Package org.jboss.security

Examples of org.jboss.security.AuthorizationManager


        RunAs runAs = securityContext.getIncomingRunAs();
        if (runAs != null && runAs instanceof RunAsIdentity) {
            RunAsIdentity runAsIdentity = (RunAsIdentity) runAs;
            roleGroup = runAsIdentity.getRunAsRolesAsRoleGroup();
        } else {
            AuthorizationManager am = securityContext.getAuthorizationManager();
            SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(securityContext);

            roleGroup = am.getSubjectRoles(securityContext.getSubjectInfo().getAuthenticatedSubject(), scb);
        }

        List<Role> roles = roleGroup.getRoles();

        // TODO - Review most performant way.
View Full Code Here


      //Get the context map
      Map<String,Object> map = resource.getMap();
      if(map == null)
         throw new IllegalStateException("Map from the Resource is null");
   
      AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
      if(am == null)
         throw new IllegalStateException("Authorization Manager is null");
      if(am instanceof PolicyRegistration)
         this.policyRegistration = (PolicyRegistration) am;
     
      //Populate local variables from the resource
      /*this.callerSubject = (Subject)map.get(ResourceKeys.CALLER_SUBJECT);
      this.ejbCS = (CodeSource)map.get(ResourceKeys.EJB_CODESOURCE);
      this.ejbMethod = (Method)map.get(ResourceKeys.EJB_METHOD);
      this.ejbName = (String)map.get(ResourceKeys.EJB_NAME);
      this.methodInterface = (String)map.get(ResourceKeys.EJB_METHODINTERFACE);*/
     
     
      this.callerSubject = ejbResource.getCallerSubject();
      this.ejbCS = ejbResource.getCodeSource();
      this.ejbMethod = ejbResource.getEjbMethod();
      this.ejbName = ejbResource.getEjbName();
      this.methodInterface = ejbResource.getEjbMethodInterface();
     
      this.roleName = (String)map.get(ResourceKeys.ROLENAME);
      //Get the Security Context Roles
      if(am != null)
      {
         Principal ejbPrincipal = (Principal)map.get(ResourceKeys.EJB_PRINCIPAL);
         Set<Principal> roleset = am.getUserRoles(ejbPrincipal);
         this.securityContextRoles = getGroupFromRoleSet(roleset);
      }
      this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK);
      if(this.roleRefCheck == Boolean.TRUE)
         return checkRoleRef();
View Full Code Here

    @see java.security.acl.Group;
    @see Subject#getPrincipals()
    */
   public boolean doesUserHaveRole(Principal principal, Set<Principal> rolePrincipals)
   {
      AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain,
            SecurityConstants.JAAS_CONTEXT_ROOT);
      return am.doesUserHaveRole(principal, rolePrincipals);
   }
View Full Code Here

    @return The Set<Principal> for the application domain roles that the
    principal has been assigned.
   */
   public Set<Principal> getUserRoles(Principal principal)
   {
      AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain,
            SecurityConstants.JAAS_CONTEXT_ROOT);
      return am.getUserRoles(principal);
   }
View Full Code Here

      //Get the Catalina Request Object
      //HttpServletRequest request = (HttpServletRequest)map.get(ResourceKeys.WEB_REQUEST);
     
      HttpServletRequest request = (HttpServletRequest)webResource.getServletRequest();
     
      AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
      if(am == null)
         throw new IllegalStateException("Authorization Manager is null");
      if(am instanceof PolicyRegistration)
         this.policyRegistration = (PolicyRegistration) am;
      Boolean userDataCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.USERDATA_PERM_CHECK));
View Full Code Here

      //Get the context map
      Map<String,Object> map = resource.getMap();
      if(map == null)
         throw new IllegalStateException("Map from the Resource is null");
    
      AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
      if(am == null)
         throw new IllegalStateException("Authorization Manager is null");
      if(am instanceof PolicyRegistration)
         this.policyRegistration = (PolicyRegistration) am;
      //Populate local variables from the resource
View Full Code Here

      //Get the context map
      Map<String,Object> map = resource.getMap();
      if(map == null)
         throw new IllegalStateException("Map from the Resource is null");

      AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
      if(am == null)
         throw new IllegalStateException("Authorization Manager is null");
      if(am instanceof PolicyRegistration)
         this.policyRegistration = (PolicyRegistration) am;
      //Populate local variables from the resource
View Full Code Here

      if (methodRoles.contains(AnybodyPrincipal.ANYBODY_PRINCIPAL) == false)
      {
         // The caller is using a the caller identity
         if (callerRunAs == null)
         {
            AuthorizationManager am = (AuthorizationManager)policyRegistration;
           
            // Now actually check if the current caller has one of the required method roles
            if (am.doesUserHaveRole(ejbPrincipal, methodRoles) == false)
            {
               if(this.ejbMethod == null)
                  throw new IllegalStateException("ejbMethod is null");
              
               Set<Principal> userRoles = am.getUserRoles(ejbPrincipal);
               String method = this.ejbMethod.getName();
               String msg = "Insufficient method permissions, principal=" + ejbPrincipal
                  + ", ejbName=" + this.ejbName
                  + ", method=" + method + ", interface=" + this.methodInterface
                  + ", requiredRoles=" + methodRoles + ", principalRoles=" + userRoles;
View Full Code Here

      return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
   }
  
   private int checkRoleRef()
   {
      AuthorizationManager am = (AuthorizationManager)policyRegistration;
      //Check the caller of this beans run-as identity
      if (ejbPrincipal == null && callerRunAs == null)
      {
         if(trace)
            log.trace("ejbPrincipal = null,callerRunAsIdentity = null => DENY" );
         return AuthorizationContext.DENY;
      }

      // Map the role name used by Bean Provider to the security role
      // link in the deployment descriptor. The EJB 1.1 spec requires
      // the security role refs in the descriptor but for backward
      // compability we're not enforcing this requirement.
      //
      // TODO (2.3): add a conditional check using jboss.xml <enforce-ejb-restrictions> element
      //             which will throw an exception in case no matching
      //             security ref is found.
      boolean matchFound = false;
      Iterator<SecurityRoleRef> it = this.securityRoleReferences.iterator();
      while ( it.hasNext())
      {
         SecurityRoleRef meta = it.next();
         if (meta.getName().equals(roleName))
         {
            roleName = meta.getLink();
            matchFound = true;
            break;
         }
      }

      if (!matchFound)
         log.trace("no match found for security role " + roleName +
         " in the deployment descriptor for ejb " + this.ejbName);

      HashSet<Principal> set = new HashSet<Principal>();
      set.add(new SimplePrincipal(roleName));

      boolean allowed = false;
      if (callerRunAs == null)
         allowed = am.doesUserHaveRole(ejbPrincipal, set);
      else
      {
         if(callerRunAs instanceof RunAsIdentity)
         {
            RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
View Full Code Here

        try {
            AuthenticationManager authM = getAuthenticationManager(securityDomain);
            realm.setAuthenticationManager(authM);

            AuthorizationManager authzM = getAuthorizationManager(securityDomain);
            realm.setAuthorizationManager(authzM);

            webContext.setRealm(realm);
        } catch (NamingException e1) {
            throw new RuntimeException(e1);
View Full Code Here

TOP

Related Classes of org.jboss.security.AuthorizationManager

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.