Examples of org.jboss.security.SecurityContext

• org.jboss.security.SecurityContext
  Encapsulation of Authentication, Authorization, Mapping and other security aspects at the level of a security domain @author Anil Saldhana @version $Revision$ @since Aug 24, 2006

      if (realmMapping == null)
      {
         throw new SecurityException("Role mapping manager has not been set");
      }

      SecurityContext sc = SecurityActions.getSecurityContext();

      EJBAuthenticationHelper helper = SecurityHelperFactory.getEJBAuthenticationHelper(sc);
      boolean isTrusted = containsTrustableRunAs(sc) || helper.isTrusted();

      if (!isTrusted)
      {
         // Check the security info from the method invocation
         Subject subject = new Subject();
         if (SecurityActions.isValid(helper, subject, m.getName()) == false)
         {
            // Notify authentication observer
            if (authenticationObserver != null)
               authenticationObserver.authenticationFailed();
            // Else throw a generic SecurityException
            String msg = "Authentication exception, principal=" + principal;
            throw new SecurityException(msg);
         }
         else
         {
            SecurityActions.pushSubjectContext(principal, credential, subject);
            if (trace)
            {
               log.trace("Authenticated principal=" + principal + " in security domain=" + sc.getSecurityDomain());
            }
         }
      }
      else
      {
         // Duplicate the current subject context on the stack since
         //SecurityActions.dupSubjectContext();
         SecurityActions.pushRunAsIdentity(callerRunAsIdentity);
      }

      Method ejbMethod = mi.getMethod();
      // Ignore internal container calls
      if (ejbMethod == null)
         return;
      // Get the caller
      Subject caller = SecurityActions.getContextSubject();
      if (caller == null)
         throw new IllegalStateException("Authenticated User. But caller subject is null");

      //Establish the deployment rolename-principalset custom mapping(if available)
      SecurityRolesAssociation.setSecurityRoles(this.deploymentRoles);

      boolean isAuthorized = false;
      Set<Principal> methodRoles = container.getMethodPermissions(ejbMethod, mi.getType());

      SecurityContext currentSC = SecurityActions.getSecurityContext();
      if (SecurityActions.getSecurityManagement(currentSC) == null)
         SecurityActions.setSecurityManagement(currentSC, securityManagement);

      AbstractEJBAuthorizationHelper authorizationHelper = SecurityHelperFactory.getEJBAuthorizationHelper(sc);
      authorizationHelper.setPolicyRegistration(container.getPolicyRegistration());

   {
      return AccessController.doPrivileged(new PrivilegedExceptionAction<SecurityContext>()
      {
         public SecurityContext run() throws Exception
         {
            SecurityContext sc =  SecurityContextFactory.createSecurityContext(domain);
            setSecurityContext(sc);
            return sc;
         }}
      );
   }

      return AccessController.doPrivileged(new PrivilegedAction<Principal>()
      {
         public Principal run()
         {
            Principal principal = null;
            SecurityContext sc = getSecurityContext();
            if(sc != null)
            {
               principal = sc.getUtil().getUserPrincipal();
            }
            return principal;
         }
      });
   }

      return AccessController.doPrivileged(new PrivilegedAction<Object>()
      {
         public Object run()
         {
            Object credential = null;
            SecurityContext sc = getSecurityContext();
            if(sc != null)
            {
               credential = sc.getUtil().getCredential();
            }
            return credential;
         }
      });
   }

      }
      boolean restoreLoginIdentity = false;
      flag = (String) env.get("jnp.restoreLoginIdentity");
      if( flag != null )
         restoreLoginIdentity = Boolean.parseBoolean(flag);
      SecurityContext initialSC = null;
      if (restoreLoginIdentity)
          initialSC = SecurityAssociationActions.getSecurityContext();

      // See if the principal is a Principal or String
      if( principal instanceof Principal )
      {
         securityPrincipal = (Principal) principal;
      }
      else
      {
         // Simply convert this to a name using toString
         String username = principal.toString();
         securityPrincipal = new SimplePrincipal(username);
      }
      SecurityContext sc = SecurityAssociationActions.createSecurityContext(securityPrincipal, credentials, null);
      SecurityAssociationActions.setSecurityContext(sc);
      // Now return the context using the standard jnp naming context factory
      Context iniCtx = super.getInitialContext(env);
      if( restoreLoginIdentity )
      {

      return value;
   }

   private void establishSecurityContext(InvocationRequest invocation) throws Exception
   {
      SecurityContext newSC = SecurityActions.createAndSetSecurityContext(securityDomain);

      // Set the SecurityManagement on the context
      SecurityActions.setSecurityManagement(newSC, securityManagement);
      log.trace("establishSecurityIdentity:SecCtx="+SecurityActions.trace(newSC));
   }

   {
      return (SecurityContext) AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
      {
         public SecurityContext run()
         {
                 SecurityContext sc = null;
                 try
                 {
                        sc = SecurityContextFactory.createSecurityContext(p, cred, subject, "CLIENT_LOGIN_MODULE");
                 }
                 catch (Exception e)

      AccessController.doPrivileged(new PrivilegedAction<Object>()
      {
         @SuppressWarnings("deprecation")
         public Object run()
         {
            SecurityContext sc;
            try
            {
               sc = SecurityContextFactory.createSecurityContext(p, cred,
                     subject, securityDomain);
            }

         {
            SecurityAssociation.pushSubjectContext(subject, principal, credential);
         }

         //Always create a new security context
         SecurityContext sc = null;
         try
         {
            sc = SecurityContextFactory.createSecurityContext(principal,
                                                credential, subject, "CLIENT_LOGIN_MODULE");
         }

      //For local ejb invocations
      if(mi.isLocal() && !isEjbTimeOutMethod)
      {
         log.trace("True mi.isLocal() && !isEjbTimeOutMethod");
         //Cache the security context
         SecurityContext sc = SecurityActions.getSecurityContext();
         if(sc != null)
         {
           si = SecurityActions.getSecurityIdentity(sc);
           incomingDomain = sc.getSecurityDomain();
         }

         SecurityActions.setSecurityManagement(sc, container.getSecurityManagement());
         // set the container's security domain in the security context
         SecurityActions.setSecurityDomain(sc, this.securityDomain);

         log.trace("SecurityIdentity="+SecurityActions.trace(si));
         //Set the security context on the invocation
         mi.setSecurityContext(sc);
      }
      else
      {
         log.trace("False mi.isLocal() && !isEjbTimeOutMethod");
         establishSecurityContext(mi);
      }

      try
      {
         //Establish the run-as on the SC as the caller SC
         SecurityContext currentSC = SecurityActions.getSecurityContext();
         SecurityActions.pushCallerRunAsIdentity(currentSC.getOutgoingRunAs());
         log.trace("Going to the SecurityInterceptor with SC="+SecurityActions.trace(currentSC));
         if(isInvoke)
            return getNext().invoke(mi);
         else
            return getNext().invokeHome(mi);