Example 26 with AccessControlContext
use of java.security.AccessControlContext in project karaf by apache.
the class JaasHelper method doAs.
public static <T> T doAs(final Subject subject, final PrivilegedAction<T> action) {
if (action == null) {
throw new NullPointerException();
}
// set up the new Subject-based AccessControlContext for doPrivileged
final AccessControlContext currentAcc = AccessController.getContext();
final AccessControlContext newAcc = AccessController.doPrivileged((PrivilegedAction<AccessControlContext>) () -> new AccessControlContext(currentAcc, subject != null ? new OsgiSubjectDomainCombiner(subject) : null));
// call doPrivileged and push this new context on the stack
return AccessController.doPrivileged(action, newAcc);
}
Also used :
AccessControlContext(java.security.AccessControlContext)
Example 27 with AccessControlContext
use of java.security.AccessControlContext in project lucene-solr by apache.
the class LuceneTestCase method runWithRestrictedPermissions.
/**
* Runs a code part with restricted permissions (be sure to add all required permissions,
* because it would start with empty permissions). You cannot grant more permissions than
* our policy file allows, but you may restrict writing to several dirs...
* <p><em>Note:</em> This assumes a {@link SecurityManager} enabled, otherwise it
* stops test execution. If enabled, it needs the following {@link SecurityPermission}:
* {@code "createAccessControlContext"}
*/
public static <T> T runWithRestrictedPermissions(PrivilegedExceptionAction<T> action, Permission... permissions) throws Exception {
assumeTrue("runWithRestrictedPermissions requires a SecurityManager enabled", System.getSecurityManager() != null);
// be sure to have required permission, otherwise doPrivileged runs with *no* permissions:
AccessController.checkPermission(new SecurityPermission("createAccessControlContext"));
final PermissionCollection perms = new Permissions();
Arrays.stream(permissions).forEach(perms::add);
final AccessControlContext ctx = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
try {
return AccessController.doPrivileged(action, ctx);
} catch (PrivilegedActionException e) {
throw e.getException();
}
}
Also used :
PermissionCollection(java.security.PermissionCollection)
ProtectionDomain(java.security.ProtectionDomain)
AccessControlContext(java.security.AccessControlContext)
PrivilegedActionException(java.security.PrivilegedActionException)
Permissions(java.security.Permissions)
SecurityPermission(java.security.SecurityPermission)
Example 28 with AccessControlContext
use of java.security.AccessControlContext in project wildfly by wildfly.
the class SecurityHelper method getSecurityContextForJNDILookup.
private static AccessControlContext getSecurityContextForJNDILookup(Collection<JndiPermission> jndiPermissions) {
CodeSource src = new CodeSource(null, (Certificate[]) null);
Permissions perms = new Permissions();
for (JndiPermission p : jndiPermissions) {
perms.add(p);
}
ProtectionDomain domain = new ProtectionDomain(src, perms);
AccessControlContext ctx = new AccessControlContext(new ProtectionDomain[] { domain });
return ctx;
}
Also used :
ProtectionDomain(java.security.ProtectionDomain)
AccessControlContext(java.security.AccessControlContext)
Permissions(java.security.Permissions)
JndiPermission(org.wildfly.naming.java.permission.JndiPermission)
CodeSource(java.security.CodeSource)
Certificate(java.security.cert.Certificate)
Example 29 with AccessControlContext
use of java.security.AccessControlContext in project wildfly by wildfly.
the class PersistenceUnitServiceImpl method start.
@Override
public void start(final StartContext context) throws StartException {
final ExecutorService executor = executorInjector.getValue();
final AccessControlContext accessControlContext = AccessController.doPrivileged(GetAccessControlContextAction.getInstance());
final Runnable task = new Runnable() {
// run async in a background thread
@Override
public void run() {
PrivilegedAction<Void> privilegedAction = new PrivilegedAction<Void>() {
// run as security privileged action
@Override
public Void run() {
ClassLoader old = Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(classLoader);
if (javaNamespaceSetup != null) {
javaNamespaceSetup.setup(Collections.<String, Object>emptyMap());
}
try {
PhaseOnePersistenceUnitServiceImpl phaseOnePersistenceUnitService = phaseOnePersistenceUnitServiceInjectedValue.getOptionalValue();
WritableServiceBasedNamingStore.pushOwner(deploymentUnitServiceName);
Object wrapperBeanManagerLifeCycle = null;
// creating container EntityManagerFactory
if (validatorFactory != null) {
properties.getValue().put(VALIDATOR_FACTORY, validatorFactory);
}
// handle phase 2 of 2 of bootstrapping the persistence unit
if (phaseOnePersistenceUnitService != null) {
ROOT_LOGGER.startingPersistenceUnitService(2, pu.getScopedPersistenceUnitName());
// indicate that the second phase of bootstrapping the persistence unit has started
phaseOnePersistenceUnitService.setSecondPhaseStarted(true);
if (beanManagerInjector.getOptionalValue() != null) {
wrapperBeanManagerLifeCycle = phaseOnePersistenceUnitService.getBeanManagerLifeCycle();
// update the bean manager proxy to the actual CDI bean manager
proxyBeanManager = phaseOnePersistenceUnitService.getBeanManager();
proxyBeanManager.setDelegate(beanManagerInjector.getOptionalValue());
}
EntityManagerFactoryBuilder emfBuilder = phaseOnePersistenceUnitService.getEntityManagerFactoryBuilder();
// persistence unit bootstrap.
if (validatorFactory != null) {
emfBuilder.withValidatorFactory(validatorFactory);
}
// get the EntityManagerFactory from the second phase of the persistence unit bootstrap
entityManagerFactory = emfBuilder.build();
} else {
ROOT_LOGGER.startingService("Persistence Unit", pu.getScopedPersistenceUnitName());
// start the persistence unit in one pass (1 of 1)
pu.setTempClassLoaderFactory(new TempClassLoaderFactoryImpl(classLoader));
pu.setJtaDataSource(jtaDataSource.getOptionalValue());
pu.setNonJtaDataSource(nonJtaDataSource.getOptionalValue());
if (beanManagerInjector.getOptionalValue() != null) {
proxyBeanManager = new ProxyBeanManager();
proxyBeanManager.setDelegate(beanManagerInjector.getOptionalValue());
wrapperBeanManagerLifeCycle = persistenceProviderAdaptor.beanManagerLifeCycle(proxyBeanManager);
if (wrapperBeanManagerLifeCycle != null) {
// pass the wrapper object representing the bean manager life cycle object
properties.getValue().put(CDI_BEAN_MANAGER, wrapperBeanManagerLifeCycle);
} else {
properties.getValue().put(CDI_BEAN_MANAGER, proxyBeanManager);
}
}
entityManagerFactory = createContainerEntityManagerFactory();
}
persistenceUnitRegistry.add(getScopedPersistenceUnitName(), getValue());
if (wrapperBeanManagerLifeCycle != null) {
beanManagerAfterDeploymentValidation.register(persistenceProviderAdaptor, wrapperBeanManagerLifeCycle);
}
context.complete();
} catch (Throwable t) {
context.failed(new StartException(t));
} finally {
Thread.currentThread().setContextClassLoader(old);
// release the temp classloader factory (only needed when creating the EMF)
pu.setTempClassLoaderFactory(null);
WritableServiceBasedNamingStore.popOwner();
if (javaNamespaceSetup != null) {
javaNamespaceSetup.teardown(Collections.<String, Object>emptyMap());
}
}
return null;
}
};
WildFlySecurityManager.doChecked(privilegedAction, accessControlContext);
}
};
try {
executor.execute(task);
} catch (RejectedExecutionException e) {
task.run();
} finally {
context.asynchronous();
}
}
Also used :
EntityManagerFactoryBuilder(org.jipijapa.plugin.spi.EntityManagerFactoryBuilder)
RejectedExecutionException(java.util.concurrent.RejectedExecutionException)
AccessControlContext(java.security.AccessControlContext)
PrivilegedAction(java.security.PrivilegedAction)
ExecutorService(java.util.concurrent.ExecutorService)
TempClassLoaderFactoryImpl(org.jboss.as.jpa.classloader.TempClassLoaderFactoryImpl)
ProxyBeanManager(org.jboss.as.jpa.beanmanager.ProxyBeanManager)
StartException(org.jboss.msc.service.StartException)
Example 30 with AccessControlContext
use of java.security.AccessControlContext in project wildfly by wildfly.
the class PhaseOnePersistenceUnitServiceImpl method start.
@Override
public void start(final StartContext context) throws StartException {
final ExecutorService executor = executorInjector.getValue();
final AccessControlContext accessControlContext = AccessController.doPrivileged(GetAccessControlContextAction.getInstance());
final Runnable task = new Runnable() {
// run async in a background thread
@Override
public void run() {
PrivilegedAction<Void> privilegedAction = new PrivilegedAction<Void>() {
// run as security privileged action
@Override
public Void run() {
try {
ROOT_LOGGER.startingPersistenceUnitService(1, pu.getScopedPersistenceUnitName());
pu.setTempClassLoaderFactory(new TempClassLoaderFactoryImpl(classLoader));
pu.setJtaDataSource(jtaDataSource.getOptionalValue());
pu.setNonJtaDataSource(nonJtaDataSource.getOptionalValue());
if (proxyBeanManager != null) {
if (wrapperBeanManagerLifeCycle != null) {
// pass the wrapper object representing the bean manager life cycle object
properties.getValue().put(CDI_BEAN_MANAGER, wrapperBeanManagerLifeCycle);
} else {
properties.getValue().put(CDI_BEAN_MANAGER, proxyBeanManager);
}
}
WritableServiceBasedNamingStore.pushOwner(deploymentUnitServiceName);
entityManagerFactoryBuilder = createContainerEntityManagerFactoryBuilder();
context.complete();
} catch (Throwable t) {
context.failed(new StartException(t));
} finally {
// release the temp classloader factory (only needed when creating the EMF)
pu.setTempClassLoaderFactory(null);
WritableServiceBasedNamingStore.popOwner();
}
return null;
}
};
WildFlySecurityManager.doChecked(privilegedAction, accessControlContext);
}
};
try {
executor.execute(task);
} catch (RejectedExecutionException e) {
task.run();
} finally {
context.asynchronous();
}
}
Also used :
AccessControlContext(java.security.AccessControlContext)
PrivilegedAction(java.security.PrivilegedAction)
ExecutorService(java.util.concurrent.ExecutorService)
TempClassLoaderFactoryImpl(org.jboss.as.jpa.classloader.TempClassLoaderFactoryImpl)
StartException(org.jboss.msc.service.StartException)
RejectedExecutionException(java.util.concurrent.RejectedExecutionException)
Aggregations
AccessControlContext (java.security.AccessControlContext)96
Subject (javax.security.auth.Subject)23
ProtectionDomain (java.security.ProtectionDomain)20
PrivilegedAction (java.security.PrivilegedAction)18
Permissions (java.security.Permissions)13
PrivilegedActionException (java.security.PrivilegedActionException)12
IOException (java.io.IOException)10
SocketPermission (java.net.SocketPermission)10
Test (org.testng.annotations.Test)8
Principal (java.security.Principal)7
DatagramSocket (java.net.DatagramSocket)5
InetAddress (java.net.InetAddress)4
MulticastSocket (java.net.MulticastSocket)4
CodeSource (java.security.CodeSource)4
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)4
ExecutorService (java.util.concurrent.ExecutorService)4
RejectedExecutionException (java.util.concurrent.RejectedExecutionException)4
ReflectionException (javax.management.ReflectionException)4
Test (org.junit.Test)4
InvocationTargetException (java.lang.reflect.InvocationTargetException)3
