Package org.jboss.security.javaee

Examples of org.jboss.security.javaee.AbstractWebAuthorizationHelper

608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
            Map<String, Object> map = new HashMap<String, Object>();
            map.put("securityConstraints", constraints);
            map.put(ResourceKeys.USERDATA_PERM_CHECK, Boolean.TRUE);

            SecurityContext sc = SecurityActions.getSecurityContext();
            AbstractWebAuthorizationHelper helper = null;
            try {
                helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
            } catch (Exception e) {
                WebLogger.WEB_SECURITY_LOGGER.noAuthorizationHelper(e);
            }

            Subject callerSubject = sc.getUtil().getSubject();
            // JBAS-6419:CallerSubject has no bearing on the user data permission check
            if (callerSubject == null)
                callerSubject = new Subject();

            ok = helper.hasUserDataPermission(map, request, response, PolicyContext.getContextID(), callerSubject,
                    getPrincipalRoles(request));
        }

        return ok;
    }
View Full Code Here
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
                caller = getSubjectFromRequestPrincipal(request.getPrincipal());
            Map<String, Object> contextMap = new HashMap<String, Object>();
            contextMap.put(ResourceKeys.RESOURCE_PERM_CHECK, Boolean.TRUE);
            contextMap.put("securityConstraints", constraints);

            AbstractWebAuthorizationHelper helper = null;
            try {
                helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
            } catch (Exception e) {
                WebLogger.WEB_SECURITY_LOGGER.noAuthorizationHelper(e);
                return false;
            }

            authzDecision = helper.checkResourcePermission(contextMap, request, response, caller, PolicyContext.getContextID(),
                    requestURI(request), getPrincipalRoles(request));
        }
        boolean finalDecision = baseDecision && authzDecision;
        WebLogger.WEB_SECURITY_LOGGER.tracef("hasResourcePermission:RealmBase says:" + baseDecision + "::Authz framework says:" + authzDecision
                + ":final=" + finalDecision);
View Full Code Here
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
                    }
                }
            }

            SecurityContext sc = SecurityActions.getSecurityContext();
            AbstractWebAuthorizationHelper helper = null;
            try {
                helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
            } catch (Exception e) {
                WebLogger.WEB_SECURITY_LOGGER.noAuthorizationHelper(e);
            }
            Subject callerSubject = sc.getUtil().getSubject();
            if (callerSubject == null) {
                // During hasResourcePermission check, Catalina calls hasRole. But we have not established
                // a subject yet in the security context. So we will get the subject from the cached principal
                callerSubject = getSubjectFromRequestPrincipal(principal);
            }

            authzDecision = helper.hasRole(roleName, principal, servletName, getPrincipalRoles(principal),
                    PolicyContext.getContextID(), callerSubject, getPrincipalRoles(request));
        }
        boolean finalDecision = baseDecision && authzDecision;
        WebLogger.WEB_SECURITY_LOGGER.tracef("hasRole:RealmBase says:" + baseDecision + "::Authz framework says:" + authzDecision + ":final="
                + finalDecision);
View Full Code Here
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
            Map<String, Object> map = new HashMap<String, Object>();
            map.put("securityConstraints", constraints);
            map.put(ResourceKeys.USERDATA_PERM_CHECK, Boolean.TRUE);

            SecurityContext sc = SecurityActions.getSecurityContext();
            AbstractWebAuthorizationHelper helper = null;
            try {
                helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
            } catch (Exception e) {
                WebLogger.WEB_SECURITY_LOGGER.noAuthorizationHelper(e);
            }

            Subject callerSubject = sc.getUtil().getSubject();
            // JBAS-6419:CallerSubject has no bearing on the user data permission check
            if (callerSubject == null)
                callerSubject = new Subject();

            ok = helper.hasUserDataPermission(map, request, response, PolicyContext.getContextID(), callerSubject,
                    getPrincipalRoles(request));
        }

        return ok;
    }
View Full Code Here
TOP

Related Classes of org.jboss.security.javaee.AbstractWebAuthorizationHelper

  • org.jboss.as.web.security.JBossWebRealm
  • org.jboss.web.tomcat.security.JBossWebRealm
  • org.wildfly.extension.undertow.security.JbossAuthorizationManager
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.