Package org.hibernate.secure

Source Code of org.hibernate.secure.JACCPermissions$SetContextID

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
/*
* Hibernate, Relational Persistence for Idiomatic Java
*
* Copyright (c) 2008, Red Hat Middleware LLC or third-party contributors as
* indicated by the @author tags or express copyright attribution
* statements applied by the authors.  All third-party contributions are
* distributed under license by Red Hat Middleware LLC.
*
* This copyrighted material is made available to anyone wishing to use, modify,
* copy, or redistribute it subject to the terms and conditions of the GNU
* Lesser General Public License, as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
* for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this distribution; if not, write to:
* Free Software Foundation, Inc.
* 51 Franklin Street, Fifth Floor
* Boston, MA  02110-1301  USA
*
*/
package org.hibernate.secure;

import java.lang.reflect.UndeclaredThrowableException;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.util.Set;

import javax.security.auth.Subject;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;


/**
* Copied from JBoss org.jboss.ejb3.security.JaccHelper and org.jboss.ejb3.security.SecurityActions
*
* @author <a href="mailto:kabir.khan@jboss.org">Kabir Khan</a>
*/
public class JACCPermissions {

  public static void checkPermission(Class clazz, String contextID, EJBMethodPermission methodPerm)
      throws SecurityException {
    CodeSource ejbCS = clazz.getProtectionDomain().getCodeSource();

    try {
      setContextID( contextID );

      Policy policy = Policy.getPolicy();
      // Get the caller
      Subject caller = getContextSubject();

      Principal[] principals = null;
      if ( caller != null ) {
        // Get the caller principals
        Set principalsSet = caller.getPrincipals();
        principals = new Principal[ principalsSet.size() ];
        principalsSet.toArray( principals );
      }

      ProtectionDomain pd = new ProtectionDomain( ejbCS, null, null, principals );
      if ( !policy.implies( pd, methodPerm ) ) {
        String msg = "Denied: " + methodPerm + ", caller=" + caller;
        SecurityException e = new SecurityException( msg );
        throw e;
      }
    }
    catch (PolicyContextException e) {
      throw new RuntimeException( e );
    }
  }

  interface PolicyContextActions {
    /**
     * The JACC PolicyContext key for the current Subject
     */
    static final String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
    PolicyContextActions PRIVILEGED = new PolicyContextActions() {
      private final PrivilegedExceptionAction exAction = new PrivilegedExceptionAction() {
        public Object run() throws Exception {
          return (Subject) PolicyContext.getContext( SUBJECT_CONTEXT_KEY );
        }
      };

      public Subject getContextSubject() throws PolicyContextException {
        try {
          return (Subject) AccessController.doPrivileged( exAction );
        }
        catch (PrivilegedActionException e) {
          Exception ex = e.getException();
          if ( ex instanceof PolicyContextException ) {
            throw (PolicyContextException) ex;
          }
          else {
            throw new UndeclaredThrowableException( ex );
          }
        }
      }
    };

    PolicyContextActions NON_PRIVILEGED = new PolicyContextActions() {
      public Subject getContextSubject() throws PolicyContextException {
        return (Subject) PolicyContext.getContext( SUBJECT_CONTEXT_KEY );
      }
    };

    Subject getContextSubject() throws PolicyContextException;
  }

  static Subject getContextSubject() throws PolicyContextException {
    if ( System.getSecurityManager() == null ) {
      return PolicyContextActions.NON_PRIVILEGED.getContextSubject();
    }
    else {
      return PolicyContextActions.PRIVILEGED.getContextSubject();
    }
  }

  private static class SetContextID implements PrivilegedAction {
    String contextID;

    SetContextID(String contextID) {
      this.contextID = contextID;
    }

    public Object run() {
      String previousID = PolicyContext.getContextID();
      PolicyContext.setContextID( contextID );
      return previousID;
    }
  }

  static String setContextID(String contextID) {
    PrivilegedAction action = new SetContextID( contextID );
    String previousID = (String) AccessController.doPrivileged( action );
    return previousID;
  }
}
TOP

Related Classes of org.hibernate.secure.JACCPermissions$SetContextID

  • javax.security.auth.Subject
  • java.security.Policy
  • java.security.PrivilegedAction
  • java.security.CodeSource
  • java.util.Set
  • java.security.ProtectionDomain
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.