List of usage examples for java.security PrivilegedActionException getException
public Exception getException()
From source file:org.apache.openjpa.jdbc.ant.ReverseMappingToolTask.java
protected void executeOn(String[] files) throws Exception { ClassLoader loader = getClassLoader(); if (!StringUtils.isEmpty(dirName)) flags.directory = Files.getFile(dirName, loader); if (!StringUtils.isEmpty(typeMap)) flags.typeMap = Configurations.parseProperties(typeMap); // load customizer properties Properties customProps = new Properties(); File propsFile = Files.getFile(customizerProperties, loader); if (propsFile != null && (AccessController.doPrivileged(J2DoPrivHelper.existsAction(propsFile))).booleanValue()) { FileInputStream fis = null; try {/* w ww .ja va 2s . c o m*/ fis = AccessController.doPrivileged(J2DoPrivHelper.newFileInputStreamAction(propsFile)); } catch (PrivilegedActionException pae) { throw (FileNotFoundException) pae.getException(); } customProps.load(fis); } // create and configure customizer JDBCConfiguration conf = (JDBCConfiguration) getConfiguration(); flags.customizer = (ReverseCustomizer) Configurations.newInstance(customizerClass, conf, (String) null, AccessController.doPrivileged(J2DoPrivHelper.getClassLoaderAction(ReverseCustomizer.class))); if (flags.customizer != null) flags.customizer.setConfiguration(customProps); ReverseMappingTool.run(conf, files, flags, loader); }
From source file:org.apache.axis2.jaxws.description.impl.URIResolverImpl.java
private InputStream openStream_doPriv(final URL streamURL) throws IOException { try {/*ww w . j a va 2 s . c om*/ return (InputStream) AccessController.doPrivileged(new PrivilegedExceptionAction() { public Object run() throws IOException { return streamURL.openStream(); } }); } catch (PrivilegedActionException e) { throw (IOException) e.getException(); } }
From source file:com.bigstep.datalake.KerberosIdentityAuthenticator.java
/** * Implements the SPNEGO authentication sequence interaction using the current default principal * in the Kerberos cache (normally set via kinit). * * @param atoken the authentication token being used for the user. * @throws IOException if an IO error occurred. * @throws AuthenticationException if an authentication error occurred. *//*from www . j a v a 2s . c o m*/ private void doSpnegoSequence(AuthenticatedURL.Token atoken) throws IOException, AuthenticationException { try { kerberosIdentity.doAsPriviledged(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { final Oid KERB_V5_OID = new Oid("1.2.840.113554.1.2.2"); GSSContext gssContext = null; try { GSSManager gssManager = GSSManager.getInstance(); final GSSName clientName = gssManager.createName(kerberosIdentity.getPrincipalName(), GSSName.NT_USER_NAME); LOG.info("doSpnegoSequence() using principal:" + kerberosIdentity.getPrincipalName()); final GSSCredential clientCred = gssManager.createCredential(clientName, 8 * 3600, KERB_V5_OID, GSSCredential.INITIATE_ONLY); final String applicationPrincipal = "HTTP@" + kerberosIdentity.getRealm(); final GSSName serverName = gssManager.createName(applicationPrincipal, GSSName.NT_HOSTBASED_SERVICE); gssContext = gssManager.createContext(serverName, KERB_V5_OID, clientCred, GSSContext.DEFAULT_LIFETIME); gssContext.requestCredDeleg(true); gssContext.requestMutualAuth(true); gssContext.requestConf(false); gssContext.requestInteg(true); byte[] inToken = new byte[0]; byte[] outToken; boolean established = false; // Loop while the context is still not established while (!established) { LOG.info("doSpnegoSequence() using token:" + new BASE64Encoder().encode(inToken)); outToken = gssContext.initSecContext(inToken, 0, 0); LOG.info("initSecContext() out token:" + new BASE64Encoder().encode(outToken)); if (outToken != null) { sendToken(outToken); } if (!gssContext.isEstablished()) { inToken = readToken(); } else { established = true; } } } finally { if (gssContext != null) { gssContext.dispose(); gssContext = null; } } return null; } }); } catch (PrivilegedActionException ex) { throw new AuthenticationException(ex.getException()); } AuthenticatedURL.extractToken(conn, atoken); }
From source file:org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.java
/** * It enforces the the Kerberos SPNEGO authentication sequence returning an {@link AuthenticationToken} only * after the Kerberos SPNEGO sequence has completed successfully. * <p/>// w w w . jav a 2 s . co m * * @param request the HTTP client request. * @param response the HTTP client response. * * @return an authentication token if the Kerberos SPNEGO sequence is complete and valid, * <code>null</code> if it is in progress (in this case the handler handles the response to the client). * * @throws IOException thrown if an IO error occurred. * @throws AuthenticationException thrown if Kerberos SPNEGO sequence failed. */ @Override public AuthenticationToken authenticate(HttpServletRequest request, final HttpServletResponse response) throws IOException, AuthenticationException { AuthenticationToken token = null; String authorization = request.getHeader(KerberosAuthenticator.AUTHORIZATION); if (authorization == null || !authorization.startsWith(KerberosAuthenticator.NEGOTIATE)) { response.setHeader(KerberosAuthenticator.WWW_AUTHENTICATE, KerberosAuthenticator.NEGOTIATE); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); if (authorization == null) { LOG.trace("SPNEGO starting"); } else { LOG.warn("'" + KerberosAuthenticator.AUTHORIZATION + "' does not start with '" + KerberosAuthenticator.NEGOTIATE + "' : {}", authorization); } } else { authorization = authorization.substring(KerberosAuthenticator.NEGOTIATE.length()).trim(); final Base64 base64 = new Base64(0); final byte[] clientToken = base64.decode(authorization); Subject serverSubject = loginContext.getSubject(); try { token = Subject.doAs(serverSubject, new PrivilegedExceptionAction<AuthenticationToken>() { @Override public AuthenticationToken run() throws Exception { AuthenticationToken token = null; GSSContext gssContext = null; try { gssContext = gssManager.createContext((GSSCredential) null); byte[] serverToken = gssContext.acceptSecContext(clientToken, 0, clientToken.length); if (serverToken != null && serverToken.length > 0) { String authenticate = base64.encodeToString(serverToken); response.setHeader(KerberosAuthenticator.WWW_AUTHENTICATE, KerberosAuthenticator.NEGOTIATE + " " + authenticate); } if (!gssContext.isEstablished()) { response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); LOG.trace("SPNEGO in progress"); } else { String clientPrincipal = gssContext.getSrcName().toString(); KerberosName kerberosName = new KerberosName(clientPrincipal); String userName = kerberosName.getShortName(); token = new AuthenticationToken(userName, clientPrincipal, TYPE); response.setStatus(HttpServletResponse.SC_OK); LOG.trace("SPNEGO completed for principal [{}]", clientPrincipal); } } finally { if (gssContext != null) { gssContext.dispose(); } } return token; } }); } catch (PrivilegedActionException ex) { if (ex.getException() instanceof IOException) { throw (IOException) ex.getException(); } else { throw new AuthenticationException(ex.getException()); } } } return token; }
From source file:com.cloudera.alfredo.server.KerberosAuthenticationHandler.java
/** * It enforces the the Kerberos SPNEGO authentication sequence returning an {@link AuthenticationToken} only * after the Kerberos SPNEGO sequence completed successfully. * <p/>/*from ww w. j a va2 s . c om*/ * * @param request the HTTP client request. * @param response the HTTP client response. * @return an authentication token if the Kerberos SPNEGO sequence is complete and valid, * <code>null</code> if is in progress (in this case the handler handles the response to the client). * @throws IOException thrown if an IO error occurred. * @throws AuthenticationException thrown if Kerberos SPNEGO sequence failed. */ @Override public AuthenticationToken authenticate(HttpServletRequest request, final HttpServletResponse response) throws IOException, AuthenticationException { AuthenticationToken token = null; String authorization = request.getHeader(KerberosAuthenticator.AUTHORIZATION); if (authorization == null) { response.setHeader(KerberosAuthenticator.WWW_AUTHENTICATE, KerberosAuthenticator.NEGOTIATE); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); LOG.trace("SPNEGO starts"); } else if (!authorization.startsWith(KerberosAuthenticator.NEGOTIATE)) { response.setHeader(KerberosAuthenticator.WWW_AUTHENTICATE, KerberosAuthenticator.NEGOTIATE); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); LOG.warn("'" + KerberosAuthenticator.AUTHORIZATION + "' does not start with '" + KerberosAuthenticator.NEGOTIATE + "' : {}", authorization); } else { authorization = authorization.substring(KerberosAuthenticator.NEGOTIATE.length()).trim(); final Base64 base64 = new Base64(0); final byte[] clientToken = base64.decode(authorization); Subject serverSubject = loginContext.getSubject(); try { token = Subject.doAs(serverSubject, new PrivilegedExceptionAction<AuthenticationToken>() { @Override public AuthenticationToken run() throws Exception { AuthenticationToken token = null; GSSContext gssContext = null; try { gssContext = gssManager.createContext((GSSCredential) null); byte[] serverToken = gssContext.acceptSecContext(clientToken, 0, clientToken.length); if (serverToken != null && serverToken.length > 0) { String authenticate = base64.encodeToString(serverToken); response.setHeader(KerberosAuthenticator.WWW_AUTHENTICATE, KerberosAuthenticator.NEGOTIATE + " " + authenticate); } if (!gssContext.isEstablished()) { response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); LOG.trace("SPNEGO in progress"); } else { String clientPrincipal = gssContext.getSrcName().toString(); int index = clientPrincipal.indexOf("/"); if (index == -1) { index = clientPrincipal.indexOf("@"); } String userName = (index == -1) ? clientPrincipal : clientPrincipal.substring(0, index); token = new AuthenticationToken(userName, clientPrincipal, TYPE); response.setStatus(HttpServletResponse.SC_OK); LOG.trace("SPNEGO completed for principal [{}]", clientPrincipal); } } finally { if (gssContext != null) { gssContext.dispose(); } } return token; } }); } catch (PrivilegedActionException ex) { if (ex.getException() instanceof IOException) { throw (IOException) ex.getException(); } else { throw new AuthenticationException(ex.getException()); } } } return token; }
From source file:org.atricore.idbus.kernel.main.util.ClassFinderImpl.java
public void updateClassPath(final String filePath, final ClassLoader cl) throws Exception { if (filePath == null) { return;/*from ww w .j av a 2 s . c om*/ } if (filePath.length() == 0) { return; } if (cl instanceof URLClassLoader) { //lets add the path to the classloader. try { AccessController.doPrivileged(new PrivilegedExceptionAction() { public Object run() throws Exception { URLClassLoader ucl = (URLClassLoader) cl; //convert file path to URL. File file = new File(filePath); URL url = file.toURI().toURL(); Class uclClass = URLClassLoader.class; Method method = uclClass.getDeclaredMethod("addURL", new Class[] { URL.class }); method.setAccessible(true); method.invoke(ucl, new Object[] { url }); return ucl; } }); } catch (PrivilegedActionException e) { if (log.isDebugEnabled()) { log.debug("Exception thrown from AccessController: " + e); } throw new RuntimeException(e.getException()); } } }
From source file:CalendarController.java
public void init() { log("Applet init, applet is " + this.hashCode()); try {/*w w w. ja v a 2 s .c om*/ AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { public Object run() throws Exception { String userdir = System.getProperty("user.home"); String dbname = userdir + "/" + DBNAME; startConsole(userdir); DatabaseManager.initDatabase(dbname, "user", "secret", false); log("Database initialized, " + "database directory is " + dbname); return null; } }); } catch (PrivilegedActionException e) { e.getException().printStackTrace(); } }
From source file:com.lucidworks.security.authentication.server.KerberosAuthenticationHandler.java
/** * Initializes the authentication handler instance. * <p/>/*from www .j a va 2 s . co m*/ * It creates a Kerberos context using the principal and keytab specified in the configuration. * <p/> * This method is invoked by the {@link AuthenticationFilter#init} method. * * @param config configuration properties to initialize the handler. * * @throws ServletException thrown if the handler could not be initialized. */ @Override public void init(Properties config) throws ServletException { try { principal = config.getProperty(PRINCIPAL, principal); if (principal == null || principal.trim().length() == 0) { throw new ServletException("Principal not defined in configuration"); } keytab = config.getProperty(KEYTAB, keytab); if (keytab == null || keytab.trim().length() == 0) { throw new ServletException("Keytab not defined in configuration"); } if (!new File(keytab).exists()) { throw new ServletException("Keytab does not exist: " + keytab); } String nameRules = config.getProperty(NAME_RULES, null); if (nameRules != null) { KerberosName.setRules(nameRules); } Set<Principal> principals = new HashSet<Principal>(); principals.add(new KerberosPrincipal(principal)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); KerberosConfiguration kerberosConfiguration = new KerberosConfiguration(keytab, principal); LOG.info("Login using keytab " + keytab + ", for principal " + principal); loginContext = new LoginContext("", subject, null, kerberosConfiguration); loginContext.login(); Subject serverSubject = loginContext.getSubject(); try { gssManager = Subject.doAs(serverSubject, new PrivilegedExceptionAction<GSSManager>() { @Override public GSSManager run() throws Exception { return GSSManager.getInstance(); } }); } catch (PrivilegedActionException ex) { throw ex.getException(); } LOG.info("Initialized, principal [{}] from keytab [{}]", principal, keytab); } catch (Exception ex) { throw new ServletException(ex); } }
From source file:org.apache.axis2.jaxws.message.databinding.impl.ClassFinderImpl.java
public void updateClassPath(final String filePath, final ClassLoader cl) throws Exception { if (filePath == null) { return;// www. j a va2 s .c o m } if (filePath.length() == 0) { return; } if (cl instanceof URLClassLoader) { //lets add the path to the classloader. try { AccessController.doPrivileged(new PrivilegedExceptionAction() { public Object run() throws Exception { URLClassLoader ucl = (URLClassLoader) cl; //convert file path to URL. File file = new File(filePath); URL url = file.toURI().toURL(); Class uclClass = URLClassLoader.class; Method method = uclClass.getDeclaredMethod("addURL", new Class[] { URL.class }); method.setAccessible(true); method.invoke(ucl, new Object[] { url }); return ucl; } }); } catch (PrivilegedActionException e) { if (log.isDebugEnabled()) { log.debug("Exception thrown from AccessController: " + e); } throw ExceptionFactory.makeWebServiceException(e.getException()); } } }
From source file:org.apache.axis2.deployment.ModuleBuilder.java
private void loadModuleClass(AxisModule module, String moduleClassName) throws DeploymentException { Class moduleClass;/*w w w . jav a 2 s . c om*/ try { if ((moduleClassName != null) && !"".equals(moduleClassName)) { moduleClass = Loader.loadClass(module.getModuleClassLoader(), moduleClassName); final Class fmoduleClass = moduleClass; final AxisModule fmodule = module; try { AccessController.doPrivileged(new PrivilegedExceptionAction() { public Object run() throws IllegalAccessException, InstantiationException { Module new_module = (Module) fmoduleClass.newInstance(); fmodule.setModule(new_module); return null; } }); } catch (PrivilegedActionException e) { throw e.getException(); } } } catch (Exception e) { throw new DeploymentException(e.getMessage(), e); } }