equal
deleted
inserted
replaced
33 import javax.security.auth.Subject; |
33 import javax.security.auth.Subject; |
34 |
34 |
35 import javax.management.remote.SubjectDelegationPermission; |
35 import javax.management.remote.SubjectDelegationPermission; |
36 |
36 |
37 import com.sun.jmx.remote.util.CacheMap; |
37 import com.sun.jmx.remote.util.CacheMap; |
|
38 import java.util.ArrayList; |
|
39 import java.util.Collection; |
38 |
40 |
39 public class SubjectDelegator { |
41 public class SubjectDelegator { |
40 private static final int PRINCIPALS_CACHE_SIZE = 10; |
42 private static final int PRINCIPALS_CACHE_SIZE = 10; |
41 private static final int ACC_CACHE_SIZE = 10; |
43 private static final int ACC_CACHE_SIZE = 10; |
42 |
44 |
51 delegatedContext(AccessControlContext authenticatedACC, |
53 delegatedContext(AccessControlContext authenticatedACC, |
52 Subject delegatedSubject, |
54 Subject delegatedSubject, |
53 boolean removeCallerContext) |
55 boolean removeCallerContext) |
54 throws SecurityException { |
56 throws SecurityException { |
55 |
57 |
|
58 if (System.getSecurityManager() != null && authenticatedACC == null) { |
|
59 throw new SecurityException("Illegal AccessControlContext: null"); |
|
60 } |
56 if (principalsCache == null || accCache == null) { |
61 if (principalsCache == null || accCache == null) { |
57 principalsCache = |
62 principalsCache = |
58 new CacheMap<Subject, Principal[]>(PRINCIPALS_CACHE_SIZE); |
63 new CacheMap<>(PRINCIPALS_CACHE_SIZE); |
59 accCache = |
64 accCache = |
60 new CacheMap<Subject, AccessControlContext>(ACC_CACHE_SIZE); |
65 new CacheMap<>(ACC_CACHE_SIZE); |
61 } |
66 } |
62 |
67 |
63 // Retrieve the principals for the given |
68 // Retrieve the principals for the given |
64 // delegated subject from the cache |
69 // delegated subject from the cache |
65 // |
70 // |
99 // Check if the subject delegation permission allows the |
104 // Check if the subject delegation permission allows the |
100 // authenticated subject to assume the identity of each |
105 // authenticated subject to assume the identity of each |
101 // principal in the delegated subject |
106 // principal in the delegated subject |
102 // |
107 // |
103 final Principal[] dp = delegatedPrincipals; |
108 final Principal[] dp = delegatedPrincipals; |
|
109 final Collection<Permission> permissions = new ArrayList<>(dp.length); |
|
110 for(Principal p : dp) { |
|
111 final String pname = p.getClass().getName() + "." + p.getName(); |
|
112 permissions.add(new SubjectDelegationPermission(pname)); |
|
113 } |
104 PrivilegedAction<Void> action = |
114 PrivilegedAction<Void> action = |
105 new PrivilegedAction<Void>() { |
115 new PrivilegedAction<Void>() { |
106 public Void run() { |
116 public Void run() { |
107 for (int i = 0 ; i < dp.length ; i++) { |
117 for (Permission sdp : permissions) { |
108 final String pname = |
|
109 dp[i].getClass().getName() + "." + dp[i].getName(); |
|
110 Permission sdp = |
|
111 new SubjectDelegationPermission(pname); |
|
112 AccessController.checkPermission(sdp); |
118 AccessController.checkPermission(sdp); |
113 } |
119 } |
114 return null; |
120 return null; |
115 } |
121 } |
116 }; |
122 }; |