Package org.jboss.as.messaging

Source Code of org.jboss.as.messaging.HornetQSecurityManagerAS7

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
package org.jboss.as.messaging;

import static org.jboss.as.messaging.MessagingMessages.MESSAGES;

import org.hornetq.core.security.CheckType;
import org.hornetq.core.security.Role;
import org.jboss.as.security.plugins.SecurityDomainContext;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SecurityContextFactory;
import org.jboss.security.SimplePrincipal;

import javax.security.auth.Subject;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.HashSet;
import java.util.Set;

public class HornetQSecurityManagerAS7 implements org.hornetq.spi.core.security.HornetQSecurityManager {
    private SecurityDomainContext securityDomainContext;
    private String defaultUser = null;
    private String defaultPassword = null;

    public HornetQSecurityManagerAS7(SecurityDomainContext sdc) {
        securityDomainContext = sdc;
        defaultUser = HornetQDefaultCredentials.getUsername();
        defaultPassword = HornetQDefaultCredentials.getPassword();
    }

    @Override
    public boolean validateUser(String username, String password) {
        if (defaultUser.equals(username) && defaultPassword.equals(password))
            return true;

        if (securityDomainContext == null)
            throw MESSAGES.securityDomainContextNotSet();

        return securityDomainContext.getAuthenticationManager().isValid(new SimplePrincipal(username), password, new Subject());
    }

    @Override
    public boolean validateUserAndRole(String username, String password, Set<Role> roles, CheckType checkType) {
        if (defaultUser.equals(username) && defaultPassword.equals(password))
            return true;

        if (securityDomainContext == null)
            throw MESSAGES.securityDomainContextNotSet();

        Subject subject = new Subject();

        // The authentication call here changes the subject and that subject must be used later.  That is why we don't call validateUser(String, String) here.
        boolean authenticated = securityDomainContext.getAuthenticationManager().isValid(new SimplePrincipal(username), password, subject);

        if (authenticated) {
            SecurityContext securityContext = pushSecurityContext(subject, new SimplePrincipal(username), password);
            Set<Principal> principals = new HashSet<Principal>();
            for (Role role : roles) {
                if (checkType.hasRole(role)) {
                    principals.add(new SimplePrincipal(role.getName()));
                }
            }

            authenticated = securityDomainContext.getAuthorizationManager().doesUserHaveRole(new SimplePrincipal(username), principals);

            // restore the previous security context if any
            setSecurityContextOnAssociation(securityContext);
        }

        return authenticated;
    }

    private SecurityContext pushSecurityContext(final Subject subject, final Principal principal, final Object credential) {
        return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() {

            public SecurityContext run() {
                final SecurityContext currentSecurityContext = SecurityContextAssociation.getSecurityContext();
                final SecurityContext securityContext;
                if (currentSecurityContext == null) {
                    securityContext = createSecurityContext(subject, principal, credential, securityDomainContext.getAuthenticationManager().getSecurityDomain());
                } else {
                    securityContext = currentSecurityContext;
                    securityContext.getUtil().createSubjectInfo(principal, credential, subject);
                }
                setSecurityContextOnAssociation(securityContext);
                return currentSecurityContext;
            }
        });
    }

    private static void setSecurityContextOnAssociation(final SecurityContext sc) {
        AccessController.doPrivileged(new PrivilegedAction<Void>() {

            @Override
            public Void run() {
                SecurityContextAssociation.setSecurityContext(sc);
                return null;
            }
        });
    }

    private static SecurityContext createSecurityContext(final Subject subject, final Principal principal, final Object credential, final String domain) {
        return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() {

            @Override
            public SecurityContext run() {
                try {
                    return SecurityContextFactory.createSecurityContext(principal, credential, subject, domain);
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
        });
    }

    @Override
    public void addUser(String s, String s1) {
    }

    @Override
    public void removeUser(String s) {
    }

    @Override
    public void addRole(String s, String s1) {
    }

    @Override
    public void removeRole(String s, String s1) {
    }

    @Override
    public void setDefaultUser(String s) {
    }

    @Override
    public void start() throws Exception {
    }

    @Override
    public void stop() throws Exception {
    }

    @Override
    public boolean isStarted() {
        return false;
    }
}
TOP

Related Classes of org.jboss.as.messaging.HornetQSecurityManagerAS7

  • org.jboss.security.SecurityContext
  • org.jboss.security.SimplePrincipal
  • javax.security.auth.Subject
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.