javax.security.jacc.PolicyContextException Java Examples

The following examples show how to use javax.security.jacc.PolicyContextException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AuthorizationPreInitializer.java    From piranha with BSD 3-Clause "New" or "Revised" License 6 votes vote down vote up
public void setPermissions(ServletContext servletContext, AuthorizationService authorizationService) throws ServletException {
    // Add permissions to the policy configuration, which is the repository that the policy (authorization module)
    // uses
    PolicyConfiguration policyConfiguration = authorizationService.getPolicyConfiguration();

    try {
        List<Permission> unchecked = getOptionalAttribute(servletContext, UNCHECKED_PERMISSIONS);
        if (unchecked != null) {
            for (Permission permission : unchecked) {
                policyConfiguration.addToUncheckedPolicy(permission);
            }
        }

        List<Entry<String, Permission>> perRole = getOptionalAttribute(servletContext, PERROLE_PERMISSIONS);
        if (perRole != null) {
            for (Entry<String, Permission> perRoleEntry : perRole) {
                policyConfiguration.addToRole(perRoleEntry.getKey(), perRoleEntry.getValue());
            }
        }

        // TODO: Move commit moment to after all ServletContainerInitializer, Filters and Servlets have initialized
        policyConfiguration.commit();
    } catch (PolicyContextException e) {
        throw new IllegalStateException(e);
    }
}
 
Example #2
Source File: StandardJaccServiceImpl.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
@Override
public void addPermission(GrantedPermission permissionDeclaration) {
	// todo : do we need to wrap these PolicyConfiguration calls in privileged actions like we do during permission checks?

	if ( policyConfiguration == null ) {
		policyConfiguration = locatePolicyConfiguration( contextId );
	}

	for ( String grantedAction : permissionDeclaration.getPermissibleAction().getImpliedActions() ) {
		final EJBMethodPermission permission = new EJBMethodPermission(
				permissionDeclaration.getEntityName(),
				grantedAction,
				null, // interfaces
				null // arguments
		);

		log.debugf( "Adding permission [%s] to role [%s]", grantedAction, permissionDeclaration.getRole() );
		try {
			policyConfiguration.addToRole( permissionDeclaration.getRole(), permission );
		}
		catch (PolicyContextException pce) {
			throw new HibernateException( "policy context exception occurred", pce );
		}
	}
}
 
Example #3
Source File: JBossTimeBasedOTPLoginModule.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
private String getTimeBasedOTPFromRequest()
{
   String totp = null;

   //This is JBoss AS specific mechanism 
   String WEB_REQUEST_KEY = "javax.servlet.http.HttpServletRequest";

   try
   {
      HttpServletRequest request = (HttpServletRequest) PolicyContext.getContext(WEB_REQUEST_KEY);
      totp = request.getParameter( TOTP );
   }
   catch (PolicyContextException e)
   {
      PicketBoxLogger.LOGGER.debugErrorGettingRequestFromPolicyContext(e);
   }
   return totp; 
}
 
Example #4
Source File: SecurityActions.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
public CallbackHandler getContextCallbackHandler()
   throws PolicyContextException
{
   try
   {
      return (CallbackHandler) AccessController.doPrivileged(exAction);
   }
   catch(PrivilegedActionException e)
   {
      Exception ex = e.getException();
      if( ex instanceof PolicyContextException )
         throw (PolicyContextException) ex;
      else
         throw new UndeclaredThrowableException(ex);
   }
}
 
Example #5
Source File: JBossPolicyConfiguration.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
protected JBossPolicyConfiguration(String contextID, DelegatingPolicy policy, StateMachine configStateMachine)
   throws PolicyContextException
{
   this.contextID = contextID;
   this.policy = policy;
   this.configStateMachine = configStateMachine;

   if (contextID == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextID");
   if (policy == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("policy");
   if (configStateMachine == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("configStateMachine");

   validateState("getPolicyConfiguration");
   PicketBoxLogger.LOGGER.debugJBossPolicyConfigurationConstruction(contextID);
}
 
Example #6
Source File: BasicJaccProvider.java    From tomee with Apache License 2.0 6 votes vote down vote up
public boolean implies(final ProtectionDomain domain, final Permission permission) {
    final String contextID = PolicyContext.getContextID();

    if (contextID != null && JACC_PERMISSIONS.contains(permission.getClass())) {
        try {
            final BasicPolicyConfiguration configuration = configurations.get(contextID);

            if (configuration == null || !configuration.inService()) {
                return false;
            }

            return configuration.implies(domain, permission);
        } catch (final PolicyContextException e) {
            // no-op
        }
    }

    return systemPolicy != null ? systemPolicy.implies(domain, permission) : false;
}
 
Example #7
Source File: JBossPolicyConfiguration.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public void addToUncheckedPolicy(Permission permission)
   throws PolicyContextException
{
   PicketBoxLogger.LOGGER.traceAddPermissionToUncheckedPolicy(permission);
   validateState("addToUncheckedPolicy");
   policy.addToUncheckedPolicy(contextID, permission);
}
 
Example #8
Source File: BasicPolicyConfiguration.java    From tomee with Apache License 2.0 5 votes vote down vote up
public void removeRole(final String roleName) throws PolicyContextException {
    if (state != OPEN) {
        throw new UnsupportedOperationException("Not in an open state");
    }

    rolePermissionsMap.remove(roleName);
}
 
Example #9
Source File: JBossPolicyConfiguration.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public void addToRole(String roleName, PermissionCollection permissions)
   throws PolicyContextException
{
   PicketBoxLogger.LOGGER.traceAddPermissionsToRole(permissions);
   validateState("addToRole");
   policy.addToRole(contextID, roleName, permissions);
}
 
Example #10
Source File: JBossPolicyConfiguration.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public void addToRole(String roleName, Permission permission)
   throws PolicyContextException
{
   PicketBoxLogger.LOGGER.traceAddPermissionToRole(permission);
   validateState("addToRole");
   policy.addToRole(contextID, roleName, permission);
}
 
Example #11
Source File: JBossPolicyConfiguration.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public void addToExcludedPolicy(PermissionCollection permissions)
   throws PolicyContextException
{
   PicketBoxLogger.LOGGER.traceAddPermissionsToExcludedPolicy(permissions);
   validateState("addToExcludedPolicy");
   policy.addToExcludedPolicy(contextID, permissions);
}
 
Example #12
Source File: JBossPolicyConfiguration.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public void addToExcludedPolicy(Permission permission)
   throws PolicyContextException
{
   PicketBoxLogger.LOGGER.traceAddPermissionToExcludedPolicy(permission);
   validateState("addToExcludedPolicy");
   policy.addToExcludedPolicy(contextID, permission);
}
 
Example #13
Source File: BasicPolicyConfiguration.java    From tomee with Apache License 2.0 5 votes vote down vote up
public void removeUncheckedPolicy() throws PolicyContextException {
    if (state != OPEN) {
        throw new UnsupportedOperationException("Not in an open state");
    }

    unchecked = null;
}
 
Example #14
Source File: BasicPolicyConfiguration.java    From tomee with Apache License 2.0 5 votes vote down vote up
public void removeExcludedPolicy() throws PolicyContextException {
    if (state != OPEN) {
        throw new UnsupportedOperationException("Not in an open state");
    }

    excluded = null;
}
 
Example #15
Source File: ContextPolicy.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
void addToExcludedPolicy(PermissionCollection permissions)
   throws PolicyContextException
{
   Enumeration<Permission> iter = permissions.elements();
   while( iter.hasMoreElements() )
   {
      Permission p = iter.nextElement();
      excludedPermissions.add(p);
   }
}
 
Example #16
Source File: ServiceServlet.java    From microprofile-jwt-auth with Apache License 2.0 5 votes vote down vote up
private String getSubject(HttpServletResponse response) throws IOException {
    try {
        Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
        Set<? extends Principal> principalSet = subject.getPrincipals(JsonWebToken.class);
        if(principalSet.size() > 0) {
            return "subject.getPrincipals(JsonWebToken.class) ok";
        }
        response.sendError(500, "subject.getPrincipals(JsonWebToken.class) == 0");
    }
    catch (PolicyContextException e) {
        e.printStackTrace();
        response.sendError(500, e.getMessage());
    }
    throw new IllegalStateException("subject.getPrincipals(JsonWebToken.class) == 0");
}
 
Example #17
Source File: JaccProvider.java    From tomee with Apache License 2.0 5 votes vote down vote up
/**
 * This static method uses a system property to find and instantiate (via a
 * public constructor) a provider specific factory implementation class.
 * The name of the provider specific factory implementation class is
 * obtained from the value of the system property,<p>
 * <code>org.apache.openejb.security.JaccProvider</code>.
 * PolicyConfigurationFactory implementation class.
 *
 * @throws ClassNotFoundException when the class named by the system
 *                                property could not be found including because the value of the system
 *                                property has not be set.
 * @throws PolicyContextException if the implementation throws a checked
 *                                exception that has not been accounted for by the
 *                                getPolicyConfigurationFactory method signature. The exception thrown by
 *                                the implementation class will be encapsulated (during construction) in
 *                                the thrown PolicyContextException
 */
public static void install() throws ClassNotFoundException, PolicyContextException {
    if (jaccProvider != null) {
        return;
    }

    final String[] factoryClassName = {null};
    try {
        jaccProvider = (JaccProvider) AccessController.doPrivileged(new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                factoryClassName[0] = System.getProperty(FACTORY_NAME);

                if (factoryClassName[0] == null) {
                    throw new ClassNotFoundException("Property " + FACTORY_NAME + " not set");
                }
                final Thread currentThread = Thread.currentThread();
                final ClassLoader tccl = currentThread.getContextClassLoader();
                return Class.forName(factoryClassName[0], true, tccl).newInstance();
            }
        });
    } catch (final PrivilegedActionException pae) {
        if (pae.getException() instanceof ClassNotFoundException) {
            throw (ClassNotFoundException) pae.getException();
        } else if (pae.getException() instanceof InstantiationException) {
            throw new ClassNotFoundException(factoryClassName[0] + " could not be instantiated");
        } else if (pae.getException() instanceof IllegalAccessException) {
            throw new ClassNotFoundException("Illegal access to " + factoryClassName);
        }
        throw new PolicyContextException(pae.getException());
    }
}
 
Example #18
Source File: JBossPolicyConfiguration.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public void addToUncheckedPolicy(PermissionCollection permissions)
   throws PolicyContextException
{
   PicketBoxLogger.LOGGER.traceAddPermissionsToUncheckedPolicy(permissions);
   validateState("addToUncheckedPolicy");
   policy.addToUncheckedPolicy(contextID, permissions);
}
 
Example #19
Source File: JBossPolicyConfiguration.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public void commit()
   throws PolicyContextException
{
   PicketBoxLogger.LOGGER.tracePolicyConfigurationCommit(contextID);
   validateState("commit");
   policy.commit(contextID);
}
 
Example #20
Source File: JBossPolicyConfiguration.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public void delete()
   throws PolicyContextException
{
   PicketBoxLogger.LOGGER.tracePolicyConfigurationDelete(contextID);
   validateState("delete");
   policy.delete(contextID);
}
 
Example #21
Source File: JBossPolicyConfiguration.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public void linkConfiguration(PolicyConfiguration link)
   throws PolicyContextException
{
   if (PicketBoxLogger.LOGGER.isTraceEnabled())
   {
      PicketBoxLogger.LOGGER.traceLinkConfiguration(link.getContextID());
   }
   validateState("linkConfiguration");
   policy.linkConfiguration(contextID, link);
}
 
Example #22
Source File: JBossPolicyConfiguration.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public void removeExcludedPolicy()
   throws PolicyContextException
{
   PicketBoxLogger.LOGGER.traceRemoveExcludedPolicy(contextID);
   validateState("removeExcludedPolicy");
   policy.removeExcludedPolicy(contextID);
}
 
Example #23
Source File: JBossPolicyConfiguration.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public void removeRole(String roleName)
   throws PolicyContextException
{
   PicketBoxLogger.LOGGER.traceRemoveRole(roleName, contextID);
   validateState("removeRole");
   policy.removeRole(contextID, roleName);
}
 
Example #24
Source File: JBossPolicyConfiguration.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public void removeUncheckedPolicy()
   throws PolicyContextException
{
   PicketBoxLogger.LOGGER.traceRemoveUncheckedPolicy(contextID);
   validateState("removeUncheckedPolicy");
   policy.removeUncheckedPolicy(contextID);
}
 
Example #25
Source File: JBossPolicyConfiguration.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
protected void validateState(String action)
   throws PolicyContextException
{
   try
   {
      configStateMachine.nextState(action);
   }
   catch(IllegalTransitionException e)
   {
      throw new PolicyContextException(PicketBoxMessages.MESSAGES.operationNotAllowedMessage(), e);
   }
}
 
Example #26
Source File: BasicJaccProvider.java    From tomee with Apache License 2.0 5 votes vote down vote up
public PolicyConfiguration getPolicyConfiguration(final String contextID, final boolean remove) throws PolicyContextException {
    BasicPolicyConfiguration configuration = configurations.get(contextID);

    if (configuration == null) {
        configuration = createPolicyConfiguration(contextID);
        configurations.put(contextID, configuration);
    } else {
        configuration.open(remove);
    }

    return configuration;
}
 
Example #27
Source File: JACCConfiguration.java    From cacheonix-core with GNU Lesser General Public License v2.1 5 votes vote down vote up
public JACCConfiguration(String contextId) throws HibernateException {
	try {
		policyConfiguration = PolicyConfigurationFactory
				.getPolicyConfigurationFactory()
				.getPolicyConfiguration( contextId, false );
	}
	catch (ClassNotFoundException cnfe) {
		throw new HibernateException( "JACC provider class not found", cnfe );
	}
	catch (PolicyContextException pce) {
		throw new HibernateException( "policy context exception occurred", pce );
	}
}
 
Example #28
Source File: JACCConfiguration.java    From cacheonix-core with GNU Lesser General Public License v2.1 5 votes vote down vote up
public void addPermission(String role, String entityName, String action) {

		if ( action.equals( "*" ) ) {
			action = "insert,read,update,delete";
		}

		StringTokenizer tok = new StringTokenizer( action, "," );

		while ( tok.hasMoreTokens() ) {
			String methodName = tok.nextToken().trim();
			EJBMethodPermission permission = new EJBMethodPermission( 
					entityName, 
					methodName, 
					null, // interfaces
					null // arguments
				);

			if ( log.isDebugEnabled() ) {
				log.debug( "adding permission to role " + role + ": " + permission );
			}
			try {
				policyConfiguration.addToRole( role, permission );
			}
			catch (PolicyContextException pce) {
				throw new HibernateException( "policy context exception occurred", pce );
			}
		}
	}
 
Example #29
Source File: JACCPermissions.java    From cacheonix-core with GNU Lesser General Public License v2.1 5 votes vote down vote up
public Subject getContextSubject() throws PolicyContextException {
	try {
		return (Subject) AccessController.doPrivileged( exAction );
	}
	catch (PrivilegedActionException e) {
		Exception ex = e.getException();
		if ( ex instanceof PolicyContextException ) {
			throw (PolicyContextException) ex;
		}
		else {
			throw new UndeclaredThrowableException( ex );
		}
	}
}
 
Example #30
Source File: JACCPermissions.java    From cacheonix-core with GNU Lesser General Public License v2.1 5 votes vote down vote up
static Subject getContextSubject() throws PolicyContextException {
	if ( System.getSecurityManager() == null ) {
		return PolicyContextActions.NON_PRIVILEGED.getContextSubject();
	}
	else {
		return PolicyContextActions.PRIVILEGED.getContextSubject();
	}
}