public static void main(String[]args) throws Exception { final DomainCombiner dc = new DomainCombiner() { @Override public ProtectionDomain[] combine(ProtectionDomain[] currentDomains, ProtectionDomain[] assignedDomains) { return currentDomains; // basically a no-op } }; // Get an instance of the saved ACC AccessControlContext saved = AccessController.getContext(); // Simulate the stack ACC with a DomainCombiner attached AccessControlContext stack = new AccessControlContext(AccessController.getContext(), dc); // Now try to run JavaSecurityAccess.doIntersectionPrivilege() and assert // whether the DomainCombiner from the stack ACC is preserved boolean ret = SharedSecrets.getJavaSecurityAccess().doIntersectionPrivilege(new PrivilegedAction<Boolean>() { @Override public Boolean run() { return dc == AccessController.getContext().getDomainCombiner(); } }, stack, saved); if (!ret) { System.exit(1); } }
@Override public Principal getCallerPrincipal() { Principal principal = sessionContext.getCallerPrincipal(); if (principal.getName().equalsIgnoreCase(ANONYMOUS)) { AccessControlContext accessControlContext = AccessController.getContext(); DomainCombiner dc = accessControlContext.getDomainCombiner(); if (dc instanceof SubjectDomainCombiner) { SubjectDomainCombiner sdc = (SubjectDomainCombiner) dc; Set<Principal> principals = sdc.getSubject().getPrincipals(); if (principals != null && principals.size() > 0) { return principals.iterator().next(); } } } return principal; }
/** * Returns the {@code Subject} that was last associated with the {@code * context} provided as argument. * * @param context * the {@code context} that was associated with the * {@code Subject}. * @return the {@code Subject} that was last associated with the {@code * context} provided as argument. */ public static Subject getSubject(final AccessControlContext context) { checkPermission(_SUBJECT); if (context == null) { throw new NullPointerException("auth.09"); //$NON-NLS-1$ } PrivilegedAction<DomainCombiner> action = new PrivilegedAction<DomainCombiner>() { public DomainCombiner run() { return context.getDomainCombiner(); } }; DomainCombiner combiner = AccessController.doPrivileged(action); if ((combiner == null) || !(combiner instanceof SubjectDomainCombiner)) { return null; } return ((SubjectDomainCombiner) combiner).getSubject(); }
/** * Returns the {@code Subject} that was last associated with the {@code * context} provided as argument. * * @param context * the {@code context} that was associated with the * {@code Subject}. * @return the {@code Subject} that was last associated with the {@code * context} provided as argument. */ public static Subject getSubject(final AccessControlContext context) { checkPermission(_SUBJECT); if (context == null) { throw new NullPointerException("AccessControlContext cannot be null"); } PrivilegedAction<DomainCombiner> action = new PrivilegedAction<DomainCombiner>() { public DomainCombiner run() { return context.getDomainCombiner(); } }; DomainCombiner combiner = AccessController.doPrivileged(action); if ((combiner == null) || !(combiner instanceof SubjectDomainCombiner)) { return null; } return ((SubjectDomainCombiner) combiner).getSubject(); }
/** * Returns the {@code Subject} that was last associated with the * {@code context} provided as argument. * * @param context * the {@code context} that was associated with the * {@code Subject}. * @return the {@code Subject} that was last associated with the * {@code context} provided as argument. */ public static Subject getSubject(final AccessControlContext context) { checkPermission(_SUBJECT); if (context == null) { throw new NullPointerException("auth.09"); //$NON-NLS-1$ } PrivilegedAction<DomainCombiner> action = new PrivilegedAction<DomainCombiner>() { public DomainCombiner run() { return context.getDomainCombiner(); } }; DomainCombiner combiner = AccessController.doPrivileged(action); if ((combiner == null) || !(combiner instanceof SubjectDomainCombiner)) { return null; } return ((SubjectDomainCombiner) combiner).getSubject(); }
/** * Returns the {@code Subject} that was last associated with the {@code * context} provided as argument. * * @param context * the {@code context} that was associated with the * {@code Subject}. * @return the {@code Subject} that was last associated with the {@code * context} provided as argument. */ public static Subject getSubject(final AccessControlContext context) { checkPermission(_SUBJECT); if (context == null) { throw new NullPointerException(Messages.getString("auth.09")); //$NON-NLS-1$ } PrivilegedAction<DomainCombiner> action = new PrivilegedAction<DomainCombiner>() { public DomainCombiner run() { return context.getDomainCombiner(); } }; DomainCombiner combiner = AccessController.doPrivileged(action); if ((combiner == null) || !(combiner instanceof SubjectDomainCombiner)) { return null; } return ((SubjectDomainCombiner) combiner).getSubject(); }
/** * Tests context usage. * Case 0: If no Config provided by user, then LoginContext uses * its own context to invoke LoginModule's methods. */ public void testContextUsage_0() throws Exception { Subject dummySubj = new Subject(); final DomainCombiner dc = new SubjectDomainCombiner(dummySubj); AccessControlContext acc = new AccessControlContext(AccessController .getContext(), dc); PrivilegedExceptionAction<Void> action = new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { implTestContextUsage(true, dc); return null; } }; AccessController.doPrivileged(action, acc); // additional cleanup to make it PerfTests compatible clear(); }
/** * Tests context usage. * Case 1: If Config was provided by user, then LoginContext * uses stored user's context and performs all call to LoginModule's * methods in that context. */ public void testContextUsage_1() throws Exception { Subject dummySubj = new Subject(); final DomainCombiner dc = new SubjectDomainCombiner(dummySubj); AccessControlContext acc = new AccessControlContext(AccessController .getContext(), dc); PrivilegedExceptionAction<Void> action = new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { implTestContextUsage(false, dc); return null; } }; AccessController.doPrivileged(action, acc); // additional cleanup to make it PerfTests compatible clear(); }
public static Subject getSubject(final AccessControlContext context) { checkPermission(_SUBJECT); if (context == null) { throw new NullPointerException(Messages.getString("auth.09")); //$NON-NLS-1$ } PrivilegedAction<DomainCombiner> action = new PrivilegedAction<DomainCombiner>() { public DomainCombiner run() { return context.getDomainCombiner(); } }; DomainCombiner combiner = AccessController.doPrivileged(action); if ((combiner == null) || !(combiner instanceof SubjectDomainCombiner)) { return null; } return ((SubjectDomainCombiner) combiner).getSubject(); }
/** * Get the {@code Subject} associated with the provided * {@code AccessControlContext}. * * <p> The {@code AccessControlContext} may contain many * Subjects (from nested {@code doAs} calls). * In this situation, the most recent {@code Subject} associated * with the {@code AccessControlContext} is returned. * * <p> * * @param acc the {@code AccessControlContext} from which to retrieve * the {@code Subject}. * * @return the {@code Subject} associated with the provided * {@code AccessControlContext}, or {@code null} * if no {@code Subject} is associated * with the provided {@code AccessControlContext}. * * @exception SecurityException if the caller does not have permission * to get the {@code Subject}. <p> * * @exception NullPointerException if the provided * {@code AccessControlContext} is {@code null}. */ public static Subject getSubject(final AccessControlContext acc) { java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(AuthPermissionHolder.GET_SUBJECT_PERMISSION); } if (acc == null) { throw new NullPointerException(ResourcesMgr.getString ("invalid.null.AccessControlContext.provided")); } // return the Subject from the DomainCombiner of the provided context return AccessController.doPrivileged (new java.security.PrivilegedAction<Subject>() { public Subject run() { DomainCombiner dc = acc.getDomainCombiner(); if (!(dc instanceof SubjectDomainCombiner)) return null; SubjectDomainCombiner sdc = (SubjectDomainCombiner)dc; return sdc.getSubject(); } }); }
/** * Get the {@code Subject} associated with the provided * {@code AccessControlContext}. * * <p> The {@code AccessControlContext} may contain many * Subjects (from nested {@code doAs} calls). * In this situation, the most recent {@code Subject} associated * with the {@code AccessControlContext} is returned. * * @param acc the {@code AccessControlContext} from which to retrieve * the {@code Subject}. * * @return the {@code Subject} associated with the provided * {@code AccessControlContext}, or {@code null} * if no {@code Subject} is associated * with the provided {@code AccessControlContext}. * * @throws SecurityException if a security manager is installed and the * caller does not have an * {@link AuthPermission#AuthPermission(String) * AuthPermission("getSubject")} permission to get the * {@code Subject}. * * @throws NullPointerException if the provided * {@code AccessControlContext} is {@code null}. */ public static Subject getSubject(final AccessControlContext acc) { java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(AuthPermissionHolder.GET_SUBJECT_PERMISSION); } Objects.requireNonNull(acc, ResourcesMgr.getString ("invalid.null.AccessControlContext.provided")); // return the Subject from the DomainCombiner of the provided context return AccessController.doPrivileged (new java.security.PrivilegedAction<>() { public Subject run() { DomainCombiner dc = acc.getDomainCombiner(); if (!(dc instanceof SubjectDomainCombiner)) { return null; } SubjectDomainCombiner sdc = (SubjectDomainCombiner)dc; return sdc.getSubject(); } }); }
public CustomCombiner(DomainCombiner domainCombiner, Subject subject) { super(subject); this.combiner = domainCombiner; this.subject = subject; }
/** * Get the <code>Subject</code> associated with the provided * <code>AccessControlContext</code>. * * <p> The <code>AccessControlContext</code> may contain many * Subjects (from nested <code>doAs</code> calls). * In this situation, the most recent <code>Subject</code> associated * with the <code>AccessControlContext</code> is returned. * * <p> * * @param acc the <code>AccessControlContext</code> from which to retrieve * the <code>Subject</code>. * * @return the <code>Subject</code> associated with the provided * <code>AccessControlContext</code>, or <code>null</code> * if no <code>Subject</code> is associated * with the provided <code>AccessControlContext</code>. * * @exception SecurityException if the caller does not have permission * to get the <code>Subject</code>. <p> * * @exception NullPointerException if the provided * <code>AccessControlContext</code> is <code>null</code>. */ public static Subject getSubject(final AccessControlContext acc) { java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(AuthPermissionHolder.GET_SUBJECT_PERMISSION); } if (acc == null) { throw new NullPointerException(ResourcesMgr.getString ("invalid.null.AccessControlContext.provided")); } // return the Subject from the DomainCombiner of the provided context return AccessController.doPrivileged (new java.security.PrivilegedAction<Subject>() { public Subject run() { DomainCombiner dc = acc.getDomainCombiner(); if (!(dc instanceof SubjectDomainCombiner)) return null; SubjectDomainCombiner sdc = (SubjectDomainCombiner)dc; return sdc.getSubject(); } }); }
private int GetPropertyWithPermission() { log.info("\n\nTrying to get a system property with a required permission."); DomainCombiner newDomainCombiner = new MyDomainCombiner(); AccessControlContext newContext = new AccessControlContext(AccessController.getContext(), newDomainCombiner); /* log.info("Dummy current domains before:"); for (int i = 0; i < dummyCurrentDomains.length; i++) { for (int j = 0; j < dummyCurrentDomains[i].length; j++) { log.info("dummyCurrentDomains[" + i + "][" + j + "]: " + dummyCurrentDomains[i][j]); } } log.info("Dummy assigned domains before:"); for (int i = 0; i < dummyAssignedDomains.length; i++) { for (int j = 0; j < dummyAssignedDomains[i].length; j++) { log.info("dummyAssignedDomains[" + i + "][" + j + "]: " + dummyAssignedDomains[i][j]); } } */ AccessTestClass atc = (AccessTestClass)AccessController.doPrivileged(new PrivilegedAction() { public Object run() { // return (this.getClass().getProtectionDomain()); return new AccessTestClass(propertyName); } }, newContext); log.info(""+atc); /* log.info("Dummy current domains after:"); for (int i = 0; i < dummyCurrentDomains.length; i++) { for (int j = 0; j < dummyCurrentDomains[i].length; j++) { log.info("dummyCurrentDomains[" + i + "][" + j + "]: " + dummyCurrentDomains[i][j]); } } log.info("Dummy assigned domains after:"); for (int i = 0; i < dummyAssignedDomains.length; i++) { for (int j = 0; j < dummyAssignedDomains[i].length; j++) { log.info("dummyAssignedDomains[" + i + "][" + j + "]: " + dummyAssignedDomains[i][j]); } } */ if (newContext.getDomainCombiner() == null) { return fail("second"); } try { log.info(atc.getSystemProperty()); return Result.PASS; } catch (AccessControlException e) { e.printStackTrace(); return Result.FAIL; } }
/** * <p>Returns the subject associated with the given {@link * AccessControlContext}.</p> * * <p>All this method does is retrieve the Subject object from the supplied * context's {@link DomainCombiner}, if any, and if it is an instance of * a {@link SubjectDomainCombiner}. * * @param context The context to retrieve the subject from. * @return The subject assoctiated with the context, or <code>null</code> * if there is none. * @throws NullPointerException If <i>subject</i> is null. * @throws SecurityException If the caller does not have permission to get * the subject (<code>"getSubject"</code> target of {@link AuthPermission}. */ public static Subject getSubject (final AccessControlContext context) { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission (new AuthPermission ("getSubject")); } DomainCombiner dc = context.getDomainCombiner(); if (!(dc instanceof SubjectDomainCombiner)) { return null; } return ((SubjectDomainCombiner) dc).getSubject(); }
