List of usage examples for java.security AccessController doPrivileged
@CallerSensitive public static <T> T doPrivileged(PrivilegedExceptionAction<T> action) throws PrivilegedActionException
From source file:io.fabric8.elasticsearch.plugin.auth.OpenShiftTokenAuthentication.java
private Collection<String> retrieveBackendRoles(OpenshiftRequestContext context) { List<String> roles = new ArrayList<>(); if (PluginServiceFactory.isReady()) { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(new SpecialPermission()); }//ww w . j a v a2 s. com OpenshiftAPIService apiService = PluginServiceFactory.getApiService(); for (Map.Entry<String, Settings> sar : sars.entrySet()) { boolean allowed = AccessController.doPrivileged(new PrivilegedAction<Boolean>() { @Override public Boolean run() { try { Settings params = sar.getValue(); return apiService.localSubjectAccessReview(context.getToken(), params.get("namespace"), params.get("verb"), params.get("resource"), params.get("resourceAPIGroup"), ArrayUtils.EMPTY_STRING_ARRAY); } catch (Exception e) { LOGGER.error("Exception executing LSAR", e); } return false; } }); if (allowed) { roles.add(sar.getKey()); } } } return roles; }
From source file:SecuritySupport.java
ClassLoader getSystemClassLoader() {
return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
ClassLoader cl = null;
try {
cl = ClassLoader.getSystemClassLoader();
} catch (SecurityException ex) {
}// w ww . j a v a 2s . com
return cl;
}
});
}
From source file:org.codice.solr.factory.impl.HttpSolrClientFactory.java
@Override public org.codice.solr.client.solrj.SolrClient newClient(String core) { String solrUrl = StringUtils.defaultIfBlank( AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty(SOLR_HTTP_URL)), getDefaultHttpsAddress());/*from ww w . ja va2s. co m*/ final String coreUrl = solrUrl + "/" + core; final String solrDataDir = AccessController .doPrivileged((PrivilegedAction<String>) () -> System.getProperty(SOLR_DATA_DIR)); if (solrDataDir != null) { ConfigurationStore.getInstance().setDataDirectoryPath(solrDataDir); } LOGGER.debug("Solr({}): Creating an HTTP Solr client using url [{}]", core, coreUrl); return new SolrClientAdapter(core, () -> createSolrHttpClient(solrUrl, core, coreUrl)); }
From source file:org.codice.ddf.pax.web.jetty.CsrfFilter.java
private List<String> getAdministratorTrustedAuthorities() { String administratorTrustedAuthorities = AccessController .doPrivileged((PrivilegedAction<String>) () -> System.getProperty(CSRF_TRUSTED_AUTHORITIES, "")); return StringUtils.isNotEmpty(administratorTrustedAuthorities) ? Arrays.asList(administratorTrustedAuthorities.split(",")) : Collections.emptyList(); }
From source file:org.codice.ddf.commands.solr.SolrCommands.java
protected static String getSolrDataDir() { return AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty(SOLR_DATA_DIR)); }
From source file:org.apache.axis.AxisProperties.java
public static Object newInstance(final Class spiClass, final Class constructorParamTypes[], final Object constructorParams[]) { return AccessController.doPrivileged(new PrivilegedAction() { public Object run() { ResourceClassIterator services = getResourceClassIterator(spiClass); Object obj = null;/*from w w w .ja v a 2 s . c o m*/ while (obj == null && services.hasNext()) { Class service = services.nextResourceClass().loadClass(); /* service == null * if class resource wasn't loadable */ if (service != null) { /* OK, class loaded.. attempt to instantiate it. */ try { ClassUtils.verifyAncestory(spiClass, service); obj = ClassUtils.newInstance(service, constructorParamTypes, constructorParams); } catch (InvocationTargetException e) { if (e.getTargetException() instanceof java.lang.NoClassDefFoundError) { log.debug(Messages.getMessage("exception00"), e); } else { log.warn(Messages.getMessage("exception00"), e); } } catch (Exception e) { log.warn(Messages.getMessage("exception00"), e); } } } return obj; } }); }
From source file:org.codice.ddf.commands.catalog.ImportCommand.java
@Override protected final Object executeWithSubject() throws Exception { int metacards = 0; int content = 0; int derivedContent = 0; File file = initImportFile(importFile); InputTransformer transformer = getServiceByFilter(InputTransformer.class, String.format("(%s=%s)", "id", DEFAULT_TRANSFORMER_ID)) .orElseThrow(() -> new CatalogCommandRuntimeException( "Could not get " + DEFAULT_TRANSFORMER_ID + " input transformer")); if (unsafe) { if (!force) { String input = session.readLine( "This will import data with no check to see if data is modified/corrupt. Do you wish to continue? (y/N) ", null);/*w w w .j a v a 2 s . c om*/ if (!input.matches("^[yY][eE]?[sS]?$")) { console.println("ABORTED IMPORT."); return null; } } SecurityLogger.audit("Skipping validation check of imported data. There are no " + "guarantees of integrity or authenticity of the imported data." + "File being imported: {}", importFile); } else { if (StringUtils.isBlank(signatureFile)) { String message = "A signature file must be provided with import data"; console.println(message); throw new CatalogCommandRuntimeException(message); } String alias = AccessController.doPrivileged( (PrivilegedAction<String>) () -> System.getProperty("org.codice.ddf.system.hostname")); try (FileInputStream fileIs = new FileInputStream(file); FileInputStream sigFileIs = new FileInputStream(signatureFile)) { if (!verifier.verifyDigitalSignature(fileIs, sigFileIs, alias)) { throw new CatalogCommandRuntimeException("The provided data could not be verified"); } } } SecurityLogger.audit("Called catalog:import command on the file: {}", importFile); console.println("Importing file"); Instant start = Instant.now(); try (InputStream fis = new FileInputStream(file); ZipInputStream zipInputStream = new ZipInputStream(fis)) { ZipEntry entry = zipInputStream.getNextEntry(); while (entry != null) { String filename = entry.getName(); if (filename.startsWith("META-INF")) { entry = zipInputStream.getNextEntry(); continue; } String[] pathParts = filename.split("\\" + File.separator); if (pathParts.length < 5) { console.println("Entry is not valid! " + filename); entry = zipInputStream.getNextEntry(); continue; } String id = pathParts[ID]; String type = pathParts[TYPE]; switch (type) { case "metacard": { String metacardName = pathParts[NAME]; Metacard metacard = null; try { metacard = transformer.transform(new UncloseableBufferedInputStreamWrapper(zipInputStream), id); } catch (IOException | CatalogTransformerException e) { LOGGER.debug("Could not transform metacard: {}", id); entry = zipInputStream.getNextEntry(); continue; } metacard = applyInjectors(metacard, attributeInjectors); catalogProvider.create(new CreateRequestImpl(metacard)); metacards++; break; } case "content": { content++; String contentFilename = pathParts[NAME]; ContentItem contentItem = new ContentItemImpl(id, new ZipEntryByteSource(new UncloseableBufferedInputStreamWrapper(zipInputStream)), null, contentFilename, entry.getSize(), null); CreateStorageRequestImpl createStorageRequest = new CreateStorageRequestImpl( Collections.singletonList(contentItem), id, new HashMap<>()); storageProvider.create(createStorageRequest); storageProvider.commit(createStorageRequest); break; } case "derived": { derivedContent++; String qualifier = pathParts[NAME]; String derivedContentName = pathParts[DERIVED_NAME]; ContentItem contentItem = new ContentItemImpl(id, qualifier, new ZipEntryByteSource(new UncloseableBufferedInputStreamWrapper(zipInputStream)), null, derivedContentName, entry.getSize(), null); CreateStorageRequestImpl createStorageRequest = new CreateStorageRequestImpl( Collections.singletonList(contentItem), id, new HashMap<>()); storageProvider.create(createStorageRequest); storageProvider.commit(createStorageRequest); break; } default: { LOGGER.debug("Cannot interpret type of {}", type); } } entry = zipInputStream.getNextEntry(); } } catch (Exception e) { printErrorMessage(String.format( "Exception while importing metacards (%s)%nFor more information set the log level to INFO (log:set INFO org.codice.ddf.commands.catalog) ", e.getMessage())); LOGGER.info("Exception while importing metacards", e); throw e; } console.println("File imported successfully. Imported in: " + getFormattedDuration(start)); console.println("Number of metacards imported: " + metacards); console.println("Number of content imported: " + content); console.println("Number of derived content imported: " + derivedContent); return null; }
From source file:edu.mayo.cts2.framework.webapp.rest.controller.AbstractMessageWrappingController.java
private void setDirectoryEntries(Directory directory, List<?> entries) { try {// w ww .j a v a 2s. c o m final Field field = ReflectionUtils.findField(directory.getClass(), "_entryList"); AccessController.doPrivileged(new PrivilegedAction<Void>() { public Void run() { field.setAccessible(true); return null; } }); ReflectionUtils.setField(field, directory, entries); } catch (Exception e) { throw new RuntimeException(e); } }
From source file:org.eclipse.gemini.blueprint.extender.internal.blueprint.event.EventAdminDispatcher.java
public void refreshFailure(final BlueprintEvent event) { if (dispatcher != null) { try {/* ww w . j a va2 s . com*/ if (System.getSecurityManager() != null) { AccessController.doPrivileged(new PrivilegedAction<Object>() { public Object run() { dispatcher.refreshFailure(event); return null; } }); } else { dispatcher.refreshFailure(event); } } catch (Throwable th) { log.warn("Cannot dispatch event " + event, th); } } }
From source file:org.apache.openjpa.persistence.PersistenceMetaDataDefaults.java
/** * Return the code for the strategy of the given member. Return null if * no strategy./*from w ww . j a v a 2s . c o m*/ */ public static PersistenceStrategy getPersistenceStrategy(FieldMetaData fmd, Member member, boolean ignoreTransient) { if (member == null) return null; AnnotatedElement el = (AnnotatedElement) member; if (!ignoreTransient && (AccessController.doPrivileged(J2DoPrivHelper.isAnnotationPresentAction(el, Transient.class))) .booleanValue()) return TRANSIENT; if (fmd != null && fmd.getManagement() != FieldMetaData.MANAGE_PERSISTENT) return null; // look for persistence strategy in annotation table PersistenceStrategy pstrat = null; for (Annotation anno : el.getDeclaredAnnotations()) { if (pstrat != null && _strats.containsKey(anno.annotationType())) throw new MetaDataException(_loc.get("already-pers", member)); if (pstrat == null) pstrat = _strats.get(anno.annotationType()); } if (pstrat != null) return pstrat; Class type; int code; if (fmd != null) { type = fmd.getType(); code = fmd.getTypeCode(); } else if (member instanceof Field) { type = ((Field) member).getType(); code = JavaTypes.getTypeCode(type); } else { type = ((Method) member).getReturnType(); code = JavaTypes.getTypeCode(type); } switch (code) { case JavaTypes.ARRAY: if (type == byte[].class || type == char[].class || type == Byte[].class || type == Character[].class) return BASIC; break; case JavaTypes.BOOLEAN: case JavaTypes.BOOLEAN_OBJ: case JavaTypes.BYTE: case JavaTypes.BYTE_OBJ: case JavaTypes.CHAR: case JavaTypes.CHAR_OBJ: case JavaTypes.DOUBLE: case JavaTypes.DOUBLE_OBJ: case JavaTypes.FLOAT: case JavaTypes.FLOAT_OBJ: case JavaTypes.INT: case JavaTypes.INT_OBJ: case JavaTypes.LONG: case JavaTypes.LONG_OBJ: case JavaTypes.SHORT: case JavaTypes.SHORT_OBJ: case JavaTypes.STRING: case JavaTypes.BIGDECIMAL: case JavaTypes.BIGINTEGER: case JavaTypes.DATE: return BASIC; case JavaTypes.OBJECT: if (Enum.class.isAssignableFrom(type)) return BASIC; break; } //### EJB3: what if defined in XML? if ((AccessController.doPrivileged(J2DoPrivHelper.isAnnotationPresentAction(type, Embeddable.class))) .booleanValue()) return EMBEDDED; if (Serializable.class.isAssignableFrom(type)) return BASIC; return null; }