Example 96 with PrivilegedActionException
use of java.security.PrivilegedActionException in project wildfly by wildfly.
the class SecurityRolesAddingInterceptor method processInvocation.
public Object processInvocation(final InterceptorContext context) throws Exception {
final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class);
Assert.checkNotNullParam("securityDomain", securityDomain);
final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity();
final Set<String> securityRoles = principalVsRolesMap.get(currentIdentity.getPrincipal().getName());
if (securityRoles != null && !securityRoles.isEmpty()) {
final RoleMapper roleMapper = RoleMapper.constant(Roles.fromSet(securityRoles));
final RoleMapper mergeMapper = roleMapper.or((roles) -> currentIdentity.getRoles(category));
final SecurityIdentity newIdentity;
if (WildFlySecurityManager.isChecking()) {
newIdentity = AccessController.doPrivileged((PrivilegedAction<SecurityIdentity>) () -> currentIdentity.withRoleMapper(category, mergeMapper));
} else {
newIdentity = currentIdentity.withRoleMapper(category, mergeMapper);
}
try {
return newIdentity.runAs(context);
} catch (PrivilegedActionException e) {
Throwable cause = e.getCause();
if (cause != null) {
if (cause instanceof Exception) {
throw (Exception) cause;
} else {
throw new RuntimeException(e);
}
} else {
throw e;
}
}
} else {
return context.proceed();
}
}
Also used :
SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity)
RoleMapper(org.wildfly.security.authz.RoleMapper)
PrivilegedAction(java.security.PrivilegedAction)
PrivilegedActionException(java.security.PrivilegedActionException)
PrivilegedActionException(java.security.PrivilegedActionException)
SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)
Example 97 with PrivilegedActionException
use of java.security.PrivilegedActionException in project wildfly by wildfly.
the class Utils method createKerberosTicketForServer.
/**
* Creates Kerberos TGS ticket for given user to access given server.
*
* @param user
* @param pass
* @param serverName
* @return
*/
public static byte[] createKerberosTicketForServer(final String user, final String pass, final GSSName serverName) throws MalformedURLException, LoginException, PrivilegedActionException {
Objects.requireNonNull(serverName);
final Krb5LoginConfiguration krb5Configuration = new Krb5LoginConfiguration(getLoginConfiguration());
try {
Configuration.setConfiguration(krb5Configuration);
final LoginContext lc = loginWithKerberos(krb5Configuration, user, pass);
try {
return Subject.doAs(lc.getSubject(), new PrivilegedExceptionAction<byte[]>() {
public byte[] run() throws Exception {
final GSSManager manager = GSSManager.getInstance();
final Oid oid = new Oid(OID_KERBEROS_V5);
final GSSContext gssContext = manager.createContext(serverName.canonicalize(oid), oid, null, 60);
gssContext.requestMutualAuth(true);
gssContext.requestCredDeleg(true);
return gssContext.initSecContext(new byte[0], 0, 0);
}
});
} finally {
lc.logout();
}
} finally {
krb5Configuration.resetConfiguration();
}
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
GSSManager(org.ietf.jgss.GSSManager)
GSSContext(org.ietf.jgss.GSSContext)
Oid(org.ietf.jgss.Oid)
LoginException(javax.security.auth.login.LoginException)
ProtocolException(org.apache.http.ProtocolException)
URISyntaxException(java.net.URISyntaxException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
PrivilegedActionException(java.security.PrivilegedActionException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
Example 98 with PrivilegedActionException
use of java.security.PrivilegedActionException in project jdk8u_jdk by JetBrains.
the class LdapSearchEnumeration method createItem.
@Override
protected SearchResult createItem(String dn, Attributes attrs, Vector<Control> respCtls) throws NamingException {
Object obj = null;
// name relative to starting search context
String relStart;
// name relative to homeCtx.currentDN
String relHome;
// whether relative to currentDN
boolean relative = true;
try {
Name parsed = new LdapName(dn);
if (startName != null && parsed.startsWith(startName)) {
relStart = parsed.getSuffix(startName.size()).toString();
relHome = parsed.getSuffix(homeCtx.currentParsedDN.size()).toString();
} else {
relative = false;
relHome = relStart = LdapURL.toUrlString(homeCtx.hostname, homeCtx.port_number, dn, homeCtx.hasLdapsScheme);
}
} catch (NamingException e) {
// could not parse name
relative = false;
relHome = relStart = LdapURL.toUrlString(homeCtx.hostname, homeCtx.port_number, dn, homeCtx.hasLdapsScheme);
}
// Name relative to search context
CompositeName cn = new CompositeName();
if (!relStart.equals("")) {
cn.add(relStart);
}
// Name relative to homeCtx
CompositeName rcn = new CompositeName();
if (!relHome.equals("")) {
rcn.add(relHome);
}
//System.err.println("relStart: " + cn);
//System.err.println("relHome: " + rcn);
// Fix attributes to be able to get schema
homeCtx.setParents(attrs, rcn);
// only generate object when requested
if (searchArgs.cons.getReturningObjFlag()) {
if (attrs.get(Obj.JAVA_ATTRIBUTES[Obj.CLASSNAME]) != null) {
// serialized object or object reference
try {
obj = AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws NamingException {
return Obj.decodeObject(attrs);
}
}, acc);
} catch (PrivilegedActionException e) {
throw (NamingException) e.getException();
}
}
if (obj == null) {
obj = new LdapCtx(homeCtx, dn);
}
// Call getObjectInstance before removing unrequested attributes
try {
// rcn is either relative to homeCtx or a fully qualified DN
obj = DirectoryManager.getObjectInstance(obj, rcn, (relative ? homeCtx : null), homeCtx.envprops, attrs);
} catch (NamingException e) {
throw e;
} catch (Exception e) {
NamingException ne = new NamingException("problem generating object using object factory");
ne.setRootCause(e);
throw ne;
}
// remove Java attributes from result, if necessary
// Even if CLASSNAME attr not there, there might be some
// residual attributes
String[] reqAttrs;
if ((reqAttrs = searchArgs.reqAttrs) != null) {
// create an attribute set for those requested
// caseignore
Attributes rattrs = new BasicAttributes(true);
for (int i = 0; i < reqAttrs.length; i++) {
rattrs.put(reqAttrs[i], null);
}
for (int i = 0; i < Obj.JAVA_ATTRIBUTES.length; i++) {
// Remove Java-object attributes if not requested
if (rattrs.get(Obj.JAVA_ATTRIBUTES[i]) == null) {
attrs.remove(Obj.JAVA_ATTRIBUTES[i]);
}
}
}
}
/*
* name in search result is either the stringified composite name
* relative to the search context that can be passed directly to
* methods of the search context, or the fully qualified DN
* which can be used with the initial context.
*/
SearchResult sr;
if (respCtls != null) {
sr = new SearchResultWithControls((relative ? cn.toString() : relStart), obj, attrs, relative, homeCtx.convertControls(respCtls));
} else {
sr = new SearchResult((relative ? cn.toString() : relStart), obj, attrs, relative);
}
sr.setNameInNamespace(dn);
return sr;
}
Also used :
PrivilegedActionException(java.security.PrivilegedActionException)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
PrivilegedActionException(java.security.PrivilegedActionException)
LdapName(javax.naming.ldap.LdapName)
LdapName(javax.naming.ldap.LdapName)
Example 99 with PrivilegedActionException
use of java.security.PrivilegedActionException in project jdk8u_jdk by JetBrains.
the class ServerNotifForwarder method addNotificationListener.
public Integer addNotificationListener(final ObjectName name, final NotificationFilter filter) throws InstanceNotFoundException, IOException {
if (logger.traceOn()) {
logger.trace("addNotificationListener", "Add a listener at " + name);
}
checkState();
// Explicitly check MBeanPermission for addNotificationListener
//
checkMBeanPermission(name, "addNotificationListener");
if (notificationAccessController != null) {
notificationAccessController.addNotificationListener(connectionId, name, getSubject());
}
try {
boolean instanceOf = AccessController.doPrivileged(new PrivilegedExceptionAction<Boolean>() {
public Boolean run() throws InstanceNotFoundException {
return mbeanServer.isInstanceOf(name, broadcasterClass);
}
});
if (!instanceOf) {
throw new IllegalArgumentException("The specified MBean [" + name + "] is not a " + "NotificationBroadcaster " + "object.");
}
} catch (PrivilegedActionException e) {
throw (InstanceNotFoundException) extractException(e);
}
final Integer id = getListenerID();
// 6238731: set the default domain if no domain is set.
ObjectName nn = name;
if (name.getDomain() == null || name.getDomain().equals("")) {
try {
nn = ObjectName.getInstance(mbeanServer.getDefaultDomain(), name.getKeyPropertyList());
} catch (MalformedObjectNameException mfoe) {
// impossible, but...
IOException ioe = new IOException(mfoe.getMessage());
ioe.initCause(mfoe);
throw ioe;
}
}
synchronized (listenerMap) {
IdAndFilter idaf = new IdAndFilter(id, filter);
Set<IdAndFilter> set = listenerMap.get(nn);
// Collections.singleton we make here, which is unmodifiable.
if (set == null)
set = Collections.singleton(idaf);
else {
if (set.size() == 1)
set = new HashSet<IdAndFilter>(set);
set.add(idaf);
}
listenerMap.put(nn, set);
}
return id;
}
Also used :
MalformedObjectNameException(javax.management.MalformedObjectNameException)
PrivilegedActionException(java.security.PrivilegedActionException)
InstanceNotFoundException(javax.management.InstanceNotFoundException)
IOException(java.io.IOException)
ObjectName(javax.management.ObjectName)
HashSet(java.util.HashSet)
Example 100 with PrivilegedActionException
use of java.security.PrivilegedActionException in project jdk8u_jdk by JetBrains.
the class ServerNotifForwarder method checkMBeanPermission.
static void checkMBeanPermission(final MBeanServer mbs, final ObjectName name, final String actions) throws InstanceNotFoundException, SecurityException {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
AccessControlContext acc = AccessController.getContext();
ObjectInstance oi;
try {
oi = AccessController.doPrivileged(new PrivilegedExceptionAction<ObjectInstance>() {
public ObjectInstance run() throws InstanceNotFoundException {
return mbs.getObjectInstance(name);
}
});
} catch (PrivilegedActionException e) {
throw (InstanceNotFoundException) extractException(e);
}
String classname = oi.getClassName();
MBeanPermission perm = new MBeanPermission(classname, null, name, actions);
sm.checkPermission(perm, acc);
}
}
Also used :
AccessControlContext(java.security.AccessControlContext)
PrivilegedActionException(java.security.PrivilegedActionException)
MBeanPermission(javax.management.MBeanPermission)
ObjectInstance(javax.management.ObjectInstance)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
Aggregations
PrivilegedActionException (java.security.PrivilegedActionException)135
IOException (java.io.IOException)58
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)56
Subject (javax.security.auth.Subject)23
LoginContext (javax.security.auth.login.LoginContext)14
LoginException (javax.security.auth.login.LoginException)12
InvocationTargetException (java.lang.reflect.InvocationTargetException)11
Method (java.lang.reflect.Method)11
URISyntaxException (java.net.URISyntaxException)11
HashSet (java.util.HashSet)11
ServletException (javax.servlet.ServletException)11
AccessControlContext (java.security.AccessControlContext)10
Principal (java.security.Principal)9
GSSException (org.ietf.jgss.GSSException)9
Field (java.lang.reflect.Field)8
SolrServerException (org.apache.solr.client.solrj.SolrServerException)7
GSSManager (org.ietf.jgss.GSSManager)7
MalformedURLException (java.net.MalformedURLException)6
ArrayList (java.util.ArrayList)6
YardException (org.apache.stanbol.entityhub.servicesapi.yard.YardException)6
