Java Code Examples for javax.security.auth.Subject#getSubject()

The following examples show how to use javax.security.auth.Subject#getSubject() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: Krb5Util.java    From jdk8u-dev-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Retrieves the ServiceCreds for the specified server principal from
 * the Subject in the specified AccessControlContext. If not found, and if
 * useSubjectCredsOnly is false, then obtain from a LoginContext.
 *
 * NOTE: This method is also used by JSSE Kerberos Cipher Suites
 */
public static ServiceCreds getServiceCreds(GSSCaller caller,
    String serverPrincipal, AccessControlContext acc)
            throws LoginException {

    Subject accSubj = Subject.getSubject(acc);
    ServiceCreds sc = null;
    if (accSubj != null) {
        sc = ServiceCreds.getInstance(accSubj, serverPrincipal);
    }
    if (sc == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
        sc = ServiceCreds.getInstance(subject, serverPrincipal);
    }
    return sc;
}
 
Example 2
Source File: UserPreferencesImpl.java    From qpid-broker-j with Apache License 2.0 6 votes vote down vote up
private void checkForValidVisibilityLists(final Collection<Preference> preferences)
{
    Subject currentSubject = Subject.getSubject(AccessController.getContext());
    if (currentSubject == null)
    {
        throw new IllegalStateException("Current thread does not have a user");
    }

    Set<Principal> principals = currentSubject.getPrincipals();

    for (Preference preference : preferences)
    {
        for (Principal visibilityPrincipal : preference.getVisibilityList())
        {
            if (!principalsContain(principals, visibilityPrincipal))
            {
                String errorMessage =
                        String.format("Invalid visibilityList, this user does not hold principal '%s'",
                                      visibilityPrincipal);
                throw new IllegalArgumentException(errorMessage);
            }
        }
    }
}
 
Example 3
Source File: Krb5Util.java    From openjdk-8-source with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Retrieves the ServiceCreds for the specified server principal from
 * the Subject in the specified AccessControlContext. If not found, and if
 * useSubjectCredsOnly is false, then obtain from a LoginContext.
 *
 * NOTE: This method is also used by JSSE Kerberos Cipher Suites
 */
public static ServiceCreds getServiceCreds(GSSCaller caller,
    String serverPrincipal, AccessControlContext acc)
            throws LoginException {

    Subject accSubj = Subject.getSubject(acc);
    ServiceCreds sc = null;
    if (accSubj != null) {
        sc = ServiceCreds.getInstance(accSubj, serverPrincipal);
    }
    if (sc == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
        sc = ServiceCreds.getInstance(subject, serverPrincipal);
    }
    return sc;
}
 
Example 4
Source File: Krb5Util.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Retrieves the ticket corresponding to the client/server principal
 * pair from the Subject in the specified AccessControlContext.
 * If the ticket can not be found in the Subject, and if
 * useSubjectCredsOnly is false, then obtain ticket from
 * a LoginContext.
 */
static KerberosTicket getTicket(GSSCaller caller,
    String clientPrincipal, String serverPrincipal,
    AccessControlContext acc) throws LoginException {

    // Try to get ticket from acc's Subject
    Subject accSubj = Subject.getSubject(acc);
    KerberosTicket ticket =
        SubjectComber.find(accSubj, serverPrincipal, clientPrincipal,
              KerberosTicket.class);

    // Try to get ticket from Subject obtained from GSSUtil
    if (ticket == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
        ticket = SubjectComber.find(subject,
            serverPrincipal, clientPrincipal, KerberosTicket.class);
    }
    return ticket;
}
 
Example 5
Source File: Krb5Util.java    From jdk8u60 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Retrieves the ServiceCreds for the specified server principal from
 * the Subject in the specified AccessControlContext. If not found, and if
 * useSubjectCredsOnly is false, then obtain from a LoginContext.
 *
 * NOTE: This method is also used by JSSE Kerberos Cipher Suites
 */
public static ServiceCreds getServiceCreds(GSSCaller caller,
    String serverPrincipal, AccessControlContext acc)
            throws LoginException {

    Subject accSubj = Subject.getSubject(acc);
    ServiceCreds sc = null;
    if (accSubj != null) {
        sc = ServiceCreds.getInstance(accSubj, serverPrincipal);
    }
    if (sc == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
        sc = ServiceCreds.getInstance(subject, serverPrincipal);
    }
    return sc;
}
 
Example 6
Source File: NestedActions.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
@Override
public Object run() {
    Utils.writeFile(filename);
    AccessControlContext acc = AccessController.getContext();
    Subject subject = Subject.getSubject(acc);
    return Subject.doAs(subject, nextAction);
}
 
Example 7
Source File: Krb5Util.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Retrieves the ticket corresponding to the client/server principal
 * pair from the Subject in the specified AccessControlContext.
 */
static KerberosTicket getServiceTicket(GSSCaller caller,
    String clientPrincipal, String serverPrincipal,
    AccessControlContext acc) throws LoginException {

    // Try to get ticket from acc's Subject
    Subject accSubj = Subject.getSubject(acc);
    KerberosTicket ticket =
        SubjectComber.find(accSubj, serverPrincipal, clientPrincipal,
              KerberosTicket.class);

    return ticket;
}
 
Example 8
Source File: ArtemisMBeanServerGuard.java    From activemq-artemis with Apache License 2.0 5 votes vote down vote up
public static boolean currentUserHasRole(String requestedRole) {

      String clazz;
      String role;
      int index = requestedRole.indexOf(':');
      if (index > 0) {
         clazz = requestedRole.substring(0, index);
         role = requestedRole.substring(index + 1);
      } else {
         clazz = "org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal";
         role = requestedRole;
      }
      AccessControlContext acc = AccessController.getContext();
      if (acc == null) {
         return false;
      }
      Subject subject = Subject.getSubject(acc);
      if (subject == null) {
         return false;
      }
      for (Principal p : subject.getPrincipals()) {
         if (clazz.equals(p.getClass().getName()) && role.equals(p.getName())) {
            return true;
         }
      }
      return false;
   }
 
Example 9
Source File: ProducerFlowControlOverflowPolicyHandler.java    From qpid-broker-j with Apache License 2.0 5 votes vote down vote up
private void checkOverfull(final long maximumQueueDepthBytes, final long maximumQueueDepthMessages)
{
    final long queueDepthBytes = _queue.getQueueDepthBytes();
    final long queueDepthMessages = _queue.getQueueDepthMessages();

    if ((maximumQueueDepthBytes >= 0L && queueDepthBytes > maximumQueueDepthBytes) ||
        (maximumQueueDepthMessages >= 0L && queueDepthMessages > maximumQueueDepthMessages))
    {
        Subject subject = Subject.getSubject(AccessController.getContext());
        Set<SessionPrincipal> sessionPrincipals = subject.getPrincipals(SessionPrincipal.class);
        if (!sessionPrincipals.isEmpty())
        {
            SessionPrincipal sessionPrincipal = sessionPrincipals.iterator().next();
            if (sessionPrincipal != null)
            {

                if (_overfullReported.compareAndSet(false, true))
                {
                    _eventLogger.message(_queue.getLogSubject(),
                                         QueueMessages.OVERFULL(queueDepthBytes,
                                                                maximumQueueDepthBytes,
                                                                queueDepthMessages,
                                                                maximumQueueDepthMessages));
                }

                final AMQPSession<?, ?> session = sessionPrincipal.getSession();
                _blockedSessions.add(session);
                session.block(_queue);
            }
        }
    }
}
 
Example 10
Source File: Krb5Util.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Retrieves the caller's Subject, or Subject obtained by logging in
 * via the specified caller.
 *
 * Caller must have permission to:
 *    - access the Subject
 *    - create LoginContext
 *    - read the auth.login.defaultCallbackHandler security property
 *
 * NOTE: This method is used by JSSE Kerberos Cipher Suites
 */
public static Subject getSubject(GSSCaller caller,
    AccessControlContext acc) throws LoginException {

    // Try to get the Subject from acc
    Subject subject = Subject.getSubject(acc);

    // Try to get Subject obtained from GSSUtil
    if (subject == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
    }
    return subject;
}
 
Example 11
Source File: SimpleStandard.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Check that the principal contained in the Subject is of
 * type JMXPrincipal and refers to the principalName identity.
 */
private void checkSubject(String op) {
    AccessControlContext acc = AccessController.getContext();
    Subject subject = Subject.getSubject(acc);
    Set principals = subject.getPrincipals();
    Principal principal = (Principal) principals.iterator().next();
    if (!(principal instanceof JMXPrincipal))
        throw new SecurityException(op+": Authenticated subject contains " +
                                    "invalid principal type = " +
                                    principal.getClass().getName());
    String identity = principal.getName();
    if (!identity.equals(principalName))
        throw new SecurityException(op+": Authenticated subject contains " +
                                    "invalid principal name = " + identity);
}
 
Example 12
Source File: NestedActions.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
@Override
public java.lang.Object run() {
    System.out.println("ReadPropertyAction: "
            + "try to read 'java.class.path' property");

    AccessControlContext acc = AccessController.getContext();
    Subject s = Subject.getSubject(acc);
    System.out.println("principals = " + s.getPrincipals());
    System.out.println("java.class.path = "
            + System.getProperty("java.class.path"));

    return null;
}
 
Example 13
Source File: Krb5Util.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Retrieves the caller's Subject, or Subject obtained by logging in
 * via the specified caller.
 *
 * Caller must have permission to:
 *    - access the Subject
 *    - create LoginContext
 *    - read the auth.login.defaultCallbackHandler security property
 *
 * NOTE: This method is used by JSSE Kerberos Cipher Suites
 */
public static Subject getSubject(GSSCaller caller,
    AccessControlContext acc) throws LoginException {

    // Try to get the Subject from acc
    Subject subject = Subject.getSubject(acc);

    // Try to get Subject obtained from GSSUtil
    if (subject == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
    }
    return subject;
}
 
Example 14
Source File: NestedActions.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
static void readFile(String filename) {
    System.out.println("ReadFromFileAction: try to read " + filename);
    AccessControlContext acc = AccessController.getContext();
    Subject subject = Subject.getSubject(acc);
    System.out.println("principals = " + subject.getPrincipals());
    try (FileInputStream fis = new FileInputStream(filename)) {
        // do nothing
    } catch (IOException e) {
        throw new RuntimeException("Unexpected IOException", e);
    }
}
 
Example 15
Source File: NestedActions.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
static void readFile(String filename) {
    System.out.println("ReadFromFileAction: try to read " + filename);
    AccessControlContext acc = AccessController.getContext();
    Subject subject = Subject.getSubject(acc);
    System.out.println("principals = " + subject.getPrincipals());
    try (FileInputStream fis = new FileInputStream(filename)) {
        // do nothing
    } catch (IOException e) {
        throw new RuntimeException("Unexpected IOException", e);
    }
}
 
Example 16
Source File: ManagementNode.java    From qpid-broker-j with Apache License 2.0 5 votes vote down vote up
private AmqpConnectionMetaData getCallerConnectionMetaData()
{
    Subject currentSubject = Subject.getSubject(AccessController.getContext());
    Set<ConnectionPrincipal> connectionPrincipals = currentSubject.getPrincipals(ConnectionPrincipal.class);
    if (connectionPrincipals.isEmpty())
    {
        throw new IllegalStateException("Cannot find connection principal on calling thread");
    }

    ConnectionPrincipal principal = connectionPrincipals.iterator().next();
    return principal.getConnectionMetaData();
}
 
Example 17
Source File: NestedActions.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
@Override
public Object run() throws Exception {
    Utils.writeFile(filename);
    AccessControlContext acc = AccessController.getContext();
    Subject subject = Subject.getSubject(acc);
    ReadFromFileExceptionAction readFromFile =
            new ReadFromFileExceptionAction(filename);
    return Subject.doAs(subject, readFromFile);
}
 
Example 18
Source File: Krb5Util.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Retrieves the caller's Subject, or Subject obtained by logging in
 * via the specified caller.
 *
 * Caller must have permission to:
 *    - access the Subject
 *    - create LoginContext
 *    - read the auth.login.defaultCallbackHandler security property
 *
 * NOTE: This method is used by JSSE Kerberos Cipher Suites
 */
public static Subject getSubject(GSSCaller caller,
    AccessControlContext acc) throws LoginException {

    // Try to get the Subject from acc
    Subject subject = Subject.getSubject(acc);

    // Try to get Subject obtained from GSSUtil
    if (subject == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
    }
    return subject;
}
 
Example 19
Source File: UserPreferencesImpl.java    From qpid-broker-j with Apache License 2.0 4 votes vote down vote up
private PreferencesTask(final String action, final Object... arguments)
{
    _action = action;
    _arguments = arguments;
    _subject = Subject.getSubject(AccessController.getContext());
}
 
Example 20
Source File: ServerNotifForwarder.java    From jdk1.8-source-analysis with Apache License 2.0 4 votes vote down vote up
private Subject getSubject() {
    return Subject.getSubject(AccessController.getContext());
}