Java Code Examples for java.security.acl.Group#members()

The following examples show how to use java.security.acl.Group#members() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SecurityInfoHelper.java    From keycloak with Apache License 2.0 6 votes vote down vote up
/**
 * Get the Principal given the authenticated Subject. Currently the first subject that is not of type {@code Group} is
 * considered or the single subject inside the CallerPrincipal group.
 *
 * @param subject
 * @return the authenticated subject
 */
protected static Principal getPrincipal(Subject subject) {
    Principal principal = null;
    Principal callerPrincipal = null;
    if (subject != null) {
        Set<Principal> principals = subject.getPrincipals();
        if (principals != null && !principals.isEmpty()) {
            for (Principal p : principals) {
                if (!(p instanceof Group) && principal == null) {
                    principal = p;
                }
                if (p instanceof Group) {
                    Group g = Group.class.cast(p);
                    if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) {
                        Enumeration<? extends Principal> e = g.members();
                        if (e.hasMoreElements())
                            callerPrincipal = e.nextElement();
                    }
                }
            }
        }
    }
    return callerPrincipal == null ? principal : callerPrincipal;
}
 
Example 2
Source File: SecurityInfoHelper.java    From keycloak with Apache License 2.0 6 votes vote down vote up
/**
 * Get the Principal given the authenticated Subject. Currently the first subject that is not of type {@code Group} is
 * considered or the single subject inside the CallerPrincipal group.
 *
 * @param subject
 * @return the authenticated subject
 */
protected static Principal getPrincipal(Subject subject) {
    Principal principal = null;
    Principal callerPrincipal = null;
    if (subject != null) {
        Set<Principal> principals = subject.getPrincipals();
        if (principals != null && !principals.isEmpty()) {
            for (Principal p : principals) {
                if (!(p instanceof Group) && principal == null) {
                    principal = p;
                }
                if (p instanceof Group) {
                    Group g = Group.class.cast(p);
                    if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) {
                        Enumeration<? extends Principal> e = g.members();
                        if (e.hasMoreElements())
                            callerPrincipal = e.nextElement();
                    }
                }
            }
        }
    }
    return callerPrincipal == null ? principal : callerPrincipal;
}
 
Example 3
Source File: WildflyRequestAuthenticator.java    From keycloak with Apache License 2.0 6 votes vote down vote up
/**
 * Get the Principal given the authenticated Subject. Currently the first subject that is not of type {@code Group} is
 * considered or the single subject inside the CallerPrincipal group.
 *
 * @param subject
 * @return the authenticated subject
 */
protected Principal getPrincipal(Subject subject) {
    Principal principal = null;
    Principal callerPrincipal = null;
    if (subject != null) {
        Set<Principal> principals = subject.getPrincipals();
        if (principals != null && !principals.isEmpty()) {
            for (Principal p : principals) {
                if (!(p instanceof Group) && principal == null) {
                    principal = p;
                }
                if (p instanceof Group) {
                    Group g = Group.class.cast(p);
                    if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) {
                        Enumeration<? extends Principal> e = g.members();
                        if (e.hasMoreElements())
                            callerPrincipal = e.nextElement();
                    }
                }
            }
        }
    }
    return callerPrincipal == null ? principal : callerPrincipal;
}
 
Example 4
Source File: JBossWebPrincipalFactory.java    From keycloak with Apache License 2.0 6 votes vote down vote up
/**
 * Get the Principal given the authenticated Subject. Currently the first subject that is not of type {@code Group} is
 * considered or the single subject inside the CallerPrincipal group.
 *
 * @param subject
 * @return the authenticated subject
 */
protected Principal getPrincipal(Subject subject) {
    Principal principal = null;
    Principal callerPrincipal = null;
    if (subject != null) {
        Set<Principal> principals = subject.getPrincipals();
        if (principals != null && !principals.isEmpty()) {
            for (Principal p : principals) {
                if (!(p instanceof Group) && principal == null) {
                    principal = p;
                }
                if (p instanceof Group) {
                    Group g = Group.class.cast(p);
                    if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) {
                        Enumeration<? extends Principal> e = g.members();
                        if (e.hasMoreElements())
                            callerPrincipal = e.nextElement();
                    }
                }
            }
        }
    }
    return callerPrincipal == null ? principal : callerPrincipal;
}
 
Example 5
Source File: GenericPrincipalFactory.java    From keycloak with Apache License 2.0 6 votes vote down vote up
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) {
    Subject subject = new Subject();
    Set<Principal> principals = subject.getPrincipals();
    principals.add(identity);
    Group[] roleSets = getRoleSets(roleSet);
    for (int g = 0; g < roleSets.length; g++) {
        Group group = roleSets[g];
        String name = group.getName();
        Group subjectGroup = createGroup(name, principals);
        // Copy the group members to the Subject group
        Enumeration<? extends Principal> members = group.members();
        while (members.hasMoreElements()) {
            Principal role = (Principal) members.nextElement();
            subjectGroup.addMember(role);
        }
    }
    
    Principal userPrincipal = getPrincipal(subject);
    List<String> rolesAsStringList = new ArrayList<String>();
    rolesAsStringList.addAll(roleSet);
    GenericPrincipal principal = createPrincipal(userPrincipal, rolesAsStringList);
    return principal;
}
 
Example 6
Source File: Users.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
public String[] getRoleNames(String roleGroup)
{
   Group group = roleGroups.get(roleGroup);
   String[] names = {};
   if( group != null )
   {
      ArrayList<String> tmp = new ArrayList<String>();
      Enumeration<? extends Principal> iter = group.members();
      while( iter.hasMoreElements() )
      {
         Principal p = iter.nextElement();
         tmp.add(p.getName());
      }
      names = new String[tmp.size()];
      tmp.toArray(names);
   }
   return names;
}
 
Example 7
Source File: NestableGroup.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
IndexEnumeration()
{
    if( rolesStack.size() > 0 )
    {
        Group grp = (Group) rolesStack.get(0);
        iter = grp.members();
    }
}
 
Example 8
Source File: SimpleRoleGroup.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public SimpleRoleGroup(Group rolesGroup)
{
   super(rolesGroup.getName());
   Enumeration<? extends Principal> principals = rolesGroup.members();
   while (principals.hasMoreElements())
   {
      SimpleRole role = new SimpleRole(principals.nextElement().getName());
      addRole(role);
   }
}
 
Example 9
Source File: JBossAuthorizationManager.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Copy the principals from the second group into the first.
 * If the first group is null and the second group is not, the
 * first group will be made equal to the second group
 * @param source
 * @param toCopy
 */
private RoleGroup copyGroups(RoleGroup source, Group toCopy)
{
   if(toCopy == null)
      return source;
   if(source == null && toCopy != null) 
      source = this.getEmptyRoleGroup();
   Enumeration<? extends Principal> en = toCopy.members();
   while(en.hasMoreElements())
   {
      source.addRole(new SimpleRole(en.nextElement().getName())); 
   }
    
   return source;
}
 
Example 10
Source File: JBossAuthorizationManager.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
private RoleGroup getRoleGroup(Group roleGroup)
{
   if(roleGroup == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("roleGroup");
   SimpleRoleGroup srg = new SimpleRoleGroup(roleGroup.getName());
   Enumeration<? extends Principal> principals = roleGroup.members();
   while(principals.hasMoreElements())
   {
      srg.addRole(new SimpleRole(principals.nextElement().getName()));
   }
   return srg;  
}
 
Example 11
Source File: JBossSecurityContext.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
private Group mergeGroups(Group a, Group b)
{
   Group newGroup = b;
   if(a != null)
   {
      Enumeration<? extends Principal> en = a.members();
      while(en.hasMoreElements())
      {
         newGroup.addMember(en.nextElement());
      } 
   } 
   return newGroup; 
}
 
Example 12
Source File: SecurityInfoHelper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static void propagateSessionInfo(KeycloakAccount account) {
    Subject subject = new Subject();
    Set<Principal> principals = subject.getPrincipals();
    principals.add(account.getPrincipal());
    Group[] roleSets = getRoleSets(account.getRoles());
    for (int g = 0; g < roleSets.length; g++) {
        Group group = roleSets[g];
        String name = group.getName();
        Group subjectGroup = createGroup(name, principals);
        if (subjectGroup instanceof NestableGroup) {
            /* A NestableGroup only allows Groups to be added to it so we
            need to add a SimpleGroup to subjectRoles to contain the roles
            */
            SimpleGroup tmp = new SimpleGroup("Roles");
            subjectGroup.addMember(tmp);
            subjectGroup = tmp;
        }
        // Copy the group members to the Subject group
        Enumeration<? extends Principal> members = group.members();
        while (members.hasMoreElements()) {
            Principal role = (Principal) members.nextElement();
            subjectGroup.addMember(role);
        }
    }
    // add the CallerPrincipal group if none has been added in getRoleSets
    Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
    callerGroup.addMember(account.getPrincipal());
    principals.add(callerGroup);
    org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
    Principal userPrincipal = getPrincipal(subject);
    sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
}
 
Example 13
Source File: UniversalLoginModule.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
    * Method to commit the authentication process (phase 2).
    */
   @Override
   public boolean commit() throws LoginException {
if (loginOK == false) {
    return false;
}

/*
 * If the login method completed successfully as indicated by
 * loginOK == true, this method adds the identity value to the subject's principals set. It also adds the
 * members of
 * each Group returned by getRoleSets() to the subject's principals Set.
 */
Set<Principal> principals = subject.getPrincipals();
principals.add(identity);
for (Group group : getRoleSets()) {
    String name = group.getName();
    Group subjectGroup = createGroup(name, principals);
    // Copy the group members to the Subject group
    Enumeration<? extends Principal> members = group.members();
    while (members.hasMoreElements()) {
	Principal role = members.nextElement();
	subjectGroup.addMember(role);
    }
}

UniversalLoginModule.log.info("User logged in: " + getUserName());
return true;
   }
 
Example 14
Source File: MappingProviderUtil.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Remove all the principals from the group
 * @param grp
 * @return
 */
public static Group removePrincipals(Group grp)
{
   HashSet<Principal> removeset = new HashSet<Principal>();
   Enumeration<? extends Principal> en = grp.members();
   while(en.hasMoreElements())
   {
      removeset.add(en.nextElement());
   }
   
   for(Principal p:removeset)
      grp.removeMember(p);
   return grp;
}
 
Example 15
Source File: AbstractRolesMappingProvider.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
protected Principal getCallerPrincipal(Map<String, Object> map)
{
   Principal principal = (Principal) map.get(SecurityConstants.PRINCIPAL_IDENTIFIER);
   Principal callerPrincipal = null;
   if (principal == null)
   {
      @SuppressWarnings("unchecked")
      Set<Principal> principals = (Set<Principal>) map.get(SecurityConstants.PRINCIPALS_SET_IDENTIFIER);
      if (principals != null && !principals.isEmpty())
      {
         for (Principal p : principals) {
            if (!(p instanceof Group) && principal == null) {
               principal = p;
            }
            if (p instanceof Group) {
               Group g = Group.class.cast(p);
               if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) {
                  Enumeration<? extends Principal> e = g.members();
                  if (e.hasMoreElements())
                     callerPrincipal = e.nextElement();
               }
            }
         }
      }
   }
   return callerPrincipal == null ? principal : callerPrincipal;
}
 
Example 16
Source File: SecurityInfoHelper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static void propagateSessionInfo(KeycloakAccount account) {
    Subject subject = new Subject();
    Set<Principal> principals = subject.getPrincipals();
    principals.add(account.getPrincipal());
    Group[] roleSets = getRoleSets(account.getRoles());
    for (int g = 0; g < roleSets.length; g++) {
        Group group = roleSets[g];
        String name = group.getName();
        Group subjectGroup = createGroup(name, principals);
        if (subjectGroup instanceof NestableGroup) {
            /* A NestableGroup only allows Groups to be added to it so we
            need to add a SimpleGroup to subjectRoles to contain the roles
            */
            SimpleGroup tmp = new SimpleGroup("Roles");
            subjectGroup.addMember(tmp);
            subjectGroup = tmp;
        }
        // Copy the group members to the Subject group
        Enumeration<? extends Principal> members = group.members();
        while (members.hasMoreElements()) {
            Principal role = (Principal) members.nextElement();
            subjectGroup.addMember(role);
        }
    }
    // add the CallerPrincipal group if none has been added in getRoleSets
    Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
    callerGroup.addMember(account.getPrincipal());
    principals.add(callerGroup);
    org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
    Principal userPrincipal = getPrincipal(subject);
    sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
}
 
Example 17
Source File: DatawaveCertRolesLoginModule.java    From datawave with Apache License 2.0 5 votes vote down vote up
@Override
public boolean login() throws LoginException {
    // This login module should do nothing if we're using the trusted header login (since a cert won't be supplied)
    // The reason for having this option is so that the module can be on the stack and support either configuration --
    // normal SSL certificate or SSL-terminated trusted header
    if (trustedHeaderLogin) {
        log.trace("trustedHeaderLogin is true - returning false for login success");
        return false;
    }
    
    boolean success = super.login();
    
    int roleCount = 0;
    Group[] roleSets = getRoleSets();
    if (roleSets != null) {
        for (Group roleSet : roleSets) {
            for (Enumeration<? extends Principal> e = roleSet.members(); e.hasMoreElements(); e.nextElement()) {
                ++roleCount;
            }
        }
    }
    
    // Fail the login if there are no roles. This way we can try
    // another module potentially.
    if (roleCount == 0) {
        loginOk = false;
        success = false;
    }
    
    return success;
}
 
Example 18
Source File: AbstractServerLoginModule.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** Method to commit the authentication process (phase 2). If the login
 method completed successfully as indicated by loginOk == true, this
 method adds the getIdentity() value to the subject getPrincipals() Set.
 It also adds the members of each Group returned by getRoleSets()
 to the subject getPrincipals() Set.
 
 @see javax.security.auth.Subject;
 @see java.security.acl.Group;
 @return true always.
 */
public boolean commit() throws LoginException
{
   PicketBoxLogger.LOGGER.traceBeginCommit(loginOk);
   if( loginOk == false )
      return false;

   Set<Principal> principals = subject.getPrincipals();
   Principal identity = getIdentity();
   principals.add(identity);
   // add role groups returned by getRoleSets.
   Group[] roleSets = getRoleSets();
   for(int g = 0; g < roleSets.length; g ++)
   {
      Group group = roleSets[g];
      String name = group.getName();
      Group subjectGroup = createGroup(name, principals);
      if( subjectGroup instanceof NestableGroup )
      {
         /* A NestableGroup only allows Groups to be added to it so we
         need to add a SimpleGroup to subjectRoles to contain the roles
         */
         SimpleGroup tmp = new SimpleGroup("Roles");
         subjectGroup.addMember(tmp);
         subjectGroup = tmp;
      }
      // Copy the group members to the Subject group
      Enumeration<? extends Principal> members = group.members();
      while( members.hasMoreElements() )
      {
         Principal role = (Principal) members.nextElement();
         subjectGroup.addMember(role);
      }
   }
    // add the CallerPrincipal group if none has been added in getRoleSets
    Group callerGroup = getCallerPrincipalGroup(principals);
    if (callerGroup == null)
    {
        callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
        callerGroup.addMember(identity);
        principals.add(callerGroup);
    }
    return true;
}
 
Example 19
Source File: JBossWebPrincipalFactory.java    From keycloak with Apache License 2.0 4 votes vote down vote up
@Override
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) {
    KeycloakAccount account = new KeycloakAccount() {
        @Override
        public Principal getPrincipal() {
            return identity;
        }

        @Override
        public Set<String> getRoles() {
            return roleSet;
        }
    };
    Subject subject = new Subject();
    Set<Principal> principals = subject.getPrincipals();
    principals.add(identity);
    Group[] roleSets = getRoleSets(roleSet);
    for (int g = 0; g < roleSets.length; g++) {
        Group group = roleSets[g];
        String name = group.getName();
        Group subjectGroup = createGroup(name, principals);
        if (subjectGroup instanceof NestableGroup) {
            /* A NestableGroup only allows Groups to be added to it so we
            need to add a SimpleGroup to subjectRoles to contain the roles
            */
            SimpleGroup tmp = new SimpleGroup("Roles");
            subjectGroup.addMember(tmp);
            subjectGroup = tmp;
        }
        // Copy the group members to the Subject group
        Enumeration<? extends Principal> members = group.members();
        while (members.hasMoreElements()) {
            Principal role = (Principal) members.nextElement();
            subjectGroup.addMember(role);
        }
    }
    // add the CallerPrincipal group if none has been added in getRoleSets
    Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
    callerGroup.addMember(identity);
    principals.add(callerGroup);
    SecurityContext sc = SecurityContextAssociation.getSecurityContext();
    Principal userPrincipal = getPrincipal(subject);
    sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
    List<String> rolesAsStringList = new ArrayList<>(roleSet);

    try {
        return (GenericPrincipal) jbossWebPrincipalConstructor.newInstance(realm, userPrincipal.getName(), null, rolesAsStringList, userPrincipal, null, account, null, subject);
    } catch (Throwable t) {
        throw new RuntimeException("Failed to create JBossGenericPrincipal", t);
    }
}
 
Example 20
Source File: WildflyRequestAuthenticator.java    From keycloak with Apache License 2.0 4 votes vote down vote up
@Override
protected void propagateKeycloakContext(KeycloakUndertowAccount account) {
    super.propagateKeycloakContext(account);
    SecurityInfoHelper.propagateSessionInfo(account);
    log.debug("propagate security context to wildfly");
    Subject subject = new Subject();
    Set<Principal> principals = subject.getPrincipals();
    principals.add(account.getPrincipal());
    Group[] roleSets = getRoleSets(account.getRoles());
    for (int g = 0; g < roleSets.length; g++) {
        Group group = roleSets[g];
        String name = group.getName();
        Group subjectGroup = createGroup(name, principals);
        if (subjectGroup instanceof NestableGroup) {
            /* A NestableGroup only allows Groups to be added to it so we
            need to add a SimpleGroup to subjectRoles to contain the roles
            */
            SimpleGroup tmp = new SimpleGroup("Roles");
            subjectGroup.addMember(tmp);
            subjectGroup = tmp;
        }
        // Copy the group members to the Subject group
        Enumeration<? extends Principal> members = group.members();
        while (members.hasMoreElements()) {
            Principal role = (Principal) members.nextElement();
            subjectGroup.addMember(role);
        }
    }
    // add the CallerPrincipal group if none has been added in getRoleSets
    Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
    callerGroup.addMember(account.getPrincipal());
    principals.add(callerGroup);
    org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
    Principal userPrincipal = getPrincipal(subject);
    sc.getUtil().createSubjectInfo(userPrincipal, account, subject);

    // Roles of subjectInfo are null, because is was constructed by
    // org.jboss.security.identity.extensions.CredentialIdentityFactory
    //   .createIdentity(Principal [=userPrincipal], Object [=account], Role [=null]).
    // Therefore the roles are only contained in the authenticatedSubject (member of subjectInfo)
    // and subsequent logics do only access subjectInfo#roles instead of authenticatedSubject#roles.
    mapGroupMembersOfAuthenticatedSubjectIntoSecurityContext(sc);
}