java.security.acl.Group Java Examples
The following examples show how to use
java.security.acl.Group.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: DomainAuthorizationPolicy.java From wildfly-camel with Apache License 2.0 | 6 votes |
|
@Override
protected void authorize(LoginContext context) throws LoginException {
HashSet<String> required = new HashSet<>(requiredRoles);
Set<Group> groups = context.getSubject().getPrincipals(Group.class);
if (groups != null) {
for (Group group : groups) {
if ("Roles".equals(group.getName())) {
for (String role : requiredRoles) {
if (group.isMember(new SimplePrincipal(role))) {
required.remove(role);
}
}
}
}
}
if (!required.isEmpty())
throw new LoginException("User does not have required roles: " + required);
}
Example #2
| Source File: CurrentUserContext.java From taskana with Apache License 2.0 | 6 votes |
|
private static String getUserIdFromJaasSubject() {
Subject subject = Subject.getSubject(AccessController.getContext());
LOGGER.trace("Subject of caller: {}", subject);
if (subject != null) {
Set<Principal> principals = subject.getPrincipals();
LOGGER.trace("Public principals of caller: {}", principals);
return principals.stream()
.filter(principal -> !(principal instanceof Group))
.map(Principal::getName)
.filter(Objects::nonNull)
.map(CurrentUserContext::convertAccessId)
.findFirst()
.orElse(null);
}
LOGGER.trace("No userId found in subject!");
return null;
}
Example #3
| Source File: GenericPrincipalFactory.java From keycloak with Apache License 2.0 | 6 votes |
|
protected Group createGroup(String name, Set<Principal> principals) {
Group roles = null;
Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) {
Object next = iter.next();
if (!(next instanceof Group))
continue;
Group grp = (Group) next;
if (grp.getName().equals(name)) {
roles = grp;
break;
}
}
// If we did not find a group create one
if (roles == null) {
roles = new SimpleGroup(name);
principals.add(roles);
}
return roles;
}
Example #4
| Source File: SecurityInfoHelper.java From keycloak with Apache License 2.0 | 6 votes |
|
/**
* Get the Principal given the authenticated Subject. Currently the first subject that is not of type {@code Group} is
* considered or the single subject inside the CallerPrincipal group.
*
* @param subject
* @return the authenticated subject
*/
protected static Principal getPrincipal(Subject subject) {
Principal principal = null;
Principal callerPrincipal = null;
if (subject != null) {
Set<Principal> principals = subject.getPrincipals();
if (principals != null && !principals.isEmpty()) {
for (Principal p : principals) {
if (!(p instanceof Group) && principal == null) {
principal = p;
}
if (p instanceof Group) {
Group g = Group.class.cast(p);
if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) {
Enumeration<? extends Principal> e = g.members();
if (e.hasMoreElements())
callerPrincipal = e.nextElement();
}
}
}
}
}
return callerPrincipal == null ? principal : callerPrincipal;
}
Example #5
| Source File: AbstractServerLoginModule.java From lams with GNU General Public License v2.0 | 6 votes |
|
/** Find or create a Group with the given name. Subclasses should use this
method to locate the 'Roles' group or create additional types of groups.
@return A named Group from the principals set.
*/
protected Group createGroup(String name, Set<Principal> principals)
{
Group roles = null;
Iterator<Principal> iter = principals.iterator();
while( iter.hasNext() )
{
Object next = iter.next();
if( (next instanceof Group) == false )
continue;
Group grp = (Group) next;
if( grp.getName().equals(name) )
{
roles = grp;
break;
}
}
// If we did not find a group create one
if( roles == null )
{
roles = new SimpleGroup(name);
principals.add(roles);
}
return roles;
}
Example #6
| Source File: AbstractServerLoginModule.java From lams with GNU General Public License v2.0 | 6 votes |
|
protected Group getCallerPrincipalGroup(Set<Principal> principals)
{
Group callerGroup = null;
for (Principal principal : principals)
{
if (principal instanceof Group)
{
Group group = Group.class.cast(principal);
if (group.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP))
{
callerGroup = group;
break;
}
}
}
return callerGroup;
}
Example #7
| Source File: RoleMappingLoginModule.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
* Get the Group called as "Roles" from the authenticated subject
*
* @return Group representing Roles
*/
private Group getExistingRolesFromSubject()
{
Iterator<? extends Principal> iter = subject.getPrincipals().iterator();
while(iter.hasNext())
{
Principal p = iter.next();
if(p instanceof Group)
{
Group g = (Group) p;
if("Roles".equals(g.getName()))
return g;
}
}
return null;
}
Example #8
| Source File: RoleMappingLoginModule.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
* Process the group with the roles that are mapped in the
* properies file
* @param group Group that needs to be processed
* @param props Properties file
*/
private void processRoles(Group group,Properties props) //throws Exception
{
Enumeration<?> enumer = props.propertyNames();
while(enumer.hasMoreElements())
{
String roleKey = (String)enumer.nextElement();
String comma_separated_roles = props.getProperty(roleKey);
try {
Principal pIdentity = createIdentity(roleKey);
if (group != null)
{
if(group.isMember(pIdentity))
Util.parseGroupMembers(group,comma_separated_roles,this);
if(REPLACE_ROLE)
group.removeMember(pIdentity);
}
}
catch(Exception e) {
PicketBoxLogger.LOGGER.debugFailureToCreatePrincipal(roleKey, e);
}
}
}
Example #9
| Source File: Util.java From lams with GNU General Public License v2.0 | 6 votes |
|
/** Parse the comma delimited roles names given by value and add them to
* group. The type of Principal created for each name is determined by
* the createIdentity method.
*
* @see AbstractServerLoginModule#createIdentity(String)
*
* @param group - the Group to add the roles to.
* @param roles - the comma delimited role names.
*/
static void parseGroupMembers(Group group, String roles, AbstractServerLoginModule aslm)
{
StringTokenizer tokenizer = new StringTokenizer(roles, ",");
while (tokenizer.hasMoreTokens())
{
String token = tokenizer.nextToken();
try
{
Principal p = aslm.createIdentity(token);
group.addMember(p);
}
catch (Exception e)
{
PicketBoxLogger.LOGGER.debugFailureToCreatePrincipal(token, e);
}
}
}
Example #10
| Source File: GenericPrincipalFactory.java From keycloak with Apache License 2.0 | 6 votes |
|
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) {
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(identity);
Group[] roleSets = getRoleSets(roleSet);
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
Principal userPrincipal = getPrincipal(subject);
List<String> rolesAsStringList = new ArrayList<String>();
rolesAsStringList.addAll(roleSet);
GenericPrincipal principal = createPrincipal(userPrincipal, rolesAsStringList);
return principal;
}
Example #11
| Source File: SecurityUtil.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
* Get the Subject roles by looking for a Group called 'Roles'
*
* @param theSubject - the Subject to search for roles
* @return the Group contain the subject roles if found, null otherwise
*/
public static Group getSubjectRoles(Subject theSubject)
{
if (theSubject == null)
throw PicketBoxMessages.MESSAGES.invalidNullArgument("theSubject");
Set<Group> subjectGroups = theSubject.getPrincipals(Group.class);
Iterator<Group> iter = subjectGroups.iterator();
Group roles = null;
while (iter.hasNext())
{
Group grp = iter.next();
String name = grp.getName();
if (name.equals("Roles"))
roles = grp;
}
return roles;
}
Example #12
| Source File: WildflyRequestAuthenticator.java From keycloak with Apache License 2.0 | 6 votes |
|
/**
* Get the Principal given the authenticated Subject. Currently the first subject that is not of type {@code Group} is
* considered or the single subject inside the CallerPrincipal group.
*
* @param subject
* @return the authenticated subject
*/
protected Principal getPrincipal(Subject subject) {
Principal principal = null;
Principal callerPrincipal = null;
if (subject != null) {
Set<Principal> principals = subject.getPrincipals();
if (principals != null && !principals.isEmpty()) {
for (Principal p : principals) {
if (!(p instanceof Group) && principal == null) {
principal = p;
}
if (p instanceof Group) {
Group g = Group.class.cast(p);
if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) {
Enumeration<? extends Principal> e = g.members();
if (e.hasMoreElements())
callerPrincipal = e.nextElement();
}
}
}
}
}
return callerPrincipal == null ? principal : callerPrincipal;
}
Example #13
| Source File: SecurityInfoHelper.java From keycloak with Apache License 2.0 | 6 votes |
|
/**
* Get the Principal given the authenticated Subject. Currently the first subject that is not of type {@code Group} is
* considered or the single subject inside the CallerPrincipal group.
*
* @param subject
* @return the authenticated subject
*/
protected static Principal getPrincipal(Subject subject) {
Principal principal = null;
Principal callerPrincipal = null;
if (subject != null) {
Set<Principal> principals = subject.getPrincipals();
if (principals != null && !principals.isEmpty()) {
for (Principal p : principals) {
if (!(p instanceof Group) && principal == null) {
principal = p;
}
if (p instanceof Group) {
Group g = Group.class.cast(p);
if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) {
Enumeration<? extends Principal> e = g.members();
if (e.hasMoreElements())
callerPrincipal = e.nextElement();
}
}
}
}
}
return callerPrincipal == null ? principal : callerPrincipal;
}
Example #14
| Source File: JBossAuthorizationManager.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
* Get the Subject roles by looking for a Group called 'Roles'
* @param theSubject - the Subject to search for roles
* @return the Group contain the subject roles if found, null otherwise
*/
private Group getGroupFromSubject(Subject theSubject)
{
if(theSubject == null)
throw PicketBoxMessages.MESSAGES.invalidNullArgument("theSubject");
Set<Group> subjectGroups = theSubject.getPrincipals(Group.class);
Iterator<Group> iter = subjectGroups.iterator();
Group roles = null;
while( iter.hasNext() )
{
Group grp = iter.next();
String name = grp.getName();
if( name.equals(ROLES_IDENTIFIER) )
roles = grp;
}
return roles;
}
Example #15
| Source File: JBossSecurityContextUtil.java From lams with GNU General Public License v2.0 | 6 votes |
|
@Override
public <T> void set(String key, T obj)
{
validateSecurityContext();
if(key == null)
throw PicketBoxMessages.MESSAGES.invalidNullArgument("key");
if(obj != null)
{
if(RUNAS_IDENTITY_IDENTIFIER.equals(key) && obj instanceof RunAsIdentity == false)
throw PicketBoxMessages.MESSAGES.invalidType(RunAsIdentity.class.getName());
if(ROLES_IDENTIFIER.equals(key) && obj instanceof Group == false)
throw PicketBoxMessages.MESSAGES.invalidType(Group.class.getName());
}
if(RUNAS_IDENTITY_IDENTIFIER.equals(key))
setRunAsIdentity( (RunAsIdentity) obj);
else
securityContext.getData().put(key, obj);
}
Example #16
| Source File: PicketBoxAuthorizationModule.java From lams with GNU General Public License v2.0 | 6 votes |
|
public int authorize(Resource resource)
{
Set<Principal> principals = subject.getPrincipals();
for(Principal p: principals)
{
if(p instanceof Group)
{
Group group = (Group) p;
if(group.getName().equalsIgnoreCase("Roles"))
{
Enumeration<? extends Principal> roles = group.members();
while(roles.hasMoreElements())
{
Principal role = roles.nextElement();
if(rolesSet.contains(role.getName()))
return AuthorizationContext.PERMIT;
}
}
}
}
return AuthorizationContext.DENY;
}
Example #17
| Source File: UniversalLoginModule.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
* Find or create a Group with the given name. Subclasses should use this method to locate the 'Roles' group or
* create additional types of groups.
*
* @return A named Group from the principals set.
*/
private Group createGroup(String name, Set<Principal> principals) {
Group roles = null;
for (Principal principal : principals) {
if (principal instanceof Group) {
Group grp = (Group) principal;
if (grp.getName().equals(name)) {
roles = grp;
break;
}
}
}
// If we did not find a group create one
if (roles == null) {
roles = new SimpleGroup(name);
principals.add(roles);
}
return roles;
}
Example #18
| Source File: LdapExtLoginModule.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
Overridden by subclasses to return the Groups that correspond to the to the
role sets assigned to the user. Subclasses should create at least a Group
named "Roles" that contains the roles assigned to the user. A second common
group is "CallerPrincipal" that provides the application identity of the user
rather than the security domain identity.
@return Group[] containing the sets of roles
*/
protected Group[] getRoleSets() throws LoginException
{
// SECURITY-225: check if authentication was already done in a previous login module
// and perform role mapping
if (!isPasswordValidated && getIdentity() != unauthenticatedIdentity)
{
try
{
String username = getUsername();
PicketBoxLogger.LOGGER.traceBindingLDAPUsername(username);
createLdapInitContext(username, null);
defaultRole();
}
catch (Exception e)
{
LoginException le = new LoginException();
le.initCause(e);
throw le;
}
}
Group[] roleSets = {userRoles};
return roleSets;
}
Example #19
| Source File: Users.java From lams with GNU General Public License v2.0 | 6 votes |
|
public String[] getRoleNames(String roleGroup)
{
Group group = roleGroups.get(roleGroup);
String[] names = {};
if( group != null )
{
ArrayList<String> tmp = new ArrayList<String>();
Enumeration<? extends Principal> iter = group.members();
while( iter.hasMoreElements() )
{
Principal p = iter.nextElement();
tmp.add(p.getName());
}
names = new String[tmp.size()];
tmp.toArray(names);
}
return names;
}
Example #20
| Source File: DeploymentRolesMappingProvider.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Obtains the deployment roles via the context map and applies it
* on the mappedObject
* @see MappingProvider#performMapping(Map, Object)
*/
@SuppressWarnings("unchecked")
public void performMapping(Map<String,Object> contextMap, RoleGroup mappedObject)
{
if(contextMap == null || contextMap.isEmpty())
throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextMap");
//Obtain the principal to roles mapping
Principal principal = (Principal) contextMap.get(SecurityConstants.PRINCIPAL_IDENTIFIER);
Map<String,Set<String>> principalRolesMap = (Map<String,Set<String>>)contextMap.get(SecurityConstants.DEPLOYMENT_PRINCIPAL_ROLES_MAP);
Set<Principal> subjectPrincipals = (Set<Principal>) contextMap.get(SecurityConstants.PRINCIPALS_SET_IDENTIFIER);
PicketBoxLogger.LOGGER.debugMappingProviderOptions(principal, principalRolesMap, subjectPrincipals);
if(principalRolesMap == null || principalRolesMap.isEmpty())
{
result.setMappedObject(mappedObject);
return ; // No Mapping
}
if(principal != null)
{
mappedObject = mapGroup(principal, principalRolesMap, mappedObject);
}
if(subjectPrincipals != null)
{
for(Principal p: subjectPrincipals)
{
if(p instanceof Group)
continue;
mappedObject = mapGroup(p, principalRolesMap, mappedObject);
}
}
result.setMappedObject(mappedObject);
}
Example #21
| Source File: JBossWebPrincipalFactory.java From keycloak with Apache License 2.0 | 5 votes |
|
protected Group[] getRoleSets(Collection<String> roleSet) {
SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = {roles};
for (String role : roleSet) {
roles.addMember(new SimplePrincipal(role));
}
return roleSets;
}
Example #22
| Source File: DatabaseServerLoginModule.java From lams with GNU General Public License v2.0 | 5 votes |
|
/** Execute the rolesQuery against the dsJndiName to obtain the roles for
the authenticated user.
@return Group[] containing the sets of roles
*/
protected Group[] getRoleSets() throws LoginException
{
if (rolesQuery != null)
{
String username = getUsername();
PicketBoxLogger.LOGGER.traceExecuteQuery(rolesQuery, username);
Group[] roleSets = Util.getRoleSets(username, dsJndiName, txManagerJndiName, rolesQuery, this,
suspendResume);
return roleSets;
}
return new Group[0];
}
Example #23
| Source File: AbstractPrincipalMappingProvider.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* @see MappingProvider#supports(Class)
*/
public boolean supports(Class<?> p)
{
if(Group.class.isAssignableFrom(p))
return false;
if(Principal.class.isAssignableFrom(p))
return true;
return false;
}
Example #24
| Source File: AnonLoginModule.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Override to return an empty Roles set.
* @return an array comtaning an empty 'Roles' Group.
*/
protected Group[] getRoleSets() throws LoginException
{
SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = {roles};
return roleSets;
}
Example #25
| Source File: SimpleRoleGroup.java From lams with GNU General Public License v2.0 | 5 votes |
|
public SimpleRoleGroup(Group rolesGroup)
{
super(rolesGroup.getName());
Enumeration<? extends Principal> principals = rolesGroup.members();
while (principals.hasMoreElements())
{
SimpleRole role = new SimpleRole(principals.nextElement().getName());
addRole(role);
}
}
Example #26
| Source File: JBossAuthorizationManager.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* @see AuthorizationManager#authorize(Resource, Subject, Group)
*/
public int authorize(Resource resource, Subject subject,
Group roleGroup) throws AuthorizationException
{
this.validateResource(resource);
return internalAuthorization(resource, subject, getRoleGroup(roleGroup));
}
Example #27
| Source File: CurrentUserContext.java From taskana with Apache License 2.0 | 5 votes |
|
public static List<String> getGroupIds() {
Subject subject = Subject.getSubject(AccessController.getContext());
LOGGER.trace("Subject of caller: {}", subject);
if (subject != null) {
Set<Group> groups = subject.getPrincipals(Group.class);
LOGGER.trace("Public groups of caller: {}", groups);
return groups.stream()
.map(Principal::getName)
.filter(Objects::nonNull)
.map(CurrentUserContext::convertAccessId)
.collect(Collectors.toList());
}
LOGGER.trace("No groupIds found in subject!");
return Collections.emptyList();
}
Example #28
| Source File: JBossAuthorizationManager.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Copy the principals from the second group into the first.
* If the first group is null and the second group is not, the
* first group will be made equal to the second group
* @param source
* @param toCopy
*/
private RoleGroup copyGroups(RoleGroup source, Group toCopy)
{
if(toCopy == null)
return source;
if(source == null && toCopy != null)
source = this.getEmptyRoleGroup();
Enumeration<? extends Principal> en = toCopy.members();
while(en.hasMoreElements())
{
source.addRole(new SimpleRole(en.nextElement().getName()));
}
return source;
}
Example #29
| Source File: JBossAuthorizationManager.java From lams with GNU General Public License v2.0 | 5 votes |
|
private RoleGroup getRoleGroup(Group roleGroup)
{
if(roleGroup == null)
throw PicketBoxMessages.MESSAGES.invalidNullArgument("roleGroup");
SimpleRoleGroup srg = new SimpleRoleGroup(roleGroup.getName());
Enumeration<? extends Principal> principals = roleGroup.members();
while(principals.hasMoreElements())
{
srg.addRole(new SimpleRole(principals.nextElement().getName()));
}
return srg;
}
Example #30
| Source File: AbstractRolesMappingProvider.java From lams with GNU General Public License v2.0 | 5 votes |
|
protected Principal getCallerPrincipal(Map<String, Object> map)
{
Principal principal = (Principal) map.get(SecurityConstants.PRINCIPAL_IDENTIFIER);
Principal callerPrincipal = null;
if (principal == null)
{
@SuppressWarnings("unchecked")
Set<Principal> principals = (Set<Principal>) map.get(SecurityConstants.PRINCIPALS_SET_IDENTIFIER);
if (principals != null && !principals.isEmpty())
{
for (Principal p : principals) {
if (!(p instanceof Group) && principal == null) {
principal = p;
}
if (p instanceof Group) {
Group g = Group.class.cast(p);
if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) {
Enumeration<? extends Principal> e = g.members();
if (e.hasMoreElements())
callerPrincipal = e.nextElement();
}
}
}
}
}
return callerPrincipal == null ? principal : callerPrincipal;
}
