Example 1 with AccessControlContext
use of java.security.AccessControlContext in project hive by apache.
the class HttpAuthUtils method getKerberosServiceTicket.
/**
* @return Stringified Base64 encoded kerberosAuthHeader on success
* @throws Exception
*/
public static String getKerberosServiceTicket(String principal, String host, String serverHttpUrl, boolean assumeSubject) throws Exception {
String serverPrincipal = ShimLoader.getHadoopThriftAuthBridge().getServerPrincipal(principal, host);
if (assumeSubject) {
// With this option, we're assuming that the external application,
// using the JDBC driver has done a JAAS kerberos login already
AccessControlContext context = AccessController.getContext();
Subject subject = Subject.getSubject(context);
if (subject == null) {
throw new Exception("The Subject is not set");
}
return Subject.doAs(subject, new HttpKerberosClientAction(serverPrincipal, serverHttpUrl));
} else {
// JAAS login from ticket cache to setup the client UserGroupInformation
UserGroupInformation clientUGI = ShimLoader.getHadoopThriftAuthBridge().getCurrentUGIWithConf("kerberos");
return clientUGI.doAs(new HttpKerberosClientAction(serverPrincipal, serverHttpUrl));
}
}
Also used :
AccessControlContext(java.security.AccessControlContext)
Subject(javax.security.auth.Subject)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 2 with AccessControlContext
use of java.security.AccessControlContext in project elasticsearch by elastic.
the class ESPolicyTests method testRestrictPrivileges.
/**
* test restricting privileges to no permissions actually works
*/
public void testRestrictPrivileges() {
assumeTrue("test requires security manager", System.getSecurityManager() != null);
try {
System.getProperty("user.home");
} catch (SecurityException e) {
fail("this test needs to be fixed: user.home not available by policy");
}
PermissionCollection noPermissions = new Permissions();
AccessControlContext noPermissionsAcc = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, noPermissions) });
try {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
System.getProperty("user.home");
fail("access should have been denied");
return null;
}
}, noPermissionsAcc);
} catch (SecurityException expected) {
// expected exception
}
}
Also used :
PermissionCollection(java.security.PermissionCollection)
ProtectionDomain(java.security.ProtectionDomain)
AccessControlContext(java.security.AccessControlContext)
Permissions(java.security.Permissions)
Example 3 with AccessControlContext
use of java.security.AccessControlContext in project robovm by robovm.
the class AccessControllerTest method testDoPrivilegedWithCombiner.
public void testDoPrivilegedWithCombiner() {
final Permission permission = new RuntimePermission("do stuff");
final DomainCombiner union = new DomainCombiner() {
public ProtectionDomain[] combine(ProtectionDomain[] a, ProtectionDomain[] b) {
throw new AssertionFailedError("Expected combiner to be unused");
}
};
ProtectionDomain protectionDomain = new ProtectionDomain(null, new Permissions());
AccessControlContext accessControlContext = new AccessControlContext(new AccessControlContext(new ProtectionDomain[] { protectionDomain }), union);
final AtomicInteger actionCount = new AtomicInteger();
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
assertEquals(null, AccessController.getContext().getDomainCombiner());
AccessController.getContext().checkPermission(permission);
// Calling doPrivileged again would have exercised the combiner
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
actionCount.incrementAndGet();
assertEquals(null, AccessController.getContext().getDomainCombiner());
AccessController.getContext().checkPermission(permission);
return null;
}
});
return null;
}
}, accessControlContext);
assertEquals(1, actionCount.get());
}
Also used :
ProtectionDomain(java.security.ProtectionDomain)
DomainCombiner(java.security.DomainCombiner)
AccessControlContext(java.security.AccessControlContext)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
PrivilegedAction(java.security.PrivilegedAction)
Permission(java.security.Permission)
Permissions(java.security.Permissions)
AssertionFailedError(junit.framework.AssertionFailedError)
Example 4 with AccessControlContext
use of java.security.AccessControlContext in project robovm by robovm.
the class Subject method doAs_PrivilegedAction.
// instantiates a new context and passes it to AccessController
@SuppressWarnings("unchecked")
private static <T> T doAs_PrivilegedAction(Subject subject, PrivilegedAction<T> action, final AccessControlContext context) {
AccessControlContext newContext;
final SubjectDomainCombiner combiner;
if (subject == null) {
// performance optimization
// if subject is null there is nothing to combine
combiner = null;
} else {
combiner = new SubjectDomainCombiner(subject);
}
PrivilegedAction dccAction = new PrivilegedAction() {
public Object run() {
return new AccessControlContext(context, combiner);
}
};
newContext = (AccessControlContext) AccessController.doPrivileged(dccAction);
return AccessController.doPrivileged(action, newContext);
}
Also used :
AccessControlContext(java.security.AccessControlContext)
PrivilegedAction(java.security.PrivilegedAction)
Example 5 with AccessControlContext
use of java.security.AccessControlContext in project robovm by robovm.
the class Subject method doAs_PrivilegedExceptionAction.
// instantiates a new context and passes it to AccessController
@SuppressWarnings("unchecked")
private static <T> T doAs_PrivilegedExceptionAction(Subject subject, PrivilegedExceptionAction<T> action, final AccessControlContext context) throws PrivilegedActionException {
AccessControlContext newContext;
final SubjectDomainCombiner combiner;
if (subject == null) {
// performance optimization
// if subject is null there is nothing to combine
combiner = null;
} else {
combiner = new SubjectDomainCombiner(subject);
}
PrivilegedAction<AccessControlContext> dccAction = new PrivilegedAction<AccessControlContext>() {
public AccessControlContext run() {
return new AccessControlContext(context, combiner);
}
};
newContext = AccessController.doPrivileged(dccAction);
return AccessController.doPrivileged(action, newContext);
}
Also used :
AccessControlContext(java.security.AccessControlContext)
PrivilegedAction(java.security.PrivilegedAction)
Aggregations
AccessControlContext (java.security.AccessControlContext)96
Subject (javax.security.auth.Subject)23
ProtectionDomain (java.security.ProtectionDomain)20
PrivilegedAction (java.security.PrivilegedAction)18
Permissions (java.security.Permissions)13
PrivilegedActionException (java.security.PrivilegedActionException)12
IOException (java.io.IOException)10
SocketPermission (java.net.SocketPermission)10
Test (org.testng.annotations.Test)8
Principal (java.security.Principal)7
DatagramSocket (java.net.DatagramSocket)5
InetAddress (java.net.InetAddress)4
MulticastSocket (java.net.MulticastSocket)4
CodeSource (java.security.CodeSource)4
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)4
ExecutorService (java.util.concurrent.ExecutorService)4
RejectedExecutionException (java.util.concurrent.RejectedExecutionException)4
ReflectionException (javax.management.ReflectionException)4
Test (org.junit.Test)4
InvocationTargetException (java.lang.reflect.InvocationTargetException)3
