javax.management.remote.SubjectDelegationPermission Java Examples

The following examples show how to use javax.management.remote.SubjectDelegationPermission. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SubjectDelegator.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check if the connector server creator can assume the identity of each
 * principal in the authenticated subject, i.e. check if the connector
 * server creator codebase contains a subject delegation permission for
 * each principal present in the authenticated subject.
 *
 * @return {@code true} if the connector server creator can delegate to all
 * the authenticated principals in the subject. Otherwise, {@code false}.
 */
public static synchronized boolean
    checkRemoveCallerContext(Subject subject) {
    try {
        for (Principal p : getSubjectPrincipals(subject)) {
            final String pname =
                p.getClass().getName() + "." + p.getName();
            final Permission sdp =
                new SubjectDelegationPermission(pname);
            AccessController.checkPermission(sdp);
        }
    } catch (SecurityException e) {
        return false;
    }
    return true;
}
 
Example #2
Source File: SubjectDelegator.java    From jdk8u-dev-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check if the connector server creator can assume the identity of each
 * principal in the authenticated subject, i.e. check if the connector
 * server creator codebase contains a subject delegation permission for
 * each principal present in the authenticated subject.
 *
 * @return {@code true} if the connector server creator can delegate to all
 * the authenticated principals in the subject. Otherwise, {@code false}.
 */
public static synchronized boolean
    checkRemoveCallerContext(Subject subject) {
    try {
        for (Principal p : getSubjectPrincipals(subject)) {
            final String pname =
                p.getClass().getName() + "." + p.getName();
            final Permission sdp =
                new SubjectDelegationPermission(pname);
            AccessController.checkPermission(sdp);
        }
    } catch (SecurityException e) {
        return false;
    }
    return true;
}
 
Example #3
Source File: SubjectDelegator.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check if the connector server creator can assume the identity of each
 * principal in the authenticated subject, i.e. check if the connector
 * server creator codebase contains a subject delegation permission for
 * each principal present in the authenticated subject.
 *
 * @return {@code true} if the connector server creator can delegate to all
 * the authenticated principals in the subject. Otherwise, {@code false}.
 */
public static synchronized boolean
    checkRemoveCallerContext(Subject subject) {
    try {
        for (Principal p : getSubjectPrincipals(subject)) {
            final String pname =
                p.getClass().getName() + "." + p.getName();
            final Permission sdp =
                new SubjectDelegationPermission(pname);
            AccessController.checkPermission(sdp);
        }
    } catch (SecurityException e) {
        return false;
    }
    return true;
}
 
Example #4
Source File: SubjectDelegator.java    From jdk8u_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check if the connector server creator can assume the identity of each
 * principal in the authenticated subject, i.e. check if the connector
 * server creator codebase contains a subject delegation permission for
 * each principal present in the authenticated subject.
 *
 * @return {@code true} if the connector server creator can delegate to all
 * the authenticated principals in the subject. Otherwise, {@code false}.
 */
public static synchronized boolean
    checkRemoveCallerContext(Subject subject) {
    try {
        for (Principal p : getSubjectPrincipals(subject)) {
            final String pname =
                p.getClass().getName() + "." + p.getName();
            final Permission sdp =
                new SubjectDelegationPermission(pname);
            AccessController.checkPermission(sdp);
        }
    } catch (SecurityException e) {
        return false;
    }
    return true;
}
 
Example #5
Source File: SubjectDelegator.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check if the connector server creator can assume the identity of each
 * principal in the authenticated subject, i.e. check if the connector
 * server creator codebase contains a subject delegation permission for
 * each principal present in the authenticated subject.
 *
 * @return {@code true} if the connector server creator can delegate to all
 * the authenticated principals in the subject. Otherwise, {@code false}.
 */
public static synchronized boolean
    checkRemoveCallerContext(Subject subject) {
    try {
        final Principal[] dp =
            subject.getPrincipals().toArray(new Principal[0]);
        for (int i = 0 ; i < dp.length ; i++) {
            final String pname =
                dp[i].getClass().getName() + "." + dp[i].getName();
            final Permission sdp =
                new SubjectDelegationPermission(pname);
            AccessController.checkPermission(sdp);
        }
    } catch (SecurityException e) {
        return false;
    }
    return true;
}
 
Example #6
Source File: SubjectDelegator.java    From openjdk-8-source with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check if the connector server creator can assume the identity of each
 * principal in the authenticated subject, i.e. check if the connector
 * server creator codebase contains a subject delegation permission for
 * each principal present in the authenticated subject.
 *
 * @return {@code true} if the connector server creator can delegate to all
 * the authenticated principals in the subject. Otherwise, {@code false}.
 */
public static synchronized boolean
    checkRemoveCallerContext(Subject subject) {
    try {
        final Principal[] dp =
            subject.getPrincipals().toArray(new Principal[0]);
        for (int i = 0 ; i < dp.length ; i++) {
            final String pname =
                dp[i].getClass().getName() + "." + dp[i].getName();
            final Permission sdp =
                new SubjectDelegationPermission(pname);
            AccessController.checkPermission(sdp);
        }
    } catch (SecurityException e) {
        return false;
    }
    return true;
}
 
Example #7
Source File: SubjectDelegator.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check if the connector server creator can assume the identity of each
 * principal in the authenticated subject, i.e. check if the connector
 * server creator codebase contains a subject delegation permission for
 * each principal present in the authenticated subject.
 *
 * @return {@code true} if the connector server creator can delegate to all
 * the authenticated principals in the subject. Otherwise, {@code false}.
 */
public static synchronized boolean
    checkRemoveCallerContext(Subject subject) {
    try {
        for (Principal p : getSubjectPrincipals(subject)) {
            final String pname =
                p.getClass().getName() + "." + p.getName();
            final Permission sdp =
                new SubjectDelegationPermission(pname);
            AccessController.checkPermission(sdp);
        }
    } catch (SecurityException e) {
        return false;
    }
    return true;
}
 
Example #8
Source File: SubjectDelegator.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check if the connector server creator can assume the identity of each
 * principal in the authenticated subject, i.e. check if the connector
 * server creator codebase contains a subject delegation permission for
 * each principal present in the authenticated subject.
 *
 * @return {@code true} if the connector server creator can delegate to all
 * the authenticated principals in the subject. Otherwise, {@code false}.
 */
public static synchronized boolean
    checkRemoveCallerContext(Subject subject) {
    try {
        for (Principal p : getSubjectPrincipals(subject)) {
            final String pname =
                p.getClass().getName() + "." + p.getName();
            final Permission sdp =
                new SubjectDelegationPermission(pname);
            AccessController.checkPermission(sdp);
        }
    } catch (SecurityException e) {
        return false;
    }
    return true;
}
 
Example #9
Source File: SubjectDelegator.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check if the connector server creator can assume the identity of each
 * principal in the authenticated subject, i.e. check if the connector
 * server creator codebase contains a subject delegation permission for
 * each principal present in the authenticated subject.
 *
 * @return {@code true} if the connector server creator can delegate to all
 * the authenticated principals in the subject. Otherwise, {@code false}.
 */
public static synchronized boolean
    checkRemoveCallerContext(Subject subject) {
    try {
        for (Principal p : getSubjectPrincipals(subject)) {
            final String pname =
                p.getClass().getName() + "." + p.getName();
            final Permission sdp =
                new SubjectDelegationPermission(pname);
            AccessController.checkPermission(sdp);
        }
    } catch (SecurityException e) {
        return false;
    }
    return true;
}
 
Example #10
Source File: SubjectDelegator.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check if the connector server creator can assume the identity of each
 * principal in the authenticated subject, i.e. check if the connector
 * server creator codebase contains a subject delegation permission for
 * each principal present in the authenticated subject.
 *
 * @return {@code true} if the connector server creator can delegate to all
 * the authenticated principals in the subject. Otherwise, {@code false}.
 */
public static synchronized boolean
    checkRemoveCallerContext(Subject subject) {
    try {
        for (Principal p : getSubjectPrincipals(subject)) {
            final String pname =
                p.getClass().getName() + "." + p.getName();
            final Permission sdp =
                new SubjectDelegationPermission(pname);
            AccessController.checkPermission(sdp);
        }
    } catch (SecurityException e) {
        return false;
    }
    return true;
}
 
Example #11
Source File: SubjectDelegator.java    From JDKSourceCode1.8 with MIT License 6 votes vote down vote up
/**
 * Check if the connector server creator can assume the identity of each
 * principal in the authenticated subject, i.e. check if the connector
 * server creator codebase contains a subject delegation permission for
 * each principal present in the authenticated subject.
 *
 * @return {@code true} if the connector server creator can delegate to all
 * the authenticated principals in the subject. Otherwise, {@code false}.
 */
public static synchronized boolean
    checkRemoveCallerContext(Subject subject) {
    try {
        for (Principal p : getSubjectPrincipals(subject)) {
            final String pname =
                p.getClass().getName() + "." + p.getName();
            final Permission sdp =
                new SubjectDelegationPermission(pname);
            AccessController.checkPermission(sdp);
        }
    } catch (SecurityException e) {
        return false;
    }
    return true;
}
 
Example #12
Source File: SubjectDelegator.java    From jdk1.8-source-analysis with Apache License 2.0 6 votes vote down vote up
/**
 * Check if the connector server creator can assume the identity of each
 * principal in the authenticated subject, i.e. check if the connector
 * server creator codebase contains a subject delegation permission for
 * each principal present in the authenticated subject.
 *
 * @return {@code true} if the connector server creator can delegate to all
 * the authenticated principals in the subject. Otherwise, {@code false}.
 */
public static synchronized boolean
    checkRemoveCallerContext(Subject subject) {
    try {
        for (Principal p : getSubjectPrincipals(subject)) {
            final String pname =
                p.getClass().getName() + "." + p.getName();
            final Permission sdp =
                new SubjectDelegationPermission(pname);
            AccessController.checkPermission(sdp);
        }
    } catch (SecurityException e) {
        return false;
    }
    return true;
}
 
Example #13
Source File: SubjectDelegator.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check if the connector server creator can assume the identity of each
 * principal in the authenticated subject, i.e. check if the connector
 * server creator codebase contains a subject delegation permission for
 * each principal present in the authenticated subject.
 *
 * @return {@code true} if the connector server creator can delegate to all
 * the authenticated principals in the subject. Otherwise, {@code false}.
 */
public static synchronized boolean
    checkRemoveCallerContext(Subject subject) {
    try {
        for (Principal p : getSubjectPrincipals(subject)) {
            final String pname =
                p.getClass().getName() + "." + p.getName();
            final Permission sdp =
                new SubjectDelegationPermission(pname);
            AccessController.checkPermission(sdp);
        }
    } catch (SecurityException e) {
        return false;
    }
    return true;
}
 
Example #14
Source File: SubjectDelegator.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check if the connector server creator can assume the identity of each
 * principal in the authenticated subject, i.e. check if the connector
 * server creator codebase contains a subject delegation permission for
 * each principal present in the authenticated subject.
 *
 * @return {@code true} if the connector server creator can delegate to all
 * the authenticated principals in the subject. Otherwise, {@code false}.
 */
public static synchronized boolean
    checkRemoveCallerContext(Subject subject) {
    try {
        for (Principal p : getSubjectPrincipals(subject)) {
            final String pname =
                p.getClass().getName() + "." + p.getName();
            final Permission sdp =
                new SubjectDelegationPermission(pname);
            AccessController.checkPermission(sdp);
        }
    } catch (SecurityException e) {
        return false;
    }
    return true;
}
 
Example #15
Source File: SubjectDelegator.java    From jdk8u60 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check if the connector server creator can assume the identity of each
 * principal in the authenticated subject, i.e. check if the connector
 * server creator codebase contains a subject delegation permission for
 * each principal present in the authenticated subject.
 *
 * @return {@code true} if the connector server creator can delegate to all
 * the authenticated principals in the subject. Otherwise, {@code false}.
 */
public static synchronized boolean
    checkRemoveCallerContext(Subject subject) {
    try {
        for (Principal p : getSubjectPrincipals(subject)) {
            final String pname =
                p.getClass().getName() + "." + p.getName();
            final Permission sdp =
                new SubjectDelegationPermission(pname);
            AccessController.checkPermission(sdp);
        }
    } catch (SecurityException e) {
        return false;
    }
    return true;
}
 
Example #16
Source File: SubjectDelegator.java    From jdk1.8-source-analysis with Apache License 2.0 5 votes vote down vote up
public AccessControlContext
    delegatedContext(AccessControlContext authenticatedACC,
                     Subject delegatedSubject,
                     boolean removeCallerContext)
        throws SecurityException {

    if (System.getSecurityManager() != null && authenticatedACC == null) {
        throw new SecurityException("Illegal AccessControlContext: null");
    }

    // Check if the subject delegation permission allows the
    // authenticated subject to assume the identity of each
    // principal in the delegated subject
    //
    Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
    final Collection<Permission> permissions = new ArrayList<>(ps.size());
    for(Principal p : ps) {
        final String pname = p.getClass().getName() + "." + p.getName();
        permissions.add(new SubjectDelegationPermission(pname));
    }
    PrivilegedAction<Void> action =
        new PrivilegedAction<Void>() {
            public Void run() {
                for (Permission sdp : permissions) {
                    AccessController.checkPermission(sdp);
                }
                return null;
            }
        };
    AccessController.doPrivileged(action, authenticatedACC);

    return getDelegatedAcc(delegatedSubject, removeCallerContext);
}
 
Example #17
Source File: SubjectDelegator.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
public AccessControlContext
    delegatedContext(AccessControlContext authenticatedACC,
                     Subject delegatedSubject,
                     boolean removeCallerContext)
        throws SecurityException {

    if (System.getSecurityManager() != null && authenticatedACC == null) {
        throw new SecurityException("Illegal AccessControlContext: null");
    }

    // Check if the subject delegation permission allows the
    // authenticated subject to assume the identity of each
    // principal in the delegated subject
    //
    Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
    final Collection<Permission> permissions = new ArrayList<>(ps.size());
    for(Principal p : ps) {
        final String pname = p.getClass().getName() + "." + p.getName();
        permissions.add(new SubjectDelegationPermission(pname));
    }
    PrivilegedAction<Void> action =
        new PrivilegedAction<Void>() {
            public Void run() {
                for (Permission sdp : permissions) {
                    AccessController.checkPermission(sdp);
                }
                return null;
            }
        };
    AccessController.doPrivileged(action, authenticatedACC);

    return getDelegatedAcc(delegatedSubject, removeCallerContext);
}
 
Example #18
Source File: SubjectDelegator.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public AccessControlContext
    delegatedContext(AccessControlContext authenticatedACC,
                     Subject delegatedSubject,
                     boolean removeCallerContext)
        throws SecurityException {

    if (System.getSecurityManager() != null && authenticatedACC == null) {
        throw new SecurityException("Illegal AccessControlContext: null");
    }

    // Check if the subject delegation permission allows the
    // authenticated subject to assume the identity of each
    // principal in the delegated subject
    //
    Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
    final Collection<Permission> permissions = new ArrayList<>(ps.size());
    for(Principal p : ps) {
        final String pname = p.getClass().getName() + "." + p.getName();
        permissions.add(new SubjectDelegationPermission(pname));
    }
    PrivilegedAction<Void> action =
        new PrivilegedAction<Void>() {
            public Void run() {
                for (Permission sdp : permissions) {
                    AccessController.checkPermission(sdp);
                }
                return null;
            }
        };
    AccessController.doPrivileged(action, authenticatedACC);

    return getDelegatedAcc(delegatedSubject, removeCallerContext);
}
 
Example #19
Source File: SubjectDelegator.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
public AccessControlContext
    delegatedContext(AccessControlContext authenticatedACC,
                     Subject delegatedSubject,
                     boolean removeCallerContext)
        throws SecurityException {

    if (System.getSecurityManager() != null && authenticatedACC == null) {
        throw new SecurityException("Illegal AccessControlContext: null");
    }

    // Check if the subject delegation permission allows the
    // authenticated subject to assume the identity of each
    // principal in the delegated subject
    //
    Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
    final Collection<Permission> permissions = new ArrayList<>(ps.size());
    for(Principal p : ps) {
        final String pname = p.getClass().getName() + "." + p.getName();
        permissions.add(new SubjectDelegationPermission(pname));
    }
    PrivilegedAction<Void> action =
        new PrivilegedAction<Void>() {
            public Void run() {
                for (Permission sdp : permissions) {
                    AccessController.checkPermission(sdp);
                }
                return null;
            }
        };
    AccessController.doPrivileged(action, authenticatedACC);

    return getDelegatedAcc(delegatedSubject, removeCallerContext);
}
 
Example #20
Source File: SubjectDelegator.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
public AccessControlContext
    delegatedContext(AccessControlContext authenticatedACC,
                     Subject delegatedSubject,
                     boolean removeCallerContext)
        throws SecurityException {

    if (System.getSecurityManager() != null && authenticatedACC == null) {
        throw new SecurityException("Illegal AccessControlContext: null");
    }

    // Check if the subject delegation permission allows the
    // authenticated subject to assume the identity of each
    // principal in the delegated subject
    //
    Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
    final Collection<Permission> permissions = new ArrayList<>(ps.size());
    for(Principal p : ps) {
        final String pname = p.getClass().getName() + "." + p.getName();
        permissions.add(new SubjectDelegationPermission(pname));
    }
    PrivilegedAction<Void> action =
        new PrivilegedAction<Void>() {
            public Void run() {
                for (Permission sdp : permissions) {
                    AccessController.checkPermission(sdp);
                }
                return null;
            }
        };
    AccessController.doPrivileged(action, authenticatedACC);

    return getDelegatedAcc(delegatedSubject, removeCallerContext);
}
 
Example #21
Source File: SubjectDelegator.java    From JDKSourceCode1.8 with MIT License 5 votes vote down vote up
public AccessControlContext
    delegatedContext(AccessControlContext authenticatedACC,
                     Subject delegatedSubject,
                     boolean removeCallerContext)
        throws SecurityException {

    if (System.getSecurityManager() != null && authenticatedACC == null) {
        throw new SecurityException("Illegal AccessControlContext: null");
    }

    // Check if the subject delegation permission allows the
    // authenticated subject to assume the identity of each
    // principal in the delegated subject
    //
    Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
    final Collection<Permission> permissions = new ArrayList<>(ps.size());
    for(Principal p : ps) {
        final String pname = p.getClass().getName() + "." + p.getName();
        permissions.add(new SubjectDelegationPermission(pname));
    }
    PrivilegedAction<Void> action =
        new PrivilegedAction<Void>() {
            public Void run() {
                for (Permission sdp : permissions) {
                    AccessController.checkPermission(sdp);
                }
                return null;
            }
        };
    AccessController.doPrivileged(action, authenticatedACC);

    return getDelegatedAcc(delegatedSubject, removeCallerContext);
}
 
Example #22
Source File: SubjectDelegator.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
public AccessControlContext
    delegatedContext(AccessControlContext authenticatedACC,
                     Subject delegatedSubject,
                     boolean removeCallerContext)
        throws SecurityException {

    if (System.getSecurityManager() != null && authenticatedACC == null) {
        throw new SecurityException("Illegal AccessControlContext: null");
    }

    // Check if the subject delegation permission allows the
    // authenticated subject to assume the identity of each
    // principal in the delegated subject
    //
    Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
    final Collection<Permission> permissions = new ArrayList<>(ps.size());
    for(Principal p : ps) {
        final String pname = p.getClass().getName() + "." + p.getName();
        permissions.add(new SubjectDelegationPermission(pname));
    }
    PrivilegedAction<Void> action =
        new PrivilegedAction<Void>() {
            public Void run() {
                for (Permission sdp : permissions) {
                    AccessController.checkPermission(sdp);
                }
                return null;
            }
        };
    AccessController.doPrivileged(action, authenticatedACC);

    return getDelegatedAcc(delegatedSubject, removeCallerContext);
}
 
Example #23
Source File: SubjectDelegator.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
public AccessControlContext
    delegatedContext(AccessControlContext authenticatedACC,
                     Subject delegatedSubject,
                     boolean removeCallerContext)
        throws SecurityException {

    if (System.getSecurityManager() != null && authenticatedACC == null) {
        throw new SecurityException("Illegal AccessControlContext: null");
    }

    // Check if the subject delegation permission allows the
    // authenticated subject to assume the identity of each
    // principal in the delegated subject
    //
    Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
    final Collection<Permission> permissions = new ArrayList<>(ps.size());
    for(Principal p : ps) {
        final String pname = p.getClass().getName() + "." + p.getName();
        permissions.add(new SubjectDelegationPermission(pname));
    }
    PrivilegedAction<Void> action =
        new PrivilegedAction<Void>() {
            public Void run() {
                for (Permission sdp : permissions) {
                    AccessController.checkPermission(sdp);
                }
                return null;
            }
        };
    AccessController.doPrivileged(action, authenticatedACC);

    return getDelegatedAcc(delegatedSubject, removeCallerContext);
}
 
Example #24
Source File: SubjectDelegator.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
public AccessControlContext
    delegatedContext(AccessControlContext authenticatedACC,
                     Subject delegatedSubject,
                     boolean removeCallerContext)
        throws SecurityException {

    if (System.getSecurityManager() != null && authenticatedACC == null) {
        throw new SecurityException("Illegal AccessControlContext: null");
    }

    // Check if the subject delegation permission allows the
    // authenticated subject to assume the identity of each
    // principal in the delegated subject
    //
    Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
    final Collection<Permission> permissions = new ArrayList<>(ps.size());
    for(Principal p : ps) {
        final String pname = p.getClass().getName() + "." + p.getName();
        permissions.add(new SubjectDelegationPermission(pname));
    }
    PrivilegedAction<Void> action =
        new PrivilegedAction<Void>() {
            public Void run() {
                for (Permission sdp : permissions) {
                    AccessController.checkPermission(sdp);
                }
                return null;
            }
        };
    AccessController.doPrivileged(action, authenticatedACC);

    return getDelegatedAcc(delegatedSubject, removeCallerContext);
}
 
Example #25
Source File: SubjectDelegator.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
public AccessControlContext
    delegatedContext(AccessControlContext authenticatedACC,
                     Subject delegatedSubject,
                     boolean removeCallerContext)
        throws SecurityException {

    if (System.getSecurityManager() != null && authenticatedACC == null) {
        throw new SecurityException("Illegal AccessControlContext: null");
    }

    // Check if the subject delegation permission allows the
    // authenticated subject to assume the identity of each
    // principal in the delegated subject
    //
    Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
    final Collection<Permission> permissions = new ArrayList<>(ps.size());
    for(Principal p : ps) {
        final String pname = p.getClass().getName() + "." + p.getName();
        permissions.add(new SubjectDelegationPermission(pname));
    }
    PrivilegedAction<Void> action =
        new PrivilegedAction<Void>() {
            public Void run() {
                for (Permission sdp : permissions) {
                    AccessController.checkPermission(sdp);
                }
                return null;
            }
        };
    AccessController.doPrivileged(action, authenticatedACC);

    return getDelegatedAcc(delegatedSubject, removeCallerContext);
}
 
Example #26
Source File: SubjectDelegator.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
public AccessControlContext
    delegatedContext(AccessControlContext authenticatedACC,
                     Subject delegatedSubject,
                     boolean removeCallerContext)
        throws SecurityException {

    if (System.getSecurityManager() != null && authenticatedACC == null) {
        throw new SecurityException("Illegal AccessControlContext: null");
    }

    // Check if the subject delegation permission allows the
    // authenticated subject to assume the identity of each
    // principal in the delegated subject
    //
    Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
    final Collection<Permission> permissions = new ArrayList<>(ps.size());
    for(Principal p : ps) {
        final String pname = p.getClass().getName() + "." + p.getName();
        permissions.add(new SubjectDelegationPermission(pname));
    }
    PrivilegedAction<Void> action =
        new PrivilegedAction<Void>() {
            public Void run() {
                for (Permission sdp : permissions) {
                    AccessController.checkPermission(sdp);
                }
                return null;
            }
        };
    AccessController.doPrivileged(action, authenticatedACC);

    return getDelegatedAcc(delegatedSubject, removeCallerContext);
}
 
Example #27
Source File: SubjectDelegator.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
public AccessControlContext
    delegatedContext(AccessControlContext authenticatedACC,
                     Subject delegatedSubject,
                     boolean removeCallerContext)
        throws SecurityException {

    if (System.getSecurityManager() != null && authenticatedACC == null) {
        throw new SecurityException("Illegal AccessControlContext: null");
    }

    // Check if the subject delegation permission allows the
    // authenticated subject to assume the identity of each
    // principal in the delegated subject
    //
    Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
    final Collection<Permission> permissions = new ArrayList<>(ps.size());
    for(Principal p : ps) {
        final String pname = p.getClass().getName() + "." + p.getName();
        permissions.add(new SubjectDelegationPermission(pname));
    }
    PrivilegedAction<Void> action =
        new PrivilegedAction<Void>() {
            public Void run() {
                for (Permission sdp : permissions) {
                    AccessController.checkPermission(sdp);
                }
                return null;
            }
        };
    AccessController.doPrivileged(action, authenticatedACC);

    return getDelegatedAcc(delegatedSubject, removeCallerContext);
}
 
Example #28
Source File: SubjectDelegator.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
public AccessControlContext
    delegatedContext(AccessControlContext authenticatedACC,
                     Subject delegatedSubject,
                     boolean removeCallerContext)
        throws SecurityException {

    if (System.getSecurityManager() != null && authenticatedACC == null) {
        throw new SecurityException("Illegal AccessControlContext: null");
    }

    // Check if the subject delegation permission allows the
    // authenticated subject to assume the identity of each
    // principal in the delegated subject
    //
    Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
    final Collection<Permission> permissions = new ArrayList<>(ps.size());
    for(Principal p : ps) {
        final String pname = p.getClass().getName() + "." + p.getName();
        permissions.add(new SubjectDelegationPermission(pname));
    }
    PrivilegedAction<Void> action =
        new PrivilegedAction<Void>() {
            public Void run() {
                for (Permission sdp : permissions) {
                    AccessController.checkPermission(sdp);
                }
                return null;
            }
        };
    AccessController.doPrivileged(action, authenticatedACC);

    return getDelegatedAcc(delegatedSubject, removeCallerContext);
}
 
Example #29
Source File: SubjectDelegator.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up
public synchronized AccessControlContext
    delegatedContext(AccessControlContext authenticatedACC,
                     Subject delegatedSubject,
                     boolean removeCallerContext)
        throws SecurityException {

    if (principalsCache == null || accCache == null) {
        principalsCache =
                new CacheMap<Subject, Principal[]>(PRINCIPALS_CACHE_SIZE);
        accCache =
                new CacheMap<Subject, AccessControlContext>(ACC_CACHE_SIZE);
    }

    // Retrieve the principals for the given
    // delegated subject from the cache
    //
    Principal[] delegatedPrincipals = principalsCache.get(delegatedSubject);

    // Convert the set of principals stored in the
    // delegated subject into an array of principals
    // and store it in the cache
    //
    if (delegatedPrincipals == null) {
        delegatedPrincipals =
            delegatedSubject.getPrincipals().toArray(new Principal[0]);
        principalsCache.put(delegatedSubject, delegatedPrincipals);
    }

    // Retrieve the access control context for the
    // given delegated subject from the cache
    //
    AccessControlContext delegatedACC = accCache.get(delegatedSubject);

    // Build the access control context to be used
    // when executing code as the delegated subject
    // and store it in the cache
    //
    if (delegatedACC == null) {
        if (removeCallerContext) {
            delegatedACC =
                JMXSubjectDomainCombiner.getDomainCombinerContext(
                                                          delegatedSubject);
        } else {
            delegatedACC =
                JMXSubjectDomainCombiner.getContext(delegatedSubject);
        }
        accCache.put(delegatedSubject, delegatedACC);
    }

    // Check if the subject delegation permission allows the
    // authenticated subject to assume the identity of each
    // principal in the delegated subject
    //
    final Principal[] dp = delegatedPrincipals;
    PrivilegedAction<Void> action =
        new PrivilegedAction<Void>() {
            public Void run() {
                for (int i = 0 ; i < dp.length ; i++) {
                    final String pname =
                        dp[i].getClass().getName() + "." + dp[i].getName();
                    Permission sdp =
                        new SubjectDelegationPermission(pname);
                    AccessController.checkPermission(sdp);
                }
                return null;
            }
        };
    AccessController.doPrivileged(action, authenticatedACC);

    return delegatedACC;
}
 
Example #30
Source File: SubjectDelegator.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
public synchronized AccessControlContext
    delegatedContext(AccessControlContext authenticatedACC,
                     Subject delegatedSubject,
                     boolean removeCallerContext)
        throws SecurityException {

    if (principalsCache == null || accCache == null) {
        principalsCache =
                new CacheMap<Subject, Principal[]>(PRINCIPALS_CACHE_SIZE);
        accCache =
                new CacheMap<Subject, AccessControlContext>(ACC_CACHE_SIZE);
    }

    // Retrieve the principals for the given
    // delegated subject from the cache
    //
    Principal[] delegatedPrincipals = principalsCache.get(delegatedSubject);

    // Convert the set of principals stored in the
    // delegated subject into an array of principals
    // and store it in the cache
    //
    if (delegatedPrincipals == null) {
        delegatedPrincipals =
            delegatedSubject.getPrincipals().toArray(new Principal[0]);
        principalsCache.put(delegatedSubject, delegatedPrincipals);
    }

    // Retrieve the access control context for the
    // given delegated subject from the cache
    //
    AccessControlContext delegatedACC = accCache.get(delegatedSubject);

    // Build the access control context to be used
    // when executing code as the delegated subject
    // and store it in the cache
    //
    if (delegatedACC == null) {
        if (removeCallerContext) {
            delegatedACC =
                JMXSubjectDomainCombiner.getDomainCombinerContext(
                                                          delegatedSubject);
        } else {
            delegatedACC =
                JMXSubjectDomainCombiner.getContext(delegatedSubject);
        }
        accCache.put(delegatedSubject, delegatedACC);
    }

    // Check if the subject delegation permission allows the
    // authenticated subject to assume the identity of each
    // principal in the delegated subject
    //
    final Principal[] dp = delegatedPrincipals;
    PrivilegedAction<Void> action =
        new PrivilegedAction<Void>() {
            public Void run() {
                for (int i = 0 ; i < dp.length ; i++) {
                    final String pname =
                        dp[i].getClass().getName() + "." + dp[i].getName();
                    Permission sdp =
                        new SubjectDelegationPermission(pname);
                    AccessController.checkPermission(sdp);
                }
                return null;
            }
        };
    AccessController.doPrivileged(action, authenticatedACC);

    return delegatedACC;
}