Java Code Examples for org.wildfly.security.auth.server.SecurityDomain#createNewAuthenticationContext()
The following examples show how to use
org.wildfly.security.auth.server.SecurityDomain#createNewAuthenticationContext() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testMappedRoleMapper() throws Exception {
init("TestDomain1");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain1");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user1");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("mappedGroup"));
Assert.assertFalse(roles.contains("firstGroup"));
Assert.assertFalse(roles.contains("secondGroup"));
Assert.assertFalse(roles.contains("notInThisGroup"));
Assert.assertEquals("user1", identity.getPrincipal().getName());
}
Example 2
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testKeepMappedRoleMapper() throws Exception {
init("TestDomain2");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain2");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user1");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("mappedGroup"));
Assert.assertTrue(roles.contains("firstGroup"));
Assert.assertFalse(roles.contains("secondGroup"));
Assert.assertFalse(roles.contains("notInThisGroup"));
Assert.assertEquals("user1", identity.getPrincipal().getName());
}
Example 3
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testKeepNonMappedRoleMapper() throws Exception {
init("TestDomain3");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain3");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user1");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("mappedGroup"));
Assert.assertFalse(roles.contains("firstGroup"));
Assert.assertTrue(roles.contains("secondGroup"));
Assert.assertFalse(roles.contains("notInThisGroup"));
Assert.assertEquals("user1", identity.getPrincipal().getName());
}
Example 4
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testKeepBothMappedRoleMapper() throws Exception {
init("TestDomain4");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain4");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user1");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("mappedGroup"));
Assert.assertTrue(roles.contains("firstGroup"));
Assert.assertTrue(roles.contains("secondGroup"));
Assert.assertFalse(roles.contains("notInThisGroup"));
Assert.assertEquals("user1", identity.getPrincipal().getName());
}
Example 5
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testRegexRoleMapper() throws Exception {
init("TestDomain5");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain5");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user2");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("application-user"));
Assert.assertFalse(roles.contains("123-user"));
Assert.assertFalse(roles.contains("joe"));
Assert.assertEquals("user2", identity.getPrincipal().getName());
}
Example 6
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testRegexRoleMapper2() throws Exception {
init("TestDomain6");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain6");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user3");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("admin"));
Assert.assertTrue(roles.contains("user"));
Assert.assertFalse(roles.contains("joe"));
Assert.assertFalse(roles.contains("application-user"));
Assert.assertFalse(roles.contains("123-admin-123"));
Assert.assertFalse(roles.contains("aa-user-aa"));
Assert.assertEquals("user3", identity.getPrincipal().getName());
}
Example 7
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testRegexRoleMapper3() throws Exception {
init("TestDomain7");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain7");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user3");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("admin"));
Assert.assertTrue(roles.contains("user"));
Assert.assertTrue(roles.contains("joe"));
Assert.assertFalse(roles.contains("application-user"));
Assert.assertFalse(roles.contains("123-admin-123"));
Assert.assertFalse(roles.contains("aa-user-aa"));
Assert.assertEquals("user3", identity.getPrincipal().getName());
}
Example 8
| Source File: DomainDefinition.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
private static SecurityIdentity[] performOutflow(SecurityIdentity identity, boolean outflowAnonymous, Set<SecurityDomain> outflowDomains) {
List<SecurityIdentity> outflowIdentities = new ArrayList<>(outflowDomains.size());
for (SecurityDomain d : outflowDomains) {
ServerAuthenticationContext sac = d.createNewAuthenticationContext();
try {
if (sac.importIdentity(identity)) {
outflowIdentities.add(sac.getAuthorizedIdentity());
} else if (outflowAnonymous) {
outflowIdentities.add(d.getAnonymousSecurityIdentity());
}
} catch (RealmUnavailableException e) {
throw ROOT_LOGGER.unableToPerformOutflow(identity.getPrincipal().getName(), e);
}
}
return outflowIdentities.toArray(new SecurityIdentity[outflowIdentities.size()]);
}
Example 9
| Source File: DomainTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testAggregateEvidenceDecoder() throws Exception {
init();
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("AggregateEvidenceDecoderDomain");
SecurityDomain securityDomain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(securityDomain);
// evidence will be decoded using a subject alternative name
X509PeerCertificateChainEvidence evidence = new X509PeerCertificateChainEvidence(populateCertificateChain(true ));
ServerAuthenticationContext sac = securityDomain.createNewAuthenticationContext();
sac.setDecodedEvidencePrincipal(evidence);
Assert.assertEquals("[email protected]", evidence.getDecodedPrincipal().getName());
sac.setAuthenticationPrincipal(evidence.getDecodedPrincipal());
Assert.assertEquals("bob0", sac.getAuthenticationPrincipal().getName());
// evidence will be decoded using the subject
evidence = new X509PeerCertificateChainEvidence(populateCertificateChain(false));
sac = securityDomain.createNewAuthenticationContext();
sac.setDecodedEvidencePrincipal(evidence);
Assert.assertEquals("CN=bob0", evidence.getDecodedPrincipal().getName());
sac.setAuthenticationPrincipal(evidence.getDecodedPrincipal());
Assert.assertEquals("0", sac.getAuthenticationPrincipal().getName());
}
Example 10
| Source File: DomainTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testNonDefaultRealmIdentity() throws Exception {
init();
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("MyDomain");
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
MechanismConfiguration mechConf = MechanismConfiguration.builder()
.addMechanismRealm(MechanismRealmConfiguration.builder().setRealmName("FileRealm").build())
.addMechanismRealm(MechanismRealmConfiguration.builder().setRealmName("PropRealm").build())
.build();
ServerAuthenticationContext context = domain.createNewAuthenticationContext(MechanismConfigurationSelector.constantSelector(mechConf));
context.setMechanismRealmName("PropRealm");
context.setAuthenticationName("xser1@PropRealm");
Assert.assertTrue(context.exists());
context.authorize();
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Assert.assertEquals("yser1@PropRealm", identity.getPrincipal().getName()); // after pre-realm-name-rewriter only
}
Example 11
| Source File: DomainTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Test
public void testTrustedSecurityDomains() throws Exception {
init();
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("MyDomain");
SecurityDomain myDomain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(myDomain);
serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("X500Domain");
SecurityDomain x500Domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(x500Domain);
serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("AnotherDomain");
SecurityDomain anotherDomain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(anotherDomain);
SecurityIdentity establishedIdentity = getIdentityFromDomain(myDomain, "firstUser");
ServerAuthenticationContext authenticationContext = anotherDomain.createNewAuthenticationContext();
// AnotherDomain trusts MyDomain
Assert.assertTrue(authenticationContext.importIdentity(establishedIdentity));
establishedIdentity = getIdentityFromDomain(anotherDomain, "firstUser");
authenticationContext = x500Domain.createNewAuthenticationContext();
// X500Domain does not trust AnotherDomain
Assert.assertFalse(authenticationContext.importIdentity(establishedIdentity));
}
Example 12
| Source File: DomainTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
private SecurityIdentity getIdentityFromDomain(final SecurityDomain securityDomain, final String userName) throws Exception {
final ServerAuthenticationContext authenticationContext = securityDomain.createNewAuthenticationContext();
authenticationContext.setAuthenticationName(userName);
authenticationContext.authorize();
authenticationContext.succeed();
return authenticationContext.getAuthorizedIdentity();
}
Example 13
| Source File: DomainTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
@Test
public void testSourceAddressRoleDecoderWithMismatch() throws Exception {
init();
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("SourceAddressRoleDecoderDomain");
SecurityDomain securityDomain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(securityDomain);
ServerAuthenticationContext sac = securityDomain.createNewAuthenticationContext();
sac.setAuthenticationName("user2");
Assert.assertFalse(sac.authorize()); // based on the security realm alone, user2 does not have "admin" role
// make use of the runtime source IP address attribute
sac = securityDomain.createNewAuthenticationContext();
sac.addRuntimeAttributes(createRuntimeAttributes("10.12.16.16"));
sac.setAuthenticationName("user2");
Assert.assertFalse(sac.authorize());
sac = securityDomain.createNewAuthenticationContext();
sac.setAuthenticationName("user1");
Assert.assertTrue(sac.authorize()); // based on the security realm alone, user1 already has "admin" role
// make use of the runtime source IP address attribute, make sure user1 still has "admin" role
sac = securityDomain.createNewAuthenticationContext();
sac.addRuntimeAttributes(createRuntimeAttributes("10.12.16.16"));
sac.setAuthenticationName("user1");
Assert.assertTrue(sac.authorize());
}
Example 14
| Source File: DomainTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
@Test
public void testSourceAddressRoleDecoderWithMatch() throws Exception {
init();
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("SourceAddressRoleDecoderDomain");
SecurityDomain securityDomain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(securityDomain);
ServerAuthenticationContext sac = securityDomain.createNewAuthenticationContext();
sac.setAuthenticationName("user2");
Assert.assertFalse(sac.authorize()); // based on the security realm alone, user2 does not have "admin" role
// make use of the runtime source IP address attribute
sac = securityDomain.createNewAuthenticationContext();
sac.addRuntimeAttributes(createRuntimeAttributes("10.12.14.16"));
sac.setAuthenticationName("user2");
Assert.assertTrue(sac.authorize());
// runtime source IP address attribute not specified
sac = securityDomain.createNewAuthenticationContext();
sac.addRuntimeAttributes(createRuntimeAttributes(null));
sac.setAuthenticationName("user2");
Assert.assertFalse(sac.authorize());
sac = securityDomain.createNewAuthenticationContext();
sac.setAuthenticationName("user1");
Assert.assertTrue(sac.authorize()); // based on the security realm alone, user1 already has "admin" role
// make use of the runtime source IP address attribute, make sure user1 still has "admin" role
sac = securityDomain.createNewAuthenticationContext();
sac.addRuntimeAttributes(createRuntimeAttributes("10.12.14.16"));
sac.setAuthenticationName("user1");
Assert.assertTrue(sac.authorize());
// make use of the runtime source IP address attribute, make sure user1 still has "admin" role
sac = securityDomain.createNewAuthenticationContext();
sac.addRuntimeAttributes(createRuntimeAttributes(null));
sac.setAuthenticationName("user1");
Assert.assertTrue(sac.authorize());
}
Example 15
| Source File: DomainTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
@Test
public void testSubjectAltNameEvidenceDecoder() throws Exception {
init();
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("SubjectAltNameEvidenceDecoderDomain");
SecurityDomain securityDomain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(securityDomain);
X509PeerCertificateChainEvidence evidence = new X509PeerCertificateChainEvidence(populateCertificateChain(true ));
ServerAuthenticationContext sac = securityDomain.createNewAuthenticationContext();
sac.setDecodedEvidencePrincipal(evidence);
Assert.assertEquals("[email protected]", evidence.getDecodedPrincipal().getName());
sac.setAuthenticationPrincipal(evidence.getDecodedPrincipal());
Assert.assertEquals("bob0", sac.getAuthenticationPrincipal().getName());
}
Example 16
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
@Test
public void testAddRegexRoleMapperAggregate() throws Exception {
init("TestDomain10");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain10");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user5");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Assert.assertEquals("user5", identity.getPrincipal().getName());
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("admin"));
Assert.assertTrue(roles.contains("guest"));
Assert.assertFalse(roles.contains("1-user"));
Assert.assertFalse(roles.contains("user"));
context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user6");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
identity = context.getAuthorizedIdentity();
Assert.assertEquals("user6", identity.getPrincipal().getName());
roles = identity.getRoles();
Assert.assertFalse(roles.contains("admin"));
Assert.assertFalse(roles.contains("random"));
}
Example 17
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
@Test
public void testAddRegexRoleMapperWithRegexBoundaries() throws Exception {
init("TestDomain9");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain9");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user4");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Assert.assertEquals("user4", identity.getPrincipal().getName());
Roles roles = identity.getRoles();
Assert.assertFalse(roles.contains("app-user"));
Assert.assertFalse(roles.contains("app-user-first-time-user"));
Assert.assertFalse(roles.contains("app-admin-first-time-user"));
Assert.assertFalse(roles.contains("app-user-first-time-admin"));
Assert.assertFalse(roles.contains("joe"));
Assert.assertFalse(roles.contains("app-admin"));
Assert.assertFalse(roles.contains("app-admin-first-time-admin"));
context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user7");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
identity = context.getAuthorizedIdentity();
Assert.assertEquals("user7", identity.getPrincipal().getName());
roles = identity.getRoles();
Assert.assertTrue(roles.contains("admin"));
Assert.assertFalse(roles.contains("user"));
}
Example 18
| Source File: RoleMappersTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
@Test
public void testAddRegexRoleMapperReplaceAll() throws Exception {
init("TestDomain8");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain8");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user4");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Assert.assertEquals("user4", identity.getPrincipal().getName());
Roles roles = identity.getRoles();
Assert.assertFalse(roles.contains("app-user"));
Assert.assertFalse(roles.contains("app-user-first-time-user"));
Assert.assertFalse(roles.contains("app-admin-first-time-user"));
Assert.assertFalse(roles.contains("app-user-first-time-admin"));
Assert.assertFalse(roles.contains("joe"));
Assert.assertTrue(roles.contains("app-admin"));
Assert.assertTrue(roles.contains("app-admin-first-time-admin"));
context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user7");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
identity = context.getAuthorizedIdentity();
Assert.assertEquals("user7", identity.getPrincipal().getName());
roles = identity.getRoles();
Assert.assertTrue(roles.contains("admin"));
Assert.assertFalse(roles.contains("user"));
}
Example 19
| Source File: IdentityAddressProtocolUtilTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 4 votes |
|
@Test
public void testSupportedTypes() throws Exception {
Set<String> groups = new HashSet<>();
groups.add("GroupOne");
groups.add("GroupTwo");
MapAttributes mapAttributes = new MapAttributes();
mapAttributes.addAll("GROUPS", groups);
SimpleMapBackedSecurityRealm smbsr = new SimpleMapBackedSecurityRealm();
smbsr.setPasswordMap("TestUser", ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, "password".toCharArray()), mapAttributes);
SecurityDomain testDomain = SecurityDomain.builder()
.setDefaultRealmName("Test")
.addRealm("Test", smbsr)
.setRoleDecoder(RoleDecoder.simple("GROUPS"))
.setPrincipalRewriter(p -> new NamePrincipal(p.getName()))
.build()
.setPreRealmRewriter((Function<Principal, Principal>) p -> new RealmUser("TestRealm", p.getName()))
.setPermissionMapper((permissionMappable, roles) -> LoginPermission.getInstance())
.build();
InetAddress testAddress = InetAddress.getByAddress("localhost", new byte[] { 0x7F, 0x00, 0x00, 0x01 });
ServerAuthenticationContext serverAuthenticationContext = testDomain.createNewAuthenticationContext();
serverAuthenticationContext.setAuthenticationName("TestUser");
serverAuthenticationContext.authorize();
SecurityIdentity securityIdentity = serverAuthenticationContext.getAuthorizedIdentity();
PropagatedIdentity propagated = writeAndRead(securityIdentity, testAddress);
securityIdentity = propagated.securityIdentity;
Principal principal = securityIdentity.getPrincipal();
assertEquals("Principal Name", "TestUser", principal.getName());
assertEquals("Principal Realm", "TestRealm", ((RealmPrincipal)principal).getRealm());
Set<String> identityRoles = StreamSupport.stream(securityIdentity.getRoles().spliterator(), false).collect(Collectors.toSet());
assertEquals("Roles Count", 2, identityRoles.size());
assertTrue("GroupOne Membership", identityRoles.contains("GroupOne"));
assertTrue("GroupTwo Membership", identityRoles.contains("GroupTwo"));
assertEquals("Propagated Address", testAddress, propagated.inetAddress);
}
Example 20
| Source File: RoleMappingTestCase.java From wildfly-core with GNU Lesser General Public License v2.1 | 4 votes |
|
private void assertIsCallerInRole(final String roleName, final boolean expectedOutcome, final String userName,
final String realm, final String runAsRole, final String... groups) {
MapAttributes testAttributes = new MapAttributes();
testAttributes.addAll("groups", Arrays.asList(groups));
Map<String, SimpleRealmEntry> entries = new HashMap<>(StandardRole.values().length);
entries.put(userName, new SimpleRealmEntry(Collections.emptyList(), testAttributes));
SimpleMapBackedSecurityRealm securityRealm = new SimpleMapBackedSecurityRealm() {
@Override
public RealmIdentity getRealmIdentity(Principal principal) {
return super.getRealmIdentity(new NamePrincipal(principal.getName()));
}
};
securityRealm.setPasswordMap(entries);
SecurityDomain testDomain = SecurityDomain.builder()
.setDefaultRealmName("Default")
.setPreRealmRewriter((Function<Principal, Principal>) p -> new RealmUser(realm, p.getName()))
.addRealm("Default", securityRealm)
.setRoleDecoder(RoleDecoder.simple("groups"))
.build()
.setPermissionMapper((p,r) -> new LoginPermission())
.build();
SecurityIdentity securityIdentity;
try {
ServerAuthenticationContext authenticationContext = testDomain.createNewAuthenticationContext();
authenticationContext.setAuthenticationName(userName);
assertTrue("Authorized", authenticationContext.authorize());
securityIdentity = authenticationContext.getAuthorizedIdentity();
} catch (RealmUnavailableException e) {
// Should not be possible
throw new IllegalStateException(e);
}
AccessAuditContext.doAs(securityIdentity, null, new PrivilegedAction<Void>() {
@Override
public Void run() {
assertIsCallerInRole(roleName, runAsRole, expectedOutcome);
return null;
}
});
}
