List of usage examples for java.security PrivilegedActionException getException
public Exception getException()
From source file:com.netspective.commons.io.UriAddressableUniqueFileLocator.java
public UriAddressableFile findUriAddressableFile(final String name) throws IOException { final boolean logging = log.isDebugEnabled(); if (logging)/* w ww .j a v a 2 s. c om*/ log.debug("SingleUriAddressableFileLocator searching for " + name); if (cacheLocations) { UriAddressableFile resource = (UriAddressableFile) cache.get(name); if (resource != null) { if (logging) log.debug("SingleUriAddressableFileLocator cache hit for " + resource); return resource; } } try { return (UriAddressableFile) AccessController.doPrivileged(new PrivilegedExceptionAction() { public Object run() throws IOException { File source = new File(baseDir, SEP_IS_SLASH ? name : name.replace(File.separatorChar, '/')); // Security check for inadvertently returning something outside the // resource directory. String normalized = source.getCanonicalPath(); if (!normalized.startsWith(canonicalPath)) { throw new SecurityException(); } if (logging) log.debug("SingleUriAddressableFileLocator looking for '" + name + "' as " + source); UriAddressableFile result = source.exists() ? new UriAddressableFile(rootUrl, name, source) : null; if (result != null) { if (logging) log.debug("SingleUriAddressableFileLocator found " + result); if (cacheLocations) cache.put(name, result); } return result; } }); } catch (PrivilegedActionException e) { throw (IOException) e.getException(); } }
From source file:org.apache.axis2.jaxws.lifecycle.BaseLifecycleManager.java
protected void invokeMethod(final Method m, final Object[] params) throws LifecycleException { try {// w ww .j av a2 s .c o m AccessController.doPrivileged(new PrivilegedExceptionAction() { public Object run() throws InvocationTargetException, IllegalAccessException { return m.invoke(instance, params); } }); } catch (PrivilegedActionException e) { throw new LifecycleException(e.getException()); } }
From source file:org.apache.axis2.jaxws.description.impl.EndpointInterfaceDescriptionImpl.java
private static String getNewSunRulesFlag() { String newSunRulesFlag = null; try {/* www. j av a 2 s . c om*/ newSunRulesFlag = (String) AccessController.doPrivileged(new PrivilegedExceptionAction() { public Object run() { return (System.getProperty(MDQConstants.USE_LEGACY_WEB_METHOD_RULES_SUN)); } }); } catch (PrivilegedActionException e) { // Swallow and continue if (log.isWarnEnabled()) { log.debug("Exception getting USE_LEGACY_WEB_METHOD_RULES_SUN system property: " + e.getException()); } } if (WSToolingUtils.hasValue(newSunRulesFlag)) { if (log.isDebugEnabled()) { log.debug("EndpointInterfaceDescriptionImpl: system property '" + MDQConstants.USE_LEGACY_WEB_METHOD_RULES_SUN + "' is set"); log.debug("MDQConstants.USE_LEGACY_WEB_METHOD_RULES_SUN =" + newSunRulesFlag); } } else { if (log.isDebugEnabled()) { log.debug("EndpointInterfaceDescriptionImpl: system property '" + MDQConstants.USE_LEGACY_WEB_METHOD_RULES_SUN + "' is not set"); } } return newSunRulesFlag; }
From source file:org.apache.axis2.jaxws.lifecycle.BaseLifecycleManager.java
protected void invokePostConstruct(final Method method) throws LifecycleException { if (log.isDebugEnabled()) { log.debug("Invoking Method with @PostConstruct annotation"); }// ww w . j a v a 2 s . c o m /* * As per JSR-250 pre destroy and post construct can be * public, protected, private or default encapsulation. * I will check and make sure the methods are accessible * before we invoke them. * */ try { AccessController.doPrivileged(new PrivilegedExceptionAction() { public Object run() throws InvocationTargetException, IllegalAccessException { if (!method.isAccessible()) { method.setAccessible(true); } return null; } }); } catch (PrivilegedActionException e) { throw new LifecycleException(e.getException()); } invokeMethod(method, null); if (log.isDebugEnabled()) { log.debug("Completed invoke on Method with @PostConstruct annotation"); } }
From source file:com.liferay.portal.template.velocity.internal.LiferayResourceManager.java
@Override public Resource getResource(final String resourceName, final int resourceType, final String encoding) throws Exception, ParseErrorException, ResourceNotFoundException { for (String macroTemplateId : _macroTemplateIds) { if (resourceName.equals(macroTemplateId)) { // This resource is provided by the portal, so invoke it from an // access controller try { return AccessController.doPrivileged( new ResourcePrivilegedExceptionAction(resourceName, resourceType, encoding)); } catch (PrivilegedActionException pae) { throw pae.getException(); }/* w ww .j a v a 2 s . co m*/ } } return _getResource(resourceName, resourceType, encoding); }
From source file:io.druid.security.kerberos.DruidKerberosAuthenticationHandler.java
@Override public void init(Properties config) throws ServletException { try {/*from www . ja va 2 s . c o m*/ String principal = config.getProperty(PRINCIPAL); if (principal == null || principal.trim().length() == 0) { throw new ServletException("Principal not defined in configuration"); } keytab = config.getProperty(KEYTAB, keytab); if (keytab == null || keytab.trim().length() == 0) { throw new ServletException("Keytab not defined in configuration"); } if (!new File(keytab).exists()) { throw new ServletException("Keytab does not exist: " + keytab); } // use all SPNEGO principals in the keytab if a principal isn't // specifically configured final String[] spnegoPrincipals; if (principal.equals("*")) { spnegoPrincipals = KerberosUtil.getPrincipalNames(keytab, Pattern.compile("HTTP/.*")); if (spnegoPrincipals.length == 0) { throw new ServletException("Principals do not exist in the keytab"); } } else { spnegoPrincipals = new String[] { principal }; } String nameRules = config.getProperty(NAME_RULES, null); if (nameRules != null) { KerberosName.setRules(nameRules); } for (String spnegoPrincipal : spnegoPrincipals) { log.info("Login using keytab %s, for principal %s", keytab, spnegoPrincipal); final KerberosAuthenticator.DruidKerberosConfiguration kerberosConfiguration = new KerberosAuthenticator.DruidKerberosConfiguration( keytab, spnegoPrincipal); final LoginContext loginContext = new LoginContext("", serverSubject, null, kerberosConfiguration); try { loginContext.login(); } catch (LoginException le) { log.warn(le, "Failed to login as [%s]", spnegoPrincipal); throw new AuthenticationException(le); } loginContexts.add(loginContext); } try { gssManager = Subject.doAs(serverSubject, new PrivilegedExceptionAction<GSSManager>() { @Override public GSSManager run() throws Exception { return GSSManager.getInstance(); } }); } catch (PrivilegedActionException ex) { throw ex.getException(); } } catch (Exception ex) { throw new ServletException(ex); } }
From source file:org.apache.druid.security.kerberos.DruidKerberosAuthenticationHandler.java
@Override public void init(Properties config) throws ServletException { try {/*from ww w . j a v a 2s . c om*/ String principal = config.getProperty(PRINCIPAL); if (principal == null || principal.trim().length() == 0) { throw new ServletException("Principal not defined in configuration"); } keytab = config.getProperty(KEYTAB, keytab); if (keytab == null || keytab.trim().length() == 0) { throw new ServletException("Keytab not defined in configuration"); } if (!new File(keytab).exists()) { throw new ServletException("Keytab does not exist: " + keytab); } // use all SPNEGO principals in the keytab if a principal isn't // specifically configured final String[] spnegoPrincipals; if ("*".equals(principal)) { spnegoPrincipals = KerberosUtil.getPrincipalNames(keytab, Pattern.compile("HTTP/.*")); if (spnegoPrincipals.length == 0) { throw new ServletException("Principals do not exist in the keytab"); } } else { spnegoPrincipals = new String[] { principal }; } String nameRules = config.getProperty(NAME_RULES, null); if (nameRules != null) { KerberosName.setRules(nameRules); } for (String spnegoPrincipal : spnegoPrincipals) { log.info("Login using keytab %s, for principal %s", keytab, spnegoPrincipal); final KerberosAuthenticator.DruidKerberosConfiguration kerberosConfiguration = new KerberosAuthenticator.DruidKerberosConfiguration( keytab, spnegoPrincipal); final LoginContext loginContext = new LoginContext("", serverSubject, null, kerberosConfiguration); try { loginContext.login(); } catch (LoginException le) { log.warn(le, "Failed to login as [%s]", spnegoPrincipal); throw new AuthenticationException(le); } loginContexts.add(loginContext); } try { gssManager = Subject.doAs(serverSubject, new PrivilegedExceptionAction<GSSManager>() { @Override public GSSManager run() { return GSSManager.getInstance(); } }); } catch (PrivilegedActionException ex) { throw ex.getException(); } } catch (Exception ex) { throw new ServletException(ex); } }
From source file:org.codice.ddf.admin.application.service.command.ProfileInstallCommand.java
@Override protected final void doExecute(ApplicationService applicationService, FeaturesService featuresService, BundleService bundleService) throws Exception { profileName = profileName.trim();/*w w w. j av a 2 s .c om*/ if (profileName.startsWith(".") || profileName.startsWith("/") || profileName.matches("((?i)(?s)[A-Z]):.*")) { throw new IllegalArgumentException( "Profile Name must not start with '.', '/', or a windows drive letter"); } try { AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> { installProfile(applicationService, featuresService, bundleService, profileName); return null; }); } catch (PrivilegedActionException e) { throw e.getException(); } }
From source file:SecuritySupport.java
FileInputStream getFileInputStream(final File file) throws FileNotFoundException { try {//from w ww.j av a 2 s . c om return (FileInputStream) AccessController.doPrivileged(new PrivilegedExceptionAction() { public Object run() throws FileNotFoundException { return new FileInputStream(file); } }); } catch (PrivilegedActionException e) { throw (FileNotFoundException) e.getException(); } }
From source file:io.druid.security.kerberos.DruidKerberosAuthenticationHandler.java
@Override public AuthenticationToken authenticate(HttpServletRequest request, final HttpServletResponse response) throws IOException, AuthenticationException { AuthenticationToken token = null;/*from ww w . j ava 2 s . c o m*/ String authorization = request .getHeader(org.apache.hadoop.security.authentication.client.KerberosAuthenticator.AUTHORIZATION); if (authorization == null || !authorization .startsWith(org.apache.hadoop.security.authentication.client.KerberosAuthenticator.NEGOTIATE)) { return null; } else { authorization = authorization.substring( org.apache.hadoop.security.authentication.client.KerberosAuthenticator.NEGOTIATE.length()) .trim(); final Base64 base64 = new Base64(0); final byte[] clientToken = base64.decode(authorization); final String serverName = request.getServerName(); try { token = Subject.doAs(serverSubject, new PrivilegedExceptionAction<AuthenticationToken>() { @Override public AuthenticationToken run() throws Exception { AuthenticationToken token = null; GSSContext gssContext = null; GSSCredential gssCreds = null; try { gssCreds = gssManager.createCredential( gssManager.createName(KerberosUtil.getServicePrincipal("HTTP", serverName), KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL")), GSSCredential.INDEFINITE_LIFETIME, new Oid[] { KerberosUtil.getOidInstance("GSS_SPNEGO_MECH_OID"), KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID") }, GSSCredential.ACCEPT_ONLY); gssContext = gssManager.createContext(gssCreds); byte[] serverToken = gssContext.acceptSecContext(clientToken, 0, clientToken.length); if (serverToken != null && serverToken.length > 0) { String authenticate = base64.encodeToString(serverToken); response.setHeader( org.apache.hadoop.security.authentication.client.KerberosAuthenticator.WWW_AUTHENTICATE, org.apache.hadoop.security.authentication.client.KerberosAuthenticator.NEGOTIATE + " " + authenticate); } if (!gssContext.isEstablished()) { response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); log.trace("SPNEGO in progress"); } else { String clientPrincipal = gssContext.getSrcName().toString(); KerberosName kerberosName = new KerberosName(clientPrincipal); String userName = kerberosName.getShortName(); token = new AuthenticationToken(userName, clientPrincipal, getType()); response.setStatus(HttpServletResponse.SC_OK); log.trace("SPNEGO completed for principal [%s]", clientPrincipal); } } finally { if (gssContext != null) { gssContext.dispose(); } if (gssCreds != null) { gssCreds.dispose(); } } return token; } }); } catch (PrivilegedActionException ex) { if (ex.getException() instanceof IOException) { throw (IOException) ex.getException(); } else { throw new AuthenticationException(ex.getException()); } } } return token; }