Examples of org.jboss.security.AuthorizationManager

• org.jboss.security.AuthorizationManager
  Generalized Authorization Manager Interface.
  
  Replaces the legacy RealmMapping interface @see org.jboss.security.RealmMapping @author Anil Saldhana @since Jan 2, 2006 @version $Revision: 68778 $

    principal has been assigned.
   */
   @SuppressWarnings("deprecation")
   public Set<Principal> getUserRoles(Principal principal)
   {
      AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain,
            SecurityConstants.JAAS_CONTEXT_ROOT);
      return am.getUserRoles(principal);
   }

      if(response == null)
         throw new IllegalArgumentException("response is null");
      if(canonicalRequestURI == null)
         throw new IllegalArgumentException("canonicalRequestURI is null");

      AuthorizationManager authzMgr = securityContext.getAuthorizationManager();

      if(authzMgr == null)
         throw new IllegalStateException("Authorization Manager is null");

      boolean isAuthorized = false;

      WebResource webResource = new WebResource(Collections.unmodifiableMap(contextMap));
      webResource.setPolicyContextID(contextID);
      webResource.setServletRequest(request);
      webResource.setServletResponse(response);
      webResource.setCallerSubject(callerSubject);
      webResource.setCanonicalRequestURI(canonicalRequestURI);

      SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
      RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);

      try
      {
         int permit = authzMgr.authorize(webResource, callerSubject, callerRoles);
         isAuthorized = (permit == AuthorizationContext.PERMIT);
         String level = (permit == AuthorizationContext.PERMIT ? AuditLevel.SUCCESS : AuditLevel.FAILURE);
         if(this.enableAudit)
            this.authorizationAudit(level,webResource, null);
      }

         throw new IllegalArgumentException("ContextID is null");

      if(callerSubject == null)
         throw new IllegalArgumentException("callerSubject is null");

      AuthorizationManager authzMgr = securityContext.getAuthorizationManager();
      if(authzMgr == null)
         throw new IllegalStateException("Authorization Manager is null");

      boolean hasTheRole = false;
      Map<String,Object> map =  new HashMap<String,Object>();
      map.put(ResourceKeys.ROLENAME, roleName);
      map.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
      map.put(ResourceKeys.PRINCIPAL_ROLES, principalRoles);

      map.put(ResourceKeys.POLICY_REGISTRATION, getPolicyRegistration());

      WebResource webResource = new WebResource(Collections.unmodifiableMap(map));
      webResource.setPolicyContextID(contextID);
      webResource.setPrincipal(principal);
      webResource.setServletName(servletName);

      webResource.setCallerSubject(callerSubject);
      SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
      RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);

      try
      {
         int permit = authzMgr.authorize(webResource, callerSubject, callerRoles);
         hasTheRole = (permit == AuthorizationContext.PERMIT);
         String level = (hasTheRole ? AuditLevel.SUCCESS : AuditLevel.FAILURE);
         if(this.enableAudit)
           this.authorizationAudit(level,webResource, null);
      }

      if(request == null)
         throw new IllegalArgumentException("request is null");
      if(response == null)
         throw new IllegalArgumentException("response is null");

      AuthorizationManager authzMgr = securityContext.getAuthorizationManager();
      if(authzMgr == null)
         throw new IllegalStateException("Authorization Manager is null");

      boolean hasPerm =  false;
      contextMap.put(ResourceKeys.POLICY_REGISTRATION, getPolicyRegistration());

      WebResource webResource = new WebResource(Collections.unmodifiableMap(contextMap));
      webResource.setPolicyContextID(contextID);
      webResource.setServletRequest(request);
      webResource.setServletResponse(response);

      webResource.setCallerSubject(callerSubject);
      SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
      RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);

      try
      {
         int permit = authzMgr.authorize(webResource, callerSubject, callerRoles);
         hasPerm = (permit == AuthorizationContext.PERMIT);
         String level = (hasPerm ? AuditLevel.SUCCESS : AuditLevel.FAILURE);
         if(this.enableAudit)
            this.authorizationAudit(level,webResource, null);
      }

      JBossSecurityContext sc = this.getSC("other");
      ISecurityManagement ism = sc.getSecurityManagement();
      assertNotNull("Security Management is not null", ism);
      AuthenticationManager authManager = sc.getAuthenticationManager();
      assertNotNull("AuthenticationManager is not null", authManager);
      AuthorizationManager authorizationMgr = sc.getAuthorizationManager();
      assertNotNull("AuthorizationManager is not null", authorizationMgr);
      AuditManager auditManager = sc.getAuditManager();
      assertNotNull("AuditManager is not null", auditManager);
      IdentityTrustManager itm = sc.getIdentityTrustManager();
      assertNotNull("IdentityTrustManager is not null", itm);

   public void testAuthorization() throws Exception
   {
      HashMap<String,Object> cmap = new HashMap<String,Object>();
      WebResource wr = new WebResource(cmap);
      wr.setServletRequest(new TestHttpServletRequest(p,"test", "get"));
      AuthorizationManager am = new JBossAuthorizationManager("other");
      am.authorize(wr);//This should just pass as the default module PERMITS all
   }

        if (runAs != null && runAs instanceof RunAsIdentity) {
            RunAsIdentity runAsIdentity = (RunAsIdentity) runAs;
            roleGroup = runAsIdentity.getRunAsRolesAsRoleGroup();
        } else {

            AuthorizationManager am = securityContext.getAuthorizationManager();
            SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(securityContext);

            roleGroup = am.getSubjectRoles(securityContext.getSubjectInfo().getAuthenticatedSubject(), scb);
        }

        List<Role> roles = roleGroup.getRoles();

        // TODO - Review most performant way.

        RunAs runAs = securityContext.getIncomingRunAs();
        if (runAs != null && runAs instanceof RunAsIdentity) {
            RunAsIdentity runAsIdentity = (RunAsIdentity) runAs;
            roleGroup = runAsIdentity.getRunAsRolesAsRoleGroup();
        } else {
            AuthorizationManager am = securityContext.getAuthorizationManager();
            SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(securityContext);

            roleGroup = am.getSubjectRoles(securityContext.getSubjectInfo().getAuthenticatedSubject(), scb);
        }

        List<Role> roles = roleGroup.getRoles();

        // TODO - Review most performant way.

        return am;
    }

    /** {@inheritDoc} */
    public AuthorizationManager getAuthorizationManager(String securityDomain) {
        AuthorizationManager am = null;
        try {
            am = authzMgrMap.get(securityDomain);
            if (am == null) {
                am = (AuthorizationManager) lookUpJNDI(securityDomain + "/authorizationMgr");
                authzMgrMap.put(securityDomain, am);

   /**
    * @see AuthorizationManagerServiceMBean#getAuthorizationManager(String)
    */
   public AuthorizationManager getAuthorizationManager( String securityDomain)
   {
      AuthorizationManager amanager = (AuthorizationManager)authorizationManagersMap.get(securityDomain);
      if(amanager == null)
      {
         //create a new Authorization Manager
         amanager = newAuthorizationManager(securityDomain);
         authorizationManagersMap.put(securityDomain, amanager);