org.elasticsearch.SpecialPermission Java Examples
The following examples show how to use
org.elasticsearch.SpecialPermission.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: LDAPAuthenticationBackend2.java From deprecated-security-advanced-modules with Apache License 2.0 | 6 votes |
|
@Override
public User authenticate(final AuthCredentials credentials) throws ElasticsearchSecurityException {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
try {
return AccessController.doPrivileged(new PrivilegedExceptionAction<User>() {
@Override
public User run() throws Exception {
return authenticate0(credentials);
}
});
} catch (PrivilegedActionException e) {
if (e.getException() instanceof ElasticsearchSecurityException) {
throw (ElasticsearchSecurityException) e.getException();
} else if (e.getException() instanceof RuntimeException) {
throw (RuntimeException) e.getException();
} else {
throw new RuntimeException(e.getException());
}
}
}
Example #2
| Source File: IndexMappingLoader.java From openshift-elasticsearch-plugin with Apache License 2.0 | 6 votes |
|
public IndexMappingLoader(final Settings settings) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
Map<String, String> result = AccessController.doPrivileged(new PrivilegedAction<Map<String, String>>() {
@Override
public Map<String, String> run() {
Map<String, String> mappings = new HashMap<>();
mappings.put("app", loadMapping(settings, OPENSHIFT_ES_KIBANA_SEED_MAPPINGS_APP));
mappings.put("opp", loadMapping(settings, OPENSHIFT_ES_KIBANA_SEED_MAPPINGS_OPERATIONS));
mappings.put("empty", loadMapping(settings, OPENSHIFT_ES_KIBANA_SEED_MAPPINGS_EMPTY));
return mappings;
}
});
appMappingsTemplate = result.get("app");
opsMappingsTemplate = result.get("opp");
emptyProjectMappingsTemplate = result.get("empty");
}
Example #3
| Source File: OpenshiftRequestContextFactory.java From openshift-elasticsearch-plugin with Apache License 2.0 | 6 votes |
|
private Set<Project> listProjectsFor(final String user, final String token) throws Exception {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
return AccessController.doPrivileged(new PrivilegedAction<Set<Project>>(){
@Override
public Set<Project> run() {
Set<Project> projects = apiService.projectNames(token);
for (Iterator<Project> it = projects.iterator(); it.hasNext();) {
if (isBlacklistProject(it.next().getName())) {
it.remove();
}
}
return projects;
}
});
}
Example #4
| Source File: DefaultOpenDistroSecurityKeyStore.java From deprecated-security-ssl with Apache License 2.0 | 6 votes |
|
private SslContext buildSSLContext0(final SslContextBuilder sslContextBuilder) throws SSLException {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
SslContext sslContext = null;
try {
sslContext = AccessController.doPrivileged(new PrivilegedExceptionAction<SslContext>() {
@Override
public SslContext run() throws Exception {
return sslContextBuilder.build();
}
});
} catch (final PrivilegedActionException e) {
throw (SSLException) e.getCause();
}
return sslContext;
}
Example #5
| Source File: Utils.java From deprecated-security-advanced-modules with Apache License 2.0 | 6 votes |
|
public static Map<String, Object> byteArrayToMutableJsonMap(byte[] jsonBytes) throws IOException {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
try {
return AccessController.doPrivileged(new PrivilegedExceptionAction<Map<String, Object>>() {
@Override
public Map<String, Object> run() throws Exception {
return internalMapper.readValue(jsonBytes, new TypeReference<Map<String, Object>>() {});
}
});
} catch (final PrivilegedActionException e) {
if (e.getCause() instanceof IOException) {
throw (IOException) e.getCause();
} else if (e.getCause() instanceof RuntimeException) {
throw (RuntimeException) e.getCause();
} else {
throw new RuntimeException(e.getCause());
}
}
}
Example #6
| Source File: Utils.java From deprecated-security-advanced-modules with Apache License 2.0 | 6 votes |
|
public static byte[] jsonMapToByteArray(Map<String, Object> jsonAsMap) throws IOException {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
try {
return AccessController.doPrivileged(new PrivilegedExceptionAction<byte[]>() {
@Override
public byte[] run() throws Exception {
return internalMapper.writeValueAsBytes(jsonAsMap);
}
});
} catch (final PrivilegedActionException e) {
if (e.getCause() instanceof JsonProcessingException) {
throw (JsonProcessingException) e.getCause();
} else if (e.getCause() instanceof RuntimeException) {
throw (RuntimeException) e.getCause();
} else {
throw new RuntimeException(e.getCause());
}
}
}
Example #7
| Source File: Utils.java From deprecated-security-advanced-modules with Apache License 2.0 | 6 votes |
|
public static void unbindAndCloseSilently(final Connection connection) {
if (connection == null) {
return;
}
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
try {
AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
connection.close();
return null;
}
});
} catch (PrivilegedActionException e) {
// ignore
}
}
Example #8
| Source File: HTTPSpnegoAuthenticator.java From deprecated-security-advanced-modules with Apache License 2.0 | 6 votes |
|
@Override
public AuthCredentials extractCredentials(final RestRequest request, ThreadContext threadContext) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
AuthCredentials creds = AccessController.doPrivileged(new PrivilegedAction<AuthCredentials>() {
@Override
public AuthCredentials run() {
return extractCredentials0(request);
}
});
return creds;
}
Example #9
| Source File: SamlHTTPMetadataResolver.java From deprecated-security-advanced-modules with Apache License 2.0 | 6 votes |
|
private static HttpClient createHttpClient(Settings settings, Path configPath) throws Exception {
try {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
return AccessController.doPrivileged(new PrivilegedExceptionAction<HttpClient>() {
@Override
public HttpClient run() throws Exception {
return createHttpClient0(settings, configPath);
}
});
} catch (PrivilegedActionException e) {
if (e.getCause() instanceof Exception) {
throw (Exception) e.getCause();
} else {
throw new RuntimeException(e);
}
}
}
Example #10
| Source File: AuthTokenProcessorHandler.java From deprecated-security-advanced-modules with Apache License 2.0 | 6 votes |
|
boolean handle(RestRequest restRequest, RestChannel restChannel) throws Exception {
try {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
return AccessController.doPrivileged(new PrivilegedExceptionAction<Boolean>() {
@Override
public Boolean run() throws XPathExpressionException, SamlConfigException, IOException,
ParserConfigurationException, SAXException, SettingsException {
return handleLowLevel(restRequest, restChannel);
}
});
} catch (PrivilegedActionException e) {
if (e.getCause() instanceof Exception) {
throw (Exception) e.getCause();
} else {
throw new RuntimeException(e);
}
}
}
Example #11
| Source File: HTTPJwtAuthenticator.java From deprecated-security-advanced-modules with Apache License 2.0 | 6 votes |
|
@Override
public AuthCredentials extractCredentials(RestRequest request, ThreadContext context) throws ElasticsearchSecurityException {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
AuthCredentials creds = AccessController.doPrivileged(new PrivilegedAction<AuthCredentials>() {
@Override
public AuthCredentials run() {
return extractCredentials0(request);
}
});
return creds;
}
Example #12
| Source File: AbstractHTTPJwtAuthenticator.java From deprecated-security-advanced-modules with Apache License 2.0 | 6 votes |
|
@Override
public AuthCredentials extractCredentials(RestRequest request, ThreadContext context)
throws ElasticsearchSecurityException {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
AuthCredentials creds = AccessController.doPrivileged(new PrivilegedAction<AuthCredentials>() {
@Override
public AuthCredentials run() {
return extractCredentials0(request);
}
});
return creds;
}
Example #13
| Source File: LDAPAuthenticationBackend2.java From deprecated-security-advanced-modules with Apache License 2.0 | 6 votes |
|
@Override
public boolean exists(final User user) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
return AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
@Override
public Boolean run() {
return exists0(user);
}
});
}
Example #14
| Source File: PrivilegedProvider.java From deprecated-security-advanced-modules with Apache License 2.0 | 6 votes |
|
@Override
public ProviderConnection create() throws LdapException {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
try {
return AccessController.doPrivileged(new PrivilegedExceptionAction<ProviderConnection>() {
@Override
public ProviderConnection run() throws Exception {
return new PrivilegedProviderConnection(delegate.create(), getProviderConfig());
}
});
} catch (PrivilegedActionException e) {
if (e.getException() instanceof LdapException) {
throw (LdapException) e.getException();
} else if (e.getException() instanceof RuntimeException) {
throw (RuntimeException) e.getException();
} else {
throw new RuntimeException(e.getException());
}
}
}
Example #15
| Source File: LDAPAuthenticationBackend2.java From deprecated-security-advanced-modules with Apache License 2.0 | 6 votes |
|
private void authenticateByLdapServer(final Connection connection, final String dn, byte[] password)
throws LdapException {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
try {
AccessController.doPrivileged(new PrivilegedExceptionAction<Response<Void>>() {
@Override
public Response<Void> run() throws LdapException {
return connection.getProviderConnection().bind(new BindRequest(dn, new Credential(password)));
}
});
} catch (PrivilegedActionException e) {
if (e.getException() instanceof LdapException) {
throw (LdapException) e.getException();
} else if (e.getException() instanceof RuntimeException) {
throw (RuntimeException) e.getException();
} else {
throw new RuntimeException(e);
}
}
}
Example #16
| Source File: HTTPSamlAuthenticator.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
static void ensureOpenSamlInitialization() {
if (openSamlInitialized) {
return;
}
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
try {
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws InitializationException {
Thread thread = Thread.currentThread();
ClassLoader originalClassLoader = thread.getContextClassLoader();
try {
thread.setContextClassLoader(InitializationService.class.getClassLoader());
InitializationService.initialize();
new org.opensaml.saml.config.XMLObjectProviderInitializer().init();
new org.opensaml.saml.config.SAMLConfigurationInitializer().init();
new org.opensaml.xmlsec.config.XMLObjectProviderInitializer().init();
} finally {
thread.setContextClassLoader(originalClassLoader);
}
openSamlInitialized = true;
return null;
}
});
} catch (PrivilegedActionException e) {
throw new RuntimeException(e.getCause());
}
}
Example #17
| Source File: RequestUtils.java From openshift-elasticsearch-plugin with Apache License 2.0 | 5 votes |
|
private <T> T executePrivilegedAction(PrivilegedAction<T> action){
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
return AccessController.doPrivileged(action);
}
Example #18
| Source File: MakeJava9Happy.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
static ClassLoader getClassLoader() {
if (!isJava9OrHigher) {
return null;
}
if (classLoader == null) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
try {
return AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>() {
@Override
public ClassLoader run() throws Exception {
return new Java9CL();
}
});
} catch (PrivilegedActionException e) {
if (e.getException() instanceof RuntimeException) {
throw (RuntimeException) e.getException();
} else {
throw new RuntimeException(e);
}
}
}
return classLoader;
}
Example #19
| Source File: OpenShiftTokenAuthentication.java From openshift-elasticsearch-plugin with Apache License 2.0 | 5 votes |
|
public Collection<String> retrieveBackendRoles(String token) {
List<String> roles = new ArrayList<>();
if (PluginServiceFactory.isReady()) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
OpenshiftAPIService apiService = PluginServiceFactory.getApiService();
for (Map.Entry<String, Settings> sar : sars.entrySet()) {
boolean allowed = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
@Override
public Boolean run() {
try {
Settings params = sar.getValue();
return apiService.localSubjectAccessReview(token,
params.get("namespace"),
params.get("verb"),
params.get("resource"),
params.get("resourceAPIGroup"),
ArrayUtils.EMPTY_STRING_ARRAY);
} catch (Exception e) {
LOGGER.error("Exception executing LSAR", e);
}
return false;
}
});
if (allowed) {
roles.add(sar.getKey());
}
}
}
return roles;
}
Example #20
| Source File: Sql4EsBase.java From sql4es with Apache License 2.0 | 5 votes |
|
/**
* Loads the ESDriver
* @throws Exception
*/
public Sql4EsBase() throws Exception {
super();
Class.forName("nl.anchormen.sql4es.jdbc.ESDriver");
this.sm = System.getSecurityManager();
if (sm != null) {
// unprivileged code such as scripts do not have SpecialPermission
sm.checkPermission(new SpecialPermission());
}
}
Example #21
| Source File: Scripting.java From elasticsearch-learning-to-rank with Apache License 2.0 | 5 votes |
|
public static Object compile(String scriptSource) {
// classloader created here
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
return AccessController.doPrivileged(new PrivilegedAction<Expression>() {
@Override
public Expression run() {
try {
// snapshot our context here, we check on behalf of the expression
AccessControlContext engineContext = AccessController.getContext();
ClassLoader loader = getClass().getClassLoader();
if (sm != null) {
loader = new ClassLoader(loader) {
@Override
protected Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundException {
try {
engineContext.checkPermission(new ClassPermission(name));
} catch (SecurityException e) {
throw new ClassNotFoundException(name, e);
}
return super.loadClass(name, resolve);
}
};
}
// NOTE: validation is delayed to allow runtime vars, and we don't have access to per index stuff here
return JavascriptCompiler.compile(scriptSource, JavascriptCompiler.DEFAULT_FUNCTIONS, loader);
} catch (ParseException e) {
throw convertToScriptException("compile error", scriptSource, scriptSource, e);
}
}
});
}
Example #22
| Source File: MynlpPlugin.java From mynlp with Apache License 2.0 | 5 votes |
|
public MynlpPlugin(Settings settings, Path configPath) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
enableCws = enableCwsSetting.get(settings);
}
Example #23
| Source File: RemoteMonitor.java From elasticsearch-analysis-hanlp with Apache License 2.0 | 5 votes |
|
@Override
public void run() {
SpecialPermission.check();
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
runUnprivileged();
return null;
});
}
Example #24
| Source File: DefaultPrincipalExtractor.java From deprecated-security-ssl with Apache License 2.0 | 5 votes |
|
@Override
public String extractPrincipal(final X509Certificate x509Certificate, final Type type) {
if (x509Certificate == null) {
return null;
}
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
String dnString = AccessController.doPrivileged(new PrivilegedAction<String>() {
@Override
public String run() {
final X500Principal principal = x509Certificate.getSubjectX500Principal();
return principal.toString();
}
});
//remove whitespaces
try {
final LdapName ln = new LdapName(dnString);
final List<Rdn> rdns = new ArrayList<>(ln.getRdns());
Collections.reverse(rdns);
dnString = String.join(",", rdns.stream().map(r->r.toString()).collect(Collectors.toList()));
} catch (InvalidNameException e) {
log.error("Unable to parse: {}",dnString, e);
}
if(log.isTraceEnabled()) {
log.trace("principal: {}", dnString);
}
return dnString;
}
Example #25
| Source File: AuditLogImpl.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
public AuditLogImpl(final Settings settings, final Path configPath, Client clientProvider, ThreadPool threadPool,
final IndexNameExpressionResolver resolver, final ClusterService clusterService) {
super(settings, threadPool, resolver, clusterService);
this.messageRouter = new AuditMessageRouter(settings, clientProvider, threadPool, configPath);
this.enabled = messageRouter.isEnabled();
log.info("Message routing enabled: {}", this.enabled);
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
log.debug("Security Manager present");
sm.checkPermission(new SpecialPermission());
}
AccessController.doPrivileged(new PrivilegedAction<Object>() {
@Override
public Object run() {
Runtime.getRuntime().addShutdownHook(new Thread() {
@Override
public void run() {
try {
close();
} catch (final IOException e) {
log.warn("Exception while shutting down message router", e);
}
}
});
log.debug("Shutdown Hook registered");
return null;
}
});
}
Example #26
| Source File: LDAPAuthorizationBackend2.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
@Override
public void fillRoles(final User user, final AuthCredentials optionalAuthCreds)
throws ElasticsearchSecurityException {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
try {
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
fillRoles0(user, optionalAuthCreds);
return null;
}
});
} catch (PrivilegedActionException e) {
if (e.getException() instanceof ElasticsearchSecurityException) {
throw (ElasticsearchSecurityException) e.getException();
} else if (e.getException() instanceof RuntimeException) {
throw (RuntimeException) e.getException();
} else {
throw new RuntimeException(e.getException());
}
}
}
Example #27
| Source File: LDAPAuthorizationBackend.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
public static Connection getConnection(final Settings settings, final Path configPath) throws Exception {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
try {
return AccessController.doPrivileged(new PrivilegedExceptionAction<Connection>() {
@Override
public Connection run() throws Exception {
boolean isJava9OrHigher = PlatformDependent.javaVersion() >= 9;
ClassLoader originalClassloader = null;
if (isJava9OrHigher) {
originalClassloader = Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(new Java9CL());
}
return getConnection0(settings, configPath, originalClassloader, isJava9OrHigher);
}
});
} catch (PrivilegedActionException e) {
throw e.getException();
}
}
Example #28
| Source File: LDAPAuthorizationBackend.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
public static void checkConnection(final ConnectionConfig connectionConfig, String bindDn, byte[] password) throws Exception {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
try {
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
boolean isJava9OrHigher = PlatformDependent.javaVersion() >= 9;
ClassLoader originalClassloader = null;
if (isJava9OrHigher) {
originalClassloader = Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(new Java9CL());
}
checkConnection0(connectionConfig, bindDn, password, originalClassloader, isJava9OrHigher);
return null;
}
});
} catch (PrivilegedActionException e) {
throw e.getException();
}
}
Example #29
| Source File: PrivilegedProvider.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
public Response<Void> bind(BindRequest request) throws LdapException {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
try {
return AccessController.doPrivileged(new PrivilegedExceptionAction<Response<Void>>() {
@Override
public Response<Void> run() throws Exception {
if (jndiProviderConfig.getClassLoader() != null) {
ClassLoader originalClassLoader = Thread.currentThread().getContextClassLoader();
try {
Thread.currentThread().setContextClassLoader(jndiProviderConfig.getClassLoader());
return delegate.bind(request);
} finally {
Thread.currentThread().setContextClassLoader(originalClassLoader);
}
} else {
return delegate.bind(request);
}
}
});
} catch (PrivilegedActionException e) {
if (e.getException() instanceof LdapException) {
throw (LdapException) e.getException();
} else if (e.getException() instanceof RuntimeException) {
throw (RuntimeException) e.getException();
} else {
throw new RuntimeException(e.getException());
}
}
}
Example #30
| Source File: HTTPSamlAuthenticator.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
private AbstractReloadingMetadataResolver createMetadataResolver(final Settings settings, final Path configPath)
throws Exception {
final AbstractReloadingMetadataResolver metadataResolver;
if (idpMetadataUrl != null) {
metadataResolver = new SamlHTTPMetadataResolver(settings, configPath);
} else {
metadataResolver = new SamlFilesystemMetadataResolver(settings, configPath);
}
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
try {
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws ComponentInitializationException {
metadataResolver.initialize();
return null;
}
});
} catch (PrivilegedActionException e) {
if (e.getCause() instanceof ComponentInitializationException) {
throw (ComponentInitializationException) e.getCause();
} else {
throw new RuntimeException(e.getCause());
}
}
return metadataResolver;
}
