下面列出了java.security.acl.Group#getName ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
/**
* Get the Subject roles by looking for a Group called 'Roles'
*
* @param theSubject - the Subject to search for roles
* @return the Group contain the subject roles if found, null otherwise
*/
public static Group getSubjectRoles(Subject theSubject)
{
if (theSubject == null)
throw PicketBoxMessages.MESSAGES.invalidNullArgument("theSubject");
Set<Group> subjectGroups = theSubject.getPrincipals(Group.class);
Iterator<Group> iter = subjectGroups.iterator();
Group roles = null;
while (iter.hasNext())
{
Group grp = iter.next();
String name = grp.getName();
if (name.equals("Roles"))
roles = grp;
}
return roles;
}
/**
* Get the Subject roles by looking for a Group called 'Roles'
* @param theSubject - the Subject to search for roles
* @return the Group contain the subject roles if found, null otherwise
*/
private Group getGroupFromSubject(Subject theSubject)
{
if(theSubject == null)
throw PicketBoxMessages.MESSAGES.invalidNullArgument("theSubject");
Set<Group> subjectGroups = theSubject.getPrincipals(Group.class);
Iterator<Group> iter = subjectGroups.iterator();
Group roles = null;
while( iter.hasNext() )
{
Group grp = iter.next();
String name = grp.getName();
if( name.equals(ROLES_IDENTIFIER) )
roles = grp;
}
return roles;
}
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) {
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(identity);
Group[] roleSets = getRoleSets(roleSet);
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
Principal userPrincipal = getPrincipal(subject);
List<String> rolesAsStringList = new ArrayList<String>();
rolesAsStringList.addAll(roleSet);
GenericPrincipal principal = createPrincipal(userPrincipal, rolesAsStringList);
return principal;
}
public SimpleRoleGroup(Group rolesGroup)
{
super(rolesGroup.getName());
Enumeration<? extends Principal> principals = rolesGroup.members();
while (principals.hasMoreElements())
{
SimpleRole role = new SimpleRole(principals.nextElement().getName());
addRole(role);
}
}
private RoleGroup getRoleGroup(Group roleGroup)
{
if(roleGroup == null)
throw PicketBoxMessages.MESSAGES.invalidNullArgument("roleGroup");
SimpleRoleGroup srg = new SimpleRoleGroup(roleGroup.getName());
Enumeration<? extends Principal> principals = roleGroup.members();
while(principals.hasMoreElements())
{
srg.addRole(new SimpleRole(principals.nextElement().getName()));
}
return srg;
}
/**
* Method to commit the authentication process (phase 2).
*/
@Override
public boolean commit() throws LoginException {
if (loginOK == false) {
return false;
}
/*
* If the login method completed successfully as indicated by
* loginOK == true, this method adds the identity value to the subject's principals set. It also adds the
* members of
* each Group returned by getRoleSets() to the subject's principals Set.
*/
Set<Principal> principals = subject.getPrincipals();
principals.add(identity);
for (Group group : getRoleSets()) {
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = members.nextElement();
subjectGroup.addMember(role);
}
}
UniversalLoginModule.log.info("User logged in: " + getUserName());
return true;
}
public static void propagateSessionInfo(KeycloakAccount account) {
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Group[] roleSets = getRoleSets(account.getRoles());
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(account.getPrincipal());
principals.add(callerGroup);
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
}
public static void propagateSessionInfo(KeycloakAccount account) {
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Group[] roleSets = getRoleSets(account.getRoles());
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(account.getPrincipal());
principals.add(callerGroup);
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
}
/** Method to commit the authentication process (phase 2). If the login
method completed successfully as indicated by loginOk == true, this
method adds the getIdentity() value to the subject getPrincipals() Set.
It also adds the members of each Group returned by getRoleSets()
to the subject getPrincipals() Set.
@see javax.security.auth.Subject;
@see java.security.acl.Group;
@return true always.
*/
public boolean commit() throws LoginException
{
PicketBoxLogger.LOGGER.traceBeginCommit(loginOk);
if( loginOk == false )
return false;
Set<Principal> principals = subject.getPrincipals();
Principal identity = getIdentity();
principals.add(identity);
// add role groups returned by getRoleSets.
Group[] roleSets = getRoleSets();
for(int g = 0; g < roleSets.length; g ++)
{
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if( subjectGroup instanceof NestableGroup )
{
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while( members.hasMoreElements() )
{
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = getCallerPrincipalGroup(principals);
if (callerGroup == null)
{
callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(identity);
principals.add(callerGroup);
}
return true;
}
@Override
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) {
KeycloakAccount account = new KeycloakAccount() {
@Override
public Principal getPrincipal() {
return identity;
}
@Override
public Set<String> getRoles() {
return roleSet;
}
};
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(identity);
Group[] roleSets = getRoleSets(roleSet);
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(identity);
principals.add(callerGroup);
SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
List<String> rolesAsStringList = new ArrayList<>(roleSet);
try {
return (GenericPrincipal) jbossWebPrincipalConstructor.newInstance(realm, userPrincipal.getName(), null, rolesAsStringList, userPrincipal, null, account, null, subject);
} catch (Throwable t) {
throw new RuntimeException("Failed to create JBossGenericPrincipal", t);
}
}
@Override
protected void propagateKeycloakContext(KeycloakUndertowAccount account) {
super.propagateKeycloakContext(account);
SecurityInfoHelper.propagateSessionInfo(account);
log.debug("propagate security context to wildfly");
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Group[] roleSets = getRoleSets(account.getRoles());
for (int g = 0; g < roleSets.length; g++) {
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
if (subjectGroup instanceof NestableGroup) {
/* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
*/
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
// add the CallerPrincipal group if none has been added in getRoleSets
Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
callerGroup.addMember(account.getPrincipal());
principals.add(callerGroup);
org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
Principal userPrincipal = getPrincipal(subject);
sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
// Roles of subjectInfo are null, because is was constructed by
// org.jboss.security.identity.extensions.CredentialIdentityFactory
// .createIdentity(Principal [=userPrincipal], Object [=account], Role [=null]).
// Therefore the roles are only contained in the authenticatedSubject (member of subjectInfo)
// and subsequent logics do only access subjectInfo#roles instead of authenticatedSubject#roles.
mapGroupMembersOfAuthenticatedSubjectIntoSecurityContext(sc);
}