Java Code Examples for java.security.acl.Group#addMember()
The following examples show how to use
java.security.acl.Group#addMember() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: Util.java From lams with GNU General Public License v2.0 | 6 votes |
|
/** Parse the comma delimited roles names given by value and add them to
* group. The type of Principal created for each name is determined by
* the createIdentity method.
*
* @see AbstractServerLoginModule#createIdentity(String)
*
* @param group - the Group to add the roles to.
* @param roles - the comma delimited role names.
*/
static void parseGroupMembers(Group group, String roles, AbstractServerLoginModule aslm)
{
StringTokenizer tokenizer = new StringTokenizer(roles, ",");
while (tokenizer.hasMoreTokens())
{
String token = tokenizer.nextToken();
try
{
Principal p = aslm.createIdentity(token);
group.addMember(p);
}
catch (Exception e)
{
PicketBoxLogger.LOGGER.debugFailureToCreatePrincipal(token, e);
}
}
}
Example 2
| Source File: GenericPrincipalFactory.java From keycloak with Apache License 2.0 | 6 votes |
|
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) {
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(identity);
Group[] roleSets = getRoleSets(roleSet);
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
Principal userPrincipal = getPrincipal(subject);
List<String> rolesAsStringList = new ArrayList<String>();
rolesAsStringList.addAll(roleSet);
GenericPrincipal principal = createPrincipal(userPrincipal, rolesAsStringList);
return principal;
}
Example 3
| Source File: MappingProviderUtil.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Add principals passed via an enumeration into a group
* @param grp
* @param en
* @return
*/
public static Group addPrincipals(Group grp, Enumeration<? extends Principal> en)
{
while(en.hasMoreElements())
grp.addMember(en.nextElement());
return grp;
}
Example 4
| Source File: JBossTimeBasedOTPLoginModule.java From lams with GNU General Public License v2.0 | 5 votes |
|
private void appendRoles( Group group )
{
if( ! group.getName().equals( SecurityConstants.ROLES_IDENTIFIER ) )
return;
if(additionalRoles != null && !additionalRoles.isEmpty())
{
StringTokenizer st = new StringTokenizer( additionalRoles , "," );
while(st.hasMoreTokens())
{
group.addMember( new SimplePrincipal( st.nextToken().trim() ) );
}
}
}
Example 5
| Source File: SimpleIdentity.java From lams with GNU General Public License v2.0 | 5 votes |
|
public Group asGroup()
{
try
{
Group gp = IdentityFactory.createGroup("Roles");
gp.addMember(IdentityFactory.createPrincipal(role.getRoleName()));
return gp;
}
catch (Exception e)
{
throw new RuntimeException(e);
}
}
Example 6
| Source File: JBossSecurityContext.java From lams with GNU General Public License v2.0 | 5 votes |
|
private Group mergeGroups(Group a, Group b)
{
Group newGroup = b;
if(a != null)
{
Enumeration<? extends Principal> en = a.members();
while(en.hasMoreElements())
{
newGroup.addMember(en.nextElement());
}
}
return newGroup;
}
Example 7
| Source File: UniversalLoginModule.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Method to commit the authentication process (phase 2).
*/
@Override
public boolean commit() throws LoginException {
if (loginOK == false) {
return false;
}
/*
* If the login method completed successfully as indicated by
* loginOK == true, this method adds the identity value to the subject's principals set. It also adds the
* members of
* each Group returned by getRoleSets() to the subject's principals Set.
*/
Set<Principal> principals = subject.getPrincipals();
principals.add(identity);
for (Group group : getRoleSets()) {
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = members.nextElement();
subjectGroup.addMember(role);
}
}
UniversalLoginModule.log.info("User logged in: " + getUserName());
return true;
}
Example 8
| Source File: SecurityInfoHelper.java From keycloak with Apache License 2.0 | 5 votes |
|
public static void propagateSessionInfo(KeycloakAccount account) {
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Group[] roleSets = getRoleSets(account.getRoles());
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(account.getPrincipal());
principals.add(callerGroup);
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
}
Example 9
| Source File: SecurityInfoHelper.java From keycloak with Apache License 2.0 | 5 votes |
|
public static void propagateSessionInfo(KeycloakAccount account) {
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Group[] roleSets = getRoleSets(account.getRoles());
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(account.getPrincipal());
principals.add(callerGroup);
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
}
Example 10
| Source File: AbstractServerLoginModule.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** Method to commit the authentication process (phase 2). If the login
method completed successfully as indicated by loginOk == true, this
method adds the getIdentity() value to the subject getPrincipals() Set.
It also adds the members of each Group returned by getRoleSets()
to the subject getPrincipals() Set.
@see javax.security.auth.Subject;
@see java.security.acl.Group;
@return true always.
*/
public boolean commit() throws LoginException
{
PicketBoxLogger.LOGGER.traceBeginCommit(loginOk);
if( loginOk == false )
return false;
Set<Principal> principals = subject.getPrincipals();
Principal identity = getIdentity();
principals.add(identity);
// add role groups returned by getRoleSets.
Group[] roleSets = getRoleSets();
for(int g = 0; g < roleSets.length; g ++)
{
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if( subjectGroup instanceof NestableGroup )
{
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while( members.hasMoreElements() )
{
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = getCallerPrincipalGroup(principals);
if (callerGroup == null)
{
callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(identity);
principals.add(callerGroup);
}
return true;
}
Example 11
| Source File: JBossWebPrincipalFactory.java From keycloak with Apache License 2.0 | 4 votes |
|
@Override
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) {
KeycloakAccount account = new KeycloakAccount() {
@Override
public Principal getPrincipal() {
return identity;
}
@Override
public Set<String> getRoles() {
return roleSet;
}
};
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(identity);
Group[] roleSets = getRoleSets(roleSet);
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(identity);
principals.add(callerGroup);
SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
List<String> rolesAsStringList = new ArrayList<>(roleSet);
try {
return (GenericPrincipal) jbossWebPrincipalConstructor.newInstance(realm, userPrincipal.getName(), null, rolesAsStringList, userPrincipal, null, account, null, subject);
} catch (Throwable t) {
throw new RuntimeException("Failed to create JBossGenericPrincipal", t);
}
}
Example 12
| Source File: WildflyRequestAuthenticator.java From keycloak with Apache License 2.0 | 4 votes |
|
@Override
protected void propagateKeycloakContext(KeycloakUndertowAccount account) {
super.propagateKeycloakContext(account);
SecurityInfoHelper.propagateSessionInfo(account);
log.debug("propagate security context to wildfly");
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Group[] roleSets = getRoleSets(account.getRoles());
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(account.getPrincipal());
principals.add(callerGroup);
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
// Roles of subjectInfo are null, because is was constructed by
// org.jboss.security.identity.extensions.CredentialIdentityFactory
// .createIdentity(Principal [=userPrincipal], Object [=account], Role [=null]).
// Therefore the roles are only contained in the authenticatedSubject (member of subjectInfo)
// and subsequent logics do only access subjectInfo#roles instead of authenticatedSubject#roles.
mapGroupMembersOfAuthenticatedSubjectIntoSecurityContext(sc);
}
