Java Code Examples for javax.security.auth.Subject#doAs()

The following examples show how to use javax.security.auth.Subject#doAs() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: IdentityManagerImpl.java    From peer-os with Apache License 2.0 6 votes vote down vote up
@PermitAll
@Override
public void runAs( Session userSession, final Callable action )
{
    if ( userSession != null )
    {
        Subject.doAs( userSession.getSubject(), new PrivilegedAction<Void>()
        {
            @Override
            public Void run()
            {
                try
                {
                    action.call();
                }
                catch ( Exception ex )
                {
                    LOGGER.error( "**** Error!! Error running privileged action.", ex );
                }
                return null;
            }
        } );
    }
}
 
Example 2
Source File: GssClient.java    From ats-framework with Apache License 2.0 6 votes vote down vote up
/**
 * Called when SPNEGO client-service authentication is taking place.
 * 
 * @param context
 * @param negotiationToken
 * @return
 * @throws GSSException
 */
public byte[] negotiate( GSSContext context, byte[] negotiationToken ) throws GSSException {

    if (subject == null) {
        loginViaJAAS(); // throw GSSException if fail to login
    }
    // If we do not have the service ticket it will be retrieved
    // from the TGS on a call to initSecContext().
    NegotiateContextAction negotiationAction = new NegotiateContextAction(context, negotiationToken);
    // Run the negotiation as the initiator
    // The service ticket will then be cached in the Subject's
    // private credentials, as the subject.
    negotiationToken = (byte[]) Subject.doAs(subject, negotiationAction);
    if (negotiationAction.getGSSException() != null) {
        throw negotiationAction.getGSSException();
    }

    return negotiationToken;
}
 
Example 3
Source File: MLModelRegistryClient.java    From streamline with Apache License 2.0 6 votes vote down vote up
public String getMLModelContents(String modelName) {
    try {
        Response response = Subject.doAs(subject, new PrivilegedAction<Response>() {
            @Override
            public Response run() {
                return client.target(String.format("%s/%s/%s", modelRegistryURL, "pmml", modelName)).request().get();
            }
        });

        if(response.getStatus() != OK.getStatusCode()) {
            throw new RuntimeException(
                    String.format("Error occurred while getting the response %s", response.getStatus()));
        } else {
            return response.readEntity(String.class);
        }
    } catch (Exception exception) {
        LOG.error(String.format("An error was thrown while reading the pmml file contents for %s", modelName),
                  exception);
        throw new RuntimeException(exception);
    }
}
 
Example 4
Source File: SimpleLDAPAuthenticationManagerImpl.java    From qpid-broker-j with Apache License 2.0 6 votes vote down vote up
private <T> T invokeContextOperationAs(final Subject identity, final PrivilegedExceptionAction<T> action)
        throws NamingException
{
    try
    {
        return Subject.doAs(identity, action);
    }
    catch (PrivilegedActionException e)
    {
        final Exception exception = e.getException();
        if (exception instanceof NamingException)
        {
            throw (NamingException) exception;
        }
        else if (exception instanceof RuntimeException)
        {
            throw (RuntimeException) exception;
        }
        else
        {
            throw new ServerScopedRuntimeException(exception);
        }
    }
}
 
Example 5
Source File: LoginContextInvocationHandler.java    From pentaho-kettle with Apache License 2.0 6 votes vote down vote up
@Override
public Object invoke( Object proxy, final Method method, final Object[] args ) throws Throwable {
  try {
    return Subject.doAs( loginContext.getSubject(), new PrivilegedExceptionAction<Object>() {

      @Override
      public Object run() throws Exception {
        Object result = method.invoke( delegate, args );
        if ( result != null ) {
          for ( Class<?> iface : result.getClass().getInterfaces() ) {
            if ( interfacesToDelegate.contains( iface ) ) {
              result = forObject( result, loginContext, interfacesToDelegate );
              break;
            }
          }
        }
        return result;
      }
    } );
  } catch ( PrivilegedActionException e ) {
    if ( e.getCause() instanceof InvocationTargetException ) {
      throw ( (InvocationTargetException) e.getCause() ).getCause();
    }
    throw e;
  }
}
 
Example 6
Source File: Context.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Does something using the Subject inside
 * @param action the action
 * @param in the input byte
 * @return the output byte
 * @throws java.lang.Exception
 */
public byte[] doAs(final Action action, final byte[] in) throws Exception {
    try {
        return Subject.doAs(s, new PrivilegedExceptionAction<byte[]>() {

            @Override
            public byte[] run() throws Exception {
                return action.run(Context.this, in);
            }
        });
    } catch (PrivilegedActionException pae) {
        throw pae.getException();
    }
}
 
Example 7
Source File: Synch.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) {
    Subject subject = new Subject();
    final Set principals = subject.getPrincipals();
    principals.add(new X500Principal("CN=Alice"));
    new Thread() {
        public void run() {
            Principal last = new X500Principal("CN=Bob");
            for (int i = 0; !finished; i++) {
                Principal next = new X500Principal("CN=Bob" + i);
                principals.add(next);
                principals.remove(last);
                last = next;
            }
        }
    }.start();
    for (int i = 0; i < 1000; i++) {
        Subject.doAs(
            subject,
            new PrivilegedAction() {
                public Object run() {
                    return Subject.doAs(
                        new Subject(true,
                                    Collections.singleton(
                                        new X500Principal("CN=Claire")),
                                    Collections.EMPTY_SET,
                                    Collections.EMPTY_SET),
                        new PrivilegedAction() {
                            public Object run() {
                                return null;
                            }
                        });
                }
            });
    }
    finished = true;
}
 
Example 8
Source File: ServiceCredsCombination.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Checks the correct bound
 * @param a get a creds for this principal, null for default one
 * @param b expected name, null for still unbound, "NOCRED" for no creds
 * @param objs princs, keys and keytabs in the subject
 */
private static void check(final String a, String b, Object... objs)
        throws Exception {
    Subject subj = new Subject();
    for (Object obj: objs) {
        if (obj instanceof KerberosPrincipal) {
            subj.getPrincipals().add((KerberosPrincipal)obj);
        } else if (obj instanceof KerberosKey || obj instanceof KeyTab) {
            subj.getPrivateCredentials().add(obj);
        }
    }
    final GSSManager man = GSSManager.getInstance();
    try {
        String result = Subject.doAs(
                subj, new PrivilegedExceptionAction<String>() {
            @Override
            public String run() throws GSSException {
                GSSCredential cred = man.createCredential(
                        a == null ? null : man.createName(r(a), null),
                        GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID,
                        GSSCredential.ACCEPT_ONLY);
                GSSName name = cred.getName();
                return name == null ? null : name.toString();
            }
        });
        if (!Objects.equals(result, r(b))) {
            throw new Exception("Check failed: getInstance(" + a
                    + ") has name " + result + ", not " + b);
        }
    } catch (PrivilegedActionException e) {
        if (!"NOCRED".equals(b)) {
            throw new Exception("Check failed: getInstance(" + a
                    + ") is null " + ", but not one with name " + b);
        }
    }
}
 
Example 9
Source File: NestedActions.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String args[]) {
    Subject subject = new Subject();
    subject.getPrincipals().add(new X500Principal("CN=Duke"));
    Subject anotherSubject = new Subject();
    anotherSubject.getPrincipals().add(new X500Principal("CN=Java"));
    ReadFromFileAction readFromFile
            = new ReadFromFileAction(NestedActions.file, anotherSubject);
    WriteToFileAction writeToFile
            = new WriteToFileAction(NestedActions.file, readFromFile);
    Subject.doAs(subject, writeToFile);
}
 
Example 10
Source File: PrestoClient.java    From ranger with Apache License 2.0 5 votes vote down vote up
private void init() throws Exception {
  Subject.doAs(getLoginSubject(), new PrivilegedAction<Void>() {
    public Void run() {
      initConnection();
      return null;
    }
  });
}
 
Example 11
Source File: AMQPConnectionActorTest.java    From qpid-broker-j with Apache License 2.0 5 votes vote down vote up
private String sendLogMessage()
{
    final String message = "test logging";
    Subject subject = new Subject(false, Collections.singleton(new ConnectionPrincipal(getConnection())), Collections.emptySet(), Collections.emptySet());
    Subject.doAs(subject, new PrivilegedAction<Object>()
    {
        @Override
        public Object run()
        {
            getEventLogger().message(new LogSubject()
                              {
                                  @Override
                                  public String toLogString()
                                  {
                                      return "[AMQPActorTest]";
                                  }

                              }, new LogMessage()
                              {
                                  @Override
                                  public String toString()
                                  {
                                      return message;
                                  }

                                  @Override
                                  public String getLogHierarchy()
                                  {
                                      return "test.hierarchy";
                                  }
                              }
                             );
            return null;

        }
    });
    return message;
}
 
Example 12
Source File: Context.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Does something using the Subject inside
 * @param action the action
 * @param in the input byte
 * @return the output byte
 * @throws java.lang.Exception
 */
public byte[] doAs(final Action action, final byte[] in) throws Exception {
    try {
        return Subject.doAs(s, new PrivilegedExceptionAction<byte[]>() {

            @Override
            public byte[] run() throws Exception {
                return action.run(Context.this, in);
            }
        });
    } catch (PrivilegedActionException pae) {
        throw pae.getException();
    }
}
 
Example 13
Source File: RestUserPreferenceHandlerTest.java    From qpid-broker-j with Apache License 2.0 5 votes vote down vote up
@Test
public void testPutWithVisibilityList_InvalidGroup() throws Exception
{

    final RequestInfo requestInfo = RequestInfo.createPreferencesRequestInfo(Collections.<String>emptyList(),
                                                                             Arrays.asList("X-testtype",
                                                                                           "myprefname")
                                                                            );

    final Map<String, Object> pref = new HashMap<>();
    pref.put(Preference.VALUE_ATTRIBUTE, Collections.emptyMap());
    pref.put(Preference.VISIBILITY_LIST_ATTRIBUTE, Collections.singletonList("Invalid Group"));

    Subject.doAs(_subject, new PrivilegedAction<Void>()
                 {
                     @Override
                     public Void run()
                     {
                         try
                         {
                             _handler.handlePUT(_configuredObject, requestInfo, pref);
                             fail("Expected exception not thrown");
                         }
                         catch (IllegalArgumentException e)
                         {
                             // pass
                         }
                         return null;
                     }
                 }
                );
}
 
Example 14
Source File: AuthenticationCheckFilter.java    From qpid-broker-j with Apache License 2.0 4 votes vote down vote up
private void doFilterChainAs(final ServletRequest request,
                             final ServletResponse response,
                             final FilterChain chain,
                             final Subject subject) throws IOException, ServletException
{
    try
    {
        Subject.doAs(subject, new PrivilegedExceptionAction<Void>()
        {
            @Override
            public Void run() throws IOException, ServletException
            {
                chain.doFilter(request, response);
                return null;
            }
        });
    }
    catch (PrivilegedActionException e)
    {
        Throwable cause = e.getCause();

        if (cause instanceof IOException)
        {
            throw (IOException) cause;
        }
        else if (cause instanceof ServletException)
        {
            throw (ServletException) cause;
        }
        else if (cause instanceof Error)
        {
            throw (Error) cause;
        }
        else if (cause instanceof RuntimeException)
        {
            throw (RuntimeException) cause;
        }

        throw new ConnectionScopedRuntimeException(e.getCause());
    }
}
 
Example 15
Source File: NettyConnector.java    From activemq-artemis with Apache License 2.0 4 votes vote down vote up
private SSLEngine loadOpenSslEngine(ByteBufAllocator alloc,
                                    String keystoreProvider,
                                    String keystorePath,
                                    String keystorePassword,
                                    String truststoreProvider,
                                    String truststorePath,
                                    String truststorePassword) throws Exception {


   SslContext context = new SSLSupport()
      .setKeystoreProvider(keystoreProvider)
      .setKeystorePath(keystorePath)
      .setKeystorePassword(keystorePassword)
      .setTruststoreProvider(truststoreProvider)
      .setTruststorePath(truststorePath)
      .setTruststorePassword(truststorePassword)
      .setSslProvider(sslProvider)
      .setTrustAll(trustAll)
      .setTrustManagerFactoryPlugin(trustManagerFactoryPlugin)
      .createNettyClientContext();

   Subject subject = null;
   if (kerb5Config != null) {
      LoginContext loginContext = new LoginContext(kerb5Config);
      loginContext.login();
      subject = loginContext.getSubject();
      verifyHost = true;
   }

   SSLEngine engine = Subject.doAs(subject, new PrivilegedExceptionAction<SSLEngine>() {
      @Override
      public SSLEngine run() {
         if (host != null && port != -1) {
            return context.newEngine(alloc, host, port);
         } else {
            return context.newEngine(alloc);
         }
      }
   });
   return engine;
}
 
Example 16
Source File: JAASLoginInterceptor.java    From cxf with Apache License 2.0 4 votes vote down vote up
public void handleMessage(final Message message) {
    if (allowNamedPrincipals) {
        SecurityContext sc = message.get(SecurityContext.class);
        if (sc != null && sc.getUserPrincipal() != null
            && sc.getUserPrincipal().getName() != null) {
            return;
        }
    }

    CallbackHandler handler = getFirstCallbackHandler(message);

    if (handler == null && !allowAnonymous) {
        throw new AuthenticationException("Authentication required but no authentication information was supplied");
    }

    try {
        LoginContext ctx = new LoginContext(getContextName(), null, handler, loginConfig);
        ctx.login();
        Subject subject = ctx.getSubject();
        String name = getUsername(handler);
        message.put(SecurityContext.class, createSecurityContext(name, subject));

        // Run the further chain in the context of this subject.
        // This allows other code to retrieve the subject using pure JAAS
        if (useDoAs) {
            Subject.doAs(subject, new PrivilegedAction<Void>() {

                @Override
                public Void run() {
                    InterceptorChain chain = message.getInterceptorChain();
                    if (chain != null) {
                        message.put("suspend.chain.on.current.interceptor", Boolean.TRUE);
                        chain.doIntercept(message);
                    }
                    return null;
                }
            });
        }

    } catch (LoginException ex) {
        String errorMessage = "Authentication failed: " + ex.getMessage();
        LOG.log(Level.FINE, errorMessage, ex);
        if (reportFault) {
            AuthenticationException aex = new AuthenticationException(errorMessage);
            aex.initCause(ex);
            throw aex;

        }
        throw new AuthenticationException("Authentication failed (details can be found in server log)");
    }
}
 
Example 17
Source File: KerberosToken.java    From athenz with Apache License 2.0 4 votes vote down vote up
@SuppressWarnings({ "unchecked", "rawtypes" })
public boolean validate(Subject serviceSubject, StringBuilder errMsg) {

    PrivilegedExceptionAction<String> privExcAction;
    try {
        byte[] kerberosTicket = Base64.decode(unsignedToken.getBytes(StandardCharsets.UTF_8));
        if (krbPrivActionClass == null) {
            privExcAction = new KerberosValidateAction(kerberosTicket);
        } else {
            Class privActionClass = Class.forName(krbPrivActionClass);
            privExcAction = (PrivilegedExceptionAction<String>) privActionClass.getConstructor(byte[].class).newInstance((Object) kerberosTicket);
        }
        userName = Subject.doAs(serviceSubject, privExcAction);
        int index = userName.indexOf('@');
        ///CLOVER:OFF
        if (index != -1) {
            ///CLOVER:ON
            if (userName.indexOf(KRB_USER_REALM, index) == -1) {
                if (userName.indexOf(USER_REALM, index) != -1) {
                    domain = USER_DOMAIN;
                } else {
                    throw new Exception("KerberosToken:validate: invalid Kerberos Realm: " + userName);
                }
            }
            userName = userName.substring(0, index);
        }
        return true;

    } catch (PrivilegedActionException paexc) {
        if (errMsg == null) {
            errMsg = new StringBuilder(512);
        }
        errMsg.append("KerberosToken:validate: token=").append(unsignedToken).
               append(" : privilege exc=").append(paexc);
        LOG.error(errMsg.toString());
    } catch (Exception exc) {
        if (errMsg == null) {
            errMsg = new StringBuilder(512);
        }
        errMsg.append("KerberosToken:validate: token=").append(unsignedToken).
               append(" : unknown exc=").append(exc);
        LOG.error(errMsg.toString());
    }
    return false;
}
 
Example 18
Source File: NestedActions.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String args[]) {
    Subject subject = new Subject();
    subject.getPrincipals().add(new X500Principal("CN=Duke"));
    try {
        WriteToFileExceptionAction writeToFile =
                new WriteToFileExceptionAction(NestedActions.file);
        Subject.doAs(subject, writeToFile);
        throw new RuntimeException(
                "Test failed: no PrivilegedActionException thrown");
    } catch (PrivilegedActionException pae) {
        System.out.println(
                "PrivilegedActionException thrown as expected: "
                + pae);

        // check if AccessControlException caused PrivilegedActionException
        Throwable exception = pae.getException();
        do {
            if (!(exception instanceof PrivilegedActionException)) {
                break;
            }
            exception = ((PrivilegedActionException) exception).
                    getException();
        } while (true);

        if (!(exception instanceof ReadPropertyException)) {
            throw new RuntimeException(
                    "Test failed: PrivilegedActionException "
                    + "was not caused by ReadPropertyException");
        }

        exception = exception.getCause();
        if (!(exception instanceof AccessControlException)) {
            throw new RuntimeException(
                    "Test failed: PrivilegedActionException "
                    + "was not caused by ReadPropertyException");
        }

        System.out.println(
                "Test passed: PrivilegedActionException "
                + "was caused by AccessControlException");
    }
}
 
Example 19
Source File: PreferencesTest.java    From qpid-broker-j with Apache License 2.0 4 votes vote down vote up
@Test
public void testDeleteByTypeAndId() throws Exception
{
    final String deleteType = "X-type-1";
    final Preference deletePreference =
            PreferenceFactory.fromAttributes(_testObject, PreferenceTestHelper.createPreferenceAttributes(
                    null,
                    null,
                    deleteType,
                    "propName",
                    null,
                    TEST_PRINCIPAL_SERIALIZATION,
                    null,
                    Collections.<String, Object>emptyMap()));
    final Preference unaffectedPreference1 =
            PreferenceFactory.fromAttributes(_testObject, PreferenceTestHelper.createPreferenceAttributes(
                    null,
                    null,
                    deleteType,
                    "propName2",
                    null,
                    TEST_PRINCIPAL_SERIALIZATION,
                    null,
                    Collections.<String, Object>emptyMap()));
    String unaffectedType = "X-type-2";
    final Preference unaffectedPreference2 =
            PreferenceFactory.fromAttributes(_testObject, PreferenceTestHelper.createPreferenceAttributes(
                    null,
                    null,
                    unaffectedType,
                    "propName",
                    null,
                    TEST_PRINCIPAL_SERIALIZATION,
                    null,
                    Collections.<String, Object>emptyMap()));
    updateOrAppendAs(_testSubject, deletePreference, unaffectedPreference1, unaffectedPreference2);

    Subject.doAs(_testSubject, new PrivilegedAction<Void>()
    {
        @Override
        public Void run()
        {
            awaitPreferenceFuture(_testObject.getUserPreferences().delete(deleteType, null, deletePreference.getId()));
            return null;
        }
    });
    assertPreferences(_testSubject, unaffectedPreference1, unaffectedPreference2);
}
 
Example 20
Source File: PreferencesTest.java    From qpid-broker-j with Apache License 2.0 4 votes vote down vote up
@Test
public void testDeleteViaReplace()
{
    final String preferenceType = "X-testType";
    Subject testSubject2 = TestPrincipalUtils.createTestSubject(TEST_USERNAME2);
    final Preference unaffectedPreference =
            PreferenceFactory.fromAttributes(_testObject, PreferenceTestHelper.createPreferenceAttributes(
                    null,
                    null,
                    preferenceType,
                    "propName",
                    null,
                    TEST_PRINCIPAL2_SERIALIZATION,
                    null,
                    Collections.<String, Object>emptyMap()));
    updateOrAppendAs(testSubject2, unaffectedPreference);

    final Preference p1 = PreferenceFactory.fromAttributes(_testObject, PreferenceTestHelper.createPreferenceAttributes(
            null,
            null,
            preferenceType,
            "propName",
            null,
            TEST_PRINCIPAL_SERIALIZATION,
            null,
            Collections.<String, Object>emptyMap()));
    updateOrAppendAs(_testSubject, p1);

    Subject.doAs(_testSubject, new PrivilegedAction<Void>()
    {
        @Override
        public Void run()
        {
            awaitPreferenceFuture(_testObject.getUserPreferences().replace(Collections.<Preference>emptySet()));
            return null;
        }
    });

    assertPreferences(_testSubject);
    assertPreferences(testSubject2, unaffectedPreference);
}