Search in sources :

Example 61 with PrivilegedActionException

use of java.security.PrivilegedActionException in project ddf by codice.

the class RegistryMetacardHandler method processEvent.

private void processEvent(Metacard mcard, String topic) {
    try {
        Security security = Security.getInstance();
        security.runAsAdminWithException(() -> {
            if (topic.equals(EventProcessor.EVENTS_TOPIC_DELETED)) {
                processMetacardDelete(mcard);
            } else if (topic.equals(EventProcessor.EVENTS_TOPIC_CREATED) || topic.equals(EventProcessor.EVENTS_TOPIC_UPDATED)) {
                processMetacardCreateUpdate(mcard);
            }
            return null;
        });
    } catch (PrivilegedActionException e) {
        LOGGER.debug("Error processing registry metacard event.", e);
    }
}
Also used : PrivilegedActionException(java.security.PrivilegedActionException) Security(org.codice.ddf.security.common.Security)

Example 62 with PrivilegedActionException

use of java.security.PrivilegedActionException in project ddf by codice.

the class RegistryStoreCleanupHandler method handleEvent.

@Override
public void handleEvent(Event event) {
    Object eventProperty = event.getProperty(EventConstants.EVENT);
    if (!cleanupRelatedMetacards || eventProperty == null || !(eventProperty instanceof ServiceEvent)) {
        return;
    }
    if (((ServiceEvent) eventProperty).getType() != ServiceEvent.UNREGISTERING) {
        return;
    }
    Object servicePid = ((ServiceEvent) event.getProperty(EventConstants.EVENT)).getServiceReference().getProperty(Constants.SERVICE_PID);
    if (servicePid == null) {
        return;
    }
    RegistryStore service = registryStorePidToServiceMap.get(servicePid);
    if (service == null) {
        return;
    }
    registryStorePidToServiceMap.remove(servicePid);
    LOGGER.info("Removing registry entries associated with remote registry {}", service.getId());
    executor.execute(() -> {
        String registryId = service.getRegistryId();
        try {
            Security security = Security.getInstance();
            List<Metacard> metacards = security.runAsAdminWithException(() -> federationAdminService.getInternalRegistryMetacards().stream().filter(m -> RegistryUtility.getStringAttribute(m, RegistryObjectMetacardType.REMOTE_REGISTRY_ID, "").equals(registryId)).collect(Collectors.toList()));
            List<String> idsToDelete = metacards.stream().map(Metacard::getId).collect(Collectors.toList());
            if (!idsToDelete.isEmpty()) {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Removing {} registry entries that came from {}. Removed entries: {}", metacards.size(), service.getId(), metacards.stream().map(m -> m.getTitle() + ":" + m.getId()).collect(Collectors.joining(", ")));
                }
                security.runAsAdminWithException(() -> {
                    federationAdminService.deleteRegistryEntriesByMetacardIds(idsToDelete);
                    return null;
                });
            }
        } catch (PrivilegedActionException e) {
            LOGGER.info("Unable to clean up registry metacards after registry store {} was deleted", service.getId(), e);
        }
    });
}
Also used : Metacard(ddf.catalog.data.Metacard) RegistryStore(org.codice.ddf.registry.api.internal.RegistryStore) PrivilegedActionException(java.security.PrivilegedActionException) ServiceEvent(org.osgi.framework.ServiceEvent) Security(org.codice.ddf.security.common.Security)

Example 63 with PrivilegedActionException

use of java.security.PrivilegedActionException in project ddf by codice.

the class RegistryIdPostIngestPlugin method init.

/**
     * Init method initializes the id sets from the catalog. If the catalog is not available it
     * will retry later.
     */
public void init() {
    try {
        List<Metacard> registryMetacards;
        Filter registryFilter = filterBuilder.anyOf(filterBuilder.attribute(Metacard.TAGS).is().equalTo().text(RegistryConstants.REGISTRY_TAG), filterBuilder.attribute(Metacard.TAGS).is().equalTo().text(RegistryConstants.REGISTRY_TAG_INTERNAL));
        QueryImpl query = new QueryImpl(registryFilter);
        query.setPageSize(PAGE_SIZE);
        QueryRequest request = new QueryRequestImpl(query);
        QueryResponse response = security.runAsAdminWithException(() -> security.runWithSubjectOrElevate(() -> catalogFramework.query(request)));
        if (response == null) {
            throw new PluginExecutionException("Failed to initialize RegistryIdPostIngestPlugin. Query for registry metacards came back null");
        }
        registryMetacards = response.getResults().stream().map(Result::getMetacard).collect(Collectors.toList());
        addIdsFromMetacards(registryMetacards);
    } catch (PrivilegedActionException | PluginExecutionException e) {
        LOGGER.debug("Error getting registry metacards. Will try again later");
        executorService.schedule(this::init, RETRY_INTERVAL, TimeUnit.SECONDS);
    }
}
Also used : Metacard(ddf.catalog.data.Metacard) QueryImpl(ddf.catalog.operation.impl.QueryImpl) QueryRequest(ddf.catalog.operation.QueryRequest) Filter(org.opengis.filter.Filter) PrivilegedActionException(java.security.PrivilegedActionException) QueryRequestImpl(ddf.catalog.operation.impl.QueryRequestImpl) QueryResponse(ddf.catalog.operation.QueryResponse) PluginExecutionException(ddf.catalog.plugin.PluginExecutionException) Result(ddf.catalog.data.Result)

Example 64 with PrivilegedActionException

use of java.security.PrivilegedActionException in project ddf by codice.

the class IdentityNodeInitialization method init.

public void init() {
    try {
        Security security = Security.getInstance();
        security.runAsAdminWithException(() -> {
            Optional<Metacard> optional = federationAdminService.getLocalRegistryIdentityMetacard();
            if (optional.isPresent()) {
                Metacard metacard = optional.get();
                System.setProperty(RegistryConstants.REGISTRY_ID_PROPERTY, RegistryUtility.getRegistryId(metacard));
                if (!metacard.getTitle().equals(SystemInfo.getSiteName())) {
                    updateIdentityNodeName(metacard);
                }
            }
            if (!optional.isPresent()) {
                createIdentityNode();
            }
            return null;
        });
    } catch (PrivilegedActionException e) {
        LOGGER.debug("Error checking for local registry identity node. Will try again later");
        executorService.schedule(this::init, RETRY_INTERVAL, TimeUnit.SECONDS);
    }
}
Also used : Metacard(ddf.catalog.data.Metacard) PrivilegedActionException(java.security.PrivilegedActionException) Security(org.codice.ddf.security.common.Security)

Example 65 with PrivilegedActionException

use of java.security.PrivilegedActionException in project storm by apache.

the class KerberosSaslTransportPlugin method connect.

@Override
public TTransport connect(TTransport transport, String serverHost, String asUser) throws TTransportException, IOException {
    //create an authentication callback handler
    ClientCallbackHandler client_callback_handler = new ClientCallbackHandler(login_conf);
    //login our user
    LoginCacheKey key = new LoginCacheKey(login_conf, AuthUtils.LOGIN_CONTEXT_CLIENT);
    Login login = loginCache.get(key);
    if (login == null) {
        LOG.debug("Kerberos Login was not found in the Login Cache, attempting to contact the Kerberos Server");
        synchronized (loginCache) {
            login = loginCache.get(key);
            if (login == null) {
                try {
                    //specify a configuration object to be used
                    Configuration.setConfiguration(login_conf);
                    //now login
                    login = new Login(AuthUtils.LOGIN_CONTEXT_CLIENT, client_callback_handler);
                    login.startThreadIfNeeded();
                    loginCache.put(key, login);
                } catch (LoginException ex) {
                    LOG.error("Server failed to login in principal:" + ex, ex);
                    throw new RuntimeException(ex);
                }
            }
        }
    }
    final Subject subject = login.getSubject();
    if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
        //error
        throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_CLIENT + "\" in login configuration file " + login_conf);
    }
    final String principal = StringUtils.isBlank(asUser) ? getPrincipal(subject) : asUser;
    String serviceName = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_CLIENT, "serviceName");
    if (serviceName == null) {
        serviceName = AuthUtils.SERVICE;
    }
    Map<String, String> props = new TreeMap<String, String>();
    props.put(Sasl.QOP, "auth");
    props.put(Sasl.SERVER_AUTH, "false");
    LOG.debug("SASL GSSAPI client transport is being established");
    final TTransport sasalTransport = new TSaslClientTransport(KERBEROS, principal, serviceName, serverHost, props, null, transport);
    //open Sasl transport with the login credential
    try {
        Subject.doAs(subject, new PrivilegedExceptionAction<Void>() {

            public Void run() {
                try {
                    LOG.debug("do as:" + principal);
                    sasalTransport.open();
                } catch (Exception e) {
                    LOG.error("Client failed to open SaslClientTransport to interact with a server during session initiation: " + e, e);
                }
                return null;
            }
        });
    } catch (PrivilegedActionException e) {
        throw new RuntimeException(e);
    }
    return sasalTransport;
}
Also used : KerberosTicket(javax.security.auth.kerberos.KerberosTicket) PrivilegedActionException(java.security.PrivilegedActionException) TSaslClientTransport(org.apache.thrift.transport.TSaslClientTransport) Login(org.apache.storm.messaging.netty.Login) TreeMap(java.util.TreeMap) Subject(javax.security.auth.Subject) LoginException(javax.security.auth.login.LoginException) TTransportException(org.apache.thrift.transport.TTransportException) PrivilegedActionException(java.security.PrivilegedActionException) IOException(java.io.IOException) LoginException(javax.security.auth.login.LoginException) TTransport(org.apache.thrift.transport.TTransport)

Aggregations

PrivilegedActionException (java.security.PrivilegedActionException)135 IOException (java.io.IOException)58 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)56 Subject (javax.security.auth.Subject)23 LoginContext (javax.security.auth.login.LoginContext)14 LoginException (javax.security.auth.login.LoginException)12 InvocationTargetException (java.lang.reflect.InvocationTargetException)11 Method (java.lang.reflect.Method)11 URISyntaxException (java.net.URISyntaxException)11 HashSet (java.util.HashSet)11 ServletException (javax.servlet.ServletException)11 AccessControlContext (java.security.AccessControlContext)10 Principal (java.security.Principal)9 GSSException (org.ietf.jgss.GSSException)9 Field (java.lang.reflect.Field)8 SolrServerException (org.apache.solr.client.solrj.SolrServerException)7 GSSManager (org.ietf.jgss.GSSManager)7 MalformedURLException (java.net.MalformedURLException)6 ArrayList (java.util.ArrayList)6 YardException (org.apache.stanbol.entityhub.servicesapi.yard.YardException)6