Java Examples for org.jboss.security.mapping.MappingType
The following java examples will help you to understand the usage of org.jboss.security.mapping.MappingType. These source code samples are taken from different open source projects.
Example 1
| Project: picketbox-master File: StaxConfigParserUnitTestCase.java View source code |
public static void validateCompleteConfiguration() {
ApplicationPolicy completeConfig = getApplicationPolicy("conf-complete");
BaseAuthenticationInfo authInfo = completeConfig.getAuthenticationInfo();
List<?> entries = authInfo.getModuleEntries();
assertEquals("Number of entries = 1", 1, entries.size());
// First Entry
Object entry = entries.get(0);
assertTrue("Entry instanceof AppConfigurationEntry", entry instanceof AppConfigurationEntry);
AppConfigurationEntry ace = (AppConfigurationEntry) entry;
assertEquals("LM Name", "org.jboss.test.TestLoginModule", ace.getLoginModuleName());
assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, ace.getControlFlag());
Map<String, ?> aceOptions = ace.getOptions();
assertEquals("Number of options = 3", 3, aceOptions.size());
assertEquals("name=1.1", "1.1", aceOptions.get("name"));
assertEquals("succeed=true", "true", aceOptions.get("succeed"));
assertEquals("throwEx=false", "false", aceOptions.get("throwEx"));
// Authorization
AuthorizationInfo authzInfo = completeConfig.getAuthorizationInfo();
assertNotNull("AuthorizationInfo is not null", authzInfo);
AuthorizationModuleEntry[] authzEntries = authzInfo.getAuthorizationModuleEntry();
assertEquals("Length of authorization entries = 1", 1, authzEntries.length);
AuthorizationModuleEntry authzEntry = authzEntries[0];
assertEquals("TestPolicyModule", "org.jboss.test.TestPolicyModule", authzEntry.getPolicyModuleName());
assertEquals("Required", ControlFlag.REQUIRED, authzEntry.getControlFlag());
Map<String, ?> authzoptions = authzEntry.getOptions();
assertEquals("Number of options = 2", 2, authzoptions.size());
assertEquals("name=authz", "authz", authzoptions.get("name"));
assertEquals("succeed=true", "true", authzoptions.get("succeed"));
// ACL (instance-based authorization)
ACLInfo aclInfo = completeConfig.getAclInfo();
assertNotNull("Unexpected null ACLInfo found", aclInfo);
ACLProviderEntry[] aclEntries = aclInfo.getACLProviderEntry();
assertNotNull("Unexpected null set of acl entries", aclEntries);
assertEquals("Invalid number of acl entries", 2, aclEntries.length);
// first entry should be org.jboss.security.authz.ACLModule1.
Assert.assertEquals("org.jboss.security.authz.ACLModule1", aclEntries[0].getAclProviderName());
Assert.assertEquals("REQUIRED", aclEntries[0].getControlFlag().toString());
Map<String, ?> options = aclEntries[0].getOptions();
Assert.assertNotNull("Unexpected null options map", options);
Assert.assertTrue("Option aclOption1 was not found", options.containsKey("aclOption1"));
Assert.assertEquals("value1", options.get("aclOption1"));
Assert.assertTrue("Option aclOption2 was not found", options.containsKey("aclOption2"));
Assert.assertEquals("value2", options.get("aclOption2"));
// second entry should be the org.jboss.security.authz.ACLModule2.
Assert.assertEquals("org.jboss.security.authz.ACLModule2", aclEntries[1].getAclProviderName());
Assert.assertEquals("REQUIRED", aclEntries[1].getControlFlag().toString());
options = aclEntries[1].getOptions();
Assert.assertNotNull("Unexpected null options map", options);
Assert.assertTrue("Option aclOption3 was not found", options.containsKey("aclOption3"));
Assert.assertEquals("value3", options.get("aclOption3"));
Assert.assertTrue("Option aclOption4 was not found", options.containsKey("aclOption4"));
Assert.assertEquals("value4", options.get("aclOption4"));
// Mapping
MappingInfo mappingInfo = completeConfig.getMappingInfo(MappingType.PRINCIPAL.toString());
assertNotNull("MappingInfo is not null", mappingInfo);
MappingModuleEntry[] mappingEntries = mappingInfo.getMappingModuleEntry();
assertEquals("Invalid number of entries", 1, mappingEntries.length);
MappingModuleEntry mappingEntry = mappingEntries[0];
assertEquals("org.jboss.test.mapping.MappingModule1", mappingEntry.getMappingModuleName());
Map<String, ?> mappingOptions = mappingEntry.getOptions();
assertEquals("Invalid number of options", 1, mappingOptions.size());
Assert.assertTrue("Option option1 was not found", mappingOptions.containsKey("option1"));
assertEquals("value1", mappingOptions.get("option1"));
// Role Mapping
mappingInfo = completeConfig.getMappingInfo(MappingType.ROLE.toString());
assertNotNull("MappingInfo is not null", mappingInfo);
MappingModuleEntry[] mmearr = mappingInfo.getMappingModuleEntry();
assertEquals("Mapping entry length=1", 1, mmearr.length);
MappingModuleEntry mme = mmearr[0];
assertEquals("TestMappingModule", "org.jboss.test.TestMappingModule", mme.getMappingModuleName());
Map<String, ?> mmOptions = mme.getOptions();
assertEquals("Number of options = 2", 2, mmOptions.size());
assertEquals("name=rolemap", "rolemap", mmOptions.get("name"));
assertEquals("succeed=true", "true", mmOptions.get("succeed"));
// Audit
AuditInfo ai = completeConfig.getAuditInfo();
assertNotNull("AuditInfo", ai);
AuditProviderEntry[] apelist = ai.getAuditProviderEntry();
assertEquals("Audit entry length=1", 1, apelist.length);
AuditProviderEntry ape = apelist[0];
assertEquals("TestMappingModule", "org.jboss.test.TestMappingModule", mme.getMappingModuleName());
Map<String, ?> auditOptions = ape.getOptions();
assertEquals("Number of options = 2", 2, auditOptions.size());
assertEquals("name=auditprovider", "auditprovider", auditOptions.get("name"));
assertEquals("succeed=false", "false", auditOptions.get("succeed"));
// Identity Trust
IdentityTrustInfo iti = completeConfig.getIdentityTrustInfo();
assertNotNull("IdentityTrustInfo", iti);
IdentityTrustModuleEntry[] itilist = iti.getIdentityTrustModuleEntry();
assertEquals("IdentityTrustModuleEntry length=1", 1, itilist.length);
IdentityTrustModuleEntry itie = itilist[0];
assertEquals("TestMappingModule", "org.jboss.test.TestMappingModule", mme.getMappingModuleName());
Map<String, ?> itieOptions = itie.getOptions();
assertEquals("Number of options = 3", 3, itieOptions.size());
assertEquals("name=trustprovider", "trustprovider", itieOptions.get("name"));
assertEquals("succeed=true", "true", itieOptions.get("succeed"));
assertEquals("dummy=dr", "dr", itieOptions.get("dummy"));
}Example 2
| Project: picketlink-bindings-master File: JBossAppServerAttributeManager.java View source code |
/**
* @see AttributeManager#getAttributes(Principal, List)
*/
public Map<String, Object> getAttributes(Principal userPrincipal, List<String> attributeKeys) {
Map<String, Object> attributeMap = new HashMap<String, Object>();
SecurityContext sc = SecurityActions.getSecurityContext();
if (sc != null) {
String mappingType = MappingType.ATTRIBUTE.name();
MappingManager mm = sc.getMappingManager();
MappingContext<List<Attribute<Object>>> mc = mm.getMappingContext(mappingType);
if (mc == null) {
logger.mappingContextNull();
return attributeMap;
}
Map<String, Object> contextMap = new HashMap<String, Object>();
contextMap.put(SecurityConstants.PRINCIPAL_IDENTIFIER, userPrincipal);
List<Attribute<Object>> attList = new ArrayList<Attribute<Object>>();
try {
mc.performMapping(contextMap, attList);
} catch (Exception e) {
logger.attributeManagerError(e);
}
attList = (List<Attribute<Object>>) mc.getMappingResult().getMappedObject();
if (attList != null) {
for (Attribute<Object> attribute : attList) {
attributeMap.put(attribute.getName(), attribute.getValue());
}
}
} else {
logger.couldNotObtainSecurityContext();
}
if (attributeMap != null) {
logger.trace("Final attribute map size: " + attributeMap.size());
}
return attributeMap;
}Example 3
| Project: wildfly-master File: SecurityDomainAdd.java View source code |
private boolean processMapping(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException {
node = peek(node, MAPPING, CLASSIC, MAPPING_MODULE);
if (node == null) {
return false;
}
for (Property moduleProperty : node.asPropertyList()) {
ModelNode module = moduleProperty.getValue();
MappingInfo mappingInfo = new MappingInfo(securityDomain);
String codeName = extractCode(context, module, ModulesMap.MAPPING_MAP);
String mappingType;
if (module.hasDefined(TYPE)) {
mappingType = MappingModuleDefinition.TYPE.resolveModelAttribute(context, module).asString();
} else {
mappingType = MappingType.ROLE.toString();
}
Map<String, Object> options = extractOptions(context, module);
MappingModuleEntry entry = new MappingModuleEntry(codeName, options, mappingType);
mappingInfo.add(entry);
applicationPolicy.setMappingInfo(mappingType, mappingInfo);
ModelNode moduleName = LoginModuleResourceDefinition.MODULE.resolveModelAttribute(context, module);
if (moduleName.isDefined() && !moduleName.asString().isEmpty()) {
mappingInfo.addJBossModuleName(moduleName.asString());
} else {
mappingInfo.addJBossModuleName(DEFAULT_MODULE);
}
}
return true;
}Example 4
| Project: teiid-master File: JBossSecurityHelper.java View source code |
@Override
public SecurityContext authenticate(String domain, String baseUsername, Credentials credentials, String applicationName) throws LoginException {
// If username specifies a domain (user@domain) only that domain is authenticated against.
SecurityDomainContext securityDomainContext = getSecurityDomainContext(domain);
if (securityDomainContext != null) {
Subject subject = new Subject();
boolean isValid = false;
SecurityContext securityContext = null;
AuthenticationManager authManager = securityDomainContext.getAuthenticationManager();
if (authManager != null) {
Principal userPrincipal = new SimplePrincipal(baseUsername);
String credString = credentials == null ? null : new String(credentials.getCredentialsAsCharArray());
isValid = authManager.isValid(userPrincipal, credString, subject);
securityContext = createSecurityContext(domain, userPrincipal, credString, subject);
//$NON-NLS-1$ //$NON-NLS-2$
LogManager.logDetail(LogConstants.CTX_SECURITY, new Object[] { "Logon successful for \"", baseUsername, "\" in security domain", domain });
}
if (isValid) {
MappingManager mappingManager = securityDomainContext.getMappingManager();
if (mappingManager != null) {
MappingContext<RoleGroup> mc = mappingManager.getMappingContext(MappingType.ROLE.name());
if (mc != null && mc.hasModules()) {
RoleGroup userRoles = securityContext.getUtil().getRoles();
if (userRoles == null) {
userRoles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
}
Map<String, Object> contextMap = new HashMap<String, Object>();
contextMap.put(SecurityConstants.ROLES_IDENTIFIER, userRoles);
//Append any deployment role->principals configuration done by the user
contextMap.put(SecurityConstants.DEPLOYMENT_PRINCIPAL_ROLES_MAP, SecurityRolesAssociation.getSecurityRoles());
//Append the principals also
contextMap.put(SecurityConstants.PRINCIPALS_SET_IDENTIFIER, subject.getPrincipals());
//$NON-NLS-1$
LogManager.logDetail(LogConstants.CTX_SECURITY, new Object[] { "Roles before mapping \"", userRoles.toString() });
PicketBoxLogger.LOGGER.traceRolesBeforeMapping(userRoles != null ? userRoles.toString() : "");
mc.performMapping(contextMap, userRoles);
RoleGroup mappedRoles = mc.getMappingResult().getMappedObject();
//$NON-NLS-1$
LogManager.logDetail(LogConstants.CTX_SECURITY, new Object[] { "Roles after mapping \"", mappedRoles.toString() });
}
}
return securityContext;
}
}
throw new LoginException(IntegrationPlugin.Util.gs(IntegrationPlugin.Event.TEIID50072, baseUsername, domain));
}Example 5
| Project: undertow-subsystem-master File: JAASIdentityManagerImpl.java View source code |
private Account verifyCredential(final Account account, final Object credential) {
final AuthenticationManager authenticationManager = securityDomainContext.getAuthenticationManager();
final MappingManager mappingManager = securityDomainContext.getMappingManager();
final AuthorizationManager authorizationManager = securityDomainContext.getAuthorizationManager();
final SecurityContext sc = SecurityActions.getSecurityContext();
Principal incomingPrincipal = account.getPrincipal();
Subject subject = new Subject();
try {
boolean isValid = authenticationManager.isValid(incomingPrincipal, credential, subject);
if (isValid) {
UndertowLogger.ROOT_LOGGER.tracef("User: " + incomingPrincipal + " is authenticated");
if (sc == null)
throw new IllegalStateException("No SecurityContext found!");
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(incomingPrincipal, credential, subject);
SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(sc);
if (mappingManager != null) {
// if there are mapping modules let them handle the role mapping
MappingContext<RoleGroup> mc = mappingManager.getMappingContext(MappingType.ROLE.name());
if (mc != null && mc.hasModules()) {
SecurityRolesAssociation.setSecurityRoles(principalVersusRolesMap);
}
}
RoleGroup roles = authorizationManager.getSubjectRoles(subject, scb);
Set<String> roleSet = new HashSet<String>();
for (Role role : roles.getRoles()) {
roleSet.add(role.getRoleName());
}
AccountImpl accountImpl = new AccountImpl(userPrincipal);
accountImpl.setRoles(roleSet);
return accountImpl;
}
} catch (Exception e) {
throw new RuntimeException(e);
}
return null;
}Example 6
| Project: federation-master File: AbstractSTSLoginModule.java View source code |
@SuppressWarnings("deprecation")
protected void populateSubject() {
MappingManager mappingManager = getMappingManager();
if (mappingManager == null) {
return;
}
MappingContext<Principal> principalMappingContext = null;
MappingContext<RoleGroup> roleMappingContext = null;
try {
principalMappingContext = mappingManager.getMappingContext(MappingType.PRINCIPAL.toString());
} catch (NoSuchMethodError nse) {
principalMappingContext = mappingManager.getMappingContext(Principal.class);
}
try {
roleMappingContext = mappingManager.getMappingContext(MappingType.ROLE.toString());
} catch (NoSuchMethodError nse) {
roleMappingContext = mappingManager.getMappingContext(RoleGroup.class);
}
Map<String, Object> contextMap = new HashMap<String, Object>();
contextMap.put(SHARED_TOKEN, this.samlToken);
AssertionType assertion = null;
try {
assertion = SAMLUtil.fromElement(samlToken);
} catch (Exception e) {
throw new RuntimeException(e);
}
if (principalMappingContext != null) {
principalMappingContext.performMapping(contextMap, null);
Principal principal = principalMappingContext.getMappingResult().getMappedObject();
subject.getPrincipals().add(principal);
// If the user has configured cache invalidation of subject based on saml token expiry
if (enableCacheInvalidation) {
TimeCacheExpiry cacheExpiry = JBossAuthCacheInvalidationFactory.getCacheExpiry();
XMLGregorianCalendar expiry = AssertionUtil.getExpiration(assertion);
if (expiry != null) {
cacheExpiry.register(securityDomain, expiry.toGregorianCalendar().getTime(), principal);
} else {
logger.samlAssertionWithoutExpiration(assertion.getID());
}
}
}
if (roleMappingContext != null) {
roleMappingContext.performMapping(contextMap, null);
RoleGroup group = roleMappingContext.getMappingResult().getMappedObject();
SimpleGroup rolePrincipal = new SimpleGroup(group.getRoleName());
for (Role role : group.getRoles()) {
rolePrincipal.addMember(new SimplePrincipal(role.getRoleName()));
}
subject.getPrincipals().add(rolePrincipal);
} else {
List<String> roleKeys = new ArrayList<String>();
roleKeys.addAll(StringUtil.tokenize(roleKey));
List<String> roles = AssertionUtil.getRoles(assertion, roleKeys);
if (roles.size() > 0) {
SimpleGroup group = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
for (String role : roles) {
group.addMember(new SimplePrincipal(role));
}
subject.getPrincipals().add(group);
}
}
if (injectCallerPrincipalGroup) {
Group callerPrincipal = new SimpleGroup("CallerPrincipal");
List<String> roles = AssertionUtil.getRoles(assertion, null);
for (String role : roles) {
callerPrincipal.addMember(new SimplePrincipal(role));
}
subject.getPrincipals().add(callerPrincipal);
}
}Example 7
| Project: picketlink-master File: AbstractSTSLoginModule.java View source code |
@SuppressWarnings("deprecation")
protected void populateSubject() {
MappingManager mappingManager = getMappingManager();
if (mappingManager == null) {
return;
}
MappingContext<Principal> principalMappingContext = null;
MappingContext<RoleGroup> roleMappingContext = null;
try {
principalMappingContext = mappingManager.getMappingContext(MappingType.PRINCIPAL.toString());
} catch (NoSuchMethodError nse) {
principalMappingContext = mappingManager.getMappingContext(Principal.class);
}
try {
roleMappingContext = mappingManager.getMappingContext(MappingType.ROLE.toString());
} catch (NoSuchMethodError nse) {
roleMappingContext = mappingManager.getMappingContext(RoleGroup.class);
}
Map<String, Object> contextMap = new HashMap<String, Object>();
contextMap.put(SHARED_TOKEN, this.samlToken);
AssertionType assertion = null;
try {
assertion = SAMLUtil.fromElement(samlToken);
} catch (Exception e) {
throw new RuntimeException(e);
}
if (principalMappingContext != null) {
principalMappingContext.performMapping(contextMap, null);
Principal principal = principalMappingContext.getMappingResult().getMappedObject();
subject.getPrincipals().add(principal);
// If the user has configured cache invalidation of subject based on saml token expiry
if (enableCacheInvalidation) {
TimeCacheExpiry cacheExpiry = JBossAuthCacheInvalidationFactory.getCacheExpiry();
XMLGregorianCalendar expiry = AssertionUtil.getExpiration(assertion);
if (expiry != null) {
cacheExpiry.register(securityDomain, expiry.toGregorianCalendar().getTime(), principal);
} else {
logger.samlAssertionWithoutExpiration(assertion.getID());
}
}
}
if (roleMappingContext != null) {
roleMappingContext.performMapping(contextMap, null);
RoleGroup group = roleMappingContext.getMappingResult().getMappedObject();
SimpleGroup rolePrincipal = new SimpleGroup(group.getRoleName());
for (Role role : group.getRoles()) {
rolePrincipal.addMember(new SimplePrincipal(role.getRoleName()));
}
subject.getPrincipals().add(rolePrincipal);
} else {
List<String> roleKeys = new ArrayList<String>();
roleKeys.addAll(StringUtil.tokenize(roleKey));
List<String> roles = AssertionUtil.getRoles(assertion, roleKeys);
if (roles.size() > 0) {
SimpleGroup group = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
for (String role : roles) {
group.addMember(new SimplePrincipal(role));
}
subject.getPrincipals().add(group);
}
}
if (injectCallerPrincipalGroup) {
Group callerPrincipal = new SimpleGroup("CallerPrincipal");
List<String> roles = AssertionUtil.getRoles(assertion, null);
for (String role : roles) {
callerPrincipal.addMember(new SimplePrincipal(role));
}
subject.getPrincipals().add(callerPrincipal);
}
}