Package org.wildfly.security.auth.server

Class SecurityIdentity

    • Method Detail

      • runAs

        @Deprecated
public <T> T runAs​(PrivilegedAction<T> action)
        Deprecated.
        Use Scoped.runAsSupplier(Supplier) instead.
        Run an action under this identity.
        Type Parameters:
        T - the action return type
        Parameters:
        action - the action to run
        Returns:
        the action result (may be null)

      • runAs

        @Deprecated
public <T,​P> T runAs​(P parameter,
                           ParametricPrivilegedAction<T,​P> action)
        Deprecated.
        Use Scoped.runAsFunction(Function, Object) instead.
        Run an action under this identity.
        Type Parameters:
        T - the action return type
        P - the action parameter type
        Parameters:
        parameter - the parameter to pass to the action
        action - the action to run
        Returns:
        the action result (may be null)

      • runAsFunction

        public <T,​U,​R> R runAsFunction​(BiFunction<T,​U,​R> action,
                                           T parameter1,
                                           U parameter2)
        Run an action under this identity.
        Specified by:
        runAsFunction in interface Scoped
        Type Parameters:
        R - the action return type
        T - the action first parameter type
        U - the action second parameter type
        Parameters:
        parameter1 - the first parameter to pass to the action
        parameter2 - the second parameter to pass to the action
        action - the action to run
        Returns:
        the action result (may be null)

      • runAsConsumer

        public <T,​U> void runAsConsumer​(BiConsumer<T,​U> action,
                                      T parameter1,
                                      U parameter2)
        Run an action under this identity.
        Specified by:
        runAsConsumer in interface Scoped
        Type Parameters:
        T - the action first parameter type
        U - the action second parameter type
        Parameters:
        parameter1 - the first parameter to pass to the action
        parameter2 - the second parameter to pass to the action
        action - the action to run

      • runAsObjIntConsumer

        public <T> void runAsObjIntConsumer​(ObjIntConsumer<T> action,
                                    T parameter1,
                                    int parameter2)
        Run an action under this identity.
        Specified by:
        runAsObjIntConsumer in interface Scoped
        Type Parameters:
        T - the action first parameter type
        Parameters:
        parameter1 - the first parameter to pass to the action
        parameter2 - the second parameter to pass to the action
        action - the action to run

      • runAsFunctionEx

        public <T,​U,​R,​E extends Exception> R runAsFunctionEx​(org.wildfly.common.function.ExceptionBiFunction<T,​U,​R,​E> action,
                                                                       T parameter1,
                                                                       U parameter2)
                                                                throws E extends Exception
        Run an action under this identity.
        Specified by:
        runAsFunctionEx in interface Scoped
        Type Parameters:
        R - the action return type
        T - the action first parameter type
        U - the action second parameter type
        E - the action exception type
        Parameters:
        parameter1 - the first parameter to pass to the action
        parameter2 - the second parameter to pass to the action
        action - the action to run
        Returns:
        the action result (may be null)
        Throws:
        E - if the action throws this exception
        E extends Exception

      • runAsConsumerEx

        public <T,​U,​E extends Exception> void runAsConsumerEx​(org.wildfly.common.function.ExceptionBiConsumer<T,​U,​E> action,
                                                                  T parameter1,
                                                                  U parameter2)
                                                           throws E extends Exception
        Run an action under this identity.
        Specified by:
        runAsConsumerEx in interface Scoped
        Type Parameters:
        T - the action first parameter type
        U - the action second parameter type
        E - the action exception type
        Parameters:
        parameter1 - the first parameter to pass to the action
        parameter2 - the second parameter to pass to the action
        action - the action to run
        Throws:
        E - if the action throws this exception
        E extends Exception

      • runAsObjIntConsumerEx

        public <T,​E extends Exception> void runAsObjIntConsumerEx​(org.wildfly.common.function.ExceptionObjIntConsumer<T,​E> action,
                                                                T parameter1,
                                                                int parameter2)
                                                         throws E extends Exception
        Run an action under this identity.
        Specified by:
        runAsObjIntConsumerEx in interface Scoped
        Type Parameters:
        T - the action first parameter type
        E - the action exception type
        Parameters:
        parameter1 - the first parameter to pass to the action
        parameter2 - the second parameter to pass to the action
        action - the action to run
        Throws:
        E - if the action throws this exception
        E extends Exception

      • runAsBiPredicate

        public <T,​U> boolean runAsBiPredicate​(BiPredicate<T,​U> action,
                                            T parameter1,
                                            U parameter2)
        Run an action under this identity.
        Specified by:
        runAsBiPredicate in interface Scoped
        Type Parameters:
        T - the action first parameter type
        U - the action second parameter type
        Parameters:
        parameter1 - the first parameter to pass to the action
        parameter2 - the second parameter to pass to the action
        action - the action to run
        Returns:
        the action result (may be null)

      • runAsExBiPredicate

        public <T,​U,​E extends Exception> boolean runAsExBiPredicate​(org.wildfly.common.function.ExceptionBiPredicate<T,​U,​E> action,
                                                                        T parameter1,
                                                                        U parameter2)
                                                                 throws E extends Exception
        Run an action under this identity.
        Specified by:
        runAsExBiPredicate in interface Scoped
        Type Parameters:
        T - the action first parameter type
        U - the action second parameter type
        E - the action exception type
        Parameters:
        parameter1 - the first parameter to pass to the action
        parameter2 - the second parameter to pass to the action
        action - the action to run
        Returns:
        the action result (may be null)
        Throws:
        E - if the action throws this exception
        E extends Exception

      • getRoles

        public Roles getRoles()
        Get the roles associated with this identity.
        Returns:
        the roles associated with this identity

      • getRoles

        public Roles getRoles​(String category)
        Get the mapped roles associated with this identity. If no role mapping exists for the given category, an empty role set is returned.
        Parameters:
        category - the role mapping category
        Returns:
        the category roles

      • withSecurityIdentitySupplier

        public SecurityIdentity withSecurityIdentitySupplier​(Supplier<SecurityIdentity[]> securityIdentities)
        Attempt to create a new identity that is the same as this identity but with a Supplier to supply identities that will be associated with all 'run' calls. Any existing individual identities associated with this identity will be dropped. The supplier will be called for each run call so were possible should handle it's own optimisation.
        Parameters:
        securityIdentities - a Supplier for identities to be associated with every run call.
        Returns:
        the new identity
        Throws:
        IllegalArgumentException - if the supplied identity

      • withSecurityIdentity

        public SecurityIdentity withSecurityIdentity​(SecurityIdentity securityIdentity)
        Attempt to create a new identity that is the same as this identity but with an additional identity from a different security domain that will be associated with all 'run' calls. If a Supplier has previously been associated with this identity it will be dropped.
        Parameters:
        securityIdentity - the SecurityIdentity to also be associated with all run calls made to this identity.
        Returns:
        the new identity
        Throws:
        IllegalArgumentException - if the supplied identity

      • getRoles

        public Roles getRoles​(String category,
                      boolean fallbackToDefault)
        Get the mapped roles associated with this identity.
        Parameters:
        category - the role mapping category
        fallbackToDefault - true if the default roles associated with this identity should be returned if no role mapping exists for the given category, false otherwise
        Returns:
        the category roles

      • withRoleMapper

        public SecurityIdentity withRoleMapper​(String category,
                                       RoleMapper roleMapper)
        Attempt to create a new identity which replaces a role mapper category on the current identity. If the given role mapper is already set on the current identity, the current identity is returned.
        Parameters:
        category - the category name
        roleMapper - the role mapper to use
        Returns:
        the new identity
        Throws:
        SecurityException - if the calling class is not granted the ChangeRoleMapperPermission for the given category name

      • withDefaultRoleMapper

        public SecurityIdentity withDefaultRoleMapper​(RoleMapper roleMapper)
        Attempt to create a new identity which wraps the default roles with a default role mapper.
        Parameters:
        roleMapper - the roleMapper to map the roles.
        Returns:
        the new identity
        Throws:
        SecurityException - if the calling class is not granted the withDefaultRoleMapper permission.

      • createRunAsIdentity

        public SecurityIdentity createRunAsIdentity​(String name)
                                     throws SecurityException
        Attempt to create a new identity that can be used to run as a user with the given name. If the current identity is not authorized to run as a user with the given name, an exception is thrown. Calling with enabled security manager requires setRunAsPrincipal ElytronPermission. Regardless security manager is enabled, RunAsPrincipalPermission for given name is required.
        Parameters:
        name - the name to attempt to run as
        Returns:
        the new security identity
        Throws:
        SecurityException - if the operation authorization failed for any reason

      • createRunAsIdentity

        public SecurityIdentity createRunAsIdentity​(String name,
                                            boolean authorize)
                                     throws SecurityException
        Attempt to create a new identity that can be used to run as a user with the given name. Calling with enabled security manager requires setRunAsPrincipal ElytronPermission.
        Parameters:
        name - the name to attempt to run as
        authorize - whether to check the current identity is authorized to run as a user with the given principal (has RunAsPrincipalPermission)
        Returns:
        the new security identity
        Throws:
        SecurityException - if the caller does not have the setRunAsPrincipal ElytronPermission or if the operation authorization failed for any other reason

      • createRunAsIdentity

        public SecurityIdentity createRunAsIdentity​(Principal principal,
                                            boolean authorize)
                                     throws SecurityException
        Attempt to create a new identity that can be used to run as a user with the given principal. Calling with enabled security manager requires setRunAsPrincipal ElytronPermission.
        Parameters:
        principal - the principal to attempt to run as
        authorize - whether to check the current identity is authorized to run as a user with the given principal (has RunAsPrincipalPermission)
        Returns:
        the new security identity
        Throws:
        SecurityException - if the caller does not have the setRunAsPrincipal ElytronPermission or if the operation authorization failed for any other reason

      • createRunAsAnonymous

        public SecurityIdentity createRunAsAnonymous()
                                      throws SecurityException
        Attempt to create a new identity that can be used to run as an anonymous user. If the current identity is not authorized to run as an anonymous user, an exception is thrown. Calling with enabled security manager requires setRunAsPrincipal ElytronPermission. LoginPermission granted to the anonymous identity will be required.
        Returns:
        the new security identity
        Throws:
        SecurityException - if the operation authorization failed for any reason

      • createRunAsAnonymous

        public SecurityIdentity createRunAsAnonymous​(boolean authorize)
                                      throws SecurityException
        Attempt to create a new identity that can be used to run as an anonymous user Calling with enabled security manager requires setRunAsPrincipal ElytronPermission.
        Parameters:
        authorize - whether to check the anonymous identity is authorized to log in (has LoginPermission)
        Returns:
        the new security identity
        Throws:
        SecurityException - if the caller does not have the setRunAsPrincipal ElytronPermission or if the operation authorization failed for any other reason

      • intersectWith

        public SecurityIdentity intersectWith​(PermissionVerifier verifier)
        Create a new security identity which is the same as this one, but which limits authorization privileges to the intersection of the current privileges and the given verifier.
        Parameters:
        verifier - the restricted verifier (must not be null)
        Returns:
        the restricted identity

      • implies

        public boolean implies​(Permission permission)
        Description copied from interface: PermissionVerifier
        Determine if the permission is verified by this object.
        Specified by:
        implies in interface PermissionVerifier
        Parameters:
        permission - the permission to verify (must not be null)
        Returns:
        true if the permission is implied by this verifier, false otherwise

      • getAttributes

        public Attributes getAttributes()
        Get the attributes associated with this identity.
        Specified by:
        getAttributes in interface PermissionMappable
        Returns:
        a read-only instance of Attributes with all attributes associated with this identity

      • getCreationTime

        public Instant getCreationTime()
        Get the creation time of this identity, which is the time that the initial authentication occurred.
        Specified by:
        getCreationTime in interface PermissionMappable
        Returns:
        the creation time of this identity (not null)

      • isAnonymous

        public boolean isAnonymous()
        Convenience method to determine if this identity is anonymous.
        Returns:
        true if the identity is anonymous, false otherwise

      • withPublicCredential

        public SecurityIdentity withPublicCredential​(Credential credential)
        Create a new security identity which is the same as this one, but which includes the given credential as a public credential.
        Parameters:
        credential - the credential (must not be null)
        Returns:
        the new identity

      • withPublicCredentials

        public SecurityIdentity withPublicCredentials​(IdentityCredentials credentials)
        Create a new security identity which is the same as this one, but which includes the given credentials as public credentials.
        Parameters:
        credentials - the credential set (must not be null)
        Returns:
        the new identity

      • withPrivateCredential

        public SecurityIdentity withPrivateCredential​(Credential credential)
        Create a new security identity which is the same as this one, but which includes the given credential as a private credential.
        Parameters:
        credential - the credential (must not be null)
        Returns:
        the new identity

      • withPrivateCredentials

        public SecurityIdentity withPrivateCredentials​(IdentityCredentials credentials)
        Create a new security identity which is the same as this one, but which includes the given credentials as private credentials.
        Parameters:
        credentials - the credential set (must not be null)
        Returns:
        the new identity

      • withRuntimeAttributes

        public SecurityIdentity withRuntimeAttributes​(Attributes runtimeAttributes)
        Create a new security identity which is the same as this one, but which includes the given runtime attributes.
        Parameters:
        runtimeAttributes - the runtime attributes (must not be null)
        Returns:
        the new identity

      • getPrivateCredentials

        public IdentityCredentials getPrivateCredentials()
        Get the private credentials of this identity. The caller must have the getPrivateCredentials ElytronPermission.
        Returns:
        the private credentials of this identity (not null)

      • createFlexibleAssociation

        public FlexibleIdentityAssociation createFlexibleAssociation()
        Create a new flexible identity association, initializing it with this identity.
        Returns:
        the new flexible identity association (not null)