Package org.jboss.security.identity.plugins

Examples of org.jboss.security.identity.plugins.SimpleRoleGroup

359
360
361
362
363
364
365
366
367
368
369
      AbstractEJBAuthorizationHelper authorizationHelper = SecurityHelperFactory.getEJBAuthorizationHelper(sc);
      authorizationHelper.setPolicyRegistration(container.getPolicyRegistration());

      isAuthorized = SecurityActions.authorize(authorizationHelper, ejbName, ejbMethod, mi.getPrincipal(),
            mi.getType().toInterfaceString(), ejbCS, caller, callerRunAsIdentity, container.getJaccContextID(),
            new SimpleRoleGroup(methodRoles));
     
      if (!isAuthorized)
      {
         String msg = "Denied: caller with subject=" + caller + " and security context post-mapping roles="
               + SecurityActions.getRolesFromSecurityContext(currentSC) + ": ejbMethod=" + ejbMethod;
View Full Code Here
387
388
389
390
391
392
393
394
      }
      SecurityContext sc = scb.getSecurityContext();
     
      RoleGroup roles = this.getCurrentRoles(null, authenticatedSubject, sc);
      if(roles == null)
         roles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
      return roles;
  
View Full Code Here
486
487
488
489
490
491
492
493
494
495
496
   private RoleGroup copyGroups(RoleGroup source, Group toCopy)
   {
      if(toCopy == null)
         return source;
      if(source == null && toCopy != null)
         source = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
      Enumeration<? extends Principal> en = toCopy.members();
      while(en.hasMoreElements())
      {
         source.addRole(new SimpleRole(en.nextElement().getName()));
      }
View Full Code Here
539
540
541
542
543
544
545
546
547
548
549
550
551
  
   private RoleGroup getRoleGroup(Group roleGroup)
   {
      if(roleGroup == null)
         throw new IllegalArgumentException("roleGroup is null");
      SimpleRoleGroup srg = new SimpleRoleGroup(roleGroup.getName());
      Enumeration<? extends Principal> principals = roleGroup.members();
      while(principals.hasMoreElements())
      {
         srg.getRoles().add(new SimpleRole(principals.nextElement().getName()));
      }
      return srg; 
   }
View Full Code Here
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
         RoleGroup mappedObject)
   {
      Set<String> roleset = (Set<String>)principalRolesMap.get(principal.getName());
      if(roleset != null)
      {
         RoleGroup newRoles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
        
         if(roleset != null)
         {
            for(String r:roleset)
            {
               newRoles.addRole(new SimpleRole(r));           
            }
         }
        
         mappedObject.clearRoles();
         mappedObject.getRoles().addAll(newRoles.getRoles());
      }
      return mappedObject;
   }
View Full Code Here
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
        // SAM handled the same principal found in the cached account: indicates we must use the cached account.
        if (cachedAccount != null && cachedAccount.getPrincipal() == userPrincipal) {
            // populate the security context using the cached account data.
            jbossSct.getUtil().createSubjectInfo(userPrincipal, ((AccountImpl) cachedAccount).getCredential(), null);
            RoleGroup roleGroup = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
            for (String role : cachedAccount.getRoles())
                roleGroup.addRole(new SimpleRole(role));
            jbossSct.getUtil().setRoles(roleGroup);
            return cachedAccount;
        }

        // SAM handled a different principal or there is no cached account: build a new account.
        Set<String> stringRoles = new HashSet<String>();
        RoleGroup roleGroup = jbossSct.getUtil().getRoles();
        if (roleGroup != null) {
            for (Role role : roleGroup.getRoles()) {
                stringRoles.add(role.getRoleName());
            }
        }
        Object credential = jbossSct.getUtil().getCredential();
        Principal original = null;
View Full Code Here
251
252
253
254
255
256
257
258
259
260
261
        EJBResource resource = new EJBResource(new HashMap<String, Object>());
        resource.setEjbName(ejbName);
        resource.setEjbMethod(ejbMethod);
        resource.setEjbMethodInterface(ejbMethodIntf);
        resource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles));
        resource.setCodeSource(ejbCodeSource);
        resource.setPolicyContextID(contextID);
        resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs());
        resource.setCallerSubject(securityContext.getUtil().getSubject());
        Principal userPrincipal = securityContext.getUtil().getUserPrincipal();
View Full Code Here
240
241
242
243
244
245
246
247
248
249
250
        EJBResource resource = new EJBResource(new HashMap<String, Object>());
        resource.setEjbName(ejbName);
        resource.setEjbMethod(ejbMethod);
        resource.setEjbMethodInterface(ejbMethodIntf);
        resource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles));
        resource.setCodeSource(ejbCodeSource);
        resource.setPolicyContextID(contextID);
        resource.setCallerRunAsIdentity(securityContext.getIncomingRunAs());
        resource.setCallerSubject(securityContext.getUtil().getSubject());
        Principal userPrincipal = securityContext.getUtil().getUserPrincipal();
View Full Code Here
196
197
198
199
200
201
202
203
204
205
206
207
208
209
         else
         {
            if(callerRunAs instanceof RunAsIdentity)
            {
               RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
               RoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());
              
               // Check that the run-as role is in the set of method roles
               if(srg.containsAtleastOneRole(methodRoles) == false)
               {
                  String method = this.ejbMethod.getName();
                  String msg = "Insufficient method permissions, principal=" + ejbPrincipal
                  + ", ejbName=" + this.ejbName
                  + ", method=" + method + ", interface=" + this.methodInterface
View Full Code Here
282
283
284
285
286
287
288
289
290
291
292
293
      else
      {
         if(callerRunAs instanceof RunAsIdentity)
         {
            RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
            SimpleRoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());
            allowed = srg.containsRole(deploymentrole);
            //allowed = callerRunAsIdentity.doesUserHaveRole(set);
         }
      }
      return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
   }
View Full Code Here
TOP

Related Classes of org.jboss.security.identity.plugins.SimpleRoleGroup

  • org.jboss.as.security.service.SimpleSecurityManager
  • org.jboss.ejb.plugins.SecurityInterceptor
  • org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2
  • org.jboss.security.authorization.modules.ejb.EJBPolicyModuleDelegate
  • org.jboss.security.identity.RoleGroup
  • org.jboss.security.mapping.providers.DeploymentRolesMappingProvider
  • org.jboss.security.plugins.JBossAuthorizationManager
  • org.jboss.security.RunAsIdentity
  • org.jboss.test.authorization.ejb.EJBPolicyModuleDelegateUnitTestCase
  • org.jboss.test.authorization.JBossAuthorizationManagerUnitTestCase
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.