Examples with AccessControlContext java.security.AccessControlContext used on opensource projects

Example 21 with AccessControlContext

use of java.security.AccessControlContext in project aries by apache.

the class AggregateConverter method convert.

public Object convert(Object fromValue, final ReifiedType type) throws Exception {
    // Discard null values
    if (fromValue == null) {
        return null;
    }
    // First convert service proxies
    if (fromValue instanceof Convertible) {
        return ((Convertible) fromValue).convert(type);
    } else if (fromValue instanceof UnwrapperedBeanHolder) {
        UnwrapperedBeanHolder holder = (UnwrapperedBeanHolder) fromValue;
        if (isAssignable(holder.unwrapperedBean, type)) {
            return BeanRecipe.wrap(holder, type.getRawClass());
        } else {
            fromValue = BeanRecipe.wrap(holder, Object.class);
        }
    } else if (isAssignable(fromValue, type)) {
        // If the object is an instance of the type, just return it
        return fromValue;
    }
    final Object finalFromValue = fromValue;
    ConversionResult result = null;
    AccessControlContext acc = blueprintContainer.getAccessControlContext();
    if (acc == null) {
        result = convertWithConverters(fromValue, type);
    } else {
        result = AccessController.doPrivileged(new PrivilegedExceptionAction<ConversionResult>() {

            public ConversionResult run() throws Exception {
                return convertWithConverters(finalFromValue, type);
            }
        }, acc);
    }
    if (result == null) {
        if (fromValue instanceof Number && Number.class.isAssignableFrom(unwrap(toClass(type)))) {
            return convertToNumber((Number) fromValue, toClass(type));
        } else if (fromValue instanceof String) {
            return convertFromString((String) fromValue, toClass(type), blueprintContainer);
        } else if (toClass(type).isArray() && (fromValue instanceof Collection || fromValue.getClass().isArray())) {
            return convertToArray(fromValue, type);
        } else if (Map.class.isAssignableFrom(toClass(type)) && (fromValue instanceof Map || fromValue instanceof Dictionary)) {
            return convertToMap(fromValue, type);
        } else if (Dictionary.class.isAssignableFrom(toClass(type)) && (fromValue instanceof Map || fromValue instanceof Dictionary)) {
            return convertToDictionary(fromValue, type);
        } else if (Collection.class.isAssignableFrom(toClass(type)) && (fromValue instanceof Collection || fromValue.getClass().isArray())) {
            return convertToCollection(fromValue, type);
        } else {
            throw new Exception("Unable to convert value " + fromValue + " to type " + type);
        }
    }
    return result.value;
}

Example 22 with AccessControlContext

use of java.security.AccessControlContext in project aries by apache.

the class AggregateConverter method canConvert.

public boolean canConvert(Object fromValue, final ReifiedType toType) {
    if (fromValue == null) {
        return true;
    } else if (fromValue instanceof UnwrapperedBeanHolder) {
        fromValue = ((UnwrapperedBeanHolder) fromValue).unwrapperedBean;
    }
    if (isAssignable(fromValue, toType)) {
        return true;
    }
    final Object toTest = fromValue;
    boolean canConvert = false;
    AccessControlContext acc = blueprintContainer.getAccessControlContext();
    if (acc == null) {
        canConvert = canConvertWithConverters(toTest, toType);
    } else {
        canConvert = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {

            public Boolean run() {
                return canConvertWithConverters(toTest, toType);
            }
        }, acc);
    }
    if (canConvert) {
        return true;
    }
    // TODO implement better logic ?!
    try {
        convert(toTest, toType);
        return true;
    } catch (Exception e) {
        return false;
    }
}

Example 23 with AccessControlContext

use of java.security.AccessControlContext in project spring-framework by spring-projects.

the class AbstractBeanFactory method registerDisposableBeanIfNecessary.

/**
	 * Add the given bean to the list of disposable beans in this factory,
	 * registering its DisposableBean interface and/or the given destroy method
	 * to be called on factory shutdown (if applicable). Only applies to singletons.
	 * @param beanName the name of the bean
	 * @param bean the bean instance
	 * @param mbd the bean definition for the bean
	 * @see RootBeanDefinition#isSingleton
	 * @see RootBeanDefinition#getDependsOn
	 * @see #registerDisposableBean
	 * @see #registerDependentBean
	 */
protected void registerDisposableBeanIfNecessary(String beanName, Object bean, RootBeanDefinition mbd) {
    AccessControlContext acc = (System.getSecurityManager() != null ? getAccessControlContext() : null);
    if (!mbd.isPrototype() && requiresDestruction(bean, mbd)) {
        if (mbd.isSingleton()) {
            // Register a DisposableBean implementation that performs all destruction
            // work for the given bean: DestructionAwareBeanPostProcessors,
            // DisposableBean interface, custom destroy method.
            registerDisposableBean(beanName, new DisposableBeanAdapter(bean, beanName, mbd, getBeanPostProcessors(), acc));
        } else {
            // A bean with a custom scope...
            Scope scope = this.scopes.get(mbd.getScope());
            if (scope == null) {
                throw new IllegalStateException("No Scope registered for scope name '" + mbd.getScope() + "'");
            }
            scope.registerDestructionCallback(beanName, new DisposableBeanAdapter(bean, beanName, mbd, getBeanPostProcessors(), acc));
        }
    }
}

Example 24 with AccessControlContext

use of java.security.AccessControlContext in project spring-framework by spring-projects.

the class CallbacksSecurityTests method testContainerPrivileges.

@Test
public void testContainerPrivileges() throws Exception {
    AccessControlContext acc = provider.getAccessControlContext();
    AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {

        @Override
        public Object run() throws Exception {
            beanFactory.getBean("working-factory-method");
            beanFactory.getBean("container-execution");
            return null;
        }
    }, acc);
}

Example 25 with AccessControlContext

use of java.security.AccessControlContext in project spring-framework by spring-projects.

the class CallbacksSecurityTests method testSecuritySanity.

@Test
public void testSecuritySanity() throws Exception {
    AccessControlContext acc = provider.getAccessControlContext();
    try {
        acc.checkPermission(new PropertyPermission("*", "read"));
        fail("Acc should not have any permissions");
    } catch (SecurityException se) {
    // expected
    }
    final CustomCallbackBean bean = new CustomCallbackBean();
    final Method method = bean.getClass().getMethod("destroy");
    method.setAccessible(true);
    try {
        AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {

            @Override
            public Object run() throws Exception {
                method.invoke(bean);
                return null;
            }
        }, acc);
        fail("expected security exception");
    } catch (Exception ex) {
    }
    final Class<ConstructorBean> cl = ConstructorBean.class;
    try {
        AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {

            @Override
            public Object run() throws Exception {
                return cl.newInstance();
            }
        }, acc);
        fail("expected security exception");
    } catch (Exception ex) {
    }
}