Examples with PrivilegedAction java.security.PrivilegedAction used on opensource projects

Search in sources :

Example 86 with PrivilegedAction

use of java.security.PrivilegedAction in project Payara by payara.

the class ConnectorService method checkAccessibility.

/**
 * Check whether ClassLoader is permitted to access this resource adapter.
 * If the RAR is deployed and is not a standalone RAR, then only the ClassLoader
 * that loaded the archive (any of its child) should be able to access it. Otherwise everybody can
 * access the RAR.
 *
 * @param rarName Resource adapter module name.
 * @param loader  <code>ClassLoader</code> to verify.
 */
public boolean checkAccessibility(String rarName, ClassLoader loader) {
    ActiveResourceAdapter ar = _registry.getActiveResourceAdapter(rarName);
    if (ar != null && loader != null) {
        // If RA is deployed
        ClassLoader rarLoader = ar.getClassLoader();
        // If the RAR is not standalone.
        if (rarLoader != null && ConnectorAdminServiceUtils.isEmbeddedConnectorModule(rarName)) /*&& (!(rarLoader instanceof ConnectorClassFinder))*/
        {
            ClassLoader rarLoaderParent = rarLoader.getParent();
            ClassLoader parent = loader;
            while (true) {
                if (parent.equals(rarLoaderParent)) {
                    return true;
                }
                final ClassLoader temp = parent;
                Object obj = AccessController.doPrivileged(new PrivilegedAction() {

                    public Object run() {
                        return temp.getParent();
                    }
                });
                if (obj == null) {
                    break;
                } else {
                    parent = (ClassLoader) obj;
                }
            }
            // If no parent matches return false;
            return false;
        }
    }
    return true;
}
Also used : PrivilegedAction(java.security.PrivilegedAction) ActiveResourceAdapter(com.sun.enterprise.connectors.ActiveResourceAdapter)

Example 87 with PrivilegedAction

use of java.security.PrivilegedAction in project Payara by payara.

the class ConnectionPoolObjectsUtils method createSubject.

public static Subject createSubject(ManagedConnectionFactory mcf, final ResourcePrincipal prin) {
    final Subject tempSubject = new Subject();
    if (prin != null) {
        String password = prin.getPassword();
        if (password != null) {
            final PasswordCredential pc = new PasswordCredential(prin.getName(), password.toCharArray());
            pc.setManagedConnectionFactory(mcf);
            AccessController.doPrivileged(new PrivilegedAction() {

                public Object run() {
                    tempSubject.getPrincipals().add(prin);
                    tempSubject.getPrivateCredentials().add(pc);
                    return null;
                }
            });
        }
    }
    return tempSubject;
}
Also used : PrivilegedAction(java.security.PrivilegedAction) PasswordCredential(javax.resource.spi.security.PasswordCredential) Subject(javax.security.auth.Subject)

Example 88 with PrivilegedAction

use of java.security.PrivilegedAction in project Payara by payara.

the class ComponentValidator method computeRunAsPrincipalDefault.

/**
 * Set a default RunAs principal to given RunAsIdentityDescriptor
 * if necessary.
 * @param runAs
 * @param application
 * @exception RuntimeException
 */
protected void computeRunAsPrincipalDefault(RunAsIdentityDescriptor runAs, Application application) {
    // for backward compatibile
    if (runAs != null && (runAs.getRoleName() == null || runAs.getRoleName().length() == 0)) {
        DOLUtils.getDefaultLogger().log(Level.WARNING, "enterprise.deployment.backend.emptyRoleName");
        return;
    }
    if (runAs != null && (runAs.getPrincipal() == null || runAs.getPrincipal().length() == 0) && application != null && application.getRoleMapper() != null) {
        String principalName = null;
        String roleName = runAs.getRoleName();
        final Subject fs = (Subject) application.getRoleMapper().getRoleToSubjectMapping().get(roleName);
        if (fs != null) {
            principalName = (String) AccessController.doPrivileged(new PrivilegedAction() {

                @Override
                public Object run() {
                    Set<Principal> pset = fs.getPrincipals();
                    Principal prin = null;
                    if (pset.size() > 0) {
                        prin = (Principal) pset.iterator().next();
                        DOLUtils.getDefaultLogger().log(Level.WARNING, "enterprise.deployment.backend.computeRunAsPrincipal", new Object[] { prin.getName() });
                    }
                    return (prin != null) ? prin.getName() : null;
                }
            });
        }
        if (principalName == null || principalName.length() == 0) {
            throw new RuntimeException("The RunAs role " + "\"" + roleName + "\"" + " is not mapped to a principal.");
        }
        runAs.setPrincipal(principalName);
    }
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) PrivilegedAction(java.security.PrivilegedAction) Subject(javax.security.auth.Subject) Principal(java.security.Principal)

Example 89 with PrivilegedAction

use of java.security.PrivilegedAction in project Payara by payara.

the class SecClientRequestInterceptor method send_request.

/**
 * send_request() interception point adds the security context to the service context field.
 */
@Override
public void send_request(ClientRequestInfo ri) throws ForwardRequest {
    /**
     * CSIV2 level 0 implementation only requires stateless clients. Client context id is therefore
     * always set to 0.
     */
    // CSIV2 requires type to be long
    long cContextId = 0;
    // XXX: Workaround for non-null connection object ri for local invocation.
    ConnectionExecutionContext.removeClientThreadID();
    /**
     * CSIV2 level 0 implementation does not require any authorization tokens to be sent over the wire.
     * So set cAuthzElem to empty.
     */
    AuthorizationElement[] cAuthzElem = {};
    /* Client identity token to be added to the service context field */
    IdentityToken cIdentityToken = null;
    /* Client authentication token to be added to the service context field */
    byte[] cAuthenticationToken = {};
    /* CDR encoded Security Attribute Service element */
    byte[] cdr_encoded_saselm = null;
    // A single JAAS credential
    java.lang.Object cred = null;
    if (_logger.isLoggable(Level.FINE))
        _logger.log(Level.FINE, "++++ Entered " + prname + "send_request" + "()");
    // SecurityContext to be sent
    SecurityContext secctxt = null;
    ORB orb = orbHelper.getORB();
    org.omg.CORBA.Object effective_target = ri.effective_target();
    try {
        secctxt = secContextUtil.getSecurityContext(effective_target);
    } catch (InvalidMechanismException ime) {
        _logger.log(Level.SEVERE, "iiop.sec_context_exception", ime);
        throw new RuntimeException(ime.getMessage());
    } catch (InvalidIdentityTokenException iite) {
        _logger.log(Level.SEVERE, "iiop.runtime_exception", iite);
        throw new RuntimeException(iite.getMessage());
    }
    /**
     * In an unprotected invocation, there is nothing to be sent to the service context field. Check for
     * this case.
     */
    if (secctxt == null) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Security context is null (nothing to add to service context)");
        }
        return;
    }
    final SecurityContext sCtx = secctxt;
    /* Construct an authentication token */
    if (secctxt.authcls != null) {
        cred = AccessController.doPrivileged(new PrivilegedAction() {

            @Override
            public java.lang.Object run() {
                return getCred(sCtx.subject.getPrivateCredentials(sCtx.authcls), sCtx.authcls);
            }
        });
        try {
            SecurityMechanismSelector sms = Lookups.getSecurityMechanismSelector();
            ConnectionContext cc = sms.getClientConnectionContext();
            CompoundSecMech mech = cc.getMechanism();
            cAuthenticationToken = createAuthToken(cred, secctxt.authcls, orb, mech);
        } catch (Exception e) {
            _logger.log(Level.SEVERE, "iiop.createauthtoken_exception", e);
            throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_authtok_create", "Error while constructing an authentication token."));
        }
    }
    /* Construct an identity token */
    if (secctxt.identcls != null) {
        cred = getCred(secctxt.subject.getPublicCredentials(secctxt.identcls), secctxt.identcls);
        try {
            cIdentityToken = createIdToken(cred, secctxt.identcls, orb);
        } catch (Exception e) {
            _logger.log(Level.SEVERE, "iiop.createidtoken_exception", e);
            throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_idtok_create", "Error while constructing an identity token."));
        }
    } else {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Constructing an Absent Identity Token");
        }
        cIdentityToken = new IdentityToken();
        cIdentityToken.absent(true);
    }
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Creating an EstablishContext message");
    }
    EstablishContext ec = new EstablishContext(cContextId, cAuthzElem, cIdentityToken, cAuthenticationToken);
    SASContextBody sasctxbody = new SASContextBody();
    sasctxbody.establish_msg(ec);
    /* CDR encode the SASContextBody */
    Any SasAny = orb.create_any();
    SASContextBodyHelper.insert(SasAny, sasctxbody);
    try {
        cdr_encoded_saselm = codec.encode_value(SasAny);
    } catch (Exception e) {
        _logger.log(Level.SEVERE, "iiop.encode_exception", e);
        throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_cdr_encode", "CDR Encoding error for a SAS context element."));
    }
    /* add SAS element to service context list */
    ServiceContext sc = new ServiceContext();
    sc.context_id = SECURITY_ATTRIBUTE_SERVICE_ID;
    sc.context_data = cdr_encoded_saselm;
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Adding EstablishContext message to service context list");
    }
    boolean no_replace = false;
    ri.add_request_service_context(sc, no_replace);
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Added EstablishContext message to service context list");
    }
}
Also used : PrivilegedAction(java.security.PrivilegedAction) CompoundSecMech(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech) CORBA(org.omg.CORBA) SecurityContext(com.sun.enterprise.common.iiop.security.SecurityContext)

Example 90 with PrivilegedAction

use of java.security.PrivilegedAction in project Payara by payara.

the class SecurityContextUtil method authenticate.

/**
 * Authenticate the user with the specified subject and credential class.
 */
private void authenticate(Subject s, Class cls) throws SecurityMechanismException {
    // authenticate
    try {
        final Subject fs = s;
        final Class cl = cls;
        AccessController.doPrivileged(new PrivilegedAction() {

            @Override
            public java.lang.Object run() {
                LoginContextDriver.login(fs, cl);
                return null;
            }
        });
    } catch (Exception e) {
        if (_logger.isLoggable(Level.SEVERE)) {
            _logger.log(Level.SEVERE, "iiop.login_exception", e.toString());
        }
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Login Exception", e);
        }
        throw new SecurityMechanismException("Cannot login user:" + e.getMessage());
    }
}
Also used : PrivilegedAction(java.security.PrivilegedAction) Subject(javax.security.auth.Subject)

Aggregations

PrivilegedAction (java.security.PrivilegedAction)190 IOException (java.io.IOException)44 Subject (javax.security.auth.Subject)28 File (java.io.File)19 AccessControlContext (java.security.AccessControlContext)18 Method (java.lang.reflect.Method)13 InputStream (java.io.InputStream)12 URL (java.net.URL)11 LoginException (com.sun.enterprise.security.auth.login.common.LoginException)10 Field (java.lang.reflect.Field)10 URLClassLoader (java.net.URLClassLoader)10 Principal (java.security.Principal)10 Set (java.util.Set)9 PrivilegedActionException (java.security.PrivilegedActionException)8 Iterator (java.util.Iterator)8 PasswordCredential (com.sun.enterprise.security.auth.login.common.PasswordCredential)7 InvalidOperationException (com.sun.enterprise.security.auth.realm.InvalidOperationException)7 NoSuchRealmException (com.sun.enterprise.security.auth.realm.NoSuchRealmException)7 NoSuchUserException (com.sun.enterprise.security.auth.realm.NoSuchUserException)7 URISyntaxException (java.net.URISyntaxException)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial