Java Examples for org.jboss.security.mapping.MappingType
The following java examples will help you to understand the usage of org.jboss.security.mapping.MappingType. These source code samples are taken from different open source projects.
Example 1
Project: picketbox-master File: StaxConfigParserUnitTestCase.java View source code |
public static void validateCompleteConfiguration() { ApplicationPolicy completeConfig = getApplicationPolicy("conf-complete"); BaseAuthenticationInfo authInfo = completeConfig.getAuthenticationInfo(); List<?> entries = authInfo.getModuleEntries(); assertEquals("Number of entries = 1", 1, entries.size()); // First Entry Object entry = entries.get(0); assertTrue("Entry instanceof AppConfigurationEntry", entry instanceof AppConfigurationEntry); AppConfigurationEntry ace = (AppConfigurationEntry) entry; assertEquals("LM Name", "org.jboss.test.TestLoginModule", ace.getLoginModuleName()); assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, ace.getControlFlag()); Map<String, ?> aceOptions = ace.getOptions(); assertEquals("Number of options = 3", 3, aceOptions.size()); assertEquals("name=1.1", "1.1", aceOptions.get("name")); assertEquals("succeed=true", "true", aceOptions.get("succeed")); assertEquals("throwEx=false", "false", aceOptions.get("throwEx")); // Authorization AuthorizationInfo authzInfo = completeConfig.getAuthorizationInfo(); assertNotNull("AuthorizationInfo is not null", authzInfo); AuthorizationModuleEntry[] authzEntries = authzInfo.getAuthorizationModuleEntry(); assertEquals("Length of authorization entries = 1", 1, authzEntries.length); AuthorizationModuleEntry authzEntry = authzEntries[0]; assertEquals("TestPolicyModule", "org.jboss.test.TestPolicyModule", authzEntry.getPolicyModuleName()); assertEquals("Required", ControlFlag.REQUIRED, authzEntry.getControlFlag()); Map<String, ?> authzoptions = authzEntry.getOptions(); assertEquals("Number of options = 2", 2, authzoptions.size()); assertEquals("name=authz", "authz", authzoptions.get("name")); assertEquals("succeed=true", "true", authzoptions.get("succeed")); // ACL (instance-based authorization) ACLInfo aclInfo = completeConfig.getAclInfo(); assertNotNull("Unexpected null ACLInfo found", aclInfo); ACLProviderEntry[] aclEntries = aclInfo.getACLProviderEntry(); assertNotNull("Unexpected null set of acl entries", aclEntries); assertEquals("Invalid number of acl entries", 2, aclEntries.length); // first entry should be org.jboss.security.authz.ACLModule1. Assert.assertEquals("org.jboss.security.authz.ACLModule1", aclEntries[0].getAclProviderName()); Assert.assertEquals("REQUIRED", aclEntries[0].getControlFlag().toString()); Map<String, ?> options = aclEntries[0].getOptions(); Assert.assertNotNull("Unexpected null options map", options); Assert.assertTrue("Option aclOption1 was not found", options.containsKey("aclOption1")); Assert.assertEquals("value1", options.get("aclOption1")); Assert.assertTrue("Option aclOption2 was not found", options.containsKey("aclOption2")); Assert.assertEquals("value2", options.get("aclOption2")); // second entry should be the org.jboss.security.authz.ACLModule2. Assert.assertEquals("org.jboss.security.authz.ACLModule2", aclEntries[1].getAclProviderName()); Assert.assertEquals("REQUIRED", aclEntries[1].getControlFlag().toString()); options = aclEntries[1].getOptions(); Assert.assertNotNull("Unexpected null options map", options); Assert.assertTrue("Option aclOption3 was not found", options.containsKey("aclOption3")); Assert.assertEquals("value3", options.get("aclOption3")); Assert.assertTrue("Option aclOption4 was not found", options.containsKey("aclOption4")); Assert.assertEquals("value4", options.get("aclOption4")); // Mapping MappingInfo mappingInfo = completeConfig.getMappingInfo(MappingType.PRINCIPAL.toString()); assertNotNull("MappingInfo is not null", mappingInfo); MappingModuleEntry[] mappingEntries = mappingInfo.getMappingModuleEntry(); assertEquals("Invalid number of entries", 1, mappingEntries.length); MappingModuleEntry mappingEntry = mappingEntries[0]; assertEquals("org.jboss.test.mapping.MappingModule1", mappingEntry.getMappingModuleName()); Map<String, ?> mappingOptions = mappingEntry.getOptions(); assertEquals("Invalid number of options", 1, mappingOptions.size()); Assert.assertTrue("Option option1 was not found", mappingOptions.containsKey("option1")); assertEquals("value1", mappingOptions.get("option1")); // Role Mapping mappingInfo = completeConfig.getMappingInfo(MappingType.ROLE.toString()); assertNotNull("MappingInfo is not null", mappingInfo); MappingModuleEntry[] mmearr = mappingInfo.getMappingModuleEntry(); assertEquals("Mapping entry length=1", 1, mmearr.length); MappingModuleEntry mme = mmearr[0]; assertEquals("TestMappingModule", "org.jboss.test.TestMappingModule", mme.getMappingModuleName()); Map<String, ?> mmOptions = mme.getOptions(); assertEquals("Number of options = 2", 2, mmOptions.size()); assertEquals("name=rolemap", "rolemap", mmOptions.get("name")); assertEquals("succeed=true", "true", mmOptions.get("succeed")); // Audit AuditInfo ai = completeConfig.getAuditInfo(); assertNotNull("AuditInfo", ai); AuditProviderEntry[] apelist = ai.getAuditProviderEntry(); assertEquals("Audit entry length=1", 1, apelist.length); AuditProviderEntry ape = apelist[0]; assertEquals("TestMappingModule", "org.jboss.test.TestMappingModule", mme.getMappingModuleName()); Map<String, ?> auditOptions = ape.getOptions(); assertEquals("Number of options = 2", 2, auditOptions.size()); assertEquals("name=auditprovider", "auditprovider", auditOptions.get("name")); assertEquals("succeed=false", "false", auditOptions.get("succeed")); // Identity Trust IdentityTrustInfo iti = completeConfig.getIdentityTrustInfo(); assertNotNull("IdentityTrustInfo", iti); IdentityTrustModuleEntry[] itilist = iti.getIdentityTrustModuleEntry(); assertEquals("IdentityTrustModuleEntry length=1", 1, itilist.length); IdentityTrustModuleEntry itie = itilist[0]; assertEquals("TestMappingModule", "org.jboss.test.TestMappingModule", mme.getMappingModuleName()); Map<String, ?> itieOptions = itie.getOptions(); assertEquals("Number of options = 3", 3, itieOptions.size()); assertEquals("name=trustprovider", "trustprovider", itieOptions.get("name")); assertEquals("succeed=true", "true", itieOptions.get("succeed")); assertEquals("dummy=dr", "dr", itieOptions.get("dummy")); }
Example 2
Project: picketlink-bindings-master File: JBossAppServerAttributeManager.java View source code |
/**
* @see AttributeManager#getAttributes(Principal, List)
*/
public Map<String, Object> getAttributes(Principal userPrincipal, List<String> attributeKeys) {
Map<String, Object> attributeMap = new HashMap<String, Object>();
SecurityContext sc = SecurityActions.getSecurityContext();
if (sc != null) {
String mappingType = MappingType.ATTRIBUTE.name();
MappingManager mm = sc.getMappingManager();
MappingContext<List<Attribute<Object>>> mc = mm.getMappingContext(mappingType);
if (mc == null) {
logger.mappingContextNull();
return attributeMap;
}
Map<String, Object> contextMap = new HashMap<String, Object>();
contextMap.put(SecurityConstants.PRINCIPAL_IDENTIFIER, userPrincipal);
List<Attribute<Object>> attList = new ArrayList<Attribute<Object>>();
try {
mc.performMapping(contextMap, attList);
} catch (Exception e) {
logger.attributeManagerError(e);
}
attList = (List<Attribute<Object>>) mc.getMappingResult().getMappedObject();
if (attList != null) {
for (Attribute<Object> attribute : attList) {
attributeMap.put(attribute.getName(), attribute.getValue());
}
}
} else {
logger.couldNotObtainSecurityContext();
}
if (attributeMap != null) {
logger.trace("Final attribute map size: " + attributeMap.size());
}
return attributeMap;
}
Example 3
Project: wildfly-master File: SecurityDomainAdd.java View source code |
private boolean processMapping(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException {
node = peek(node, MAPPING, CLASSIC, MAPPING_MODULE);
if (node == null) {
return false;
}
for (Property moduleProperty : node.asPropertyList()) {
ModelNode module = moduleProperty.getValue();
MappingInfo mappingInfo = new MappingInfo(securityDomain);
String codeName = extractCode(context, module, ModulesMap.MAPPING_MAP);
String mappingType;
if (module.hasDefined(TYPE)) {
mappingType = MappingModuleDefinition.TYPE.resolveModelAttribute(context, module).asString();
} else {
mappingType = MappingType.ROLE.toString();
}
Map<String, Object> options = extractOptions(context, module);
MappingModuleEntry entry = new MappingModuleEntry(codeName, options, mappingType);
mappingInfo.add(entry);
applicationPolicy.setMappingInfo(mappingType, mappingInfo);
ModelNode moduleName = LoginModuleResourceDefinition.MODULE.resolveModelAttribute(context, module);
if (moduleName.isDefined() && !moduleName.asString().isEmpty()) {
mappingInfo.addJBossModuleName(moduleName.asString());
} else {
mappingInfo.addJBossModuleName(DEFAULT_MODULE);
}
}
return true;
}
Example 4
Project: teiid-master File: JBossSecurityHelper.java View source code |
@Override
public SecurityContext authenticate(String domain, String baseUsername, Credentials credentials, String applicationName) throws LoginException {
// If username specifies a domain (user@domain) only that domain is authenticated against.
SecurityDomainContext securityDomainContext = getSecurityDomainContext(domain);
if (securityDomainContext != null) {
Subject subject = new Subject();
boolean isValid = false;
SecurityContext securityContext = null;
AuthenticationManager authManager = securityDomainContext.getAuthenticationManager();
if (authManager != null) {
Principal userPrincipal = new SimplePrincipal(baseUsername);
String credString = credentials == null ? null : new String(credentials.getCredentialsAsCharArray());
isValid = authManager.isValid(userPrincipal, credString, subject);
securityContext = createSecurityContext(domain, userPrincipal, credString, subject);
//$NON-NLS-1$ //$NON-NLS-2$
LogManager.logDetail(LogConstants.CTX_SECURITY, new Object[] { "Logon successful for \"", baseUsername, "\" in security domain", domain });
}
if (isValid) {
MappingManager mappingManager = securityDomainContext.getMappingManager();
if (mappingManager != null) {
MappingContext<RoleGroup> mc = mappingManager.getMappingContext(MappingType.ROLE.name());
if (mc != null && mc.hasModules()) {
RoleGroup userRoles = securityContext.getUtil().getRoles();
if (userRoles == null) {
userRoles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
}
Map<String, Object> contextMap = new HashMap<String, Object>();
contextMap.put(SecurityConstants.ROLES_IDENTIFIER, userRoles);
//Append any deployment role->principals configuration done by the user
contextMap.put(SecurityConstants.DEPLOYMENT_PRINCIPAL_ROLES_MAP, SecurityRolesAssociation.getSecurityRoles());
//Append the principals also
contextMap.put(SecurityConstants.PRINCIPALS_SET_IDENTIFIER, subject.getPrincipals());
//$NON-NLS-1$
LogManager.logDetail(LogConstants.CTX_SECURITY, new Object[] { "Roles before mapping \"", userRoles.toString() });
PicketBoxLogger.LOGGER.traceRolesBeforeMapping(userRoles != null ? userRoles.toString() : "");
mc.performMapping(contextMap, userRoles);
RoleGroup mappedRoles = mc.getMappingResult().getMappedObject();
//$NON-NLS-1$
LogManager.logDetail(LogConstants.CTX_SECURITY, new Object[] { "Roles after mapping \"", mappedRoles.toString() });
}
}
return securityContext;
}
}
throw new LoginException(IntegrationPlugin.Util.gs(IntegrationPlugin.Event.TEIID50072, baseUsername, domain));
}
Example 5
Project: undertow-subsystem-master File: JAASIdentityManagerImpl.java View source code |
private Account verifyCredential(final Account account, final Object credential) {
final AuthenticationManager authenticationManager = securityDomainContext.getAuthenticationManager();
final MappingManager mappingManager = securityDomainContext.getMappingManager();
final AuthorizationManager authorizationManager = securityDomainContext.getAuthorizationManager();
final SecurityContext sc = SecurityActions.getSecurityContext();
Principal incomingPrincipal = account.getPrincipal();
Subject subject = new Subject();
try {
boolean isValid = authenticationManager.isValid(incomingPrincipal, credential, subject);
if (isValid) {
UndertowLogger.ROOT_LOGGER.tracef("User: " + incomingPrincipal + " is authenticated");
if (sc == null)
throw new IllegalStateException("No SecurityContext found!");
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(incomingPrincipal, credential, subject);
SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(sc);
if (mappingManager != null) {
// if there are mapping modules let them handle the role mapping
MappingContext<RoleGroup> mc = mappingManager.getMappingContext(MappingType.ROLE.name());
if (mc != null && mc.hasModules()) {
SecurityRolesAssociation.setSecurityRoles(principalVersusRolesMap);
}
}
RoleGroup roles = authorizationManager.getSubjectRoles(subject, scb);
Set<String> roleSet = new HashSet<String>();
for (Role role : roles.getRoles()) {
roleSet.add(role.getRoleName());
}
AccountImpl accountImpl = new AccountImpl(userPrincipal);
accountImpl.setRoles(roleSet);
return accountImpl;
}
} catch (Exception e) {
throw new RuntimeException(e);
}
return null;
}
Example 6
Project: federation-master File: AbstractSTSLoginModule.java View source code |
@SuppressWarnings("deprecation") protected void populateSubject() { MappingManager mappingManager = getMappingManager(); if (mappingManager == null) { return; } MappingContext<Principal> principalMappingContext = null; MappingContext<RoleGroup> roleMappingContext = null; try { principalMappingContext = mappingManager.getMappingContext(MappingType.PRINCIPAL.toString()); } catch (NoSuchMethodError nse) { principalMappingContext = mappingManager.getMappingContext(Principal.class); } try { roleMappingContext = mappingManager.getMappingContext(MappingType.ROLE.toString()); } catch (NoSuchMethodError nse) { roleMappingContext = mappingManager.getMappingContext(RoleGroup.class); } Map<String, Object> contextMap = new HashMap<String, Object>(); contextMap.put(SHARED_TOKEN, this.samlToken); AssertionType assertion = null; try { assertion = SAMLUtil.fromElement(samlToken); } catch (Exception e) { throw new RuntimeException(e); } if (principalMappingContext != null) { principalMappingContext.performMapping(contextMap, null); Principal principal = principalMappingContext.getMappingResult().getMappedObject(); subject.getPrincipals().add(principal); // If the user has configured cache invalidation of subject based on saml token expiry if (enableCacheInvalidation) { TimeCacheExpiry cacheExpiry = JBossAuthCacheInvalidationFactory.getCacheExpiry(); XMLGregorianCalendar expiry = AssertionUtil.getExpiration(assertion); if (expiry != null) { cacheExpiry.register(securityDomain, expiry.toGregorianCalendar().getTime(), principal); } else { logger.samlAssertionWithoutExpiration(assertion.getID()); } } } if (roleMappingContext != null) { roleMappingContext.performMapping(contextMap, null); RoleGroup group = roleMappingContext.getMappingResult().getMappedObject(); SimpleGroup rolePrincipal = new SimpleGroup(group.getRoleName()); for (Role role : group.getRoles()) { rolePrincipal.addMember(new SimplePrincipal(role.getRoleName())); } subject.getPrincipals().add(rolePrincipal); } else { List<String> roleKeys = new ArrayList<String>(); roleKeys.addAll(StringUtil.tokenize(roleKey)); List<String> roles = AssertionUtil.getRoles(assertion, roleKeys); if (roles.size() > 0) { SimpleGroup group = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER); for (String role : roles) { group.addMember(new SimplePrincipal(role)); } subject.getPrincipals().add(group); } } if (injectCallerPrincipalGroup) { Group callerPrincipal = new SimpleGroup("CallerPrincipal"); List<String> roles = AssertionUtil.getRoles(assertion, null); for (String role : roles) { callerPrincipal.addMember(new SimplePrincipal(role)); } subject.getPrincipals().add(callerPrincipal); } }
Example 7
Project: picketlink-master File: AbstractSTSLoginModule.java View source code |
@SuppressWarnings("deprecation") protected void populateSubject() { MappingManager mappingManager = getMappingManager(); if (mappingManager == null) { return; } MappingContext<Principal> principalMappingContext = null; MappingContext<RoleGroup> roleMappingContext = null; try { principalMappingContext = mappingManager.getMappingContext(MappingType.PRINCIPAL.toString()); } catch (NoSuchMethodError nse) { principalMappingContext = mappingManager.getMappingContext(Principal.class); } try { roleMappingContext = mappingManager.getMappingContext(MappingType.ROLE.toString()); } catch (NoSuchMethodError nse) { roleMappingContext = mappingManager.getMappingContext(RoleGroup.class); } Map<String, Object> contextMap = new HashMap<String, Object>(); contextMap.put(SHARED_TOKEN, this.samlToken); AssertionType assertion = null; try { assertion = SAMLUtil.fromElement(samlToken); } catch (Exception e) { throw new RuntimeException(e); } if (principalMappingContext != null) { principalMappingContext.performMapping(contextMap, null); Principal principal = principalMappingContext.getMappingResult().getMappedObject(); subject.getPrincipals().add(principal); // If the user has configured cache invalidation of subject based on saml token expiry if (enableCacheInvalidation) { TimeCacheExpiry cacheExpiry = JBossAuthCacheInvalidationFactory.getCacheExpiry(); XMLGregorianCalendar expiry = AssertionUtil.getExpiration(assertion); if (expiry != null) { cacheExpiry.register(securityDomain, expiry.toGregorianCalendar().getTime(), principal); } else { logger.samlAssertionWithoutExpiration(assertion.getID()); } } } if (roleMappingContext != null) { roleMappingContext.performMapping(contextMap, null); RoleGroup group = roleMappingContext.getMappingResult().getMappedObject(); SimpleGroup rolePrincipal = new SimpleGroup(group.getRoleName()); for (Role role : group.getRoles()) { rolePrincipal.addMember(new SimplePrincipal(role.getRoleName())); } subject.getPrincipals().add(rolePrincipal); } else { List<String> roleKeys = new ArrayList<String>(); roleKeys.addAll(StringUtil.tokenize(roleKey)); List<String> roles = AssertionUtil.getRoles(assertion, roleKeys); if (roles.size() > 0) { SimpleGroup group = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER); for (String role : roles) { group.addMember(new SimplePrincipal(role)); } subject.getPrincipals().add(group); } } if (injectCallerPrincipalGroup) { Group callerPrincipal = new SimpleGroup("CallerPrincipal"); List<String> roles = AssertionUtil.getRoles(assertion, null); for (String role : roles) { callerPrincipal.addMember(new SimplePrincipal(role)); } subject.getPrincipals().add(callerPrincipal); } }