Java Code Examples for org.jboss.security.SecurityContextAssociation#getSecurityContext()
The following examples show how to use
org.jboss.security.SecurityContextAssociation#getSecurityContext() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: JaasSecurityManagerBase.java From lams with GNU General Public License v2.0 | 6 votes |
|
/** Get the currently authenticated Subject. This is a thread local
property shared across all JaasSecurityManager instances.
@return The Subject authenticated in the current thread if one
exists, null otherwise.
*/
public Subject getActiveSubject()
{
/* This does not use SubjectActions.getActiveSubject since the caller
must have the correct permissions to access the
SecurityAssociation.getSubject method.
*/
//return SecurityAssociation.getSubject();
Subject subj = null;
SecurityContext sc = SecurityContextAssociation.getSecurityContext();
if(sc != null)
{
subj = sc.getUtil().getSubject();
}
return subj;
}
Example 2
| Source File: SubjectActions.java From lams with GNU General Public License v2.0 | 6 votes |
|
public void push(Principal principal, Object credential, Subject subject,
String securityDomain)
{
//SecurityAssociation.pushSubjectContext(subject, principal, credential);
SecurityContext sc = SecurityContextAssociation.getSecurityContext();
if(sc == null)
{
try
{
sc = SecurityContextFactory.createSecurityContext(principal, credential,
subject, securityDomain);
}
catch (Exception e)
{
throw new RuntimeException(e);
}
}
else
{
sc.getUtil().createSubjectInfo(principal, credential, subject);
}
SecurityContextAssociation.setSecurityContext(sc);
}
Example 3
| Source File: SubjectActions.java From lams with GNU General Public License v2.0 | 6 votes |
|
public void push(Principal principal, Object credential, Subject subject,
String securityDomain)
{
//SecurityAssociation.pushSubjectContext(subject, principal, credential);
SecurityContext sc = SecurityContextAssociation.getSecurityContext();
if(sc == null)
{
try
{
sc = SecurityContextFactory.createSecurityContext(principal, credential,
subject, securityDomain);
}
catch (Exception e)
{
throw new RuntimeException(e);
}
}
else
{
sc.getUtil().createSubjectInfo(principal, credential, subject);
}
SecurityContextAssociation.setSecurityContext(sc);
}
Example 4
| Source File: PicketBoxSecurityIntegration.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* {@inheritDoc}
*/
public org.jboss.jca.core.spi.security.SecurityContext getSecurityContext()
{
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
if (sc == null)
return null;
return new PicketBoxSecurityContext(sc);
}
Example 5
| Source File: SubjectActions.java From lams with GNU General Public License v2.0 | 5 votes |
|
public Object run()
{
//Set it on the current security context also
SecurityContext sc = SecurityContextAssociation.getSecurityContext();
if(sc != null)
{
sc.getData().put(key, value);
}
return SecurityContextAssociation.setContextInfo(key, value);
}
Example 6
| Source File: SubjectActions.java From lams with GNU General Public License v2.0 | 5 votes |
|
public Object run()
{
//Set it on the current security context also
SecurityContext sc = SecurityContextAssociation.getSecurityContext();
if(sc != null)
{
sc.getData().put(key, value);
}
return SecurityContextAssociation.setContextInfo(key, value);
}
Example 7
| Source File: JWTAuthMechanism.java From thorntail with Apache License 2.0 | 5 votes |
|
/**
* Extract the Authorization header and validate the bearer token if it exists. If it does, and is validated, this
* builds the org.jboss.security.SecurityContext authenticated Subject that drives the container APIs as well as
* the authorization layers.
*
* @param exchange - the http request exchange object
* @param securityContext - the current security context that
* @return one of AUTHENTICATED, NOT_AUTHENTICATED or NOT_ATTEMPTED depending on the header and authentication outcome.
*/
@SuppressWarnings("deprecation")
@Override
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
String jwtToken = new UndertowBearerTokenExtractor(authContextInfo, exchange).getBearerToken();
if (jwtToken != null) {
try {
identityManager = securityContext.getIdentityManager();
JWTCredential credential = new JWTCredential(jwtToken, authContextInfo);
// Install the JWT principal as the caller
Account account = identityManager.verify(credential.getName(), credential);
if (account != null) {
JsonWebToken jwtPrincipal = (JsonWebToken) account.getPrincipal();
preparePrincipalProducer(jwtPrincipal);
securityContext.authenticationComplete(account, "MP-JWT", false);
// Workaround authenticated JWTPrincipal not being installed as user principal
// https://issues.jboss.org/browse/WFLY-9212
org.jboss.security.SecurityContext jbSC = SecurityContextAssociation.getSecurityContext();
Subject subject = jbSC.getUtil().getSubject();
jbSC.getUtil().createSubjectInfo(jwtPrincipal, jwtToken, subject);
RoleGroup roles = extract(subject);
jbSC.getUtil().setRoles(roles);
UndertowLogger.SECURITY_LOGGER.debugf("Authenticated caller(%s) for path(%s) with roles: %s",
credential.getName(), exchange.getRequestPath(), account.getRoles());
return AuthenticationMechanismOutcome.AUTHENTICATED;
} else {
UndertowLogger.SECURITY_LOGGER.info("Failed to authenticate JWT bearer token");
return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
}
} catch (Exception e) {
UndertowLogger.SECURITY_LOGGER.infof(e, "Failed to validate JWT bearer token");
return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
}
}
// No suitable header has been found in this request,
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
Example 8
| Source File: ElytronDefinition.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
@Override
public Boolean get() {
if (WildFlySecurityManager.isChecking()) {
return doPrivileged((PrivilegedAction<Boolean>) () -> SecurityContextAssociation.getSecurityContext() != null);
} else {
return SecurityContextAssociation.getSecurityContext() != null;
}
}
Example 9
| Source File: PicketBoxSecurityIntegration.java From ironjacamar with Eclipse Public License 1.0 | 5 votes |
|
/**
* {@inheritDoc}
*/
public org.ironjacamar.core.spi.security.SecurityContext getSecurityContext()
{
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
if (sc == null)
return null;
return new PicketBoxSecurityContext(sc);
}
Example 10
| Source File: SecurityInfoHelper.java From keycloak with Apache License 2.0 | 5 votes |
|
public static void propagateSessionInfo(KeycloakAccount account) {
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Group[] roleSets = getRoleSets(account.getRoles());
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(account.getPrincipal());
principals.add(callerGroup);
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
}
Example 11
| Source File: SecurityInfoHelper.java From keycloak with Apache License 2.0 | 5 votes |
|
public static void propagateSessionInfo(KeycloakAccount account) {
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Group[] roleSets = getRoleSets(account.getRoles());
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(account.getPrincipal());
principals.add(callerGroup);
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
}
Example 12
| Source File: WebsocketSecurityInterceptor.java From datawave with Apache License 2.0 | 4 votes |
|
protected void setSubjectInfo(final Principal principal, final Subject subject, final Object credential) {
SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
Role roleGroup = getRoleGroup(subject);
Identity identity = CredentialIdentityFactory.createIdentity(principal, credential, roleGroup);
securityContext.getUtil().createSubjectInfo(identity, subject);
}
Example 13
| Source File: JBossSecurityClient.java From lams with GNU General Public License v2.0 | 4 votes |
|
@Override
public SecurityContext getSecurityContext() {
return SecurityContextAssociation.getSecurityContext();
}
Example 14
| Source File: JBossWebPrincipalFactory.java From keycloak with Apache License 2.0 | 4 votes |
|
@Override
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) {
KeycloakAccount account = new KeycloakAccount() {
@Override
public Principal getPrincipal() {
return identity;
}
@Override
public Set<String> getRoles() {
return roleSet;
}
};
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(identity);
Group[] roleSets = getRoleSets(roleSet);
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(identity);
principals.add(callerGroup);
SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
List<String> rolesAsStringList = new ArrayList<>(roleSet);
try {
return (GenericPrincipal) jbossWebPrincipalConstructor.newInstance(realm, userPrincipal.getName(), null, rolesAsStringList, userPrincipal, null, account, null, subject);
} catch (Throwable t) {
throw new RuntimeException("Failed to create JBossGenericPrincipal", t);
}
}
Example 15
| Source File: WildflyRequestAuthenticator.java From keycloak with Apache License 2.0 | 4 votes |
|
@Override
protected void propagateKeycloakContext(KeycloakUndertowAccount account) {
super.propagateKeycloakContext(account);
SecurityInfoHelper.propagateSessionInfo(account);
log.debug("propagate security context to wildfly");
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Group[] roleSets = getRoleSets(account.getRoles());
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(account.getPrincipal());
principals.add(callerGroup);
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
// Roles of subjectInfo are null, because is was constructed by
// org.jboss.security.identity.extensions.CredentialIdentityFactory
// .createIdentity(Principal [=userPrincipal], Object [=account], Role [=null]).
// Therefore the roles are only contained in the authenticatedSubject (member of subjectInfo)
// and subsequent logics do only access subjectInfo#roles instead of authenticatedSubject#roles.
mapGroupMembersOfAuthenticatedSubjectIntoSecurityContext(sc);
}
