Example 11 with PrivilegedActionException
use of java.security.PrivilegedActionException in project AsmackService by rtreffer.
the class LoginContext method init.
// Does all the machinery needed for the initialization.
private void init(String name, Subject subject, final CallbackHandler cbHandler, Configuration config) throws LoginException {
userProvidedSubject = (this.subject = subject) != null;
//
if (name == null) {
//$NON-NLS-1$
throw new LoginException("auth.00");
}
if (config == null) {
config = Configuration.getAccessibleConfiguration();
} else {
userProvidedConfig = true;
}
SecurityManager sm = System.getSecurityManager();
if (sm != null && !userProvidedConfig) {
//$NON-NLS-1$
sm.checkPermission(new AuthPermission("createLoginContext." + name));
}
AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name);
if (entries == null) {
if (sm != null && !userProvidedConfig) {
//$NON-NLS-1$
sm.checkPermission(new AuthPermission("createLoginContext.other"));
}
//$NON-NLS-1$
entries = config.getAppConfigurationEntry("other");
if (entries == null) {
//$NON-NLS-1$
throw new LoginException("auth.35 " + name);
}
}
modules = new Module[entries.length];
for (int i = 0; i < modules.length; i++) {
modules[i] = new Module(entries[i]);
}
/*
* as some of the operations to be executed (i.e. get*ClassLoader,
* getProperty, class loading) are security-checked, then combine all of
* them into a single doPrivileged() call.
*/
try {
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
// First, set the 'contextClassLoader'
contextClassLoader = Thread.currentThread().getContextClassLoader();
if (contextClassLoader == null) {
contextClassLoader = ClassLoader.getSystemClassLoader();
}
// then, checks whether the cbHandler is set
if (cbHandler == null) {
// well, let's try to find it
String klassName = Security.getProperty(DEFAULT_CALLBACK_HANDLER_PROPERTY);
if (klassName == null || klassName.length() == 0) {
return null;
}
Class<?> klass = Class.forName(klassName, true, contextClassLoader);
callbackHandler = (CallbackHandler) klass.newInstance();
} else {
callbackHandler = cbHandler;
}
return null;
}
});
} catch (PrivilegedActionException ex) {
Throwable cause = ex.getCause();
//$NON-NLS-1$
throw (LoginException) new LoginException("auth.36").initCause(cause);
}
if (userProvidedConfig) {
userContext = AccessController.getContext();
} else if (callbackHandler != null) {
userContext = AccessController.getContext();
callbackHandler = new ContextedCallbackHandler(callbackHandler);
}
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
PrivilegedActionException(java.security.PrivilegedActionException)
AuthPermission(org.apache.harmony.javax.security.auth.AuthPermission)
PrivilegedActionException(java.security.PrivilegedActionException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
LoginModule(org.apache.harmony.javax.security.auth.spi.LoginModule)
Example 12 with PrivilegedActionException
use of java.security.PrivilegedActionException in project jstorm by alibaba.
the class KerberosSaslTransportPlugin method connect.
@Override
public TTransport connect(TTransport transport, String serverHost, String asUser) throws TTransportException, IOException {
// create an authentication callback handler
ClientCallbackHandler client_callback_handler = new ClientCallbackHandler(login_conf);
// login our user
Login login = null;
try {
// specify a configuration object to be used
Configuration.setConfiguration(login_conf);
// now login
login = new Login(AuthUtils.LOGIN_CONTEXT_CLIENT, client_callback_handler);
} catch (LoginException ex) {
LOG.error("Server failed to login in principal:" + ex, ex);
throw new RuntimeException(ex);
}
final Subject subject = login.getSubject();
if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
// error
throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_CLIENT + "\" in login configuration file " + login_conf);
}
final String principal = StringUtils.isBlank(asUser) ? getPrincipal(subject) : asUser;
String serviceName = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_CLIENT, "serviceName");
if (serviceName == null) {
serviceName = AuthUtils.SERVICE;
}
Map<String, String> props = new TreeMap<String, String>();
props.put(Sasl.QOP, "auth");
props.put(Sasl.SERVER_AUTH, "false");
LOG.debug("SASL GSSAPI client transport is being established");
final TTransport sasalTransport = new TSaslClientTransport(KERBEROS, principal, serviceName, serverHost, props, null, transport);
// open Sasl transport with the login credential
try {
Subject.doAs(subject, new PrivilegedExceptionAction<Void>() {
public Void run() {
try {
LOG.debug("do as:" + principal);
sasalTransport.open();
} catch (Exception e) {
LOG.error("Client failed to open SaslClientTransport to interact with a server during session initiation: " + e, e);
}
return null;
}
});
} catch (PrivilegedActionException e) {
throw new RuntimeException(e);
}
return sasalTransport;
}
Also used :
KerberosTicket(javax.security.auth.kerberos.KerberosTicket)
PrivilegedActionException(java.security.PrivilegedActionException)
TSaslClientTransport(org.apache.thrift.transport.TSaslClientTransport)
Login(org.apache.zookeeper.Login)
TreeMap(java.util.TreeMap)
Subject(javax.security.auth.Subject)
LoginException(javax.security.auth.login.LoginException)
TTransportException(org.apache.thrift.transport.TTransportException)
PrivilegedActionException(java.security.PrivilegedActionException)
IOException(java.io.IOException)
LoginException(javax.security.auth.login.LoginException)
TTransport(org.apache.thrift.transport.TTransport)
Example 13 with PrivilegedActionException
use of java.security.PrivilegedActionException in project spring-security by spring-projects.
the class JaasApiIntegrationFilter method doFilter.
// ~ Methods
// ========================================================================================================
/**
* <p>
* Attempts to obtain and run as a JAAS <code>Subject</code> using
* {@link #obtainSubject(ServletRequest)}.
* </p>
*
* <p>
* If the <code>Subject</code> is <code>null</code> and <tt>createEmptySubject</tt> is
* <code>true</code>, an empty, writeable <code>Subject</code> is used. This allows
* for the <code>Subject</code> to be populated at the time of login. If the
* <code>Subject</code> is <code>null</code>, the <code>FilterChain</code> continues
* with no additional processing. If the <code>Subject</code> is not <code>null</code>
* , the <code>FilterChain</code> is ran with
* {@link Subject#doAs(Subject, PrivilegedExceptionAction)} in conjunction with the
* <code>Subject</code> obtained.
* </p>
*/
public final void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws ServletException, IOException {
Subject subject = obtainSubject(request);
if (subject == null && createEmptySubject) {
if (logger.isDebugEnabled()) {
logger.debug("Subject returned was null and createEmtpySubject is true; creating new empty subject to run as.");
}
subject = new Subject();
}
if (subject == null) {
if (logger.isDebugEnabled()) {
logger.debug("Subject is null continue running with no Subject.");
}
chain.doFilter(request, response);
return;
}
final PrivilegedExceptionAction<Object> continueChain = new PrivilegedExceptionAction<Object>() {
public Object run() throws IOException, ServletException {
chain.doFilter(request, response);
return null;
}
};
if (logger.isDebugEnabled()) {
logger.debug("Running as Subject " + subject);
}
try {
Subject.doAs(subject, continueChain);
} catch (PrivilegedActionException e) {
throw new ServletException(e.getMessage(), e);
}
}
Also used :
ServletException(javax.servlet.ServletException)
PrivilegedActionException(java.security.PrivilegedActionException)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
Subject(javax.security.auth.Subject)
Example 14 with PrivilegedActionException
use of java.security.PrivilegedActionException in project groovy-core by groovy.
the class MetaClassImpl method addProperties.
private void addProperties() {
BeanInfo info;
final Class stopClass;
// introspect
try {
if (isBeanDerivative(theClass)) {
info = (BeanInfo) AccessController.doPrivileged(new PrivilegedExceptionAction() {
public Object run() throws IntrospectionException {
return Introspector.getBeanInfo(theClass, Introspector.IGNORE_ALL_BEANINFO);
}
});
} else {
info = (BeanInfo) AccessController.doPrivileged(new PrivilegedExceptionAction() {
public Object run() throws IntrospectionException {
return Introspector.getBeanInfo(theClass);
}
});
}
} catch (PrivilegedActionException pae) {
throw new GroovyRuntimeException("exception during bean introspection", pae.getException());
}
PropertyDescriptor[] descriptors = info.getPropertyDescriptors();
// build up the metaproperties based on the public fields, property descriptors,
// and the getters and setters
setupProperties(descriptors);
EventSetDescriptor[] eventDescriptors = info.getEventSetDescriptors();
for (EventSetDescriptor descriptor : eventDescriptors) {
Method[] listenerMethods = descriptor.getListenerMethods();
for (Method listenerMethod : listenerMethods) {
final MetaMethod metaMethod = CachedMethod.find(descriptor.getAddListenerMethod());
// we skip that here
if (metaMethod == null)
continue;
addToAllMethodsIfPublic(metaMethod);
String name = listenerMethod.getName();
if (listeners.containsKey(name)) {
listeners.put(name, AMBIGUOUS_LISTENER_METHOD);
} else {
listeners.put(name, metaMethod);
}
}
}
}
Also used :
NewInstanceMetaMethod(org.codehaus.groovy.runtime.metaclass.NewInstanceMetaMethod)
NewMetaMethod(org.codehaus.groovy.runtime.metaclass.NewMetaMethod)
MixinInstanceMetaMethod(org.codehaus.groovy.runtime.metaclass.MixinInstanceMetaMethod)
NewStaticMetaMethod(org.codehaus.groovy.runtime.metaclass.NewStaticMetaMethod)
GeneratedMetaMethod(org.codehaus.groovy.reflection.GeneratedMetaMethod)
ClosureMetaMethod(org.codehaus.groovy.runtime.metaclass.ClosureMetaMethod)
TransformMetaMethod(org.codehaus.groovy.runtime.metaclass.TransformMetaMethod)
PropertyDescriptor(java.beans.PropertyDescriptor)
PrivilegedActionException(java.security.PrivilegedActionException)
BeanInfo(java.beans.BeanInfo)
IntrospectionException(java.beans.IntrospectionException)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
NewInstanceMetaMethod(org.codehaus.groovy.runtime.metaclass.NewInstanceMetaMethod)
Method(java.lang.reflect.Method)
CachedMethod(org.codehaus.groovy.reflection.CachedMethod)
NewMetaMethod(org.codehaus.groovy.runtime.metaclass.NewMetaMethod)
MixinInstanceMetaMethod(org.codehaus.groovy.runtime.metaclass.MixinInstanceMetaMethod)
NewStaticMetaMethod(org.codehaus.groovy.runtime.metaclass.NewStaticMetaMethod)
GeneratedMetaMethod(org.codehaus.groovy.reflection.GeneratedMetaMethod)
ClosureMetaMethod(org.codehaus.groovy.runtime.metaclass.ClosureMetaMethod)
TransformMetaMethod(org.codehaus.groovy.runtime.metaclass.TransformMetaMethod)
EventSetDescriptor(java.beans.EventSetDescriptor)
CachedClass(org.codehaus.groovy.reflection.CachedClass)
Example 15 with PrivilegedActionException
use of java.security.PrivilegedActionException in project jdk8u_jdk by JetBrains.
the class Context method impersonate.
public Context impersonate(final String someone) throws Exception {
try {
GSSCredential creds = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
@Override
public GSSCredential run() throws Exception {
GSSManager m = GSSManager.getInstance();
GSSName other = m.createName(someone, GSSName.NT_USER_NAME);
if (Context.this.cred == null) {
Context.this.cred = m.createCredential(GSSCredential.INITIATE_ONLY);
}
return ((ExtendedGSSCredential) Context.this.cred).impersonate(other);
}
});
Context out = new Context();
out.s = s;
out.cred = creds;
out.name = name + " as " + out.cred.getName().toString();
return out;
} catch (PrivilegedActionException pae) {
Exception e = pae.getException();
if (e instanceof InvocationTargetException) {
throw (Exception) ((InvocationTargetException) e).getTargetException();
} else {
throw e;
}
}
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
ExtendedGSSContext(com.sun.security.jgss.ExtendedGSSContext)
GSSContext(org.ietf.jgss.GSSContext)
GSSName(org.ietf.jgss.GSSName)
ExtendedGSSCredential(com.sun.security.jgss.ExtendedGSSCredential)
GSSCredential(org.ietf.jgss.GSSCredential)
PrivilegedActionException(java.security.PrivilegedActionException)
GSSManager(org.ietf.jgss.GSSManager)
PrivilegedActionException(java.security.PrivilegedActionException)
GSSException(org.ietf.jgss.GSSException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
Aggregations
PrivilegedActionException (java.security.PrivilegedActionException)135
IOException (java.io.IOException)58
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)56
Subject (javax.security.auth.Subject)23
LoginContext (javax.security.auth.login.LoginContext)14
LoginException (javax.security.auth.login.LoginException)12
InvocationTargetException (java.lang.reflect.InvocationTargetException)11
Method (java.lang.reflect.Method)11
URISyntaxException (java.net.URISyntaxException)11
HashSet (java.util.HashSet)11
ServletException (javax.servlet.ServletException)11
AccessControlContext (java.security.AccessControlContext)10
Principal (java.security.Principal)9
GSSException (org.ietf.jgss.GSSException)9
Field (java.lang.reflect.Field)8
SolrServerException (org.apache.solr.client.solrj.SolrServerException)7
GSSManager (org.ietf.jgss.GSSManager)7
MalformedURLException (java.net.MalformedURLException)6
ArrayList (java.util.ArrayList)6
YardException (org.apache.stanbol.entityhub.servicesapi.yard.YardException)6
