use of java.security.PrivilegedActionException in project ddf by codice.
the class RegistryMetacardHandler method processEvent.
private void processEvent(Metacard mcard, String topic) {
try {
Security security = Security.getInstance();
security.runAsAdminWithException(() -> {
if (topic.equals(EventProcessor.EVENTS_TOPIC_DELETED)) {
processMetacardDelete(mcard);
} else if (topic.equals(EventProcessor.EVENTS_TOPIC_CREATED) || topic.equals(EventProcessor.EVENTS_TOPIC_UPDATED)) {
processMetacardCreateUpdate(mcard);
}
return null;
});
} catch (PrivilegedActionException e) {
LOGGER.debug("Error processing registry metacard event.", e);
}
}
use of java.security.PrivilegedActionException in project ddf by codice.
the class RegistryStoreCleanupHandler method handleEvent.
@Override
public void handleEvent(Event event) {
Object eventProperty = event.getProperty(EventConstants.EVENT);
if (!cleanupRelatedMetacards || eventProperty == null || !(eventProperty instanceof ServiceEvent)) {
return;
}
if (((ServiceEvent) eventProperty).getType() != ServiceEvent.UNREGISTERING) {
return;
}
Object servicePid = ((ServiceEvent) event.getProperty(EventConstants.EVENT)).getServiceReference().getProperty(Constants.SERVICE_PID);
if (servicePid == null) {
return;
}
RegistryStore service = registryStorePidToServiceMap.get(servicePid);
if (service == null) {
return;
}
registryStorePidToServiceMap.remove(servicePid);
LOGGER.info("Removing registry entries associated with remote registry {}", service.getId());
executor.execute(() -> {
String registryId = service.getRegistryId();
try {
Security security = Security.getInstance();
List<Metacard> metacards = security.runAsAdminWithException(() -> federationAdminService.getInternalRegistryMetacards().stream().filter(m -> RegistryUtility.getStringAttribute(m, RegistryObjectMetacardType.REMOTE_REGISTRY_ID, "").equals(registryId)).collect(Collectors.toList()));
List<String> idsToDelete = metacards.stream().map(Metacard::getId).collect(Collectors.toList());
if (!idsToDelete.isEmpty()) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Removing {} registry entries that came from {}. Removed entries: {}", metacards.size(), service.getId(), metacards.stream().map(m -> m.getTitle() + ":" + m.getId()).collect(Collectors.joining(", ")));
}
security.runAsAdminWithException(() -> {
federationAdminService.deleteRegistryEntriesByMetacardIds(idsToDelete);
return null;
});
}
} catch (PrivilegedActionException e) {
LOGGER.info("Unable to clean up registry metacards after registry store {} was deleted", service.getId(), e);
}
});
}
use of java.security.PrivilegedActionException in project ddf by codice.
the class RegistryIdPostIngestPlugin method init.
/**
* Init method initializes the id sets from the catalog. If the catalog is not available it
* will retry later.
*/
public void init() {
try {
List<Metacard> registryMetacards;
Filter registryFilter = filterBuilder.anyOf(filterBuilder.attribute(Metacard.TAGS).is().equalTo().text(RegistryConstants.REGISTRY_TAG), filterBuilder.attribute(Metacard.TAGS).is().equalTo().text(RegistryConstants.REGISTRY_TAG_INTERNAL));
QueryImpl query = new QueryImpl(registryFilter);
query.setPageSize(PAGE_SIZE);
QueryRequest request = new QueryRequestImpl(query);
QueryResponse response = security.runAsAdminWithException(() -> security.runWithSubjectOrElevate(() -> catalogFramework.query(request)));
if (response == null) {
throw new PluginExecutionException("Failed to initialize RegistryIdPostIngestPlugin. Query for registry metacards came back null");
}
registryMetacards = response.getResults().stream().map(Result::getMetacard).collect(Collectors.toList());
addIdsFromMetacards(registryMetacards);
} catch (PrivilegedActionException | PluginExecutionException e) {
LOGGER.debug("Error getting registry metacards. Will try again later");
executorService.schedule(this::init, RETRY_INTERVAL, TimeUnit.SECONDS);
}
}
use of java.security.PrivilegedActionException in project ddf by codice.
the class IdentityNodeInitialization method init.
public void init() {
try {
Security security = Security.getInstance();
security.runAsAdminWithException(() -> {
Optional<Metacard> optional = federationAdminService.getLocalRegistryIdentityMetacard();
if (optional.isPresent()) {
Metacard metacard = optional.get();
System.setProperty(RegistryConstants.REGISTRY_ID_PROPERTY, RegistryUtility.getRegistryId(metacard));
if (!metacard.getTitle().equals(SystemInfo.getSiteName())) {
updateIdentityNodeName(metacard);
}
}
if (!optional.isPresent()) {
createIdentityNode();
}
return null;
});
} catch (PrivilegedActionException e) {
LOGGER.debug("Error checking for local registry identity node. Will try again later");
executorService.schedule(this::init, RETRY_INTERVAL, TimeUnit.SECONDS);
}
}
use of java.security.PrivilegedActionException in project storm by apache.
the class KerberosSaslTransportPlugin method connect.
@Override
public TTransport connect(TTransport transport, String serverHost, String asUser) throws TTransportException, IOException {
//create an authentication callback handler
ClientCallbackHandler client_callback_handler = new ClientCallbackHandler(login_conf);
//login our user
LoginCacheKey key = new LoginCacheKey(login_conf, AuthUtils.LOGIN_CONTEXT_CLIENT);
Login login = loginCache.get(key);
if (login == null) {
LOG.debug("Kerberos Login was not found in the Login Cache, attempting to contact the Kerberos Server");
synchronized (loginCache) {
login = loginCache.get(key);
if (login == null) {
try {
//specify a configuration object to be used
Configuration.setConfiguration(login_conf);
//now login
login = new Login(AuthUtils.LOGIN_CONTEXT_CLIENT, client_callback_handler);
login.startThreadIfNeeded();
loginCache.put(key, login);
} catch (LoginException ex) {
LOG.error("Server failed to login in principal:" + ex, ex);
throw new RuntimeException(ex);
}
}
}
}
final Subject subject = login.getSubject();
if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
//error
throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_CLIENT + "\" in login configuration file " + login_conf);
}
final String principal = StringUtils.isBlank(asUser) ? getPrincipal(subject) : asUser;
String serviceName = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_CLIENT, "serviceName");
if (serviceName == null) {
serviceName = AuthUtils.SERVICE;
}
Map<String, String> props = new TreeMap<String, String>();
props.put(Sasl.QOP, "auth");
props.put(Sasl.SERVER_AUTH, "false");
LOG.debug("SASL GSSAPI client transport is being established");
final TTransport sasalTransport = new TSaslClientTransport(KERBEROS, principal, serviceName, serverHost, props, null, transport);
//open Sasl transport with the login credential
try {
Subject.doAs(subject, new PrivilegedExceptionAction<Void>() {
public Void run() {
try {
LOG.debug("do as:" + principal);
sasalTransport.open();
} catch (Exception e) {
LOG.error("Client failed to open SaslClientTransport to interact with a server during session initiation: " + e, e);
}
return null;
}
});
} catch (PrivilegedActionException e) {
throw new RuntimeException(e);
}
return sasalTransport;
}
Aggregations