Examples with AccessControlContext java.security.AccessControlContext used on opensource projects

Example 46 with AccessControlContext

use of java.security.AccessControlContext in project jdk8u_jdk by JetBrains.

the class DGCImplInsulation method main.

public static void main(String[] args) throws Exception {
    TestLibrary.suggestSecurityManager(null);
    Permissions perms = new Permissions();
    perms.add(new SocketPermission("*:1024-", "listen"));
    AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(new CodeSource(null, (Certificate[]) null), perms) });
    Remote impl = new DGCImplInsulation();
    ;
    try {
        Remote stub = (Remote) java.security.AccessController.doPrivileged(new ExportAction(impl));
        System.err.println("exported remote object; local stub: " + stub);
        MarshalledObject mobj = new MarshalledObject(stub);
        stub = (Remote) mobj.get();
        System.err.println("marshalled/unmarshalled stub: " + stub);
        ReferenceQueue refQueue = new ReferenceQueue();
        Reference weakRef = new WeakReference(impl, refQueue);
        impl = null;
        System.gc();
        if (refQueue.remove(TIMEOUT) == weakRef) {
            throw new RuntimeException("TEST FAILED: remote object garbage collected");
        } else {
            System.err.println("TEST PASSED");
            stub = null;
            System.gc();
            Thread.sleep(2000);
            System.gc();
        }
    } finally {
        try {
            UnicastRemoteObject.unexportObject(impl, true);
        } catch (Exception e) {
        }
    }
}

Example 47 with AccessControlContext

use of java.security.AccessControlContext in project hive by apache.

the class HttpAuthUtils method getKerberosServiceTicket.

/**
 * @return Stringified Base64 encoded kerberosAuthHeader on success
 * @throws Exception
 */
public static String getKerberosServiceTicket(String principal, String host, String serverHttpUrl, boolean assumeSubject) throws Exception {
    String serverPrincipal = HadoopThriftAuthBridge.getBridge().getServerPrincipal(principal, host);
    if (assumeSubject) {
        // With this option, we're assuming that the external application,
        // using the JDBC driver has done a JAAS kerberos login already
        AccessControlContext context = AccessController.getContext();
        Subject subject = Subject.getSubject(context);
        if (subject == null) {
            throw new Exception("The Subject is not set");
        }
        return Subject.doAs(subject, new HttpKerberosClientAction(serverPrincipal, serverHttpUrl));
    } else {
        // JAAS login from ticket cache to setup the client UserGroupInformation
        UserGroupInformation clientUGI = HadoopThriftAuthBridge.getBridge().getCurrentUGIWithConf("kerberos");
        return clientUGI.doAs(new HttpKerberosClientAction(serverPrincipal, serverHttpUrl));
    }
}

Example 48 with AccessControlContext

use of java.security.AccessControlContext in project jdk8u_jdk by JetBrains.

the class Subject method doAs.

/**
     * Perform work as a particular {@code Subject}.
     *
     * <p> This method first retrieves the current Thread's
     * {@code AccessControlContext} via
     * {@code AccessController.getContext},
     * and then instantiates a new {@code AccessControlContext}
     * using the retrieved context along with a new
     * {@code SubjectDomainCombiner} (constructed using
     * the provided {@code Subject}).
     * Finally, this method invokes {@code AccessController.doPrivileged},
     * passing it the provided {@code PrivilegedAction},
     * as well as the newly constructed {@code AccessControlContext}.
     *
     * <p>
     *
     * @param subject the {@code Subject} that the specified
     *                  {@code action} will run as.  This parameter
     *                  may be {@code null}. <p>
     *
     * @param <T> the type of the value returned by the PrivilegedAction's
     *                  {@code run} method.
     *
     * @param action the code to be run as the specified
     *                  {@code Subject}. <p>
     *
     * @return the value returned by the PrivilegedAction's
     *                  {@code run} method.
     *
     * @exception NullPointerException if the {@code PrivilegedAction}
     *                  is {@code null}. <p>
     *
     * @exception SecurityException if the caller does not have permission
     *                  to invoke this method.
     */
public static <T> T doAs(final Subject subject, final java.security.PrivilegedAction<T> action) {
    java.lang.SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION);
    }
    if (action == null)
        throw new NullPointerException(ResourcesMgr.getString("invalid.null.action.provided"));
    // set up the new Subject-based AccessControlContext
    // for doPrivileged
    final AccessControlContext currentAcc = AccessController.getContext();
    // call doPrivileged and push this new context on the stack
    return java.security.AccessController.doPrivileged(action, createContext(subject, currentAcc));
}

Example 49 with AccessControlContext

use of java.security.AccessControlContext in project jdk8u_jdk by JetBrains.

the class Subject method doAsPrivileged.

/**
     * Perform privileged work as a particular {@code Subject}.
     *
     * <p> This method behaves exactly as {@code Subject.doAs},
     * except that instead of retrieving the current Thread's
     * {@code AccessControlContext}, it uses the provided
     * {@code AccessControlContext}.  If the provided
     * {@code AccessControlContext} is {@code null},
     * this method instantiates a new {@code AccessControlContext}
     * with an empty collection of ProtectionDomains.
     *
     * <p>
     *
     * @param subject the {@code Subject} that the specified
     *                  {@code action} will run as.  This parameter
     *                  may be {@code null}. <p>
     *
     * @param <T> the type of the value returned by the PrivilegedAction's
     *                  {@code run} method.
     *
     * @param action the code to be run as the specified
     *                  {@code Subject}. <p>
     *
     * @param acc the {@code AccessControlContext} to be tied to the
     *                  specified <i>subject</i> and <i>action</i>. <p>
     *
     * @return the value returned by the PrivilegedAction's
     *                  {@code run} method.
     *
     * @exception NullPointerException if the {@code PrivilegedAction}
     *                  is {@code null}. <p>
     *
     * @exception SecurityException if the caller does not have permission
     *                  to invoke this method.
     */
public static <T> T doAsPrivileged(final Subject subject, final java.security.PrivilegedAction<T> action, final java.security.AccessControlContext acc) {
    java.lang.SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION);
    }
    if (action == null)
        throw new NullPointerException(ResourcesMgr.getString("invalid.null.action.provided"));
    // set up the new Subject-based AccessControlContext
    // for doPrivileged
    final AccessControlContext callerAcc = (acc == null ? new AccessControlContext(NULL_PD_ARRAY) : acc);
    // call doPrivileged and push this new context on the stack
    return java.security.AccessController.doPrivileged(action, createContext(subject, callerAcc));
}

Example 50 with AccessControlContext

use of java.security.AccessControlContext in project jdk8u_jdk by JetBrains.

the class Subject method doAs.

/**
     * Perform work as a particular {@code Subject}.
     *
     * <p> This method first retrieves the current Thread's
     * {@code AccessControlContext} via
     * {@code AccessController.getContext},
     * and then instantiates a new {@code AccessControlContext}
     * using the retrieved context along with a new
     * {@code SubjectDomainCombiner} (constructed using
     * the provided {@code Subject}).
     * Finally, this method invokes {@code AccessController.doPrivileged},
     * passing it the provided {@code PrivilegedExceptionAction},
     * as well as the newly constructed {@code AccessControlContext}.
     *
     * <p>
     *
     * @param subject the {@code Subject} that the specified
     *                  {@code action} will run as.  This parameter
     *                  may be {@code null}. <p>
     *
     * @param <T> the type of the value returned by the
     *                  PrivilegedExceptionAction's {@code run} method.
     *
     * @param action the code to be run as the specified
     *                  {@code Subject}. <p>
     *
     * @return the value returned by the
     *                  PrivilegedExceptionAction's {@code run} method.
     *
     * @exception PrivilegedActionException if the
     *                  {@code PrivilegedExceptionAction.run}
     *                  method throws a checked exception. <p>
     *
     * @exception NullPointerException if the specified
     *                  {@code PrivilegedExceptionAction} is
     *                  {@code null}. <p>
     *
     * @exception SecurityException if the caller does not have permission
     *                  to invoke this method.
     */
public static <T> T doAs(final Subject subject, final java.security.PrivilegedExceptionAction<T> action) throws java.security.PrivilegedActionException {
    java.lang.SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION);
    }
    if (action == null)
        throw new NullPointerException(ResourcesMgr.getString("invalid.null.action.provided"));
    // set up the new Subject-based AccessControlContext for doPrivileged
    final AccessControlContext currentAcc = AccessController.getContext();
    // call doPrivileged and push this new context on the stack
    return java.security.AccessController.doPrivileged(action, createContext(subject, currentAcc));
}