Examples with AccessControlContext - java.security.AccessControlContext

Example 51 with AccessControlContext

use of java.security.AccessControlContext in project hive by apache.

the class TSubjectAssumingTransport method open.

@Override
public void open() throws TTransportException {
    try {
        AccessControlContext context = AccessController.getContext();
        Subject subject = Subject.getSubject(context);
        Subject.doAs(subject, new PrivilegedExceptionAction<Void>() {

            public Void run() {
                try {
                    wrapped.open();
                } catch (TTransportException tte) {
                    // more time in our catch clause to get back the TTE. (ugh)
                    throw new RuntimeException(tte);
                }
                return null;
            }
        });
    } catch (PrivilegedActionException ioe) {
        throw new RuntimeException("Received an ioe we never threw!", ioe);
    } catch (RuntimeException rte) {
        if (rte.getCause() instanceof TTransportException) {
            throw (TTransportException) rte.getCause();
        } else {
            throw rte;
        }
    }
}

Also used : AccessControlContext(java.security.AccessControlContext) PrivilegedActionException(java.security.PrivilegedActionException) TTransportException(org.apache.thrift.transport.TTransportException) Subject(javax.security.auth.Subject)

Example 52 with AccessControlContext

use of java.security.AccessControlContext in project elasticsearch by elastic.

the class ExpressionScriptEngineService method compile.

@Override
public Object compile(String scriptName, String scriptSource, Map<String, String> params) {
    // classloader created here
    final SecurityManager sm = System.getSecurityManager();
    SpecialPermission.check();
    return AccessController.doPrivileged(new PrivilegedAction<Expression>() {

        @Override
        public Expression run() {
            try {
                // snapshot our context here, we check on behalf of the expression
                AccessControlContext engineContext = AccessController.getContext();
                ClassLoader loader = getClass().getClassLoader();
                if (sm != null) {
                    loader = new ClassLoader(loader) {

                        @Override
                        protected Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundException {
                            try {
                                engineContext.checkPermission(new ClassPermission(name));
                            } catch (SecurityException e) {
                                throw new ClassNotFoundException(name, e);
                            }
                            return super.loadClass(name, resolve);
                        }
                    };
                }
                // NOTE: validation is delayed to allow runtime vars, and we don't have access to per index stuff here
                return JavascriptCompiler.compile(scriptSource, JavascriptCompiler.DEFAULT_FUNCTIONS, loader);
            } catch (ParseException e) {
                throw convertToScriptException("compile error", scriptSource, scriptSource, e);
            }
        }
    });
}

Also used : ClassPermission(org.elasticsearch.script.ClassPermission) AccessControlContext(java.security.AccessControlContext) Expression(org.apache.lucene.expressions.Expression) ParseException(java.text.ParseException)

Example 53 with AccessControlContext

use of java.security.AccessControlContext in project cassandra by apache.

the class AuthorizationProxy method invoke.

@Override
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
    String methodName = method.getName();
    if ("getMBeanServer".equals(methodName))
        throw new SecurityException("Access denied");
    // Retrieve Subject from current AccessControlContext
    AccessControlContext acc = AccessController.getContext();
    Subject subject = Subject.getSubject(acc);
    // Allow setMBeanServer iff performed on behalf of the connector server itself
    if (("setMBeanServer").equals(methodName)) {
        if (subject != null)
            throw new SecurityException("Access denied");
        if (args[0] == null)
            throw new IllegalArgumentException("Null MBeanServer");
        if (mbs != null)
            throw new IllegalArgumentException("MBeanServer already initialized");
        mbs = (MBeanServer) args[0];
        return null;
    }
    if (authorize(subject, methodName, args))
        return invoke(method, args);
    throw new SecurityException("Access Denied");
}

Also used : AccessControlContext(java.security.AccessControlContext) Subject(javax.security.auth.Subject)

Example 54 with AccessControlContext

use of java.security.AccessControlContext in project AsmackService by rtreffer.

the class Subject method doAs_PrivilegedAction.

// instantiates a new context and passes it to AccessController
@SuppressWarnings("unchecked")
private static Object doAs_PrivilegedAction(Subject subject, PrivilegedAction action, final AccessControlContext context) {
    AccessControlContext newContext;
    final SubjectDomainCombiner combiner;
    if (subject == null) {
        // performance optimization
        // if subject is null there is nothing to combine
        combiner = null;
    } else {
        combiner = new SubjectDomainCombiner(subject);
    }
    PrivilegedAction dccAction = new PrivilegedAction() {

        public Object run() {
            return new AccessControlContext(context, combiner);
        }
    };
    newContext = (AccessControlContext) AccessController.doPrivileged(dccAction);
    return AccessController.doPrivileged(action, newContext);
}

Also used : AccessControlContext(java.security.AccessControlContext) PrivilegedAction(java.security.PrivilegedAction)

Example 55 with AccessControlContext

use of java.security.AccessControlContext in project quasar by puniverse.

the class Fiber method restoreThreadInheritedAccessControlContext.

private void restoreThreadInheritedAccessControlContext(Thread currentThread) {
    final AccessControlContext origAcc = inheritedAccessControlContext;
    this.inheritedAccessControlContext = ThreadAccess.getInheritedAccessControlContext(currentThread);
    ThreadAccess.setInheritedAccessControlContext(currentThread, origAcc);
}

Also used : AccessControlContext(java.security.AccessControlContext)

Aggregations

AccessControlContext (java.security.AccessControlContext)100 ProtectionDomain (java.security.ProtectionDomain)24 Subject (javax.security.auth.Subject)24 PrivilegedAction (java.security.PrivilegedAction)18 Permissions (java.security.Permissions)14 PrivilegedActionException (java.security.PrivilegedActionException)13 IOException (java.io.IOException)11 SocketPermission (java.net.SocketPermission)10 Test (org.testng.annotations.Test)8 Principal (java.security.Principal)7 CodeSource (java.security.CodeSource)6 Permission (java.security.Permission)6 DatagramSocket (java.net.DatagramSocket)5 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)5 MulticastSocket (java.net.MulticastSocket)4 Set (java.util.Set)4 ExecutorService (java.util.concurrent.ExecutorService)4 RejectedExecutionException (java.util.concurrent.RejectedExecutionException)4 ReflectionException (javax.management.ReflectionException)4 Test (org.junit.Test)4