Example usage for javax.security.auth Subject getSubject

List of usage examples for javax.security.auth Subject getSubject

  1. HOME
  2. Java
  3. javax
  4. javax.security.auth.*
  5. Subject
  6. getSubject

Introduction

In this page you can find the example usage for javax.security.auth Subject getSubject.

Prototype

public static Subject getSubject(final AccessControlContext acc)

Source Link

Document

Get the Subject associated with the provided AccessControlContext .

Usage

From source file:org.apache.jackrabbit.core.RepositoryImpl.java

/**
 * Tries to add Principals to a given subject:
 * First Access the Subject from the current AccessControlContext,
 * If Subject is found the LoginContext is evoked for it, in order
 * to possibly allow for extension of preauthenticated Subject.<br>
 * In contrast to a login with Credentials, a Session is created, even if the
 * Authentication failed.<br>//from   w  ww  .j a va2  s  .com
 * If the {@link Subject} is marked to be unmodificable or if the
 * authentication of the the Subject failed Session is build for unchanged
 * Subject.
 *
 * @param workspaceName must not be null
 * @return if a Subject is exsting null else
 * @throws RepositoryException
 * @throws AccessDeniedException
 */
private Session extendAuthentication(String workspaceName) throws RepositoryException, AccessDeniedException {

    Subject subject = null;
    try {
        AccessControlContext acc = AccessController.getContext();
        subject = Subject.getSubject(acc);
    } catch (SecurityException e) {
        log.warn("Can't check for preauthentication. Reason: {}", e.getMessage());
    }
    if (subject == null) {
        log.debug("No preauthenticated subject found -> return null.");
        return null;
    }

    Session s;
    if (subject.isReadOnly()) {
        log.debug("Preauthenticated Subject is read-only -> create Session");
        s = createSession(subject, workspaceName);
    } else {
        log.debug("Found preauthenticated Subject, try to extend authentication");
        // login either using JAAS or custom LoginModule
        AuthContext authCtx = context.getSecurityManager().getAuthContext(null, subject, workspaceName);
        try {
            authCtx.login();
            s = createSession(authCtx, workspaceName);
        } catch (javax.security.auth.login.LoginException e) {
            // subject could not be extended
            log.debug("Preauthentication could not be extended");
            s = createSession(subject, workspaceName);
        }
    }
    return s;
}

From source file:org.apache.jxtadoop.security.UserGroupInformation.java

/**
 * Return the current user <code>Subject</code>.
 * @return the current user <code>Subject</code>
 *///www.  ja  v  a  2 s .  com
static Subject getCurrentUser() {
    return Subject.getSubject(AccessController.getContext());
}

From source file:org.apache.kudu.mapreduce.KuduTableMapReduceUtil.java

/**
 * Import credentials from the current thread's JAAS {@link Subject} into the provided
 * {@link KuduClient}.//from   w  ww.j  a  v  a  2 s .  c  o m
 *
 * This must be called for any clients created within a MapReduce job in order to
 * adopt the credentials added by {@link #addCredentialsToJob(KuduClient, Job)}.
 * When using {@link KuduTableInputFormat} or {@link KuduTableOutputFormat}, the
 * implementation automatically handles creating the client and importing necessary
 * credentials. As such, this is only necessary in jobs that explicitly create a
 * {@link KuduClient}.
 *
 * If no appropriate credentials are found, does nothing.
 */
public static void importCredentialsFromCurrentSubject(KuduClient client) {
    Subject subj = Subject.getSubject(AccessController.getContext());
    if (subj == null) {
        return;
    }
    Text service = new Text(client.getMasterAddressesAsString());
    // Find the Hadoop credentials stored within the JAAS subject.
    Set<Credentials> credSet = subj.getPrivateCredentials(Credentials.class);
    if (credSet == null) {
        return;
    }
    for (Credentials creds : credSet) {
        for (Token<?> tok : creds.getAllTokens()) {
            if (!tok.getKind().equals(KUDU_TOKEN_KIND)) {
                continue;
            }
            // Only import credentials relevant to the service corresponding to
            // 'client'. This is necessary if we want to support a job which
            // reads from one cluster and writes to another.
            if (!tok.getService().equals(service)) {
                LOG.debug("Not importing credentials for service " + service + "(expecting service " + service
                        + ")");
                continue;
            }
            LOG.debug("Importing credentials for service " + service);
            client.importAuthenticationCredentials(tok.getPassword());
            return;
        }
    }
}

From source file:org.jbpm.security.authentication.SubjectAuthenticationService.java

public String getActorId() {
    if (actorId == null) {
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject == null) {
            log.warn("no subject exists! cannot get actorId");
            return null;
        }/*w  w  w .j  a  va  2 s.  com*/

        Set principals = subject.getPrincipals(principalClass);
        if (principals != null && !principals.isEmpty()) {
            // always use the first one (so be patient what Principal classes are used)
            Principal principal = (Principal) principals.iterator().next();
            actorId = principal.getName();
        }
    }
    return actorId;
}