List of usage examples for java.security AccessController getContext
public static AccessControlContext getContext()
From source file:org.apache.jackrabbit.core.RepositoryImpl.java
/** * Tries to add Principals to a given subject: * First Access the Subject from the current AccessControlContext, * If Subject is found the LoginContext is evoked for it, in order * to possibly allow for extension of preauthenticated Subject.<br> * In contrast to a login with Credentials, a Session is created, even if the * Authentication failed.<br>/*from w w w . j a va 2s . com*/ * If the {@link Subject} is marked to be unmodificable or if the * authentication of the the Subject failed Session is build for unchanged * Subject. * * @param workspaceName must not be null * @return if a Subject is exsting null else * @throws RepositoryException * @throws AccessDeniedException */ private Session extendAuthentication(String workspaceName) throws RepositoryException, AccessDeniedException { Subject subject = null; try { AccessControlContext acc = AccessController.getContext(); subject = Subject.getSubject(acc); } catch (SecurityException e) { log.warn("Can't check for preauthentication. Reason:", e.getMessage()); } if (subject == null) { log.debug("No preauthenticated subject found -> return null."); return null; } Session s; if (subject.isReadOnly()) { log.debug("Preauthenticated Subject is read-only -> create Session"); s = createSession(subject, workspaceName); } else { log.debug("Found preauthenticated Subject, try to extend authentication"); // login either using JAAS or custom LoginModule AuthContext authCtx = getSecurityManager().getAuthContext(null, subject); try { authCtx.login(); s = createSession(authCtx, workspaceName); } catch (javax.security.auth.login.LoginException e) { // subject could not be extended log.debug("Preauthentication could not be extended"); s = createSession(subject, workspaceName); } } return s; }
From source file:org.apache.jackrabbit.core.RepositoryImpl.java
/** * Tries to add Principals to a given subject: * First Access the Subject from the current AccessControlContext, * If Subject is found the LoginContext is evoked for it, in order * to possibly allow for extension of preauthenticated Subject.<br> * In contrast to a login with Credentials, a Session is created, even if the * Authentication failed.<br>/*from w ww . j a va 2s.com*/ * If the {@link Subject} is marked to be unmodificable or if the * authentication of the the Subject failed Session is build for unchanged * Subject. * * @param workspaceName must not be null * @return if a Subject is exsting null else * @throws RepositoryException * @throws AccessDeniedException */ private Session extendAuthentication(String workspaceName) throws RepositoryException, AccessDeniedException { Subject subject = null; try { AccessControlContext acc = AccessController.getContext(); subject = Subject.getSubject(acc); } catch (SecurityException e) { log.warn("Can't check for preauthentication. Reason: {}", e.getMessage()); } if (subject == null) { log.debug("No preauthenticated subject found -> return null."); return null; } Session s; if (subject.isReadOnly()) { log.debug("Preauthenticated Subject is read-only -> create Session"); s = createSession(subject, workspaceName); } else { log.debug("Found preauthenticated Subject, try to extend authentication"); // login either using JAAS or custom LoginModule AuthContext authCtx = context.getSecurityManager().getAuthContext(null, subject, workspaceName); try { authCtx.login(); s = createSession(authCtx, workspaceName); } catch (javax.security.auth.login.LoginException e) { // subject could not be extended log.debug("Preauthentication could not be extended"); s = createSession(subject, workspaceName); } } return s; }
From source file:org.apache.jetspeed.portlets.security.sso.SSOChangePasswordPortlet.java
private String getRemoteUserName(PortletRequest request, SSOSite site) { String remoteUsername = null; try {//w w w.jav a 2 s. c o m Subject subject = JSSubject.getSubject(AccessController.getContext()); Collection<SSOUser> remoteUsers = sso.getRemoteUsers(site, subject); if (remoteUsers != null && !remoteUsers.isEmpty()) { remoteUsername = remoteUsers.iterator().next().getName(); } } catch (SSOException e) { publishStatusMessage(request, "SSOChangePassword", "status", e, "Could not retrieve sso user name"); } return remoteUsername; }
From source file:org.apache.jetspeed.portlets.security.sso.SSOChangePasswordPortlet.java
private void removeRemoteUser(PortletRequest request, SSOSite site) { try {//from w w w.jav a 2 s. c om Subject subject = JSSubject.getSubject(AccessController.getContext()); Collection<SSOUser> remoteUsers = sso.getRemoteUsers(site, subject); if (remoteUsers != null && !remoteUsers.isEmpty()) { sso.removeUser(remoteUsers.iterator().next()); } } catch (SSOException e) { publishStatusMessage(request, "SSOChangePassword", "status", e, "Could not remove sso user"); } }
From source file:org.apache.jetspeed.portlets.security.sso.SSOChangePasswordPortlet.java
private void addOrUpdateRemoteUser(PortletRequest request, SSOSite site, String username, String password) { try {/*from w ww . j av a 2 s . c o m*/ Subject subject = JSSubject.getSubject(AccessController.getContext()); Collection<SSOUser> remoteUsers = sso.getRemoteUsers(site, subject); if (remoteUsers != null && !remoteUsers.isEmpty()) { SSOUser ssoUser = remoteUsers.iterator().next(); if (!StringUtils.equals(ssoUser.getName(), username)) { ssoUser.setName(username); sso.updateUser(ssoUser); } sso.setPassword(ssoUser, password); } else { User user = userManager.getUser(request.getUserPrincipal().getName()); sso.addUser(site, user, username, password); } } catch (SSOException e) { publishStatusMessage(request, "SSOChangePassword", "status", e, "Could not remove sso user"); } catch (SecurityException e) { publishStatusMessage(request, "SSOChangePassword", "status", e, "Could not retrieve jetspeed user"); } }
From source file:org.apache.jetspeed.portlets.sso.SSOReverseProxyIFramePortlet.java
private List<SSOSiteCredentials> createSSOSiteCredentialsOfSubject() { List<SSOSiteCredentials> ssoSiteCredsOfSubject = new ArrayList<SSOSiteCredentials>(); try {/*from w ww. j a v a 2 s. c o m*/ Subject subject = JSSubject.getSubject(AccessController.getContext()); Collection<SSOSite> ssoSites = ssoManager.getSitesForSubject(subject); if (ssoSites != null) { for (SSOSite ssoSite : ssoSites) { URI siteURI = URI.create(ssoSite.getURL()); Collection<SSOUser> ssoUsers = ssoManager.getRemoteUsers(ssoSite, subject); if (ssoUsers != null) { for (SSOUser ssoUser : ssoUsers) { DefaultSSOSiteCredentials ssoCreds = new DefaultSSOSiteCredentials(ssoSite.getURL(), siteURI.getHost(), siteURI.getPort()); if (!StringUtils.isBlank(ssoSite.getRealm())) { ssoCreds.setRealm(ssoSite.getRealm()); } PasswordCredential pwc = ssoManager.getCredentials(ssoUser); ssoCreds.setUsername(pwc.getUserName()); ssoCreds.setPassword(pwc.getPassword()); if (ssoSite.isFormAuthentication()) { ssoCreds.setFormAuthentication(true); ssoCreds.setFormUserField(ssoSite.getFormUserField()); ssoCreds.setFormPwdField(ssoSite.getFormPwdField()); } ssoSiteCredsOfSubject.add(ssoCreds); } } } } } catch (Exception e) { if (log.isWarnEnabled()) { log.warn("Failed to retrieve sso site credentials. {}", e.toString()); } } return ssoSiteCredsOfSubject; }
From source file:org.apache.jetspeed.portlets.sso.SSOWebContentPortlet.java
private Subject getSubject() { AccessControlContext context = AccessController.getContext(); return JSSubject.getSubject(context); }
From source file:org.apache.jxtadoop.security.UserGroupInformation.java
/** * Return the current user <code>Subject</code>. * @return the current user <code>Subject</code> *//*from w w w. j a va 2 s . c o m*/ static Subject getCurrentUser() { return Subject.getSubject(AccessController.getContext()); }
From source file:org.apache.kudu.mapreduce.KuduTableMapReduceUtil.java
/** * Import credentials from the current thread's JAAS {@link Subject} into the provided * {@link KuduClient}.//from w w w . j a va 2 s .c om * * This must be called for any clients created within a MapReduce job in order to * adopt the credentials added by {@link #addCredentialsToJob(KuduClient, Job)}. * When using {@link KuduTableInputFormat} or {@link KuduTableOutputFormat}, the * implementation automatically handles creating the client and importing necessary * credentials. As such, this is only necessary in jobs that explicitly create a * {@link KuduClient}. * * If no appropriate credentials are found, does nothing. */ public static void importCredentialsFromCurrentSubject(KuduClient client) { Subject subj = Subject.getSubject(AccessController.getContext()); if (subj == null) { return; } Text service = new Text(client.getMasterAddressesAsString()); // Find the Hadoop credentials stored within the JAAS subject. Set<Credentials> credSet = subj.getPrivateCredentials(Credentials.class); if (credSet == null) { return; } for (Credentials creds : credSet) { for (Token<?> tok : creds.getAllTokens()) { if (!tok.getKind().equals(KUDU_TOKEN_KIND)) { continue; } // Only import credentials relevant to the service corresponding to // 'client'. This is necessary if we want to support a job which // reads from one cluster and writes to another. if (!tok.getService().equals(service)) { LOG.debug("Not importing credentials for service " + service + "(expecting service " + service + ")"); continue; } LOG.debug("Importing credentials for service " + service); client.importAuthenticationCredentials(tok.getPassword()); return; } } }
From source file:org.codice.ddf.security.common.Security.java
/** * Determines if the current Java {@link Subject} has the admin role. * * @return {@code true} if the Java {@link Subject} exists and has the admin role, {@code false} otherwise *//* www .j a v a2s. c om*/ public boolean javaSubjectHasAdminRole() { javax.security.auth.Subject subject = javax.security.auth.Subject.getSubject(AccessController.getContext()); if (subject != null) { return subject.getPrincipals().contains(ADMIN_ROLE); } return false; }