@Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { resp.setContentType("application/json"); final PrintWriter out = resp.getWriter(); HttpSession session = req.getSession(false); if (session != null) { Subject subject = (Subject) session.getAttribute("subject"); if (subject == null) { LOG.warn("No security subject stored in existing session, invalidating"); session.invalidate(); Helpers.doForbidden(resp); return; } sendResponse(session, subject, out); return; } AccessControlContext acc = AccessController.getContext(); Subject subject = Subject.getSubject(acc); if (subject == null) { Helpers.doForbidden(resp); return; } Set<Principal> principals = subject.getPrincipals(); String username = null; if (principals != null) { for (Principal principal : principals) { if (principal.getClass().getSimpleName().equals("UserPrincipal")) { username = principal.getName(); LOG.debug("Authorizing user {}", username); } } } session = req.getSession(true); session.setAttribute("subject", subject); session.setAttribute("user", username); session.setAttribute("org.osgi.service.http.authentication.remote.user", username); session.setAttribute( "org.osgi.service.http.authentication.type", HttpServletRequest.BASIC_AUTH); session.setAttribute("loginTime", GregorianCalendar.getInstance().getTimeInMillis()); if (timeout != null) { session.setMaxInactiveInterval(timeout); } if (LOG.isDebugEnabled()) { LOG.debug( "Http session timeout for user {} is {} sec.", username, session.getMaxInactiveInterval()); } sendResponse(session, subject, out); }
/** * Return the current user, including any doAs in the current stack. * * @return the current user * @throws IOException if login fails */ public static UserGroupInformation getCurrentUser() throws IOException { AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject == null || subject.getPrincipals(User.class).isEmpty()) { return getLoginUser(); } else { return new UserGroupInformation(subject); } }
@Override public String value() { final Subject currentSubject = Subject.getSubject(AccessController.getContext()); if (currentSubject == null || currentSubject.getPrincipals().isEmpty()) { return null; } final Principal principal = currentSubject.getPrincipals().iterator().next(); return (principal != null ? principal.getName() : null); }
/** * This Sample PrivilegedAction performs the following operations: * * <ul> * <li>Access the System property, <i>java.home</i> * <li>Access the System property, <i>user.home</i> * <li>Access the file, <i>foo.txt</i> * </ul> * * @return <code>null</code> in all cases. * @exception SecurityException if the caller does not have permission to perform the operations * listed above. */ public Object run() { Subject currentSubject = Subject.getSubject(AccessController.getContext()); Iterator iter = currentSubject.getPrincipals().iterator(); String dir = ""; Principal p = null; while (iter.hasNext()) { p = (Principal) iter.next(); dir = dir + p.getName() + " "; } if ((p.getName()).equals("Admin")) { String choice; while (!(choice = System.console().readLine("choice : ")).equals("exit")) { if (choice.equals("add")) { String directory = System.console().readLine("directory : "); String filename = System.console().readLine("name : "); String content = System.console().readLine("content : "); try { BufferedWriter bw = new BufferedWriter( new FileWriter("sample/db/" + directory + "/" + filename + ".txt")); bw.write(content); bw.close(); System.out.println(filename + ".txt generated."); } catch (Exception e) { System.out.println(e.toString()); continue; } } else if (choice.equals("rm")) { try { String filename = System.console().readLine("name : "); File f = new File(searchMovie(dir, filename)); if (f.exists()) { f.delete(); System.out.println(filename + ".txt deleted."); } } catch (Exception e) { System.out.println(e.toString()); continue; } } else if (choice.equals("read")) { String filename = System.console().readLine("Movie to watch : "); promptUser(dir, filename, p); } else { System.out.println("Invalid selection ( add, rm, read, exit )"); } } } else { String filename; while (!(filename = System.console().readLine("Movie to watch : ")).equals("exit")) { promptUser(dir, filename, p); } } return null; }
/** * Return the current user <code>Subject</code>. * * @return the current user <code>Subject</code> */ static Subject getCurrentUser() { return Subject.getSubject(AccessController.getContext()); }
private void setPrincipal() { Subject subject = Subject.getSubject(AccessController.getContext()); Set<JMXPrincipal> principals = subject.getPrincipals(JMXPrincipal.class); principal = principals.iterator().next().getName(); }
@Override public Object invoke(final Packet packet, final Method method, final Object... aobj) throws InvocationTargetException, IllegalAccessException { final T portType = ScoutInstanceResolver.this.resolve(packet); if (portType == null) { throw new WebServiceException("No port type found"); } Subject subject = null; try { subject = Subject.getSubject(AccessController.getContext()); } catch (Exception e) { LOG.error("Failed to get subject of calling access context", e); } if (subject == null) { throw new WebServiceException( "Webservice request was NOT dispatched due to security reasons: request must run on behalf of a subject context."); } IServerSession session = getSession(m_context.getMessageContext()); if (session == null) { LOG.warn( "Webservice request is not run in a session context as no server session is configured."); return method.invoke(portType, aobj); } try { final ObjectHolder resultHolder = new ObjectHolder(); final Holder<InvocationTargetException> invocationTargetExceptionHolder = new Holder<InvocationTargetException>(InvocationTargetException.class); final Holder<IllegalAccessException> illegalAccessExceptionHolder = new Holder<IllegalAccessException>(IllegalAccessException.class); final Holder<RuntimeException> runtimeExceptionHolder = new Holder<RuntimeException>(RuntimeException.class); // run server job final IServerJobFactory jobFactory = SERVICES.getService(IServerJobService.class).createJobFactory(session, subject); ServerJob serverJob = jobFactory.create( "Tx", new ITransactionRunnable() { @Override public IStatus run(IProgressMonitor monitor) throws ProcessingException { try { resultHolder.setValue(method.invoke(portType, aobj)); } catch (InvocationTargetException e) { Throwable cause = e.getCause(); ThreadContext.getTransaction().addFailure(cause); // rollback transaction if (cause instanceof RuntimeException) { LOG.warn( "Webservice processing exception occured. Please handle faults by respective checked SOAP faults.", cause); invocationTargetExceptionHolder.setValue( new InvocationTargetException( new WebServiceException("Internal Server Error"))); } else { // business exception (SOAP faults are checked exceptions) LOG.info("Webservice processing exception occured.", cause); invocationTargetExceptionHolder.setValue(e); } } catch (IllegalAccessException e) { ThreadContext.getTransaction().addFailure(e); // rollback transaction LOG.error( "Illegal access exception occured while dispatching webservice request. This might be caused because of Java security settings.", e); illegalAccessExceptionHolder.setValue(e); } catch (RuntimeException e) { ThreadContext.getTransaction().addFailure(e); // rollback transaction LOG.error( "Unexpected error occured while dispatching webservice request.", e); runtimeExceptionHolder.setValue(e); } return Status.OK_STATUS; } }); serverJob.setSystem(true); serverJob.runNow(new NullProgressMonitor()); if (invocationTargetExceptionHolder.getValue() != null) { throw invocationTargetExceptionHolder.getValue(); } if (illegalAccessExceptionHolder.getValue() != null) { throw illegalAccessExceptionHolder.getValue(); } if (runtimeExceptionHolder.getValue() != null) { throw runtimeExceptionHolder.getValue(); } return resultHolder.getValue(); } finally { postInvoke(packet, portType); } }
private void validateHadoopFS(List<ConfigIssue> issues) { boolean validHapoopFsUri = true; hadoopConf = getHadoopConfiguration(issues); String hdfsUriInConf; if (hdfsUri != null && !hdfsUri.isEmpty()) { hadoopConf.set(CommonConfigurationKeys.FS_DEFAULT_NAME_KEY, hdfsUri); } else { hdfsUriInConf = hadoopConf.get(CommonConfigurationKeys.FS_DEFAULT_NAME_KEY); if (hdfsUriInConf == null) { issues.add( getContext().createConfigIssue(Groups.HADOOP_FS.name(), "hdfsUri", Errors.HADOOPFS_19)); return; } else { hdfsUri = hdfsUriInConf; } } if (hdfsUri.contains("://")) { try { URI uri = new URI(hdfsUri); if (!"hdfs".equals(uri.getScheme())) { issues.add( getContext() .createConfigIssue( Groups.HADOOP_FS.name(), "hdfsUri", Errors.HADOOPFS_12, hdfsUri, uri.getScheme())); validHapoopFsUri = false; } else if (uri.getAuthority() == null) { issues.add( getContext() .createConfigIssue( Groups.HADOOP_FS.name(), "hdfsUri", Errors.HADOOPFS_13, hdfsUri)); validHapoopFsUri = false; } } catch (Exception ex) { issues.add( getContext() .createConfigIssue( Groups.HADOOP_FS.name(), "hdfsUri", Errors.HADOOPFS_22, hdfsUri, ex.getMessage(), ex)); validHapoopFsUri = false; } } else { issues.add( getContext() .createConfigIssue(Groups.HADOOP_FS.name(), "hdfsUri", Errors.HADOOPFS_02, hdfsUri)); validHapoopFsUri = false; } StringBuilder logMessage = new StringBuilder(); try { // forcing UGI to initialize with the security settings from the stage UserGroupInformation.setConfiguration(hadoopConf); Subject subject = Subject.getSubject(AccessController.getContext()); if (UserGroupInformation.isSecurityEnabled()) { loginUgi = UserGroupInformation.getUGIFromSubject(subject); } else { UserGroupInformation.loginUserFromSubject(subject); loginUgi = UserGroupInformation.getLoginUser(); } LOG.info( "Subject = {}, Principals = {}, Login UGI = {}", subject, subject == null ? "null" : subject.getPrincipals(), loginUgi); if (hdfsKerberos) { logMessage.append("Using Kerberos"); if (loginUgi.getAuthenticationMethod() != UserGroupInformation.AuthenticationMethod.KERBEROS) { issues.add( getContext() .createConfigIssue( Groups.HADOOP_FS.name(), "hdfsKerberos", Errors.HADOOPFS_00, loginUgi.getAuthenticationMethod(), UserGroupInformation.AuthenticationMethod.KERBEROS)); } } else { logMessage.append("Using Simple"); hadoopConf.set( CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, UserGroupInformation.AuthenticationMethod.SIMPLE.name()); } if (validHapoopFsUri) { getUGI() .doAs( new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { try (FileSystem fs = getFileSystemForInitDestroy()) { // to trigger the close } return null; } }); } } catch (Exception ex) { LOG.info("Error connecting to FileSystem: " + ex, ex); issues.add( getContext() .createConfigIssue( Groups.HADOOP_FS.name(), null, Errors.HADOOPFS_11, hdfsUri, String.valueOf(ex), ex)); } LOG.info("Authentication Config: " + logMessage); }