Examples with AccessControlContext java.security.AccessControlContext used on opensource projects

Example 61 with AccessControlContext

use of java.security.AccessControlContext in project spring-framework by spring-projects.

the class CallbacksSecurityTests method testTrustedExecution.

@Test
public void testTrustedExecution() throws Exception {
    beanFactory.setSecurityContextProvider(null);
    Permissions perms = new Permissions();
    perms.add(new AuthPermission("getSubject"));
    ProtectionDomain pd = new ProtectionDomain(null, perms);
    new AccessControlContext(new ProtectionDomain[] { pd });
    final Subject subject = new Subject();
    subject.getPrincipals().add(new TestPrincipal("user1"));
    // request the beans from non-privileged code
    Subject.doAsPrivileged(subject, new PrivilegedAction<Object>() {

        @Override
        public Object run() {
            // sanity check
            assertEquals("user1", getCurrentSubjectName());
            assertEquals(false, NonPrivilegedBean.destroyed);
            beanFactory.getBean("trusted-spring-callbacks");
            beanFactory.getBean("trusted-custom-init-destroy");
            // the factory is a prototype - ask for multiple instances
            beanFactory.getBean("trusted-spring-factory");
            beanFactory.getBean("trusted-spring-factory");
            beanFactory.getBean("trusted-spring-factory");
            beanFactory.getBean("trusted-factory-bean");
            beanFactory.getBean("trusted-static-factory-method");
            beanFactory.getBean("trusted-factory-method");
            beanFactory.getBean("trusted-property-injection");
            beanFactory.getBean("trusted-working-property-injection");
            beanFactory.destroySingletons();
            assertEquals(true, NonPrivilegedBean.destroyed);
            return null;
        }
    }, provider.getAccessControlContext());
}

Example 62 with AccessControlContext

use of java.security.AccessControlContext in project hadoop by apache.

the class UserGroupInformation method getCurrentUser.

/**
   * Return the current user, including any doAs in the current stack.
   * @return the current user
   * @throws IOException if login fails
   */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public static synchronized UserGroupInformation getCurrentUser() throws IOException {
    AccessControlContext context = AccessController.getContext();
    Subject subject = Subject.getSubject(context);
    if (subject == null || subject.getPrincipals(User.class).isEmpty()) {
        return getLoginUser();
    } else {
        return new UserGroupInformation(subject);
    }
}

Example 63 with AccessControlContext

use of java.security.AccessControlContext in project hadoop by apache.

the class KerberosAuthenticator method doSpnegoSequence.

/**
   * Implements the SPNEGO authentication sequence interaction using the current default principal
   * in the Kerberos cache (normally set via kinit).
   *
   * @param token the authentication token being used for the user.
   *
   * @throws IOException if an IO error occurred.
   * @throws AuthenticationException if an authentication error occurred.
   */
private void doSpnegoSequence(AuthenticatedURL.Token token) throws IOException, AuthenticationException {
    try {
        AccessControlContext context = AccessController.getContext();
        Subject subject = Subject.getSubject(context);
        if (subject == null || (!KerberosUtil.hasKerberosKeyTab(subject) && !KerberosUtil.hasKerberosTicket(subject))) {
            LOG.debug("No subject in context, logging in");
            subject = new Subject();
            LoginContext login = new LoginContext("", subject, null, new KerberosConfiguration());
            login.login();
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Using subject: " + subject);
        }
        Subject.doAs(subject, new PrivilegedExceptionAction<Void>() {

            @Override
            public Void run() throws Exception {
                GSSContext gssContext = null;
                try {
                    GSSManager gssManager = GSSManager.getInstance();
                    String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP", KerberosAuthenticator.this.url.getHost());
                    Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
                    GSSName serviceName = gssManager.createName(servicePrincipal, oid);
                    oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
                    gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME);
                    gssContext.requestCredDeleg(true);
                    gssContext.requestMutualAuth(true);
                    byte[] inToken = new byte[0];
                    byte[] outToken;
                    boolean established = false;
                    // Loop while the context is still not established
                    while (!established) {
                        outToken = gssContext.initSecContext(inToken, 0, inToken.length);
                        if (outToken != null) {
                            sendToken(outToken);
                        }
                        if (!gssContext.isEstablished()) {
                            inToken = readToken();
                        } else {
                            established = true;
                        }
                    }
                } finally {
                    if (gssContext != null) {
                        gssContext.dispose();
                        gssContext = null;
                    }
                }
                return null;
            }
        });
    } catch (PrivilegedActionException ex) {
        if (ex.getException() instanceof IOException) {
            throw (IOException) ex.getException();
        } else {
            throw new AuthenticationException(ex.getException());
        }
    } catch (LoginException ex) {
        throw new AuthenticationException(ex);
    }
    AuthenticatedURL.extractToken(conn, token);
}

Example 64 with AccessControlContext

use of java.security.AccessControlContext in project XobotOS by xamarin.

the class Subject method doAs_PrivilegedAction.

// instantiates a new context and passes it to AccessController
@SuppressWarnings("unchecked")
private static <T> T doAs_PrivilegedAction(Subject subject, PrivilegedAction<T> action, final AccessControlContext context) {
    AccessControlContext newContext;
    final SubjectDomainCombiner combiner;
    if (subject == null) {
        // performance optimization
        // if subject is null there is nothing to combine
        combiner = null;
    } else {
        combiner = new SubjectDomainCombiner(subject);
    }
    PrivilegedAction dccAction = new PrivilegedAction() {

        public Object run() {
            return new AccessControlContext(context, combiner);
        }
    };
    newContext = (AccessControlContext) AccessController.doPrivileged(dccAction);
    return AccessController.doPrivileged(action, newContext);
}

Example 65 with AccessControlContext

use of java.security.AccessControlContext in project intellij-community by JetBrains.

the class SystemClassLoaderAction method checkPackageAccess.

private void checkPackageAccess(Class cls, ProtectionDomain pd) {
    final SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        final String name = cls.getName();
        final int i = name.lastIndexOf('.');
        if (i != -1) {
            AccessController.doPrivileged(new PrivilegedAction() {

                public Object run() {
                    sm.checkPackageAccess(name.substring(0, i));
                    return null;
                }
            }, new AccessControlContext(new ProtectionDomain[] { pd }));
        }
    }
    domains.add(pd);
}