Example #1
0
  private void loadDefaultCallbackHandler() throws LoginException {

    // get the default handler class
    try {

      final ClassLoader finalLoader = contextClassLoader;

      this.callbackHandler =
          java.security.AccessController.doPrivileged(
              new java.security.PrivilegedExceptionAction<CallbackHandler>() {
                public CallbackHandler run() throws Exception {
                  String defaultHandler = java.security.Security.getProperty(DEFAULT_HANDLER);
                  if (defaultHandler == null || defaultHandler.length() == 0) return null;
                  Class<? extends CallbackHandler> c =
                      Class.forName(defaultHandler, true, finalLoader)
                          .asSubclass(CallbackHandler.class);
                  return c.newInstance();
                }
              });
    } catch (java.security.PrivilegedActionException pae) {
      throw new LoginException(pae.getException().toString());
    }

    // secure it with the caller's ACC
    if (this.callbackHandler != null && creatorAcc == null) {
      this.callbackHandler =
          new SecureCallbackHandler(
              java.security.AccessController.getContext(), this.callbackHandler);
    }
  }
Example #2
0
 /**
  * Instantiate a new {@code LoginContext} object with a name and a {@code CallbackHandler} object.
  *
  * <p>
  *
  * @param name the name used as the index into the {@code Configuration}.
  *     <p>
  * @param callbackHandler the {@code CallbackHandler} object used by LoginModules to communicate
  *     with the user.
  * @exception LoginException if the caller-specified {@code name} does not appear in the {@code
  *     Configuration} and there is no {@code Configuration} entry for "<i>other</i>", or if the
  *     caller-specified {@code callbackHandler} is {@code null}.
  *     <p>
  * @exception SecurityException if a SecurityManager is set and the caller does not have
  *     AuthPermission("createLoginContext.<i>name</i>"), or if a configuration entry for
  *     <i>name</i> does not exist and the caller does not additionally have
  *     AuthPermission("createLoginContext.other")
  */
 public LoginContext(String name, CallbackHandler callbackHandler) throws LoginException {
   init(name);
   if (callbackHandler == null)
     throw new LoginException(ResourcesMgr.getString("invalid.null.CallbackHandler.provided"));
   this.callbackHandler =
       new SecureCallbackHandler(java.security.AccessController.getContext(), callbackHandler);
 }
Example #3
0
  /**
   * Instantiate a new {@code LoginContext} object with a name, a {@code Subject} to be
   * authenticated, a {@code CallbackHandler} object, and a login {@code Configuration}.
   *
   * <p>
   *
   * @param name the name used as the index into the caller-specified {@code Configuration}.
   *     <p>
   * @param subject the {@code Subject} to authenticate, or {@code null}.
   *     <p>
   * @param callbackHandler the {@code CallbackHandler} object used by LoginModules to communicate
   *     with the user, or {@code null}.
   *     <p>
   * @param config the {@code Configuration} that lists the login modules to be called to perform
   *     the authentication, or {@code null}.
   * @exception LoginException if the caller-specified {@code name} does not appear in the {@code
   *     Configuration} and there is no {@code Configuration} entry for "<i>other</i>".
   *     <p>
   * @exception SecurityException if a SecurityManager is set, <i>config</i> is {@code null}, and
   *     either the caller does not have AuthPermission("createLoginContext.<i>name</i>"), or if a
   *     configuration entry for <i>name</i> does not exist and the caller does not additionally
   *     have AuthPermission("createLoginContext.other")
   * @since 1.5
   */
  public LoginContext(
      String name, Subject subject, CallbackHandler callbackHandler, Configuration config)
      throws LoginException {
    this.config = config;
    if (config != null) {
      creatorAcc = java.security.AccessController.getContext();
    }

    init(name);
    if (subject != null) {
      this.subject = subject;
      subjectProvided = true;
    }
    if (callbackHandler == null) {
      loadDefaultCallbackHandler();
    } else if (creatorAcc == null) {
      this.callbackHandler =
          new SecureCallbackHandler(java.security.AccessController.getContext(), callbackHandler);
    } else {
      this.callbackHandler = callbackHandler;
    }
  }
Example #4
0
 /**
  * Invokes the login, commit, and logout methods from a LoginModule inside a doPrivileged block
  * restricted by creatorAcc (may be null).
  *
  * <p>This version is called if the caller did not instantiate the LoginContext with a
  * Configuration object.
  */
 private void invokePriv(final String methodName) throws LoginException {
   try {
     java.security.AccessController.doPrivileged(
         new java.security.PrivilegedExceptionAction<Void>() {
           public Void run() throws LoginException {
             invoke(methodName);
             return null;
           }
         },
         creatorAcc);
   } catch (java.security.PrivilegedActionException pae) {
     throw (LoginException) pae.getException();
   }
 }
Example #5
0
 public void handle(final Callback[] callbacks)
     throws java.io.IOException, UnsupportedCallbackException {
   try {
     java.security.AccessController.doPrivileged(
         new java.security.PrivilegedExceptionAction<Void>() {
           public Void run() throws java.io.IOException, UnsupportedCallbackException {
             ch.handle(callbacks);
             return null;
           }
         },
         acc);
   } catch (java.security.PrivilegedActionException pae) {
     if (pae.getException() instanceof java.io.IOException) {
       throw (java.io.IOException) pae.getException();
     } else {
       throw (UnsupportedCallbackException) pae.getException();
     }
   }
 }
Example #6
0
  private void init(String name) throws LoginException {

    SecurityManager sm = System.getSecurityManager();
    if (sm != null && creatorAcc == null) {
      sm.checkPermission(new AuthPermission("createLoginContext." + name));
    }

    if (name == null) throw new LoginException(ResourcesMgr.getString("Invalid.null.input.name"));

    // get the Configuration
    if (config == null) {
      config =
          java.security.AccessController.doPrivileged(
              new java.security.PrivilegedAction<Configuration>() {
                public Configuration run() {
                  return Configuration.getConfiguration();
                }
              });
    }

    // get the LoginModules configured for this application
    AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name);
    if (entries == null) {

      if (sm != null && creatorAcc == null) {
        sm.checkPermission(new AuthPermission("createLoginContext." + OTHER));
      }

      entries = config.getAppConfigurationEntry(OTHER);
      if (entries == null) {
        MessageFormat form =
            new MessageFormat(ResourcesMgr.getString("No.LoginModules.configured.for.name"));
        Object[] source = {name};
        throw new LoginException(form.format(source));
      }
    }
    moduleStack = new ModuleInfo[entries.length];
    for (int i = 0; i < entries.length; i++) {
      // clone returned array
      moduleStack[i] =
          new ModuleInfo(
              new AppConfigurationEntry(
                  entries[i].getLoginModuleName(),
                  entries[i].getControlFlag(),
                  entries[i].getOptions()),
              null);
    }

    contextClassLoader =
        java.security.AccessController.doPrivileged(
            new java.security.PrivilegedAction<ClassLoader>() {
              public ClassLoader run() {
                ClassLoader loader = Thread.currentThread().getContextClassLoader();
                if (loader == null) {
                  // Don't use bootstrap class loader directly to ensure
                  // proper package access control!
                  loader = ClassLoader.getSystemClassLoader();
                }

                return loader;
              }
            });
  }