|
Java example source code file (SubjectDelegator.java)
The SubjectDelegator.java Java example source code/* * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package com.sun.jmx.remote.security; import java.security.AccessController; import java.security.AccessControlContext; import java.security.Permission; import java.security.Principal; import java.security.PrivilegedAction; import javax.security.auth.Subject; import javax.management.remote.SubjectDelegationPermission; import com.sun.jmx.remote.util.CacheMap; public class SubjectDelegator { private static final int PRINCIPALS_CACHE_SIZE = 10; private static final int ACC_CACHE_SIZE = 10; private CacheMap<Subject, Principal[]> principalsCache; private CacheMap<Subject, AccessControlContext> accCache; /* Return the AccessControlContext appropriate to execute an operation on behalf of the delegatedSubject. If the authenticatedAccessControlContext does not have permission to delegate to that subject, throw SecurityException. */ public synchronized AccessControlContext delegatedContext(AccessControlContext authenticatedACC, Subject delegatedSubject, boolean removeCallerContext) throws SecurityException { if (principalsCache == null || accCache == null) { principalsCache = new CacheMap<Subject, Principal[]>(PRINCIPALS_CACHE_SIZE); accCache = new CacheMap<Subject, AccessControlContext>(ACC_CACHE_SIZE); } // Retrieve the principals for the given // delegated subject from the cache // Principal[] delegatedPrincipals = principalsCache.get(delegatedSubject); // Convert the set of principals stored in the // delegated subject into an array of principals // and store it in the cache // if (delegatedPrincipals == null) { delegatedPrincipals = delegatedSubject.getPrincipals().toArray(new Principal[0]); principalsCache.put(delegatedSubject, delegatedPrincipals); } // Retrieve the access control context for the // given delegated subject from the cache // AccessControlContext delegatedACC = accCache.get(delegatedSubject); // Build the access control context to be used // when executing code as the delegated subject // and store it in the cache // if (delegatedACC == null) { if (removeCallerContext) { delegatedACC = JMXSubjectDomainCombiner.getDomainCombinerContext( delegatedSubject); } else { delegatedACC = JMXSubjectDomainCombiner.getContext(delegatedSubject); } accCache.put(delegatedSubject, delegatedACC); } // Check if the subject delegation permission allows the // authenticated subject to assume the identity of each // principal in the delegated subject // final Principal[] dp = delegatedPrincipals; PrivilegedAction<Void> action = new PrivilegedAction<Void>() { public Void run() { for (int i = 0 ; i < dp.length ; i++) { final String pname = dp[i].getClass().getName() + "." + dp[i].getName(); Permission sdp = new SubjectDelegationPermission(pname); AccessController.checkPermission(sdp); } return null; } }; AccessController.doPrivileged(action, authenticatedACC); return delegatedACC; } /** * Check if the connector server creator can assume the identity of each * principal in the authenticated subject, i.e. check if the connector * server creator codebase contains a subject delegation permission for * each principal present in the authenticated subject. * * @return {@code true} if the connector server creator can delegate to all * the authenticated principals in the subject. Otherwise, {@code false}. */ public static synchronized boolean checkRemoveCallerContext(Subject subject) { try { final Principal[] dp = subject.getPrincipals().toArray(new Principal[0]); for (int i = 0 ; i < dp.length ; i++) { final String pname = dp[i].getClass().getName() + "." + dp[i].getName(); final Permission sdp = new SubjectDelegationPermission(pname); AccessController.checkPermission(sdp); } } catch (SecurityException e) { return false; } return true; } } Other Java examples (source code examples)Here is a short list of links related to this Java SubjectDelegator.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2024 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.