Examples of net.jini.io.UnsupportedConstraintException

• net.jini.io.UnsupportedConstraintException
  Typically used as the nested exception of a {@link java.rmi.ConnectIOException} if the constraints for a remote callcannot be satisfied. Such an exception can be thrown at the point a remote method is invoked for a variety of reasons, including:

  • A client requirement is not supported by the server.
  • A client or server requirement conflicts with some other client or server requirement.
  • A client or server requirement cannot be satisfied by the proxy implementation.
  • The local subject that would be used for authentication does not contain sufficient credentials to satisfy a client or server requirement.
  • For a client or server requirement, the proxy implementation does not implement any algorithm in common with the server (for example, because the proxy implementation only uses algorithms that are available in the client environment rather than downloading algorithm implementations).
  • A delegated remote call is being attempted, and the current time is either earlier than the granted delegation start time or later than the granted delegation stop time.

  @author Sun Microsystems, Inc. @since 2.0 @see net.jini.core.constraint.RemoteMethodControl

      }
  }
  if (!contexts.isEmpty()) {
      return contexts;
  } else {
      throw new UnsupportedConstraintException(
    "Constraints not supported: " + constraints + ";" +
    (missingPublic.isEmpty() ? ""
     : ("\nmissing principals or public credentials: " +
        missingPublic)) +
    (missingPrivate.isEmpty() ? ""

      {
    InvocationConstraint c = (InvocationConstraint) i.next();
    if (c == Integrity.YES) {
        integrity = true;
    } else if (!(c instanceof Integrity)) {
        throw new UnsupportedConstraintException(
      "cannot satisfy unfulfilled constraint: " + c);
    }
    // REMIND: support ConstraintAlternatives containing Integrity?
      }

      "connection configuration for the request", null,
      exceptionCaught);
    }
    if (rh.errorCode == UNSUPPORTABLE_CONSTRAINT_REQUIRED)
        throw (UnsupportedConstraintException) exceptionCaught;
    UnsupportedConstraintException genericException =
        new UnsupportedConstraintException(
                        "Either there are conflicting or unsatisfiable " +
      "constraint requirements, " +
      "or the JAAS login has not been " +
      "done (Subject.getSubject(AccessController." +
      "getContext()) returns null), or no appropriate " +

  }

  Exception detailedException = null;
  if (usePrincipalInSubject) {
      if (serverSubject == null) {
    detailedException = new UnsupportedConstraintException(
        "Forgot JAAS login?  Using default " +
        "serverSubject but no subject is associated " +
        "with the current access control context.");
      } else {
    try {
        serverPrincipal = findServerPrincipal(serverSubject);
    } catch (Exception e) {
        detailedException = e;
    }
      }
  } else if (useCurrentSubject) {
      try {
                /* caller provided principal, but want to use the
                   current subject, should only proceed if caller has
                   the listen AuthenticationPermission */
    KerberosUtil.checkAuthPermission(
        serverPrincipal, null, "listen");
    if (serverSubject == null) {
        detailedException = new UnsupportedConstraintException(
      "Forgot JAAS login?  Using default " +
      "serverSubject but no subject is associated " +
      "with the current access control context.");
    }
      } catch (SecurityException e) {
    serverSubject = null;
    // will throw a SecurityException in enumerateListenEndpoints
      }
  }

  if (detailedException != null) {
      if (logger.isLoggable(Levels.FAILED)) {
    KerberosUtil.logThrow(
        logger, Levels.FAILED, this.getClass(),
        "constructor", "construction failed", null,
        detailedException);
      }
      KerberosUtil.secureThrow(
    detailedException, new UnsupportedConstraintException(
        "Either the caller has not been granted the right " +
        "AuthenticationPermission, or there is no default " +
        "server subject (<code>Subject.getSubject(" +
        "AccessController.getContext())</code> returns " +
        "<code>null</code>), or no appropriate Kerberos " +

      for (Iterator iter = constraints.requirements().iterator();
     iter.hasNext(); )
      {
    InvocationConstraint c = (InvocationConstraint)iter.next();
    if (!KerberosUtil.isSupportableConstraint(c)) {
        throw new UnsupportedConstraintException(
      "A constraint unsupportable by this endpoint " +
      "has been required: " + c);
    }
      }

      if (getKey(serverSubject, serverPrincipal) == null) {
    throw new UnsupportedConstraintException(
        "Failed to find a valid Kerberos key " +
        "corresponding to serverPrincipal (" + serverPrincipal +
        ") in serverSubject.");
      }

      // now check whether the constraints are satisfiable

      // first find all client principal candidates in constraints
      HashSet cpCandidates = new HashSet();
      for (Iterator iter = constraints.requirements().iterator();
     iter.hasNext(); )
      {
    if (!KerberosUtil.collectCpCandidates(
        (InvocationConstraint) iter.next(), cpCandidates))
    {
        throw new UnsupportedConstraintException(
      "Client principal constraint related conflicts " +
      "found in the given set of constraints: " +
      constraints);
    }
      }

      if (cpCandidates.size() == 0) {
    /* no client principal constraints is required, anyone
       will pass */
    cpCandidates.add(new KerberosPrincipal("anyone"));
      }

      // look for a satisfiable config
      boolean doable = false;
      ConfigIter citer =
    new ConfigIter(cpCandidates, serverPrincipal, true);
    outer:
      while (citer.hasNext()) {
    Config config = citer.next();
    for (Iterator iter = constraints.requirements().iterator();
         iter.hasNext(); )
    {
        InvocationConstraint c =
      (InvocationConstraint) iter.next();
        if (!KerberosUtil.isSatisfiable(config, c))
      continue outer;
    }
    doable = true;
    break;
      }

      if (!doable) {
    throw new UnsupportedConstraintException(
        "Conflicts found in the given set of constraints: " +
        constraints);
      }

      unfulfilledConstraints = InvocationConstraints.EMPTY;

        kpset.add(p);
      }
  }

  if (kpset.isEmpty()) {
      throw new UnsupportedConstraintException(
    "No KerberosPrincipal found in the serverSubject.");
  }

  boolean hasAuthPerm = false;
  for (Iterator iter = kpset.iterator(); iter.hasNext();) {
      KerberosPrincipal kp = (KerberosPrincipal) iter.next();
      try {
    if (getKey(subject, kp) != null) {
        return kp;
    } else {
        // if reach here, has auth perm, but no key
        hasAuthPerm = true;
    }
      } catch (SecurityException e) {}
  }

  // note that exceptions throw here are logged in the constructor
  if (hasAuthPerm) {
      throw new UnsupportedConstraintException(
    "Cannot find any Kerberos key in the serverSubject " +
    "corresponding to one of its principals.");
  } else {
      throw new SecurityException(
    "Caller does not have AuthenticationPermission " +

      try {
    // make sure that serverPrincipal is in serverSubject
    if (serverSubject != null &&
        !serverSubject.getPrincipals().contains(serverPrincipal))
    {
        throw new UnsupportedConstraintException(
      "Failed to find serverPrincipal " + serverPrincipal +
      "in serverSubject's principal set, cannot listen.");
    }

    // getKey checks AuthenticationPermission "listen"
    serverKey = getKey(serverSubject, serverPrincipal);

    if (serverKey == null) {
        throw new UnsupportedConstraintException(
      "No valid Kerberos key in the server subject for " +
      serverPrincipal + ", cannot listen.");
    }

    synchronized (classLock) {
        if (gssManager == null) {
      gssManager = GSSManager.getInstance();
        }
    }

    try {
        serverCred = (GSSCredential) Security.doPrivileged(
      new PrivilegedExceptionAction() {
        public Object run() throws GSSException {
            return KerberosUtil.getGSSCredential(
          serverSubject, serverPrincipal,
          gssManager, GSSCredential.ACCEPT_ONLY);
        }
          });
    } catch (PrivilegedActionException pe) {
        GSSException ge = (GSSException) pe.getException();
        throw new UnsupportedConstraintException(
      "Failed to get GSSCredential for server principal: " +
      serverPrincipal, ge);
    }
      } catch (UnsupportedConstraintException uce) {
    if (logger.isLoggable(Levels.FAILED)) {

      {
    try {
        InvocationConstraint c =
      (InvocationConstraint) iter.next();
        if (!KerberosUtil.isSupportableConstraint(c)) {
      UnsupportedConstraintException e =
          new UnsupportedConstraintException(
        "A constraint unsupportable by this " +
        "endpoint has been required: " + c);
      softCache.put(key, e);
      throw e;
        }

        if (!KerberosUtil.isSatisfiable(rh.config, c)) {
      UnsupportedConstraintException e =
          new UnsupportedConstraintException(
        "A required constraint (" + c + ") is not " +
        "satisfied by this connection: " + this);
      softCache.put(key, e);
      throw e;
        }

      InvocationConstraint c = (InvocationConstraint) i.next();
      Object d = distill(c, request);
      if (d instanceof InvocationConstraint) {
    dist.add(d);
      } else if (required && d == UNSUPPORTED) {
    throw new UnsupportedConstraintException("unsupported: " + c);
      }
  }
  return dist;
    }

        chosen = c;
        best = score;
    }
      }
      if (chosen == null) {
    UnsupportedConstraintException uce =
        new UnsupportedConstraintException(
      "unsupported constraints: " + constraints);
    if (se != null) {
        // At least one principal was rejected due to lack
        // of authentication permissions
        secureThrow(se, uce);