Examples with PrivilegedActionException java.security.PrivilegedActionException used on opensource projects

Example 16 with PrivilegedActionException

use of java.security.PrivilegedActionException in project jdk8u_jdk by JetBrains.

the class ServiceCredsCombination method check.

/**
     * Checks the correct bound
     * @param a get a creds for this principal, null for default one
     * @param b expected name, null for still unbound, "NOCRED" for no creds
     * @param objs princs, keys and keytabs in the subject
     */
private static void check(final String a, String b, Object... objs) throws Exception {
    Subject subj = new Subject();
    for (Object obj : objs) {
        if (obj instanceof KerberosPrincipal) {
            subj.getPrincipals().add((KerberosPrincipal) obj);
        } else if (obj instanceof KerberosKey || obj instanceof KeyTab) {
            subj.getPrivateCredentials().add(obj);
        }
    }
    final GSSManager man = GSSManager.getInstance();
    try {
        String result = Subject.doAs(subj, new PrivilegedExceptionAction<String>() {

            @Override
            public String run() throws GSSException {
                GSSCredential cred = man.createCredential(a == null ? null : man.createName(r(a), null), GSSCredential.INDEFINITE_LIFETIME, GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY);
                GSSName name = cred.getName();
                return name == null ? null : name.toString();
            }
        });
        if (!Objects.equals(result, r(b))) {
            throw new Exception("Check failed: getInstance(" + a + ") has name " + result + ", not " + b);
        }
    } catch (PrivilegedActionException e) {
        if (!"NOCRED".equals(b)) {
            throw new Exception("Check failed: getInstance(" + a + ") is null " + ", but not one with name " + b);
        }
    }
}

Example 17 with PrivilegedActionException

use of java.security.PrivilegedActionException in project zm-mailbox by Zimbra.

the class GssAuthenticator method initialize.

@Override
public boolean initialize() throws IOException {
    Krb5Keytab keytab = getKeytab(LC.krb5_keytab.value());
    if (keytab == null) {
        sendFailed("mechanism not supported");
        return false;
    }
    debug("keytab file = %s", keytab.getFile());
    final String host;
    if (LC.krb5_service_principal_from_interface_address.booleanValue()) {
        String localSocketHostname = localAddress.getCanonicalHostName().toLowerCase();
        if (localSocketHostname.length() == 0 || Character.isDigit(localSocketHostname.charAt(0)))
            localSocketHostname = LC.zimbra_server_hostname.value();
        host = localSocketHostname;
    } else {
        host = LC.zimbra_server_hostname.value();
    }
    KerberosPrincipal kp = new KerberosPrincipal(getProtocol() + '/' + host);
    debug("kerberos principal = %s", kp);
    Subject subject = getSubject(keytab, kp);
    if (subject == null) {
        sendFailed();
        return false;
    }
    debug("subject = %s", subject);
    final Map<String, String> props = getSaslProperties();
    if (DEBUG && props != null) {
        String qop = props.get(Sasl.QOP);
        debug("Sent QOP = " + (qop != null ? qop : "auth"));
    }
    try {
        mSaslServer = (SaslServer) Subject.doAs(subject, new PrivilegedExceptionAction<Object>() {

            @Override
            public Object run() throws SaslException {
                return Sasl.createSaslServer(getMechanism(), getProtocol(), host, props, new GssCallbackHandler());
            }
        });
    } catch (PrivilegedActionException e) {
        sendFailed();
        getLog().warn("Could not create SaslServer", e.getCause());
        return false;
    }
    return true;
}

Example 18 with PrivilegedActionException

use of java.security.PrivilegedActionException in project ignite by apache.

the class ConcurrentLinkedDeque8 method unsafe.

/**
     * @return Instance of Unsafe class.
     */
static Unsafe unsafe() {
    try {
        return Unsafe.getUnsafe();
    } catch (SecurityException ignored) {
        try {
            return AccessController.doPrivileged(new PrivilegedExceptionAction<Unsafe>() {

                @Override
                public Unsafe run() throws Exception {
                    Field f = Unsafe.class.getDeclaredField("theUnsafe");
                    f.setAccessible(true);
                    return (Unsafe) f.get(null);
                }
            });
        } catch (PrivilegedActionException e) {
            throw new RuntimeException("Could not initialize intrinsics.", e.getCause());
        }
    }
}

Example 19 with PrivilegedActionException

use of java.security.PrivilegedActionException in project jackrabbit-oak by apache.

the class AbstractLoginModule method getRoot.

/**
     * Tries to obtain a {@code Root} object from the callback handler using
     * a new RepositoryCallback and keeps the value as private field.
     * If the callback handler isn't able to handle the RepositoryCallback
     * this method returns {@code null}.
     *
     * @return The {@code Root} associated with this {@code LoginModule} or
     *         {@code null}.
     */
@CheckForNull
protected Root getRoot() {
    if (root == null && callbackHandler != null) {
        try {
            final RepositoryCallback rcb = new RepositoryCallback();
            callbackHandler.handle(new Callback[] { rcb });
            final ContentRepository repository = rcb.getContentRepository();
            if (repository != null) {
                systemSession = Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<ContentSession>() {

                    @Override
                    public ContentSession run() throws LoginException, NoSuchWorkspaceException {
                        return repository.login(null, rcb.getWorkspaceName());
                    }
                });
                root = systemSession.getLatestRoot();
            } else {
                log.debug("Unable to retrieve the Root via RepositoryCallback; ContentRepository not available.");
            }
        } catch (UnsupportedCallbackException | PrivilegedActionException | IOException e) {
            log.debug(e.getMessage());
        }
    }
    return root;
}

Example 20 with PrivilegedActionException

use of java.security.PrivilegedActionException in project lucene-solr by apache.

the class LuceneTestCase method runWithRestrictedPermissions.

/** 
   * Runs a code part with restricted permissions (be sure to add all required permissions,
   * because it would start with empty permissions). You cannot grant more permissions than
   * our policy file allows, but you may restrict writing to several dirs...
   * <p><em>Note:</em> This assumes a {@link SecurityManager} enabled, otherwise it
   * stops test execution. If enabled, it needs the following {@link SecurityPermission}:
   * {@code "createAccessControlContext"}
   */
public static <T> T runWithRestrictedPermissions(PrivilegedExceptionAction<T> action, Permission... permissions) throws Exception {
    assumeTrue("runWithRestrictedPermissions requires a SecurityManager enabled", System.getSecurityManager() != null);
    // be sure to have required permission, otherwise doPrivileged runs with *no* permissions:
    AccessController.checkPermission(new SecurityPermission("createAccessControlContext"));
    final PermissionCollection perms = new Permissions();
    Arrays.stream(permissions).forEach(perms::add);
    final AccessControlContext ctx = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
    try {
        return AccessController.doPrivileged(action, ctx);
    } catch (PrivilegedActionException e) {
        throw e.getException();
    }
}