org.jboss.security.identity.plugins.SimpleRoleGroup Java Examples

The following examples show how to use org.jboss.security.identity.plugins.SimpleRoleGroup. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: DeploymentRolesMappingProvider.java    From lams with GNU General Public License v2.0 6 votes vote down vote up 
private RoleGroup mapGroup(Principal principal, Map<String, Set<String>> principalRolesMap,
      RoleGroup mappedObject)
{
   Set<String> roleset = (Set<String>)principalRolesMap.get(principal.getName());
   if(roleset != null)
   {
      RoleGroup newRoles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
      
      if(roleset != null)
      {
         for(String r:roleset)
         {
            newRoles.addRole(new SimpleRole(r));            
         }
      }
      
      mappedObject.clearRoles();
      mappedObject.addAll(newRoles.getRoles()); 
   } 
   return mappedObject;
}
Example #2
Source File: JBossAuthorizationManager.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
private RoleGroup getRoleGroup(Group roleGroup)
{
   if(roleGroup == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("roleGroup");
   SimpleRoleGroup srg = new SimpleRoleGroup(roleGroup.getName());
   Enumeration<? extends Principal> principals = roleGroup.members();
   while(principals.hasMoreElements())
   {
      srg.addRole(new SimpleRole(principals.nextElement().getName()));
   }
   return srg;  
}
Example #3
Source File: PicketBoxUtil.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
/**
 * Given a JAAS Subject, will look for {@code Group} principals
 * with name "Roles" and return that in a {@code RoleGroup}
 * @param subject
 * @return a RoleGroup containing the roles
 */
public static RoleGroup getRolesFromSubject(Subject subject)
{
   Set<Group> groupPrincipals = subject.getPrincipals(Group.class);
   if(groupPrincipals!= null)
   {
      for(Group groupPrincipal: groupPrincipals)
      {
         if(SecurityConstants.ROLES_IDENTIFIER.equals(groupPrincipal.getName()))
               return new SimpleRoleGroup(groupPrincipal);  
      }
   }
   return null;
}
Example #4
Source File: JWTAuthMechanism.java    From thorntail with Apache License 2.0 5 votes vote down vote up 
/**
 * Extract the Roles group and return it as a RoleGroup
 *
 * @param subject authenticated subject
 * @return RoleGroup from "Roles"
 */
protected RoleGroup extract(Subject subject) {
    Optional<Principal> match = subject.getPrincipals()
            .stream()
            .filter(g -> g.getName().equals(SecurityConstants.ROLES_IDENTIFIER))
            .findFirst();
    Group rolesGroup = (Group) match.get();
    RoleGroup roles = new SimpleRoleGroup(rolesGroup);
    return roles;
}
Example #5
Source File: DeploymentRoleToRolesMappingProvider.java    From lams with GNU General Public License v2.0 4 votes vote down vote up 
/**
 * Obtains the deployment roles via the context map and applies it
 * on the mappedObject
 * @see MappingProvider#performMapping(Map, Object)
 */ 
@SuppressWarnings("unchecked")
public void performMapping(Map<String,Object> contextMap, RoleGroup mappedObject)
{  
   if(contextMap == null || contextMap.isEmpty())
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextMap");

   //Obtain the principal to roles mapping
   Principal principal = (Principal) contextMap.get(SecurityConstants.PRINCIPAL_IDENTIFIER);
   Map<String,Set<String>> roleToRolesMap = (Map<String,Set<String>>)contextMap.get(SecurityConstants.DEPLOYMENT_PRINCIPAL_ROLES_MAP);
   Set<Principal> subjectPrincipals = (Set<Principal>) contextMap.get(SecurityConstants.PRINCIPALS_SET_IDENTIFIER);      
   PicketBoxLogger.LOGGER.debugMappingProviderOptions(principal, roleToRolesMap, subjectPrincipals);
   
   
   if(roleToRolesMap == null || roleToRolesMap.isEmpty())
   {
      result.setMappedObject(mappedObject);
      return ; // No Mapping
   }

   RoleGroup newRoles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
   
   RoleGroup assignedRoles = (SimpleRoleGroup)contextMap.get(SecurityConstants.ROLES_IDENTIFIER);

   if(assignedRoles != null){      
      for (Role r: assignedRoles.getRoles()) {

         boolean mappedRoleIncluded = false;
         for (String mappedRole: roleToRolesMap.keySet()) {
            if (roleToRolesMap.get(mappedRole).contains(r.getRoleName())) {
               newRoles.addRole(new SimpleRole(mappedRole));
               mappedRoleIncluded = true;
            }
         }
      
         if (!mappedRoleIncluded) {
            newRoles.addRole(r);
         }
      
      }
   }

   if(assignedRoles != null){
      mappedObject.clearRoles();
      mappedObject.addAll(newRoles.getRoles());
   } 
   result.setMappedObject(mappedObject);
   
}
Example #6
Source File: RunAsIdentity.java    From lams with GNU General Public License v2.0 4 votes vote down vote up 
/**
 * Return a RoleGroup of Run-As roles
 * @return
 */
public RoleGroup getRunAsRolesAsRoleGroup()
{
   return new SimpleRoleGroup(runAsRoles); 
}
Example #7
Source File: EJBPolicyModuleDelegate.java    From lams with GNU General Public License v2.0 4 votes vote down vote up 
protected int checkRoleRef(RoleGroup principalRole)
{
   //AuthorizationManager am = (AuthorizationManager)policyRegistration;
   //Check the caller of this beans run-as identity 
   if (ejbPrincipal == null && callerRunAs == null)
   {
      return AuthorizationContext.DENY;
   } 

   // Map the role name used by Bean Provider to the security role
   // link in the deployment descriptor. The EJB 1.1 spec requires
   // the security role refs in the descriptor but for backward
   // compability we're not enforcing this requirement.
   // To enforce, you need to use the jboss.xml setting
   // <enforce-ejb-restrictions>
   //
    
   boolean matchFound = false;
   Iterator<SecurityRoleRef> it = this.securityRoleReferences.iterator();
   while ( it.hasNext())
   {
      SecurityRoleRef meta = it.next();
      if (meta.getName().equals(roleName))
      {
         roleName = meta.getLink();
         matchFound = true;
         break;
      }
   }
   
   if(!matchFound)
   {
      // A conditional check using jboss.xml <enforce-ejb-restrictions> element
      // which will throw an exception in case no matching
      // security ref is found.
      if(this.ejbRestrictions)
         throw PicketBoxMessages.MESSAGES.noMatchingRoleFoundInDescriptor(this.roleName);
   }
 
   Role deploymentrole = new SimpleRole(roleName);

   boolean allowed = false;
   if (callerRunAs == null)
      allowed = principalRole.containsRole(deploymentrole);
   else
   {
      if(callerRunAs instanceof RunAsIdentity)
      {
         RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
         SimpleRoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());
         allowed = srg.containsRole(deploymentrole);
      }
   }
   return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
}
Example #8
Source File: JBossAuthorizationManager.java    From lams with GNU General Public License v2.0 4 votes vote down vote up 
private RoleGroup getEmptyRoleGroup()
{
   return new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
}