Examples with PrivilegedAction - java.security.PrivilegedAction

Example 91 with PrivilegedAction

use of java.security.PrivilegedAction in project Payara by payara.

the class SecurityMechanismSelector method getTargetName.

// Returns the target_name from PasswordCredential in Subject subj
// subj must contain a single instance of PasswordCredential.
private byte[] getTargetName(Subject subj) {
    byte[] tgt_name = {};
    final Subject sub = subj;
    final Set<PasswordCredential> credset = AccessController.doPrivileged(new PrivilegedAction<Set>() {

        @Override
        public Set run() {
            return sub.getPrivateCredentials(PasswordCredential.class);
        }
    });
    if (credset.size() == 1) {
        tgt_name = AccessController.doPrivileged(new PrivilegedAction<byte[]>() {

            @Override
            public byte[] run() {
                Iterator<PasswordCredential> iter = credset.iterator();
                PasswordCredential pc = iter.next();
                return pc.getTargetName();
            }
        });
    }
    return tgt_name;
}

Also used : Set(java.util.Set) HashSet(java.util.HashSet) PrivilegedAction(java.security.PrivilegedAction) PasswordCredential(com.sun.enterprise.security.auth.login.common.PasswordCredential) Subject(javax.security.auth.Subject)

Example 92 with PrivilegedAction

use of java.security.PrivilegedAction in project Payara by payara.

the class ServerLoginCBHUtil method processGP.

private static void processGP(GroupPrincipalCallback gpCallback) {
    final Subject fs = gpCallback.getSubject();
    final String[] groups = gpCallback.getGroups();
    if (groups != null && groups.length > 0) {
        AppservAccessController.doPrivileged(new PrivilegedAction() {

            public java.lang.Object run() {
                for (String group : groups) {
                    fs.getPrincipals().add(new Group(group));
                }
                return fs;
            }
        });
    } else if (groups == null) {
        AppservAccessController.doPrivileged(new PrivilegedAction() {

            public java.lang.Object run() {
                Set<Principal> principalSet = fs.getPrincipals();
                principalSet.removeAll(fs.getPrincipals(Group.class));
                return fs;
            }
        });
    }
}

Also used : Group(org.glassfish.security.common.Group) PrivilegedAction(java.security.PrivilegedAction) Subject(javax.security.auth.Subject) Principal(java.security.Principal)

Example 93 with PrivilegedAction

use of java.security.PrivilegedAction in project Payara by payara.

the class RealmAdapter method getSecurityContextForPrincipal.

// Moved from J2EEInstanceListener.java
private SecurityContext getSecurityContextForPrincipal(final Principal p) {
    if (p == null) {
        return null;
    } else if (p instanceof WebPrincipal) {
        return ((WebPrincipal) p).getSecurityContext();
    } else {
        return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() {

            @Override
            public SecurityContext run() {
                Subject s = new Subject();
                s.getPrincipals().add(p);
                return new SecurityContext(p.getName(), s);
            }
        });
    }
}

Also used : PrivilegedAction(java.security.PrivilegedAction) SecurityContext(com.sun.enterprise.security.SecurityContext) WebPrincipal(com.sun.enterprise.security.web.integration.WebPrincipal) Subject(javax.security.auth.Subject)

Example 94 with PrivilegedAction

use of java.security.PrivilegedAction in project Payara by payara.

the class CommandSecurityChecker method authorize.

/**
 * Reports whether the Subject is allowed to perform the specified admin command.
 * @param subject Subject for the current user to authorize
 * @param env environmental settings that might be used in the resource name expression
 * @param command the admin command the Subject wants to execute
 * @return
 */
public boolean authorize(Subject subject, final Map<String, Object> env, final AdminCommand command, final AdminCommandContext adminCommandContext) throws SecurityException {
    if (subject == null) {
        ADMSEC_AUTHZ_LOGGER.log(Level.WARNING, command.getClass().getName(), new IllegalArgumentException("subject"));
        subject = new Subject();
    }
    boolean result;
    try {
        if (command instanceof AdminCommandSecurity.Preauthorization) {
            /*
                 * Invoke preAuthorization in the context of the Subject.
                 */
            result = Subject.doAs(subject, new PrivilegedAction<Boolean>() {

                @Override
                public Boolean run() {
                    return ((AdminCommandSecurity.Preauthorization) command).preAuthorization(adminCommandContext);
                }
            });
            if (!result) {
                return false;
            }
        }
        final List<AccessCheckWork> accessChecks = assembleAccessCheckWork(command, subject);
        result = (embeddedSystemAdministrator.matches(subject)) || checkAccessRequired(subject, env, command, accessChecks);
    } catch (Exception ex) {
        ADMSEC_AUTHZ_LOGGER.log(Level.SEVERE, AdminLoggerInfo.mUnexpectedException, ex);
        throw new RuntimeException(ex);
    }
    /*
         * Check the result and throw the SecurityException outside the previous
         * try block. Otherwise the earlier catch will dump the stack which we
         * do not need for simple authorization errors.
         */
    if (!result) {
        // }
        throw new SecurityException();
    }
    return result;
}

Also used : PrivilegedAction(java.security.PrivilegedAction) Subject(javax.security.auth.Subject) AzSubject(org.glassfish.security.services.api.authorization.AzSubject) URISyntaxException(java.net.URISyntaxException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 95 with PrivilegedAction

use of java.security.PrivilegedAction in project Payara by payara.

the class EJBSecurityManager method postInvoke.

/**
 * This method is used by Message Driven Bean Container to remove
 * the run-as identity information that was set up using the
 * preSetRunAsIdentity method
 */
public void postInvoke(ComponentInvocation inv) {
    if (runAs != null && inv.isPreInvokeDone()) {
        final ComponentInvocation finv = inv;
        AppservAccessController.doPrivileged(new PrivilegedAction() {

            public Object run() {
                SecurityContext.setCurrent((SecurityContext) finv.getOldSecurityContext());
                return null;
            }
        });
    }
}

Also used : ComponentInvocation(org.glassfish.api.invocation.ComponentInvocation) PrivilegedAction(java.security.PrivilegedAction) SecurityContext(com.sun.enterprise.security.SecurityContext)

Aggregations

PrivilegedAction (java.security.PrivilegedAction)190 IOException (java.io.IOException)44 Subject (javax.security.auth.Subject)28 File (java.io.File)19 AccessControlContext (java.security.AccessControlContext)18 Method (java.lang.reflect.Method)13 InputStream (java.io.InputStream)12 URL (java.net.URL)11 LoginException (com.sun.enterprise.security.auth.login.common.LoginException)10 Field (java.lang.reflect.Field)10 URLClassLoader (java.net.URLClassLoader)10 Principal (java.security.Principal)10 Set (java.util.Set)9 PrivilegedActionException (java.security.PrivilegedActionException)8 Iterator (java.util.Iterator)8 PasswordCredential (com.sun.enterprise.security.auth.login.common.PasswordCredential)7 InvalidOperationException (com.sun.enterprise.security.auth.realm.InvalidOperationException)7 NoSuchRealmException (com.sun.enterprise.security.auth.realm.NoSuchRealmException)7 NoSuchUserException (com.sun.enterprise.security.auth.realm.NoSuchUserException)7 URISyntaxException (java.net.URISyntaxException)7