List of usage examples for javax.security.auth Subject doAsPrivileged
public static <T> T doAsPrivileged(final Subject subject, final java.security.PrivilegedExceptionAction<T> action, final java.security.AccessControlContext acc) throws java.security.PrivilegedActionException
From source file:net.sourceforge.safr.sample.SampleTest.java
private void runSampleMethodAs(String userId, String methodName, Object... args) throws Exception { MethodRunner runner = new MethodRunner(sample, methodName, args); Subject subject = sample.createSubjectForUser(userId); try {/*from ww w . j a v a 2 s.c o m*/ Subject.doAsPrivileged(subject, runner, null); } catch (PrivilegedActionException e) { throw (Exception) e.getCause().getCause(); } }
From source file:com.ideabase.repository.core.service.UserServiceImpl.java
/** * {@inheritDoc}/*w ww . ja v a 2s.co m*/ */ public boolean isAllowed(final Subject pSubject, final Permission pPermission) { final SecurityManager securityManager; if (System.getSecurityManager() == null) { mLog.debug("No predefined security manager found."); securityManager = new SecurityManager(); } else { securityManager = System.getSecurityManager(); } try { mLog.debug("Do as privileged action."); Subject.doAsPrivileged(pSubject, new PrivilegedAction() { public Object run() { securityManager.checkPermission(pPermission); return null; } }, null); mLog.debug("user action is previleged."); return true; } catch (RuntimeException e) { // No logging here, because, if exception raised it refers to permission // failure. mLog.warn("Exception raised during verifying the authorization", e); return false; } }
From source file:org.elasticsearch.xpack.security.authc.kerberos.SpnegoHttpClientConfigCallbackHandler.java
/** * Privileged Wrapper that invokes action with Subject.doAs to perform work as * given subject.//from w w w . j ava 2s.c o m * * @param subject {@link Subject} to be used for this work * @param action {@link PrivilegedExceptionAction} action for performing inside * Subject.doAs * @param acc the {@link AccessControlContext} to be tied to the specified * subject and action see * {@link Subject#doAsPrivileged(Subject, PrivilegedExceptionAction, AccessControlContext) * @return the value returned by the PrivilegedExceptionAction's run method * @throws PrivilegedActionException */ static <T> T doAsPrivilegedWrapper(final Subject subject, final PrivilegedExceptionAction<T> action, final AccessControlContext acc) throws PrivilegedActionException { try { return AccessController.doPrivileged( (PrivilegedExceptionAction<T>) () -> Subject.doAsPrivileged(subject, action, acc)); } catch (PrivilegedActionException pae) { if (pae.getCause() instanceof PrivilegedActionException) { throw (PrivilegedActionException) pae.getCause(); } throw pae; } }
From source file:de.ingrid.usermanagement.jetspeed.IngridPermissionManager.java
public boolean checkPermission(Subject subject, final Permission permission) { try {/*from ww w.ja v a2 s . c o m*/ //Subject.doAs(subject, new PrivilegedAction() Subject.doAsPrivileged(subject, new PrivilegedAction() { public Object run() { AccessController.checkPermission(permission); return null; } }, null); } catch (Exception e) { return false; } return true; }
From source file:com.ecyrd.jspwiki.auth.SecurityVerifier.java
/** * Verifies that a particular Principal possesses a Permission, as defined * in the security policy file.//from w w w .j a v a2 s. c o m * @param principal the principal * @param permission the permission * @return the result, based on consultation with the active Java security * policy */ protected final boolean verifyStaticPermission(Principal principal, final Permission permission) { Subject subject = new Subject(); subject.getPrincipals().add(principal); boolean allowedByGlobalPolicy = ((Boolean) Subject.doAsPrivileged(subject, new PrivilegedAction<Object>() { public Object run() { try { AccessController.checkPermission(permission); return Boolean.TRUE; } catch (AccessControlException e) { return Boolean.FALSE; } } }, null)).booleanValue(); if (allowedByGlobalPolicy) { return true; } // Check local policy Principal[] principals = new Principal[] { principal }; return m_engine.getAuthorizationManager().allowedByLocalPolicy(principals, permission); }
From source file:org.apache.catalina.security.SecurityUtil.java
/** * Perform work as a particular </code>Subject</code>. Here the work * will be granted to a <code>null</code> subject. * * @param methodName the method to apply the security restriction * @param targetObject the <code>Servlet</code> on which the method will * be called.//from w w w.ja v a 2 s .c om * @param targetType <code>Class</code> array used to instanciate a * <code>Method</code> object. * @param targetArgumentst <code>Object</code> array contains the * runtime parameters instance. * @param principal the <code>Principal</code> to which the security * privilege apply.. */ private static void execute(final Method method, final Object targetObject, final Object[] targetArguments, Principal principal) throws java.lang.Exception { try { Subject subject = null; PrivilegedExceptionAction pea = new PrivilegedExceptionAction() { public Object run() throws Exception { method.invoke(targetObject, targetArguments); return null; } }; // The first argument is always the request object if (targetArguments != null && targetArguments[0] instanceof HttpServletRequest) { HttpServletRequest request = (HttpServletRequest) targetArguments[0]; HttpSession session = request.getSession(false); if (session != null) { subject = (Subject) session.getAttribute(Globals.SUBJECT_ATTR); if (subject == null) { subject = new Subject(); session.setAttribute(Globals.SUBJECT_ATTR, subject); } } } Subject.doAsPrivileged(subject, pea, null); } catch (PrivilegedActionException pe) { Throwable e = ((InvocationTargetException) pe.getException()).getTargetException(); if (log.isDebugEnabled()) { log.debug(sm.getString("SecurityUtil.doAsPrivilege"), e); } if (e instanceof UnavailableException) throw (UnavailableException) e; else if (e instanceof ServletException) throw (ServletException) e; else if (e instanceof IOException) throw (IOException) e; else if (e instanceof RuntimeException) throw (RuntimeException) e; else throw new ServletException(e.getMessage(), e); } }
From source file:org.apache.wiki.WikiSession.java
/** * Wrapper for/*from ww w .j a va 2 s . c o m*/ * {@link javax.security.auth.Subject#doAsPrivileged(Subject, java.security.PrivilegedExceptionAction, java.security.AccessControlContext)} * that executes an action with the privileges posssessed by a * WikiSession's Subject. The action executes with a <code>null</code> * AccessControlContext, which has the effect of running it "cleanly" * without the AccessControlContexts of the caller. * @param session the wiki session * @param action the privileged action * @return the result of the privileged action; may be <code>null</code> * @throws java.security.AccessControlException if the action is not permitted * by the security policy */ public static final Object doPrivileged(WikiSession session, PrivilegedAction<?> action) throws AccessControlException { return Subject.doAsPrivileged(session.m_subject, action, null); }
From source file:org.flowerplatform.web.tests.codesync.CodeSyncWikiTest.java
public void testDokuWiki() { Subject subject = new Subject(); final FlowerWebPrincipal principal = new FlowerWebPrincipal(0); final String technology = "Doku"; String url = "http://csp1/dokuwiki/lib/exe/xmlrpc.php"; String user = ""; String password = ""; principal.getWikiClientConfigurations().put(technology, new DokuWikiClientConfiguration(url, user, password)); subject.getPrincipals().add(principal); Subject.doAsPrivileged(subject, new PrivilegedAction<Void>() { @Override/*from ww w . java2 s .c o m*/ public Void run() { FlexContext.setThreadLocalSession(new HttpFlexSession()); FlexContext.setUserPrincipal(principal); RecordingTestWebCommunicationChannel cc = new RecordingTestWebCommunicationChannel(); cc.setPrincipal((FlowerWebPrincipal) principal); ServiceInvocationContext context = new ServiceInvocationContext(cc); Object wiki = DokuWikiPlugin.getInstance().getWikiPages("proiecte:flower:teste"); WikiPlugin.getInstance().getConfigurationProviders().put(technology, new DokuWikiConfigurationProvider()); WikiPlugin wikiPlugin = WikiPlugin.getInstance(); File project = getProject(); ResourceSet resourceSet = CodeSyncPlugin.getInstance().getOrCreateResourceSet(project, "mindmapEditorStatefulService"); CodeSyncRoot leftRoot = wikiPlugin.getWikiTree(null, resourceSet, wiki, "proiecte:flower:teste", technology); CodeSyncRoot rightRoot = wikiPlugin.getWikiTree(project, resourceSet, null, "proiecte:flower:teste", technology); expected = new Pair[] { new Pair(WikiPlugin.FOLDER_CATEGORY, 0), // Crispico new Pair(WikiPlugin.FOLDER_CATEGORY, 1), // proiecte new Pair(WikiPlugin.FOLDER_CATEGORY, 2), // flower new Pair(WikiPlugin.PAGE_CATEGORY, 3), // teste new Pair(WikiPlugin.FOLDER_CATEGORY, 4), // teste new Pair(WikiPlugin.PAGE_CATEGORY, 5), // new_test new Pair(WikiPlugin.HEADING_LEVEL_2_CATEGORY, 6), new Pair(WikiPlugin.HEADING_LEVEL_3_CATEGORY, 7), new Pair(WikiPlugin.PARAGRAPH_CATEGORY, 8), new Pair(WikiPlugin.HEADING_LEVEL_1_CATEGORY, 4), new Pair(WikiPlugin.HEADING_LEVEL_1_CATEGORY, 4), new Pair(WikiPlugin.HEADING_LEVEL_2_CATEGORY, 5), new Pair(WikiPlugin.PARAGRAPH_CATEGORY, 6), new Pair(WikiPlugin.FLOWER_BLOCK_CATEGORY, 6), new Pair(WikiPlugin.PARAGRAPH_CATEGORY, 6), new Pair(WikiPlugin.PARAGRAPH_CATEGORY, 6), new Pair(WikiPlugin.PARAGRAPH_CATEGORY, 6), new Pair(WikiPlugin.PARAGRAPH_CATEGORY, 6), new Pair(WikiPlugin.HEADING_LEVEL_2_CATEGORY, 5), new Pair(WikiPlugin.HEADING_LEVEL_1_CATEGORY, 4) }; test(leftRoot, rightRoot, resourceSet, technology, expected); return null; } }, null); }
From source file:org.springframework.beans.factory.DefaultListableBeanFactoryTests.java
@SuppressWarnings("unchecked") @Test/* w ww . jav a 2s .c om*/ public void testInitSecurityAwarePrototypeBean() { final DefaultListableBeanFactory lbf = new DefaultListableBeanFactory(); RootBeanDefinition bd = new RootBeanDefinition(TestSecuredBean.class); bd.setScope(ConfigurableBeanFactory.SCOPE_PROTOTYPE); bd.setInitMethodName("init"); lbf.registerBeanDefinition("test", bd); final Subject subject = new Subject(); subject.getPrincipals().add(new TestPrincipal("user1")); TestSecuredBean bean = (TestSecuredBean) Subject.doAsPrivileged(subject, new PrivilegedAction() { @Override public Object run() { return lbf.getBean("test"); } }, null); assertNotNull(bean); assertEquals("user1", bean.getUserName()); }