org.jboss.security.SecurityConstants Java Examples
The following examples show how to use
org.jboss.security.SecurityConstants.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: DefaultAttributeMappingProvider.java From lams with GNU General Public License v2.0 | 6 votes |
|
public void performMapping(Map<String, Object> map, List<Attribute<String>> mappedObject)
{
List<Attribute<String>> attList = new ArrayList<Attribute<String>>();
//Get the Principal
Principal principal = (Principal) map.get(SecurityConstants.PRINCIPAL_IDENTIFIER);
if(principal != null)
{
String principalName = principal.getName();
//Get the email address
String emailAddress = (String) options.get(principalName + ".email");
Attribute<String> att = AttributeFactory.createEmailAddress(emailAddress);
attList.add(att);
}
mappedObject.addAll(attList);
result.setMappedObject(mappedObject);
}
Example #2
| Source File: SecurityInfoHelper.java From keycloak with Apache License 2.0 | 6 votes |
|
/**
* Get the Principal given the authenticated Subject. Currently the first subject that is not of type {@code Group} is
* considered or the single subject inside the CallerPrincipal group.
*
* @param subject
* @return the authenticated subject
*/
protected static Principal getPrincipal(Subject subject) {
Principal principal = null;
Principal callerPrincipal = null;
if (subject != null) {
Set<Principal> principals = subject.getPrincipals();
if (principals != null && !principals.isEmpty()) {
for (Principal p : principals) {
if (!(p instanceof Group) && principal == null) {
principal = p;
}
if (p instanceof Group) {
Group g = Group.class.cast(p);
if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) {
Enumeration<? extends Principal> e = g.members();
if (e.hasMoreElements())
callerPrincipal = e.nextElement();
}
}
}
}
}
return callerPrincipal == null ? principal : callerPrincipal;
}
Example #3
| Source File: SecurityInfoHelper.java From keycloak with Apache License 2.0 | 6 votes |
|
/**
* Get the Principal given the authenticated Subject. Currently the first subject that is not of type {@code Group} is
* considered or the single subject inside the CallerPrincipal group.
*
* @param subject
* @return the authenticated subject
*/
protected static Principal getPrincipal(Subject subject) {
Principal principal = null;
Principal callerPrincipal = null;
if (subject != null) {
Set<Principal> principals = subject.getPrincipals();
if (principals != null && !principals.isEmpty()) {
for (Principal p : principals) {
if (!(p instanceof Group) && principal == null) {
principal = p;
}
if (p instanceof Group) {
Group g = Group.class.cast(p);
if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) {
Enumeration<? extends Principal> e = g.members();
if (e.hasMoreElements())
callerPrincipal = e.nextElement();
}
}
}
}
}
return callerPrincipal == null ? principal : callerPrincipal;
}
Example #4
| Source File: WildflyRequestAuthenticator.java From keycloak with Apache License 2.0 | 6 votes |
|
/**
* Get the Principal given the authenticated Subject. Currently the first subject that is not of type {@code Group} is
* considered or the single subject inside the CallerPrincipal group.
*
* @param subject
* @return the authenticated subject
*/
protected Principal getPrincipal(Subject subject) {
Principal principal = null;
Principal callerPrincipal = null;
if (subject != null) {
Set<Principal> principals = subject.getPrincipals();
if (principals != null && !principals.isEmpty()) {
for (Principal p : principals) {
if (!(p instanceof Group) && principal == null) {
principal = p;
}
if (p instanceof Group) {
Group g = Group.class.cast(p);
if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) {
Enumeration<? extends Principal> e = g.members();
if (e.hasMoreElements())
callerPrincipal = e.nextElement();
}
}
}
}
}
return callerPrincipal == null ? principal : callerPrincipal;
}
Example #5
| Source File: JBossWebPrincipalFactory.java From keycloak with Apache License 2.0 | 6 votes |
|
/**
* Get the Principal given the authenticated Subject. Currently the first subject that is not of type {@code Group} is
* considered or the single subject inside the CallerPrincipal group.
*
* @param subject
* @return the authenticated subject
*/
protected Principal getPrincipal(Subject subject) {
Principal principal = null;
Principal callerPrincipal = null;
if (subject != null) {
Set<Principal> principals = subject.getPrincipals();
if (principals != null && !principals.isEmpty()) {
for (Principal p : principals) {
if (!(p instanceof Group) && principal == null) {
principal = p;
}
if (p instanceof Group) {
Group g = Group.class.cast(p);
if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) {
Enumeration<? extends Principal> e = g.members();
if (e.hasMoreElements())
callerPrincipal = e.nextElement();
}
}
}
}
}
return callerPrincipal == null ? principal : callerPrincipal;
}
Example #6
| Source File: JBossMappingManager.java From lams with GNU General Public License v2.0 | 6 votes |
|
@SuppressWarnings("deprecation")
public <T> MappingContext<T> getMappingContext(Class<T> mappingType)
{
//Apply Mapping Logic
ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain);
if(aPolicy == null)
{
String defaultDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
aPolicy = SecurityConfiguration.getApplicationPolicy(defaultDomain);
}
if(aPolicy == null )
throw PicketBoxMessages.MESSAGES.failedToObtainApplicationPolicy(securityDomain);
MappingContext<T> mc = null;
MappingInfo rmi = aPolicy.getMappingInfo(mappingType);
if( rmi != null)
mc = generateMappingContext(mc, rmi);
return mc;
}
Example #7
| Source File: JBossMappingManager.java From lams with GNU General Public License v2.0 | 6 votes |
|
public <T> MappingContext<T> getMappingContext(String mappingType)
{
//Apply Mapping Logic
ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain);
if(aPolicy == null)
{
String defaultDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
aPolicy = SecurityConfiguration.getApplicationPolicy(defaultDomain);
}
if(aPolicy == null )
throw PicketBoxMessages.MESSAGES.failedToObtainApplicationPolicy(securityDomain);
MappingContext<T> mc = null;
MappingInfo rmi = aPolicy.getMappingInfo(mappingType);
if( rmi != null)
mc = generateMappingContext(mc, rmi);
return mc;
}
Example #8
| Source File: DisabledLoginModule.java From lams with GNU General Public License v2.0 | 6 votes |
|
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options)
{
/* TODO: this module should really extend AbstractServerLoginModule where the options check is integrated.
* the code here has been intentionally kept identical
*/
HashSet<String> validOptions = new HashSet<String>(Arrays.asList(ALL_VALID_OPTIONS));
for (Object key : options.keySet())
{
if (!validOptions.contains(key))
{
PicketBoxLogger.LOGGER.warnInvalidModuleOption((String)key);
}
}
securityDomain = (String) options.get(SecurityConstants.SECURITY_DOMAIN_OPTION);
}
Example #9
| Source File: DeploymentRolesMappingProvider.java From lams with GNU General Public License v2.0 | 6 votes |
|
private RoleGroup mapGroup(Principal principal, Map<String, Set<String>> principalRolesMap,
RoleGroup mappedObject)
{
Set<String> roleset = (Set<String>)principalRolesMap.get(principal.getName());
if(roleset != null)
{
RoleGroup newRoles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
if(roleset != null)
{
for(String r:roleset)
{
newRoles.addRole(new SimpleRole(r));
}
}
mappedObject.clearRoles();
mappedObject.addAll(newRoles.getRoles());
}
return mappedObject;
}
Example #10
| Source File: BaseAuthenticationInfo.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
* <p>
* Creates and returns a copy of the specified list of {@code AppConfigurationEntry} objects, adding the security
* domain option when necessary. Execution of this method requires a {@code getLoginConfiguration} permission.
*
* </p>
*
* @param entries a {@code List} containing the {@code AppConfigurationEntry} objects to be copied.
* @return an {@code AppConfigurationEntry} array containing the copied entries.
*/
protected AppConfigurationEntry[] copyAppConfigurationEntry(List<Object> entries)
{
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkPermission(GET_CONFIG_ENTRY_PERM);
AppConfigurationEntry[] copy = new AppConfigurationEntry[entries.size()];
for (int i = 0; i < copy.length; i++)
{
AppConfigurationEntry entry = (AppConfigurationEntry) entries.get(i);
HashMap<String, Object> options = new HashMap<String, Object>(entry.getOptions());
if (!disableSecurityDomainInOptions())
{
options.put(SecurityConstants.SECURITY_DOMAIN_OPTION, this.getName());
}
copy[i] = new AppConfigurationEntry(entry.getLoginModuleName(), entry.getControlFlag(), options);
}
return copy;
}
Example #11
| Source File: CallbackHandlerPolicyContextHandler.java From lams with GNU General Public License v2.0 | 5 votes |
|
/** Access the CallbackHandler policy context data.
* @param key - "org.jboss.security.auth.spi.CallbackHandler"
* @param data currently unused
* @return The active CallbackHandler
* @throws javax.security.jacc.PolicyContextException
*/
public Object getContext(String key, Object data)
throws PolicyContextException
{
Object context = null;
if (key.equalsIgnoreCase(SecurityConstants.CALLBACK_HANDLER_KEY))
context = requestContext.get();
return context;
}
Example #12
| Source File: AbstractRolesMappingProvider.java From lams with GNU General Public License v2.0 | 5 votes |
|
protected Principal getCallerPrincipal(Map<String, Object> map)
{
Principal principal = (Principal) map.get(SecurityConstants.PRINCIPAL_IDENTIFIER);
Principal callerPrincipal = null;
if (principal == null)
{
@SuppressWarnings("unchecked")
Set<Principal> principals = (Set<Principal>) map.get(SecurityConstants.PRINCIPALS_SET_IDENTIFIER);
if (principals != null && !principals.isEmpty())
{
for (Principal p : principals) {
if (!(p instanceof Group) && principal == null) {
principal = p;
}
if (p instanceof Group) {
Group g = Group.class.cast(p);
if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) {
Enumeration<? extends Principal> e = g.members();
if (e.hasMoreElements())
callerPrincipal = e.nextElement();
}
}
}
}
}
return callerPrincipal == null ? principal : callerPrincipal;
}
Example #13
| Source File: SecurityInfoHelper.java From keycloak with Apache License 2.0 | 5 votes |
|
public static void propagateSessionInfo(KeycloakAccount account) {
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Group[] roleSets = getRoleSets(account.getRoles());
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(account.getPrincipal());
principals.add(callerGroup);
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
}
Example #14
| Source File: SecurityInfoHelper.java From keycloak with Apache License 2.0 | 5 votes |
|
public static void propagateSessionInfo(KeycloakAccount account) {
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Group[] roleSets = getRoleSets(account.getRoles());
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(account.getPrincipal());
principals.add(callerGroup);
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
}
Example #15
| Source File: DeploymentRolesMappingProvider.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Obtains the deployment roles via the context map and applies it
* on the mappedObject
* @see MappingProvider#performMapping(Map, Object)
*/
@SuppressWarnings("unchecked")
public void performMapping(Map<String,Object> contextMap, RoleGroup mappedObject)
{
if(contextMap == null || contextMap.isEmpty())
throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextMap");
//Obtain the principal to roles mapping
Principal principal = (Principal) contextMap.get(SecurityConstants.PRINCIPAL_IDENTIFIER);
Map<String,Set<String>> principalRolesMap = (Map<String,Set<String>>)contextMap.get(SecurityConstants.DEPLOYMENT_PRINCIPAL_ROLES_MAP);
Set<Principal> subjectPrincipals = (Set<Principal>) contextMap.get(SecurityConstants.PRINCIPALS_SET_IDENTIFIER);
PicketBoxLogger.LOGGER.debugMappingProviderOptions(principal, principalRolesMap, subjectPrincipals);
if(principalRolesMap == null || principalRolesMap.isEmpty())
{
result.setMappedObject(mappedObject);
return ; // No Mapping
}
if(principal != null)
{
mappedObject = mapGroup(principal, principalRolesMap, mappedObject);
}
if(subjectPrincipals != null)
{
for(Principal p: subjectPrincipals)
{
if(p instanceof Group)
continue;
mappedObject = mapGroup(p, principalRolesMap, mappedObject);
}
}
result.setMappedObject(mappedObject);
}
Example #16
| Source File: JWTAuthMechanism.java From thorntail with Apache License 2.0 | 5 votes |
|
/**
* Extract the Roles group and return it as a RoleGroup
*
* @param subject authenticated subject
* @return RoleGroup from "Roles"
*/
protected RoleGroup extract(Subject subject) {
Optional<Principal> match = subject.getPrincipals()
.stream()
.filter(g -> g.getName().equals(SecurityConstants.ROLES_IDENTIFIER))
.findFirst();
Group rolesGroup = (Group) match.get();
RoleGroup roles = new SimpleRoleGroup(rolesGroup);
return roles;
}
Example #17
| Source File: PicketBoxUtil.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Given a JAAS Subject, will look for {@code Group} principals
* with name "Roles" and return that in a {@code RoleGroup}
* @param subject
* @return a RoleGroup containing the roles
*/
public static RoleGroup getRolesFromSubject(Subject subject)
{
Set<Group> groupPrincipals = subject.getPrincipals(Group.class);
if(groupPrincipals!= null)
{
for(Group groupPrincipal: groupPrincipals)
{
if(SecurityConstants.ROLES_IDENTIFIER.equals(groupPrincipal.getName()))
return new SimpleRoleGroup(groupPrincipal);
}
}
return null;
}
Example #18
| Source File: JBossAuthorizationContext.java From lams with GNU General Public License v2.0 | 5 votes |
|
private AuthorizationInfo getAuthorizationInfo(ResourceType layer)
{
AuthorizationInfo ai = null;
if (layer == ResourceType.EJB)
ai = SecurityConfiguration.getApplicationPolicy(EJB).getAuthorizationInfo();
else if (layer == ResourceType.WEB)
ai = SecurityConfiguration.getApplicationPolicy(WEB).getAuthorizationInfo();
else
{
ai = new AuthorizationInfo(SecurityConstants.DEFAULT_APPLICATION_POLICY);
ai.add(new AuthorizationModuleEntry(DelegatingAuthorizationModule.class.getName()));
}
return ai;
}
Example #19
| Source File: JaasSecurityManagerBase.java From lams with GNU General Public License v2.0 | 5 votes |
|
/** Return the set of domain roles the current active Subject 'Roles' group
found in the subject Principals set.
@param principal - ignored. The current authenticated Subject determines
the active user and assigned user roles.
@return The Set<Principal> for the application domain roles that the
principal has been assigned.
*/
public Set<Principal> getUserRoles(Principal principal)
{
if(this.authorizationManager == null)
{
this.authorizationManager = SecurityUtil.getAuthorizationManager(securityDomain,
SecurityConstants.JAAS_CONTEXT_ROOT);
}
if(this.authorizationManager == null)
{
PicketBoxLogger.LOGGER.debugNullAuthorizationManager(securityDomain);
return null;
}
return authorizationManager.getUserRoles(principal);
}
Example #20
| Source File: JBossTimeBasedOTPLoginModule.java From lams with GNU General Public License v2.0 | 5 votes |
|
private void appendRoles( Group group )
{
if( ! group.getName().equals( SecurityConstants.ROLES_IDENTIFIER ) )
return;
if(additionalRoles != null && !additionalRoles.isEmpty())
{
StringTokenizer st = new StringTokenizer( additionalRoles , "," );
while(st.hasMoreTokens())
{
group.addMember( new SimplePrincipal( st.nextToken().trim() ) );
}
}
}
Example #21
| Source File: BaseAuthenticationInfo.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* <p>
* Checks whether the {@code jboss.security.disable.secdomain.option} system property has been specified with a value
* of {@code true} or not.
* </p>
*
* @return {@code true} if the {@code jboss.security.disable.secdomain.option=true} has been specified; {@code false}
* otherwise.
*/
private boolean disableSecurityDomainInOptions()
{
String sysprop = AccessController.doPrivileged(new PrivilegedAction<String>()
{
public String run()
{
return System.getProperty(SecurityConstants.DISABLE_SECDOMAIN_OPTION);
}
});
return "true".equalsIgnoreCase(sysprop);
}
Example #22
| Source File: JavaEETrustModule.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public TrustDecision isTrusted() throws IdentityTrustException
{
RunAs runAs = this.securityContext.getIncomingRunAs();
if(runAs instanceof RunAsIdentity )
{
RunAsIdentity runAsIdentity = (RunAsIdentity)runAs;
if(SecurityConstants.JAVAEE.equals(runAsIdentity.getProof()))
return TrustDecision.Permit;
}
return TrustDecision.NotApplicable;
}
Example #23
| Source File: JBossAuthenticationCache.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* @see SecurityCache#addCacheEntry(Object, Map)
*/
public void addCacheEntry(Principal principal, Map<String, Object> map)
throws SecurityCacheException
{
try
{
AuthCacheObject ao = new AuthCacheObject(map.get(SecurityConstants.CREDENTIAL),
(Subject) map.get(SecurityConstants.SUBJECT));
cacheMap.put(principal, ao);
}
catch(Exception e)
{
throw new SecurityCacheException(e);
}
}
Example #24
| Source File: StandaloneConfiguration.java From lams with GNU General Public License v2.0 | 4 votes |
|
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String appName)
{
AppConfigurationEntry[] entry = null;
ApplicationPolicy aPolicy = getApplicationPolicy(appName);
BaseAuthenticationInfo authInfo = null;
if (aPolicy != null)
authInfo = aPolicy.getAuthenticationInfo();
if (authInfo == null)
{
if (PicketBoxLogger.LOGGER.isTraceEnabled())
{
PicketBoxLogger.LOGGER.traceGetAppConfigEntryViaParent(appName, parentConfig != null ? parentConfig.toString() : null);
}
if (parentConfig != null)
entry = parentConfig.getAppConfigurationEntry(appName);
if (entry == null)
{
PicketBoxLogger.LOGGER.traceGetAppConfigEntryViaDefault(appName, SecurityConstants.DEFAULT_APPLICATION_POLICY);
}
ApplicationPolicy defPolicy = getApplicationPolicy(SecurityConstants.DEFAULT_APPLICATION_POLICY);
authInfo = defPolicy != null ? (AuthenticationInfo) defPolicy.getAuthenticationInfo() : null;
}
if (authInfo != null)
{
if (PicketBoxLogger.LOGGER.isTraceEnabled())
{
PicketBoxLogger.LOGGER.traceEndGetAppConfigEntryWithSuccess(appName, authInfo.toString());
}
// Make a copy of the authInfo object
final BaseAuthenticationInfo theAuthInfo = authInfo;
PrivilegedAction<AppConfigurationEntry[]> action = new PrivilegedAction<AppConfigurationEntry[]>()
{
public AppConfigurationEntry[] run()
{
return theAuthInfo.copyAppConfigurationEntry();
}
};
entry = AccessController.doPrivileged(action);
}
else
{
PicketBoxLogger.LOGGER.traceEndGetAppConfigEntryWithFailure(appName);
}
return entry;
}
Example #25
| Source File: CallbackHandlerPolicyContextHandler.java From lams with GNU General Public License v2.0 | 4 votes |
|
public String[] getKeys()
throws PolicyContextException
{
String[] keys = {SecurityConstants.CALLBACK_HANDLER_KEY};
return keys;
}
Example #26
| Source File: DeploymentRoleToRolesMappingProvider.java From lams with GNU General Public License v2.0 | 4 votes |
|
/**
* Obtains the deployment roles via the context map and applies it
* on the mappedObject
* @see MappingProvider#performMapping(Map, Object)
*/
@SuppressWarnings("unchecked")
public void performMapping(Map<String,Object> contextMap, RoleGroup mappedObject)
{
if(contextMap == null || contextMap.isEmpty())
throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextMap");
//Obtain the principal to roles mapping
Principal principal = (Principal) contextMap.get(SecurityConstants.PRINCIPAL_IDENTIFIER);
Map<String,Set<String>> roleToRolesMap = (Map<String,Set<String>>)contextMap.get(SecurityConstants.DEPLOYMENT_PRINCIPAL_ROLES_MAP);
Set<Principal> subjectPrincipals = (Set<Principal>) contextMap.get(SecurityConstants.PRINCIPALS_SET_IDENTIFIER);
PicketBoxLogger.LOGGER.debugMappingProviderOptions(principal, roleToRolesMap, subjectPrincipals);
if(roleToRolesMap == null || roleToRolesMap.isEmpty())
{
result.setMappedObject(mappedObject);
return ; // No Mapping
}
RoleGroup newRoles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
RoleGroup assignedRoles = (SimpleRoleGroup)contextMap.get(SecurityConstants.ROLES_IDENTIFIER);
if(assignedRoles != null){
for (Role r: assignedRoles.getRoles()) {
boolean mappedRoleIncluded = false;
for (String mappedRole: roleToRolesMap.keySet()) {
if (roleToRolesMap.get(mappedRole).contains(r.getRoleName())) {
newRoles.addRole(new SimpleRole(mappedRole));
mappedRoleIncluded = true;
}
}
if (!mappedRoleIncluded) {
newRoles.addRole(r);
}
}
}
if(assignedRoles != null){
mappedObject.clearRoles();
mappedObject.addAll(newRoles.getRoles());
}
result.setMappedObject(mappedObject);
}
Example #27
| Source File: CallbackHandlerPolicyContextHandler.java From lams with GNU General Public License v2.0 | 4 votes |
|
public boolean supports(String key)
throws PolicyContextException
{
return key.equalsIgnoreCase(SecurityConstants.CALLBACK_HANDLER_KEY);
}
Example #28
| Source File: SecurityActions.java From lams with GNU General Public License v2.0 | 4 votes |
|
public CallbackHandler run() throws Exception
{
return (CallbackHandler) PolicyContext.getContext(SecurityConstants.CALLBACK_HANDLER_KEY);
}
Example #29
| Source File: WildflyRequestAuthenticator.java From keycloak with Apache License 2.0 | 4 votes |
|
@Override
protected void propagateKeycloakContext(KeycloakUndertowAccount account) {
super.propagateKeycloakContext(account);
SecurityInfoHelper.propagateSessionInfo(account);
log.debug("propagate security context to wildfly");
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Group[] roleSets = getRoleSets(account.getRoles());
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(account.getPrincipal());
principals.add(callerGroup);
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
// Roles of subjectInfo are null, because is was constructed by
// org.jboss.security.identity.extensions.CredentialIdentityFactory
// .createIdentity(Principal [=userPrincipal], Object [=account], Role [=null]).
// Therefore the roles are only contained in the authenticatedSubject (member of subjectInfo)
// and subsequent logics do only access subjectInfo#roles instead of authenticatedSubject#roles.
mapGroupMembersOfAuthenticatedSubjectIntoSecurityContext(sc);
}
Example #30
| Source File: SecurityActions.java From lams with GNU General Public License v2.0 | 4 votes |
|
public CallbackHandler getContextCallbackHandler()
throws PolicyContextException
{
return (CallbackHandler) PolicyContext.getContext(SecurityConstants.CALLBACK_HANDLER_KEY);
}
