Examples of org.jboss.security.RunAsIdentity

• org.jboss.security.RunAsIdentity
  The RunAsIdentity is a Principal that associates the run-as principal with his run-as role(s). @author Thomas.Diesler@jboss.org @author Scott.Stark@jboss.org @author Anil.Saldhana@jboss.org @version $Revision: 68965 $

      if(ad != null && runAsPrincipal != null)
      {
         extraRoles.addAll(ad.getSecurityRoleNamesByPrincipal(runAsPrincipal));
      }

      return new RunAsIdentity(runAs.value(), runAsPrincipal, extraRoles);
   }

   public Object createPerClass(Advisor advisor)
   {
      EJBContainer container = (EJBContainer)advisor;
      RunAsIdentity runAsIdentity = getRunAsIdentity(container);
      /*if (runAsIdentity == null)
      {
         return new NullInterceptor();
      }*/

            {
               log.trace("Current Calling principal is: " + username
                  + " ThreadName: " + Thread.currentThread().getName());
            }
            // Check for a RunAsIdentity
            RunAsIdentity runAs = GetPrincipalInfoAction.peekRunAsIdentity();
            if( runAs != null )
            {
               runAsRoles = runAs.getRunAsRoles();
            }
         }
      }
      catch (Throwable e)
      {

   /** Push the run as role using the SecurityAssociation.pushRunAsIdentity method
    *@see SecurityAssociation#pushRunAsIdentity(RunAsIdentity)
    */
   public boolean login()
   {
      RunAsIdentity runAsRole = new RunAsIdentity(roleName, principalName);
      SecurityAssociation.pushRunAsIdentity(runAsRole);
      pushedRole = true;
      return true;
   }

         // The caller is using a run-as identity
         else
         {
            if(callerRunAs instanceof RunAsIdentity)
            {
               RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
               RoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());

               // Check that the run-as role is in the set of method roles
               if(srg.containsAtleastOneRole(methodRoles) == false)
               {
                  String method = this.ejbMethod.getName();
                  String msg = "Insufficient method permissions, principal=" + ejbPrincipal
                  + ", ejbName=" + this.ejbName
                  + ", method=" + method + ", interface=" + this.methodInterface
                  + ", requiredRoles=" + methodRoles + ", runAsRoles="
                  + callerRunAsIdentity.getRunAsRoles();
                  if(trace)
                     log.trace("Exception:"+msg);
                  allowed = false;
               }
            }

         allowed = principalRole.containsRole(deploymentrole);
      else
      {
         if(callerRunAs instanceof RunAsIdentity)
         {
            RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
            SimpleRoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());
            allowed = srg.containsRole(deploymentrole);
         }
      }
      return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
   }

   public TrustDecision isTrusted() throws IdentityTrustException
   {
      RunAs runAs = this.securityContext.getIncomingRunAs();
      if(runAs instanceof RunAsIdentity )
      {
         RunAsIdentity runAsIdentity = (RunAsIdentity)runAs;
         if(SecurityConstants.JAVAEE.equals(runAsIdentity.getProof()))
               return TrustDecision.Permit;
      }
      return TrustDecision.NotApplicable;
   }

            SubjectInfo si = sc.getSubjectInfo();

            if(si != null)
            {
               Subject activeSubject = si.getAuthenticatedSubject();
               RunAsIdentity callerRunAsIdentity = (RunAsIdentity)sc.getIncomingRunAs();

               if( activeSubject != null )
               {
                  Set<Principal> principalsSet = null;
                  if( callerRunAsIdentity == null )
                  {
                     principalsSet = activeSubject.getPrincipals();
                  }
                  else
                  {
                     principalsSet = callerRunAsIdentity.getPrincipalsSet();
                  }

                  theSubject = new Subject(true, principalsSet,
                     activeSubject.getPublicCredentials(),
                     activeSubject.getPrivateCredentials());
               }
               else
               {
                  if( callerRunAsIdentity != null )
                  {
                     Set<Principal> principalsSet = callerRunAsIdentity.getPrincipalsSet();
                     theSubject = new Subject(true, principalsSet, EMPTY_SET, EMPTY_SET);
                  }
               }
            }
         }

            try {
                servlet = request.getWrapper();
                if (servlet != null) {
                    String name = servlet.getName();
                    RunAsIdentityMetaData identity = metaData.getRunAsIdentity(name);
                    RunAsIdentity runAsIdentity = null;
                    if (identity != null) {
                        if (trace)
                            log.trace(name + ", runAs: " + identity);
                        runAsIdentity = new RunAsIdentity(identity.getRoleName(), identity.getPrincipalName(),
                                identity.getRunAsRoles());
                    }
                    SecurityActions.pushRunAsIdentity(runAsIdentity);
                }

         else
         {
            // Check that the run-as role is in the set of method roles
            if (callerRunAsIdentity instanceof RunAsIdentity)
            {
               RunAsIdentity rai = (RunAsIdentity) callerRunAsIdentity;
               if (rai.doesUserHaveRole(roles) == false)
               {
                  String msg = "Insufficient permissions, runAsPrincipal=" + rai.getName() + ", requiredRoles=" + roles
                        + ", runAsRoles=" + rai.getRunAsRoles();
                  log.error(msg);
                  throw new SecurityException(msg);
               }
            }
            else