org.wildfly.security.authz.Roles Java Examples
The following examples show how to use
org.wildfly.security.authz.Roles.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: ElytronToJaasFilter.java From taskana with Apache License 2.0 | 7 votes |
|
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
SecurityIdentity securityIdentity = getSecurityIdentity();
if (securityIdentity != null) {
Roles roles = securityIdentity.getRoles();
Subject subject = obtainSubject(request);
if (subject != null) {
if (subject.getPrincipals().size() == 0) {
subject.getPrincipals().add(securityIdentity.getPrincipal());
}
if (subject.getPrincipals(GroupPrincipal.class).size() == 0) {
roles.forEach(role -> subject.getPrincipals().add(new GroupPrincipal(role)));
}
}
}
chain.doFilter(request, response);
}
Example #2
| Source File: DefaultRoleDecoder.java From quarkus with Apache License 2.0 | 6 votes |
|
public Roles decodeRoles(AuthorizationIdentity authorizationIdentity) {
if (userInstances.isUnsatisfied()) {
return fromDefaultAttribute(authorizationIdentity);
} else if (userInstances.isAmbiguous()) {
//if there are multiple decoders we return all the roles
List<Roles> allRoles = new ArrayList<>();
for (RoleDecoder i : userInstances) {
allRoles.add(i.decodeRoles(authorizationIdentity));
}
Roles r = allRoles.get(0);
for (int i = 1; i < allRoles.size(); ++i) {
r = r.or(allRoles.get(i));
}
return r;
} else {
return userInstances.get().decodeRoles(authorizationIdentity);
}
}
Example #3
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testRegexRoleMapper3() throws Exception {
init("TestDomain7");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain7");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user3");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("admin"));
Assert.assertTrue(roles.contains("user"));
Assert.assertTrue(roles.contains("joe"));
Assert.assertFalse(roles.contains("application-user"));
Assert.assertFalse(roles.contains("123-admin-123"));
Assert.assertFalse(roles.contains("aa-user-aa"));
Assert.assertEquals("user3", identity.getPrincipal().getName());
}
Example #4
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testRegexRoleMapper2() throws Exception {
init("TestDomain6");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain6");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user3");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("admin"));
Assert.assertTrue(roles.contains("user"));
Assert.assertFalse(roles.contains("joe"));
Assert.assertFalse(roles.contains("application-user"));
Assert.assertFalse(roles.contains("123-admin-123"));
Assert.assertFalse(roles.contains("aa-user-aa"));
Assert.assertEquals("user3", identity.getPrincipal().getName());
}
Example #5
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testRegexRoleMapper() throws Exception {
init("TestDomain5");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain5");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user2");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("application-user"));
Assert.assertFalse(roles.contains("123-user"));
Assert.assertFalse(roles.contains("joe"));
Assert.assertEquals("user2", identity.getPrincipal().getName());
}
Example #6
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testKeepBothMappedRoleMapper() throws Exception {
init("TestDomain4");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain4");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user1");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("mappedGroup"));
Assert.assertTrue(roles.contains("firstGroup"));
Assert.assertTrue(roles.contains("secondGroup"));
Assert.assertFalse(roles.contains("notInThisGroup"));
Assert.assertEquals("user1", identity.getPrincipal().getName());
}
Example #7
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testKeepNonMappedRoleMapper() throws Exception {
init("TestDomain3");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain3");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user1");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("mappedGroup"));
Assert.assertFalse(roles.contains("firstGroup"));
Assert.assertTrue(roles.contains("secondGroup"));
Assert.assertFalse(roles.contains("notInThisGroup"));
Assert.assertEquals("user1", identity.getPrincipal().getName());
}
Example #8
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testKeepMappedRoleMapper() throws Exception {
init("TestDomain2");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain2");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user1");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("mappedGroup"));
Assert.assertTrue(roles.contains("firstGroup"));
Assert.assertFalse(roles.contains("secondGroup"));
Assert.assertFalse(roles.contains("notInThisGroup"));
Assert.assertEquals("user1", identity.getPrincipal().getName());
}
Example #9
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testMappedRoleMapper() throws Exception {
init("TestDomain1");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain1");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user1");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("mappedGroup"));
Assert.assertFalse(roles.contains("firstGroup"));
Assert.assertFalse(roles.contains("secondGroup"));
Assert.assertFalse(roles.contains("notInThisGroup"));
Assert.assertEquals("user1", identity.getPrincipal().getName());
}
Example #10
| Source File: MappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testSourceAddressRoleDecoder() throws Exception {
KernelServices services = super.createKernelServicesBuilder(new TestEnvironment()).setSubsystemXmlResource("mappers-test.xml").build();
if (!services.isSuccessfulBoot()) {
Assert.fail(services.getBootError().toString());
}
TestEnvironment.activateService(services, Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY, "TestingDomain");
ServiceName serviceName = Capabilities.ROLE_DECODER_RUNTIME_CAPABILITY.getCapabilityServiceName("ipRoleDecoder1");
RoleDecoder roleDecoder = (RoleDecoder) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(roleDecoder);
String sourceAddress = "10.12.14.16";
Roles decodedRoles = roleDecoder.decodeRoles(getAuthorizationIdentity(sourceAddress));
assertTrue(decodedRoles.contains("admin"));
assertTrue(decodedRoles.contains("user"));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity("10.12.16.18")));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity(null)));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity("0:0:0:0:ffff:0:192.0.2.128")));
}
Example #11
| Source File: MappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testSourceAddressRoleDecoderWithIPv6() throws Exception {
KernelServices services = super.createKernelServicesBuilder(new TestEnvironment()).setSubsystemXmlResource("mappers-test.xml").build();
if (!services.isSuccessfulBoot()) {
Assert.fail(services.getBootError().toString());
}
TestEnvironment.activateService(services, Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY, "TestingDomainIPv6");
ServiceName serviceName = Capabilities.ROLE_DECODER_RUNTIME_CAPABILITY.getCapabilityServiceName("ipv6RoleDecoder");
RoleDecoder roleDecoder = (RoleDecoder) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(roleDecoder);
String sourceAddress = "2001:db8:85a3:0:0:8a2e:370:7334";
Roles decodedRoles = roleDecoder.decodeRoles(getAuthorizationIdentity(sourceAddress));
assertTrue(decodedRoles.contains("admin"));
assertTrue(decodedRoles.contains("user"));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity("0:0:0:0:ffff:0:192.0.2.128")));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity("10.12.16.18")));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity(null)));
}
Example #12
| Source File: RoleDecoderDefinitions.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Override
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model)
throws OperationFailedException {
ServiceTarget serviceTarget = context.getServiceTarget();
RuntimeCapability<Void> runtimeCapability = ROLE_DECODER_RUNTIME_CAPABILITY.fromBaseCapability(context.getCurrentAddressValue());
ServiceName roleDecoderName = runtimeCapability.getCapabilityServiceName(RoleDecoder.class);
final String sourceAddress = SOURCE_ADDRESS.resolveModelAttribute(context, model).asStringOrNull();
final String pattern = PATTERN.resolveModelAttribute(context, model).asStringOrNull();
final List<String> roles = ROLES.unwrap(context, model);
TrivialService<RoleDecoder> roleDecoderService;
// one of 'source-address' or 'pattern' must be specified
if (sourceAddress != null) {
roleDecoderService = new TrivialService<>(() -> new SourceAddressRoleDecoder(sourceAddress, Roles.fromSet(new HashSet<>(roles))));
} else {
roleDecoderService = new TrivialService<>(() -> new SourceAddressRoleDecoder(Pattern.compile(pattern), Roles.fromSet(new HashSet<>(roles))));
}
ServiceBuilder<RoleDecoder> roleDecoderBuilderBuilder = serviceTarget.addService(roleDecoderName, roleDecoderService);
commonDependencies(roleDecoderBuilderBuilder)
.setInitialMode(Mode.LAZY)
.install();
}
Example #13
| Source File: DomainTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testDefaultRealmIdentity() throws Exception {
init();
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("MyDomain");
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("firstUser"); // from FileRealm
Assert.assertTrue(context.exists());
context.authorize();
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Assert.assertEquals("John", identity.getAttributes().get("firstName").get(0));
Assert.assertEquals("Smith", identity.getAttributes().get("lastName").get(0));
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("prefixEmployeesuffix"));
Assert.assertTrue(roles.contains("prefixManagersuffix"));
Assert.assertTrue(roles.contains("prefixAdminsuffix"));
Assert.assertEquals("firstUser", identity.getPrincipal().getName());
Assert.assertTrue(identity.implies(new FilePermission("test", "read")));
Assert.assertFalse(identity.implies(new FilePermission("test", "write")));
}
Example #14
| Source File: DefaultRoleDecoderTest.java From quarkus with Apache License 2.0 | 6 votes |
|
@Test
public void testDecodeRoles() {
Attributes attributes = new MapAttributes();
attributes.add(ATTRIBUTE_NAME_GROUPS, 0, ROLE_ADMIN);
attributes.add(ATTRIBUTE_NAME_ROLES, 0, ROLE_TESTER);
AuthorizationIdentity authIdentity = AuthorizationIdentity.basicIdentity(attributes);
DefaultRoleDecoder defaultRoleDecoder = new DefaultRoleDecoder();
defaultRoleDecoder.groupsAttribute = ATTRIBUTE_NAME_GROUPS;
Roles roles = defaultRoleDecoder.fromDefaultAttribute(authIdentity);
Assertions.assertFalse(roles.isEmpty());
Assertions.assertTrue(roles.contains(ROLE_ADMIN));
Assertions.assertFalse(roles.contains(ROLE_TESTER));
defaultRoleDecoder.groupsAttribute = ATTRIBUTE_NAME_ROLES;
roles = defaultRoleDecoder.fromDefaultAttribute(authIdentity);
Assertions.assertFalse(roles.isEmpty());
Assertions.assertFalse(roles.contains(ROLE_ADMIN));
Assertions.assertTrue(roles.contains(ROLE_TESTER));
}
Example #15
| Source File: DomainTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testPermissionMappers() throws Exception {
init();
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("MyDomain");
SecurityDomain myDomain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
SecurityIdentity firstUser = getIdentityFromDomain(myDomain, "firstUser");
Roles roles = Roles.fromSet(new HashSet<>(Arrays.asList(new String[]{"role1", "role2"})));
serviceName = Capabilities.PERMISSION_MAPPER_RUNTIME_CAPABILITY.getCapabilityServiceName("SimplePermissionMapperRole");
PermissionMapper mapper = (PermissionMapper) services.getContainer().getService(serviceName).getValue();
PermissionVerifier verifier = mapper.mapPermissions(firstUser, roles);
Assert.assertTrue(verifier.implies(new LoginPermission()));
Assert.assertFalse(verifier.implies(new FilePermission("aaa", "read")));
serviceName = Capabilities.PERMISSION_MAPPER_RUNTIME_CAPABILITY.getCapabilityServiceName("SimplePermissionMapperPrincipal");
mapper = (PermissionMapper) services.getContainer().getService(serviceName).getValue();
verifier = mapper.mapPermissions(firstUser, roles);
Assert.assertTrue(verifier.implies(new LoginPermission()));
Assert.assertFalse(verifier.implies(new FilePermission("aaa", "read")));
}
Example #16
| Source File: MappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
@Test
public void testSourceAddressRoleDecoderWithRegex() throws Exception {
KernelServices services = super.createKernelServicesBuilder(new TestEnvironment()).setSubsystemXmlResource("mappers-test.xml").build();
if (!services.isSuccessfulBoot()) {
Assert.fail(services.getBootError().toString());
}
TestEnvironment.activateService(services, Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY, "TestingDomainRegex");
ServiceName serviceName = Capabilities.ROLE_DECODER_RUNTIME_CAPABILITY.getCapabilityServiceName("regexRoleDecoder");
RoleDecoder roleDecoder = (RoleDecoder) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(roleDecoder);
HashSet<String> expectedRoles = new HashSet<>();
expectedRoles.add("admin");
expectedRoles.add("user");
Roles decodedRoles = roleDecoder.decodeRoles(getAuthorizationIdentity("10.12.14.16"));
assertTrue(decodedRoles.containsAll(expectedRoles));
decodedRoles = roleDecoder.decodeRoles(getAuthorizationIdentity("10.12.14.18"));
assertTrue(decodedRoles.containsAll(expectedRoles));
decodedRoles = roleDecoder.decodeRoles(getAuthorizationIdentity("10.12.14.1"));
assertTrue(decodedRoles.containsAll(expectedRoles));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity("12.12.16.18")));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity("10.12.14.18.20")));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity("0:0:0:0:ffff:0:192.0.2.128")));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity(null)));
}
Example #17
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
@Test
public void testAddRegexRoleMapperAggregate() throws Exception {
init("TestDomain10");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain10");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user5");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Assert.assertEquals("user5", identity.getPrincipal().getName());
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("admin"));
Assert.assertTrue(roles.contains("guest"));
Assert.assertFalse(roles.contains("1-user"));
Assert.assertFalse(roles.contains("user"));
context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user6");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
identity = context.getAuthorizedIdentity();
Assert.assertEquals("user6", identity.getPrincipal().getName());
roles = identity.getRoles();
Assert.assertFalse(roles.contains("admin"));
Assert.assertFalse(roles.contains("random"));
}
Example #18
| Source File: MappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
@Test
public void testSourceAddressRoleDecoderWithRegexIPv6() throws Exception {
KernelServices services = super.createKernelServicesBuilder(new TestEnvironment()).setSubsystemXmlResource("mappers-test.xml").build();
if (!services.isSuccessfulBoot()) {
Assert.fail(services.getBootError().toString());
}
TestEnvironment.activateService(services, Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY, "TestingDomainRegexIPv6");
ServiceName serviceName = Capabilities.ROLE_DECODER_RUNTIME_CAPABILITY.getCapabilityServiceName("ipv6RegexRoleDecoder");
RoleDecoder roleDecoder = (RoleDecoder) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(roleDecoder);
HashSet<String> expectedRoles = new HashSet<>();
expectedRoles.add("admin");
expectedRoles.add("user");
Roles decodedRoles = roleDecoder.decodeRoles(getAuthorizationIdentity("2001:db8:85a3:0:0:8a2e:370:7334"));
assertTrue(decodedRoles.containsAll(expectedRoles));
decodedRoles = roleDecoder.decodeRoles(getAuthorizationIdentity("2001:db8:85a3:0:0:8a2e:370:7335"));
assertTrue(decodedRoles.containsAll(expectedRoles));
decodedRoles = roleDecoder.decodeRoles(getAuthorizationIdentity("2001:db8:85a3:0:0:8a2e:370:7000"));
assertTrue(decodedRoles.containsAll(expectedRoles));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity("2001:db8:85a3:0:0:8a2e:370:")));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity("2222:db8:85a3:0:0:8a2e:370:7335")));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity("2001:db8:85a3:0:0:8a2e:370:7335:0")));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity("12.12.16.18")));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity(null)));
}
Example #19
| Source File: MappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
@Test
public void testAggregateRoleDecoder() throws Exception {
KernelServices services = super.createKernelServicesBuilder(new TestEnvironment()).setSubsystemXmlResource("mappers-test.xml").build();
if (!services.isSuccessfulBoot()) {
Assert.fail(services.getBootError().toString());
}
TestEnvironment.activateService(services, Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY, "TestingDomainAggregate");
ServiceName serviceName = Capabilities.ROLE_DECODER_RUNTIME_CAPABILITY.getCapabilityServiceName("aggregateRoleDecoder");
RoleDecoder roleDecoder = (RoleDecoder) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(roleDecoder);
Roles decodedRoles = roleDecoder.decodeRoles(getAuthorizationIdentity("10.12.14.16"));
assertTrue(decodedRoles.contains("admin"));
assertTrue(decodedRoles.contains("user"));
assertFalse(decodedRoles.contains("employee"));
assertTrue(decodedRoles.contains("internal"));
decodedRoles = roleDecoder.decodeRoles(getAuthorizationIdentity("10.12.14.18"));
assertFalse(decodedRoles.contains("admin"));
assertFalse(decodedRoles.contains("user"));
assertTrue(decodedRoles.contains("employee"));
assertTrue(decodedRoles.contains("internal"));
decodedRoles = roleDecoder.decodeRoles(getAuthorizationIdentity("10.12.14.20"));
assertFalse(decodedRoles.contains("admin"));
assertFalse(decodedRoles.contains("user"));
assertFalse(decodedRoles.contains("employee"));
assertTrue(decodedRoles.contains("internal"));
decodedRoles = roleDecoder.decodeRoles(getAuthorizationIdentity("10.10.14.20"));
assertFalse(decodedRoles.contains("admin"));
assertFalse(decodedRoles.contains("user"));
assertFalse(decodedRoles.contains("employee"));
assertFalse(decodedRoles.contains("internal"));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity("2001:db8:85a3:0:0:8a2e:370:")));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity("12.12.16.18")));
Assert.assertEquals(Roles.NONE, roleDecoder.decodeRoles(getAuthorizationIdentity(null)));
}
Example #20
| Source File: DefaultRoleDecoder.java From quarkus with Apache License 2.0 | 5 votes |
|
Roles fromDefaultAttribute(AuthorizationIdentity authorizationIdentity) {
Attributes.Entry groups = authorizationIdentity.getAttributes().get(groupsAttribute);
if (groups == null) {
return Roles.NONE;
}
return Roles.fromSet(new HashSet<>(groups));
}
Example #21
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
@Test
public void testAddRegexRoleMapperWithRegexBoundaries() throws Exception {
init("TestDomain9");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain9");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user4");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Assert.assertEquals("user4", identity.getPrincipal().getName());
Roles roles = identity.getRoles();
Assert.assertFalse(roles.contains("app-user"));
Assert.assertFalse(roles.contains("app-user-first-time-user"));
Assert.assertFalse(roles.contains("app-admin-first-time-user"));
Assert.assertFalse(roles.contains("app-user-first-time-admin"));
Assert.assertFalse(roles.contains("joe"));
Assert.assertFalse(roles.contains("app-admin"));
Assert.assertFalse(roles.contains("app-admin-first-time-admin"));
context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user7");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
identity = context.getAuthorizedIdentity();
Assert.assertEquals("user7", identity.getPrincipal().getName());
roles = identity.getRoles();
Assert.assertTrue(roles.contains("admin"));
Assert.assertFalse(roles.contains("user"));
}
Example #22
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
@Test
public void testAddRegexRoleMapperReplaceAll() throws Exception {
init("TestDomain8");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain8");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user4");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Assert.assertEquals("user4", identity.getPrincipal().getName());
Roles roles = identity.getRoles();
Assert.assertFalse(roles.contains("app-user"));
Assert.assertFalse(roles.contains("app-user-first-time-user"));
Assert.assertFalse(roles.contains("app-admin-first-time-user"));
Assert.assertFalse(roles.contains("app-user-first-time-admin"));
Assert.assertFalse(roles.contains("joe"));
Assert.assertTrue(roles.contains("app-admin"));
Assert.assertTrue(roles.contains("app-admin-first-time-admin"));
context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user7");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
identity = context.getAuthorizedIdentity();
Assert.assertEquals("user7", identity.getPrincipal().getName());
roles = identity.getRoles();
Assert.assertTrue(roles.contains("admin"));
Assert.assertFalse(roles.contains("user"));
}
Example #23
| Source File: RoleMapperDefinitions.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
static ResourceDefinition getConstantRoleMapperDefinition() {
AbstractAddStepHandler add = new RoleMapperAddHandler(ROLES) {
@Override
protected ValueSupplier<RoleMapper> getValueSupplier(OperationContext context, ModelNode model) throws OperationFailedException {
List<String> rolesList = ROLES.unwrap(context, model);
final Roles roles = Roles.fromSet(new HashSet<>(rolesList));
return () -> (Roles r) -> roles;
}
};
return new RoleMapperResourceDefinition(ElytronDescriptionConstants.CONSTANT_ROLE_MAPPER, add, ROLES);
}
Example #24
| Source File: RoleMapperDefinitions.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
static ResourceDefinition getAddPrefixRoleMapperDefinition() {
AbstractAddStepHandler add = new RoleMapperAddHandler(PREFIX) {
@Override
protected ValueSupplier<RoleMapper> getValueSupplier(OperationContext context, ModelNode model) throws OperationFailedException {
final String prefix = PREFIX.resolveModelAttribute(context, model).asString();
return () -> (Roles r) -> r.addPrefix(prefix);
}
};
return new RoleMapperResourceDefinition(ElytronDescriptionConstants.ADD_PREFIX_ROLE_MAPPER, add, PREFIX);
}
Example #25
| Source File: RoleMapperDefinitions.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
static ResourceDefinition getAddSuffixRoleMapperDefinition() {
AbstractAddStepHandler add = new RoleMapperAddHandler(SUFFIX) {
@Override
protected ValueSupplier<RoleMapper> getValueSupplier(OperationContext context, ModelNode model) throws OperationFailedException {
final String suffix = SUFFIX.resolveModelAttribute(context, model).asString();
return () -> (Roles r) -> r.addSuffix(suffix);
}
};
return new RoleMapperResourceDefinition(ElytronDescriptionConstants.ADD_SUFFIX_ROLE_MAPPER, add, SUFFIX);
}
Example #26
| Source File: WildflyWebSecurityConfig.java From taskana with Apache License 2.0 | 5 votes |
|
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> authorities = new ArrayList<>();
SecurityIdentity securityIdentity = getSecurityIdentity();
if (securityIdentity != null) {
Roles roles = securityIdentity.getRoles();
roles.forEach(role -> authorities.add(new SimpleGrantedAuthority(role)));
}
return authorities;
}
Example #27
| Source File: CustomRoleDecoder.java From quarkus with Apache License 2.0 | 5 votes |
|
@Override
public Roles decodeRoles(AuthorizationIdentity authorizationIdentity) {
Attributes.Entry groupsEntry = authorizationIdentity.getAttributes().get("Roles");
Set<String> roles = new HashSet<>();
StreamSupport.stream(groupsEntry.spliterator(), false).forEach(groups -> {
for (String role : groups.split(",")) {
roles.add(role.trim());
}
});
return Roles.fromSet(roles);
}
Example #28
| Source File: CustomRoleDecoder.java From quarkus with Apache License 2.0 | 5 votes |
|
@Override
public Roles decodeRoles(AuthorizationIdentity authorizationIdentity) {
Attributes.Entry groupsEntry = authorizationIdentity.getAttributes().get("groups");
Set<String> roles = new HashSet<>();
StreamSupport.stream(groupsEntry.spliterator(), false).forEach(groups -> {
for (String role : groups.split(",")) {
roles.add(role.trim());
}
});
return Roles.fromSet(roles);
}
Example #29
| Source File: ElytronRecorder.java From quarkus with Apache License 2.0 | 5 votes |
|
/**
* Create a {@linkplain SecurityDomain.Builder} for the given default {@linkplain SecurityRealm}.
*
* @param realmName - the default realm name
* @param realm - the default SecurityRealm
* @return a runtime value for the SecurityDomain.Builder
* @throws Exception on any error
*/
public RuntimeValue<SecurityDomain.Builder> configureDomainBuilder(String realmName, RuntimeValue<SecurityRealm> realm)
throws Exception {
log.debugf("buildDomain, realm=%s", realm.getValue());
SecurityDomain.Builder domain = SecurityDomain.builder()
.addRealm(realmName, realm.getValue())
.setRoleDecoder(new RoleDecoder() {
@Override
public Roles decodeRoles(AuthorizationIdentity authorizationIdentity) {
return CDI.current().select(DefaultRoleDecoder.class).get().decodeRoles(authorizationIdentity);
}
})
.build()
.setDefaultRealmName(realmName)
.setPermissionMapper(new PermissionMapper() {
@Override
public PermissionVerifier mapPermissions(PermissionMappable permissionMappable, Roles roles) {
return new PermissionVerifier() {
@Override
public boolean implies(Permission permission) {
return true;
}
};
}
});
return new RuntimeValue<>(domain);
}
Example #30
| Source File: RoleMapperDefinitions.java From wildfly-core with GNU Lesser General Public License v2.1 | 4 votes |
|
static ResourceDefinition getMappedRoleMapperDefinition() {
AbstractAddStepHandler add = new RoleMapperAddHandler(ROLE_MAPPING_MAP, KEEP_MAPPED, KEEP_NON_MAPPED) {
@Override
protected ValueSupplier<RoleMapper> getValueSupplier(OperationContext context, ModelNode model) throws OperationFailedException {
ModelNode roleMappingMapNode = ROLE_MAPPING_MAP.resolveModelAttribute(context, model);
boolean keepMapped = KEEP_MAPPED.resolveModelAttribute(context, model).asBoolean();
boolean keepNonMapped = KEEP_NON_MAPPED.resolveModelAttribute(context, model).asBoolean();
Set<String> keys = roleMappingMapNode.keys();
final Map<String, Set<String>> roleMappingMap = new LinkedHashMap<>(keys.size());
for (String s : keys) {
List<ModelNode> currentList = roleMappingMapNode.require(s).asList();
Set<String> set = new LinkedHashSet<>();
for (ModelNode m : currentList) {
set.add(m.asString());
}
roleMappingMap.put(s, set);
}
final MappedRoleMapper roleMapper = MappedRoleMapper.builder()
.setRoleMap(roleMappingMap)
.build();
final Roles keyRoles = Roles.fromSet(roleMappingMap.keySet());
if (keepMapped && keepNonMapped) {
return () -> roleMapper.or(RoleMapper.IDENTITY_ROLE_MAPPER);
}
if (keepMapped) {
return () -> roleMapper.or(delegate -> delegate.and(keyRoles));
}
if (keepNonMapped) {
return () -> roleMapper.or(delegate -> delegate.minus(keyRoles));
}
return () -> roleMapper;
}
};
return new RoleMapperResourceDefinition(ElytronDescriptionConstants.MAPPED_ROLE_MAPPER, add, ROLE_MAPPING_MAP, KEEP_MAPPED, KEEP_NON_MAPPED);
}
