This repository has been archived by the owner on Feb 9, 2021. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
added support for JACC authetnication to allow delegation to applicat…
…ion server security mechanism
- Loading branch information
1 parent
add5192
commit a389801
Showing
10 changed files
with
170 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 15 additions & 0 deletions
15
...erfire-security-api/src/main/java/org/uberfire/security/impl/auth/UserNameCredential.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,15 @@ | |||
package org.uberfire.security.impl.auth; | |||
|
|||
import org.uberfire.security.auth.Credential; | |||
|
|||
public class UserNameCredential implements Credential { | |||
private final String userName; | |||
|
|||
public UserNameCredential(final String userName) { | |||
this.userName = userName; | |||
} | |||
|
|||
public String getUserName() { | |||
return userName; | |||
} | |||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
26 changes: 26 additions & 0 deletions
26
...rity-server/src/main/java/org/uberfire/security/server/auth/JACCAuthenticationScheme.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,26 @@ | |||
package org.uberfire.security.server.auth; | |||
|
|||
import org.uberfire.security.SecurityContext; | |||
import org.uberfire.security.auth.AuthenticationScheme; | |||
import org.uberfire.security.auth.Credential; | |||
import org.uberfire.security.impl.auth.UserNameCredential; | |||
import org.uberfire.security.server.HttpSecurityContext; | |||
|
|||
import static org.kie.commons.validation.Preconditions.checkInstanceOf; | |||
|
|||
public class JACCAuthenticationScheme extends FormAuthenticationScheme implements AuthenticationScheme { | |||
|
|||
@Override | |||
public void challengeClient(SecurityContext context) { | |||
|
|||
} | |||
|
|||
@Override | |||
public Credential buildCredential(SecurityContext context) { | |||
|
|||
final HttpSecurityContext httpSecurityContext = checkInstanceOf("context", context, HttpSecurityContext.class); | |||
|
|||
final String userName = httpSecurityContext.getRequest().getUserPrincipal().getName(); | |||
return new UserNameCredential(userName); | |||
} | |||
} |
100 changes: 100 additions & 0 deletions
100
...rver/src/main/java/org/uberfire/security/server/auth/source/JACCAuthenticationSource.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,100 @@ | |||
package org.uberfire.security.server.auth.source; | |||
|
|||
import java.security.acl.Group; | |||
import java.util.ArrayList; | |||
import java.util.Enumeration; | |||
import java.util.List; | |||
import java.util.Map; | |||
import java.util.Set; | |||
import javax.security.auth.Subject; | |||
import javax.security.jacc.PolicyContext; | |||
|
|||
import org.uberfire.security.Role; | |||
import org.uberfire.security.auth.AuthenticationSource; | |||
import org.uberfire.security.auth.Credential; | |||
import org.uberfire.security.auth.Principal; | |||
import org.uberfire.security.auth.RoleProvider; | |||
import org.uberfire.security.impl.auth.UserNameCredential; | |||
|
|||
import static org.kie.commons.validation.Preconditions.checkInstanceOf; | |||
import static org.uberfire.security.server.SecurityConstants.*; | |||
|
|||
public class JACCAuthenticationSource implements AuthenticationSource, RoleProvider{ | |||
|
|||
public static final String DEFAULT_ROLE_PRINCIPLE_NAME = "Roles"; | |||
private String rolePrincipleName = DEFAULT_ROLE_PRINCIPLE_NAME; | |||
|
|||
@Override | |||
public void initialize(Map<String, ?> options) { | |||
if (options.containsKey(ROLES_IN_CONTEXT_KEY)) { | |||
rolePrincipleName = (String) options.get(ROLES_IN_CONTEXT_KEY); | |||
} | |||
} | |||
|
|||
@Override public boolean supportsCredential(Credential credential) { | |||
if (credential == null) { | |||
return false; | |||
} | |||
return credential instanceof UserNameCredential; | |||
} | |||
|
|||
@Override public boolean authenticate(Credential credential) { | |||
final UserNameCredential userNameCredential = checkInstanceOf("credential", credential, UserNameCredential.class); | |||
try { | |||
Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); | |||
|
|||
if (subject != null) { | |||
Set<java.security.Principal> principals = subject.getPrincipals(); | |||
|
|||
if (principals != null) { | |||
for (java.security.Principal p : principals) { | |||
if (p.getName().equals(userNameCredential.getUserName())) { | |||
return true; | |||
} | |||
} | |||
} | |||
} | |||
} catch (Exception e) { | |||
e.printStackTrace(); | |||
} | |||
return false; | |||
} | |||
|
|||
@Override | |||
public List<Role> loadRoles(Principal principal) { | |||
List<Role> roles = null; | |||
try { | |||
Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); | |||
|
|||
if (subject != null) { | |||
Set<java.security.Principal> principals = subject.getPrincipals(); | |||
|
|||
if (principals != null) { | |||
roles = new ArrayList<Role>(); | |||
for (java.security.Principal p : principals) { | |||
if (p instanceof Group && rolePrincipleName.equalsIgnoreCase(p.getName())) { | |||
Enumeration<? extends java.security.Principal> groups = ((Group) p).members(); | |||
|
|||
while (groups.hasMoreElements()) { | |||
final java.security.Principal groupPrincipal = (java.security.Principal) groups.nextElement(); | |||
roles.add(new Role() { | |||
@Override | |||
public String getName() { | |||
return groupPrincipal.getName(); | |||
} | |||
}); | |||
|
|||
} | |||
break; | |||
|
|||
} | |||
|
|||
} | |||
} | |||
} | |||
} catch (Exception e) { | |||
throw new RuntimeException(e); | |||
} | |||
return roles; | |||
} | |||
} |