Example 1 with SubjectDelegationPermission
use of javax.management.remote.SubjectDelegationPermission in project jdk8u_jdk by JetBrains.
the class SubjectDelegator method checkRemoveCallerContext.
/**
* Check if the connector server creator can assume the identity of each
* principal in the authenticated subject, i.e. check if the connector
* server creator codebase contains a subject delegation permission for
* each principal present in the authenticated subject.
*
* @return {@code true} if the connector server creator can delegate to all
* the authenticated principals in the subject. Otherwise, {@code false}.
*/
public static synchronized boolean checkRemoveCallerContext(Subject subject) {
try {
for (Principal p : getSubjectPrincipals(subject)) {
final String pname = p.getClass().getName() + "." + p.getName();
final Permission sdp = new SubjectDelegationPermission(pname);
AccessController.checkPermission(sdp);
}
} catch (SecurityException e) {
return false;
}
return true;
}
Also used :
Permission(java.security.Permission)
SubjectDelegationPermission(javax.management.remote.SubjectDelegationPermission)
SubjectDelegationPermission(javax.management.remote.SubjectDelegationPermission)
Principal(java.security.Principal)
Example 2 with SubjectDelegationPermission
use of javax.management.remote.SubjectDelegationPermission in project jdk8u_jdk by JetBrains.
the class SubjectDelegator method delegatedContext.
/* Return the AccessControlContext appropriate to execute an
operation on behalf of the delegatedSubject. If the
authenticatedAccessControlContext does not have permission to
delegate to that subject, throw SecurityException. */
public AccessControlContext delegatedContext(AccessControlContext authenticatedACC, Subject delegatedSubject, boolean removeCallerContext) throws SecurityException {
if (System.getSecurityManager() != null && authenticatedACC == null) {
throw new SecurityException("Illegal AccessControlContext: null");
}
// Check if the subject delegation permission allows the
// authenticated subject to assume the identity of each
// principal in the delegated subject
//
Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
final Collection<Permission> permissions = new ArrayList<>(ps.size());
for (Principal p : ps) {
final String pname = p.getClass().getName() + "." + p.getName();
permissions.add(new SubjectDelegationPermission(pname));
}
PrivilegedAction<Void> action = new PrivilegedAction<Void>() {
public Void run() {
for (Permission sdp : permissions) {
AccessController.checkPermission(sdp);
}
return null;
}
};
AccessController.doPrivileged(action, authenticatedACC);
return getDelegatedAcc(delegatedSubject, removeCallerContext);
}
Also used :
PrivilegedAction(java.security.PrivilegedAction)
Permission(java.security.Permission)
SubjectDelegationPermission(javax.management.remote.SubjectDelegationPermission)
SubjectDelegationPermission(javax.management.remote.SubjectDelegationPermission)
Principal(java.security.Principal)
Aggregations
Permission (java.security.Permission)2
Principal (java.security.Principal)2
SubjectDelegationPermission (javax.management.remote.SubjectDelegationPermission)2
PrivilegedAction (java.security.PrivilegedAction)1
