requireInProgress) { final SecurityIdentity capturedIdentity = getSourceIdentity(); final AtomicReference<State> stateRef = getStateRef(); if (! stateRef.compareAndSet(this, FAILED)) { stateRef.get().fail(requireInProgress); return; } SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmFailedAuthenticationEvent(realmIdentity, null, null)); SecurityDomain.safeHandleSecurityEvent(capturedIdentity.getSecurityDomain(), new SecurityAuthenticationFailedEvent(capturedIdentity, realmIdentity.getRealmIdentityPrincipal())); realmIdentity.dispose(); }
@Override void succeed() { final SecurityIdentity authorizedIdentity = getSourceIdentity(); final AtomicReference<State> stateRef = getStateRef(); if (! stateRef.compareAndSet(this, new CompleteState(authorizedIdentity))) { stateRef.get().succeed(); return; } SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmSuccessfulAuthenticationEvent(realmIdentity, authorizedIdentity.getAuthorizationIdentity(), null, null)); SecurityDomain.safeHandleSecurityEvent(authorizedIdentity.getSecurityDomain(), new SecurityAuthenticationSuccessfulEvent(authorizedIdentity)); realmIdentity.dispose(); }
final SecurityDomain evidenceSecurityDomain = importedIdentity.getSecurityDomain(); final AtomicReference<State> stateRef = getStateRef(); final SecurityIdentity sourceIdentity = getSourceIdentity(); final SecurityDomain domain = sourceIdentity.getSecurityDomain(); if (domain == importedIdentity.getSecurityDomain()) {
final Principal authenticationPrincipal = this.authenticationPrincipal; final AuthorizationIdentity authorizationIdentity = realmIdentity.getAuthorizationIdentity(); final SecurityDomain domain = capturedIdentity.getSecurityDomain();
State assignName(final SecurityIdentity capturedIdentity, final MechanismConfiguration mechanismConfiguration, final MechanismRealmConfiguration mechanismRealmConfiguration, Principal originalPrincipal, final Evidence evidence, final IdentityCredentials privateCredentials, final IdentityCredentials publicCredentials, final boolean exclusive) throws RealmUnavailableException { final SecurityDomain domain = capturedIdentity.getSecurityDomain(); final Principal preRealmPrincipal = rewriteAll(originalPrincipal, mechanismRealmConfiguration.getPreRealmRewriter(), mechanismConfiguration.getPreRealmRewriter(), domain.getPreRealmRewriter()); if (preRealmPrincipal == null) {
FlexibleIdentityAssociation(final SecurityDomain securityDomain, final SecurityIdentity securityIdentity) { assert securityIdentity != null && securityDomain == securityIdentity.getSecurityDomain(); this.securityDomain = securityDomain; this.securityIdentity = securityIdentity; }