private void loadDefaultCallbackHandler() throws LoginException {
// get the default handler class
try {
final ClassLoader finalLoader = contextClassLoader;
this.callbackHandler =
java.security.AccessController.doPrivileged(
new java.security.PrivilegedExceptionAction<CallbackHandler>() {
public CallbackHandler run() throws Exception {
String defaultHandler = java.security.Security.getProperty(DEFAULT_HANDLER);
if (defaultHandler == null || defaultHandler.length() == 0) return null;
Class<? extends CallbackHandler> c =
Class.forName(defaultHandler, true, finalLoader)
.asSubclass(CallbackHandler.class);
return c.newInstance();
}
});
} catch (java.security.PrivilegedActionException pae) {
throw new LoginException(pae.getException().toString());
}
// secure it with the caller's ACC
if (this.callbackHandler != null && creatorAcc == null) {
this.callbackHandler =
new SecureCallbackHandler(
java.security.AccessController.getContext(), this.callbackHandler);
}
}
/**
* Instantiate a new {@code LoginContext} object with a name and a {@code CallbackHandler} object.
*
* <p>
*
* @param name the name used as the index into the {@code Configuration}.
* <p>
* @param callbackHandler the {@code CallbackHandler} object used by LoginModules to communicate
* with the user.
* @exception LoginException if the caller-specified {@code name} does not appear in the {@code
* Configuration} and there is no {@code Configuration} entry for "<i>other</i>", or if the
* caller-specified {@code callbackHandler} is {@code null}.
* <p>
* @exception SecurityException if a SecurityManager is set and the caller does not have
* AuthPermission("createLoginContext.<i>name</i>"), or if a configuration entry for
* <i>name</i> does not exist and the caller does not additionally have
* AuthPermission("createLoginContext.other")
*/
public LoginContext(String name, CallbackHandler callbackHandler) throws LoginException {
init(name);
if (callbackHandler == null)
throw new LoginException(ResourcesMgr.getString("invalid.null.CallbackHandler.provided"));
this.callbackHandler =
new SecureCallbackHandler(java.security.AccessController.getContext(), callbackHandler);
}
/**
* Instantiate a new {@code LoginContext} object with a name, a {@code Subject} to be
* authenticated, a {@code CallbackHandler} object, and a login {@code Configuration}.
*
* <p>
*
* @param name the name used as the index into the caller-specified {@code Configuration}.
* <p>
* @param subject the {@code Subject} to authenticate, or {@code null}.
* <p>
* @param callbackHandler the {@code CallbackHandler} object used by LoginModules to communicate
* with the user, or {@code null}.
* <p>
* @param config the {@code Configuration} that lists the login modules to be called to perform
* the authentication, or {@code null}.
* @exception LoginException if the caller-specified {@code name} does not appear in the {@code
* Configuration} and there is no {@code Configuration} entry for "<i>other</i>".
* <p>
* @exception SecurityException if a SecurityManager is set, <i>config</i> is {@code null}, and
* either the caller does not have AuthPermission("createLoginContext.<i>name</i>"), or if a
* configuration entry for <i>name</i> does not exist and the caller does not additionally
* have AuthPermission("createLoginContext.other")
* @since 1.5
*/
public LoginContext(
String name, Subject subject, CallbackHandler callbackHandler, Configuration config)
throws LoginException {
this.config = config;
if (config != null) {
creatorAcc = java.security.AccessController.getContext();
}
init(name);
if (subject != null) {
this.subject = subject;
subjectProvided = true;
}
if (callbackHandler == null) {
loadDefaultCallbackHandler();
} else if (creatorAcc == null) {
this.callbackHandler =
new SecureCallbackHandler(java.security.AccessController.getContext(), callbackHandler);
} else {
this.callbackHandler = callbackHandler;
}
}
/**
* Invokes the login, commit, and logout methods from a LoginModule inside a doPrivileged block
* restricted by creatorAcc (may be null).
*
* <p>This version is called if the caller did not instantiate the LoginContext with a
* Configuration object.
*/
private void invokePriv(final String methodName) throws LoginException {
try {
java.security.AccessController.doPrivileged(
new java.security.PrivilegedExceptionAction<Void>() {
public Void run() throws LoginException {
invoke(methodName);
return null;
}
},
creatorAcc);
} catch (java.security.PrivilegedActionException pae) {
throw (LoginException) pae.getException();
}
}
public void handle(final Callback[] callbacks)
throws java.io.IOException, UnsupportedCallbackException {
try {
java.security.AccessController.doPrivileged(
new java.security.PrivilegedExceptionAction<Void>() {
public Void run() throws java.io.IOException, UnsupportedCallbackException {
ch.handle(callbacks);
return null;
}
},
acc);
} catch (java.security.PrivilegedActionException pae) {
if (pae.getException() instanceof java.io.IOException) {
throw (java.io.IOException) pae.getException();
} else {
throw (UnsupportedCallbackException) pae.getException();
}
}
}
private void init(String name) throws LoginException {
SecurityManager sm = System.getSecurityManager();
if (sm != null && creatorAcc == null) {
sm.checkPermission(new AuthPermission("createLoginContext." + name));
}
if (name == null) throw new LoginException(ResourcesMgr.getString("Invalid.null.input.name"));
// get the Configuration
if (config == null) {
config =
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<Configuration>() {
public Configuration run() {
return Configuration.getConfiguration();
}
});
}
// get the LoginModules configured for this application
AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name);
if (entries == null) {
if (sm != null && creatorAcc == null) {
sm.checkPermission(new AuthPermission("createLoginContext." + OTHER));
}
entries = config.getAppConfigurationEntry(OTHER);
if (entries == null) {
MessageFormat form =
new MessageFormat(ResourcesMgr.getString("No.LoginModules.configured.for.name"));
Object[] source = {name};
throw new LoginException(form.format(source));
}
}
moduleStack = new ModuleInfo[entries.length];
for (int i = 0; i < entries.length; i++) {
// clone returned array
moduleStack[i] =
new ModuleInfo(
new AppConfigurationEntry(
entries[i].getLoginModuleName(),
entries[i].getControlFlag(),
entries[i].getOptions()),
null);
}
contextClassLoader =
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<ClassLoader>() {
public ClassLoader run() {
ClassLoader loader = Thread.currentThread().getContextClassLoader();
if (loader == null) {
// Don't use bootstrap class loader directly to ensure
// proper package access control!
loader = ClassLoader.getSystemClassLoader();
}
return loader;
}
});
}
