Examples of org.jboss.security.callbacks.SecurityContextCallbackHandler

• org.jboss.security.callbacks.SecurityContextCallbackHandler
  CallbackHandler for SecurityContext @author Anil.Saldhana@redhat.com @since Jan 7, 2008 @version $Revision$

            boolean isValid = authenticationManager.isValid(userPrincipal, clientDigest, subject);
            if (isValid) {
                WebLogger.WEB_SECURITY_LOGGER.tracef("User: " + userPrincipal + " is authenticated");
                userPrincipal = getPrincipal(subject);
                sc.getUtil().createSubjectInfo(userPrincipal, clientDigest, subject);
                SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(sc);
                if (mappingManager != null) {
                    // if there are mapping modules let them handle the role mapping
                    MappingContext<RoleGroup> mc = mappingManager.getMappingContext(MappingType.ROLE.name());
                    if (mc != null && mc.hasModules()) {
                        SecurityRolesAssociation.setSecurityRoles(principalVersusRolesMap);

      ejbResource.setCodeSource(ejbCS);
      ejbResource.setCallerRunAsIdentity(callerRunAs);
      ejbResource.setCallerSubject(callerSubject);
      ejbResource.setEjbMethodRoles(methodRoles);

      SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
      RoleGroup callerRoles = am.getSubjectRoles(callerSubject, sch);

      boolean isAuthorized = false;
      try
      {

      ejbResource.setCallerRunAsIdentity(callerRunAs);
      ejbResource.setSecurityRoleReferences(securityRoleRefs);
      ejbResource.setEnforceEJBRestrictions(enforceEJBRestrictions);

      ejbResource.setCallerSubject(callerSubject);
      SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
      RoleGroup callerRoles = am.getSubjectRoles(callerSubject, sch);

      try
      {
         int check = am.authorize(ejbResource, callerSubject, callerRoles);

      webResource.setServletRequest(request);
      webResource.setServletResponse(response);
      webResource.setCallerSubject(callerSubject);
      webResource.setCanonicalRequestURI(canonicalRequestURI);

      SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
      RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);

      try
      {
         int permit = authzMgr.authorize(webResource, callerSubject, callerRoles);

      webResource.setPolicyContextID(contextID);
      webResource.setPrincipal(principal);
      webResource.setServletName(servletName);

      webResource.setCallerSubject(callerSubject);
      SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
      RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);

      try
      {
         int permit = authzMgr.authorize(webResource, callerSubject, callerRoles);

      webResource.setPolicyContextID(contextID);
      webResource.setServletRequest(request);
      webResource.setServletResponse(response);

      webResource.setCallerSubject(callerSubject);
      SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
      RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);

      try
      {
         int permit = authzMgr.authorize(webResource, callerSubject, callerRoles);

            RunAsIdentity runAsIdentity = (RunAsIdentity) runAs;
            roleGroup = runAsIdentity.getRunAsRolesAsRoleGroup();
        } else {

            AuthorizationManager am = securityContext.getAuthorizationManager();
            SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(securityContext);

            roleGroup = am.getSubjectRoles(securityContext.getSubjectInfo().getAuthenticatedSubject(), scb);
        }

        List<Role> roles = roleGroup.getRoles();

        if (runAs != null && runAs instanceof RunAsIdentity) {
            RunAsIdentity runAsIdentity = (RunAsIdentity) runAs;
            roleGroup = runAsIdentity.getRunAsRolesAsRoleGroup();
        } else {
            AuthorizationManager am = securityContext.getAuthorizationManager();
            SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(securityContext);

            roleGroup = am.getSubjectRoles(securityContext.getSubjectInfo().getAuthenticatedSubject(), scb);
        }

        List<Role> roles = roleGroup.getRoles();

            Set<Principal> expectedRoles = rolesSet(roles);
            if (!authorizationManager.doesUserHaveRole(null, expectedRoles)) {
                SecurityContext sc = SecurityActions.getSecurityContext();
                StringBuilder builder = new StringBuilder("Authorization Failed:Subject=");
                builder.append(subject).append(":Expected Roles=").append(expectedRoles);
                SecurityContextCallbackHandler scbh = new SecurityContextCallbackHandler(sc);
                builder.append("::Actual Roles=").append(authorizationManager.getSubjectRoles(subject, scbh));
                logger.error(builder.toString());

                throw logger.jbossWSAuthorizationFailed();
            }