org.jboss.security.SimpleGroup Java Examples
The following examples show how to use
org.jboss.security.SimpleGroup.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SimpleServerLoginModule.java From lams with GNU General Public License v2.0 | 5 votes |
|
protected Group[] getRoleSets() throws LoginException
{
Group[] roleSets = {new SimpleGroup("Roles")};
if( guestOnly == false )
roleSets[0].addMember(new SimplePrincipal("user"));
roleSets[0].addMember(new SimplePrincipal("guest"));
return roleSets;
}
Example #2
| Source File: RemoteHostTrustLoginModule.java From lams with GNU General Public License v2.0 | 5 votes |
|
protected Group[] getRoleSets() throws LoginException
{
SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = {roles};
if( roleNames != null )
{
String[] tokens = roleNames.split(",");
for ( String token:tokens )
{
String roleName = token != null ? token.trim() : token;
roles.addMember(new SimplePrincipal(roleName));
}
}
return roleSets;
}
Example #3
| Source File: AnonLoginModule.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Override to return an empty Roles set.
* @return an array comtaning an empty 'Roles' Group.
*/
protected Group[] getRoleSets() throws LoginException
{
SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = {roles};
return roleSets;
}
Example #4
| Source File: IdentityLoginModule.java From lams with GNU General Public License v2.0 | 5 votes |
|
protected Group[] getRoleSets() throws LoginException
{
SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = {roles};
if( roleNames != null )
{
StringTokenizer tokenizer = new StringTokenizer(roleNames, ",");
while( tokenizer.hasMoreTokens() )
{
String roleName = tokenizer.nextToken();
roles.addMember(new SimplePrincipal(roleName));
}
}
return roleSets;
}
Example #5
| Source File: JWTLoginModule.java From thorntail with Apache License 2.0 | 5 votes |
|
@Override
public boolean commit() throws LoginException {
subject.getPrincipals().add(jwtPrincipal);
SimpleGroup roles = new SimpleGroup("Roles");
for (String name : jwtPrincipal.getGroups()) {
roles.addMember(new SimplePrincipal(name));
}
subject.getPrincipals().add(roles);
sharedState.put("JsonWebToken", jwtPrincipal);
return super.commit();
}
Example #6
| Source File: JBossWebPrincipalFactory.java From keycloak with Apache License 2.0 | 5 votes |
|
protected Group[] getRoleSets(Collection<String> roleSet) {
SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = {roles};
for (String role : roleSet) {
roles.addMember(new SimplePrincipal(role));
}
return roleSets;
}
Example #7
| Source File: WildflyRequestAuthenticator.java From keycloak with Apache License 2.0 | 5 votes |
|
protected Group[] getRoleSets(Collection<String> roleSet) {
SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = {roles};
for (String role : roleSet) {
roles.addMember(new SimplePrincipal(role));
}
return roleSets;
}
Example #8
| Source File: SecurityInfoHelper.java From keycloak with Apache License 2.0 | 5 votes |
|
public static void propagateSessionInfo(KeycloakAccount account) {
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Group[] roleSets = getRoleSets(account.getRoles());
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(account.getPrincipal());
principals.add(callerGroup);
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
}
Example #9
| Source File: SecurityInfoHelper.java From keycloak with Apache License 2.0 | 5 votes |
|
protected static Group[] getRoleSets(Collection<String> roleSet) {
SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = {roles};
for (String role : roleSet) {
roles.addMember(new SimplePrincipal(role));
}
return roleSets;
}
Example #10
| Source File: KeycloakLoginModule.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
protected Group[] getRoleSets() throws LoginException {
//log.info("getRoleSets");
SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = {roles};
for (String role : roleSet) {
//log.info(" adding role: " + role);
roles.addMember(new SimplePrincipal(role));
}
return roleSets;
}
Example #11
| Source File: SecurityInfoHelper.java From keycloak with Apache License 2.0 | 5 votes |
|
public static void propagateSessionInfo(KeycloakAccount account) {
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Group[] roleSets = getRoleSets(account.getRoles());
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(account.getPrincipal());
principals.add(callerGroup);
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
}
Example #12
| Source File: SecurityInfoHelper.java From keycloak with Apache License 2.0 | 5 votes |
|
protected static Group[] getRoleSets(Collection<String> roleSet) {
SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = {roles};
for (String role : roleSet) {
roles.addMember(new SimplePrincipal(role));
}
return roleSets;
}
Example #13
| Source File: Util.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** Create the set of roles the user belongs to by parsing the roles.properties
data for username=role1,role2,... and username.XXX=role1,role2,...
patterns.
*
* @param targetUser - the username to obtain roles for
* @param roles - the Properties containing the user=roles mappings
* @param roleGroupSeperator - the character that seperates a username
* from a group name, e.g., targetUser[.GroupName]=roles
* @param aslm - the login module to use for Principal creation
* @return Group[] containing the sets of roles
*/
static Group[] getRoleSets(String targetUser, Properties roles, char roleGroupSeperator, AbstractServerLoginModule aslm)
{
Enumeration<?> users = roles.propertyNames();
SimpleGroup rolesGroup = new SimpleGroup("Roles");
ArrayList<Group> groups = new ArrayList<Group>();
groups.add(rolesGroup);
while (users.hasMoreElements() && targetUser != null)
{
String user = (String) users.nextElement();
String value = roles.getProperty(user);
// See if this entry is of the form targetUser[.GroupName]=roles
//JBAS-3742 - skip potential '.' in targetUser
int index = user.indexOf(roleGroupSeperator, targetUser.length());
boolean isRoleGroup = false;
boolean userMatch = false;
if (index > 0 && targetUser.regionMatches(0, user, 0, index) == true)
isRoleGroup = true;
else
userMatch = targetUser.equals(user);
String groupName = "Roles";
// Check for username.RoleGroup pattern
if (isRoleGroup == true)
{
groupName = user.substring(index + 1);
PicketBoxLogger.LOGGER.traceAdditionOfRoleToGroup(value, groupName);
if (groupName.equals("Roles"))
{
parseGroupMembers(rolesGroup, value, aslm);
}
else
{
SimpleGroup group = new SimpleGroup(groupName);
parseGroupMembers(group, value, aslm);
groups.add(group);
}
}
else if (userMatch == true)
{
PicketBoxLogger.LOGGER.traceAdditionOfRoleToGroup(value, groupName);
// Place these roles into the Default "Roles" group
parseGroupMembers(rolesGroup, value, aslm);
}
}
Group[] roleSets = new Group[groups.size()];
groups.toArray(roleSets);
return roleSets;
}
Example #14
| Source File: JBossWebPrincipalFactory.java From keycloak with Apache License 2.0 | 4 votes |
|
@Override
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) {
KeycloakAccount account = new KeycloakAccount() {
@Override
public Principal getPrincipal() {
return identity;
}
@Override
public Set<String> getRoles() {
return roleSet;
}
};
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(identity);
Group[] roleSets = getRoleSets(roleSet);
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(identity);
principals.add(callerGroup);
SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
List<String> rolesAsStringList = new ArrayList<>(roleSet);
try {
return (GenericPrincipal) jbossWebPrincipalConstructor.newInstance(realm, userPrincipal.getName(), null, rolesAsStringList, userPrincipal, null, account, null, subject);
} catch (Throwable t) {
throw new RuntimeException("Failed to create JBossGenericPrincipal", t);
}
}
Example #15
| Source File: WildflyRequestAuthenticator.java From keycloak with Apache License 2.0 | 4 votes |
|
@Override
protected void propagateKeycloakContext(KeycloakUndertowAccount account) {
super.propagateKeycloakContext(account);
SecurityInfoHelper.propagateSessionInfo(account);
log.debug("propagate security context to wildfly");
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Group[] roleSets = getRoleSets(account.getRoles());
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(account.getPrincipal());
principals.add(callerGroup);
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
// Roles of subjectInfo are null, because is was constructed by
// org.jboss.security.identity.extensions.CredentialIdentityFactory
// .createIdentity(Principal [=userPrincipal], Object [=account], Role [=null]).
// Therefore the roles are only contained in the authenticatedSubject (member of subjectInfo)
// and subsequent logics do only access subjectInfo#roles instead of authenticatedSubject#roles.
mapGroupMembersOfAuthenticatedSubjectIntoSecurityContext(sc);
}
