static ModuleClassLoader getModuleClassLoader(final ModuleLoader loader, final String moduleSpec) throws ModuleLoadException { final Module module = loader.loadModule(ModuleIdentifier.fromString(moduleSpec)); return WildFlySecurityManager.isChecking() ? doPrivileged(new GetModuleClassLoaderAction(module)) : module.getClassLoader(); }
public Object newInstance(String className) throws ClassNotFoundException, IllegalAccessException, InstantiationException, NamingException, InvocationTargetException { final Class<?> clazz = WildFlySecurityManager.getCurrentContextClassLoaderPrivileged().loadClass(className); if (System.getSecurityManager() == null) { return clazz.newInstance(); } else { try { return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { public Object run() throws IllegalAccessException, InstantiationException { return clazz.newInstance(); } }); } catch (PrivilegedActionException pae) { Exception e = pae.getException(); if (e instanceof IllegalAccessException) { throw (IllegalAccessException)e; } else if (e instanceof InstantiationException) { throw (InstantiationException)e; } else { throw new FacesException(e); } } } }
public static Class<?> loadClass(final String className, final Module module) throws ClassNotFoundException { final ClassLoader oldTccl = WildFlySecurityManager.getCurrentContextClassLoaderPrivileged(); try { WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(module.getClassLoader()); return Class.forName(className, false, module.getClassLoader()); } finally { WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(oldTccl); } }
@Override public Handle setup() { final ClassLoader current = WildFlySecurityManager.getCurrentContextClassLoaderPrivileged(); WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(classLoader); return new Handle() { @Override public void tearDown() { WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(current); } }; } }
public ClassLoader getClassLoader() { if (module != null) { if(WildFlySecurityManager.isChecking()) { return WildFlySecurityManager.doUnchecked(new PrivilegedAction<ClassLoader>() { @Override public ClassLoader run() { return module.getClassLoader(); } }); } else { return module.getClassLoader(); } } return null; }
/** * Get a reference to the current {@link ServiceContainer}. * * @return a reference to the current {@link ServiceContainer}. */ private ServiceContainer currentServiceContainer() { if(WildFlySecurityManager.isChecking()) { return AccessController.doPrivileged(CurrentServiceContainer.GET_ACTION); } return CurrentServiceContainer.getServiceContainer(); } }
private LoginContext createLoginContext(final String loginConfig, final Subject subject, final CallbackHandler handler) throws RealmUnavailableException { if (WildFlySecurityManager.isChecking()) { try { return AccessController.doPrivileged((PrivilegedExceptionAction<LoginContext>) () -> new LoginContext(loginConfig, subject, handler)); } catch (PrivilegedActionException pae) { throw ElytronMessages.log.failedToCreateLoginContext(pae.getCause()); } } else { try { return new LoginContext(loginConfig, subject, handler); } catch (LoginException le) { throw ElytronMessages.log.failedToCreateLoginContext(le); } } }
protected AbstractManagedThread createThread(final Runnable r, final ContextHandle contextHandleForSetup) { boolean checking = WildFlySecurityManager.isChecking(); SecurityDomain domain = checking ? AccessController.doPrivileged((PrivilegedAction<SecurityDomain>) SecurityDomain::getCurrent) : SecurityDomain.getCurrent(); SecurityIdentity identity = domain == null ? null : domain.getCurrentSecurityIdentity(); if (checking) { return AccessController.doPrivileged((PrivilegedAction<ElytronManagedThread>) () -> new ElytronManagedThread(r, contextHandleForSetup, identity) ); } else { return new ElytronManagedThread(r, contextHandleForSetup, identity); } }
private SecurityDomain getCurrentSecurityDomain() { if (WildFlySecurityManager.isChecking()) { return AccessController.doPrivileged((PrivilegedAction<SecurityDomain>) () -> SecurityDomain.getCurrent()); } else { return SecurityDomain.getCurrent(); } }
@Override public void cancel() { if (WildFlySecurityManager.isChecking()) { doPrivileged((PrivilegedAction<Void>) () -> { SecurityDomain.unregisterClassLoader(classLoader); return null; }); } else { SecurityDomain.unregisterClassLoader(classLoader); } synchronized(registrations) { registrations.remove(this); } } }
if (! WildFlySecurityManager.isChecking()) { loader = getClass().getClassLoader(); } else { loader = AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() { @Override public ClassLoader run() { loadedContext = (Context) ctor.newInstance(newEnvironment); } else { Module module = Module.getBootModuleLoader().loadModule(ModuleIdentifier.fromString(initialContextModule)); loader = module.getClassLoader(); final ClassLoader currentClassLoader = WildFlySecurityManager.getCurrentContextClassLoaderPrivileged(); try { WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(loader); initialContextClass = Class.forName(initialContextClassName, true, loader); Constructor ctor = initialContextClass.getConstructor(Hashtable.class); loadedContext = (Context) ctor.newInstance(newEnvironment); } finally { WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(currentClassLoader);
private ServerAuthenticationContext createServerAuthenticationContext() { if (WildFlySecurityManager.isChecking()) { return AccessController.doPrivileged((PrivilegedAction<ServerAuthenticationContext>) () -> securityDomain.createNewAuthenticationContext()); } return securityDomain.createNewAuthenticationContext(); }
final ClassLoader oldCl = WildFlySecurityManager.getCurrentContextClassLoaderPrivileged(); WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(Builder.class.getClassLoader()); final LoginContext lc; try { }, configuration); } finally { WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(oldCl); Set<KerberosTicket> kerberosTickets = doPrivileged((PrivilegedAction<Set<KerberosTicket>>) () -> subject.getPrivateCredentials(KerberosTicket.class)); if (kerberosTickets.size() > 1) { throw log.tooManyKerberosTicketsFound(); if (e.getCause() instanceof GeneralSecurityException) { throw (GeneralSecurityException) e.getCause(); throw new GeneralSecurityException(e.getCause());
final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class); Assert.checkNotNullParam("securityDomain", securityDomain); final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity(); if(WildFlySecurityManager.isChecking()) { try { AccessController.doPrivileged((PrivilegedExceptionAction<Object>) () -> { hasPermission(ejbComponent, componentView, invokedMethod, currentIdentity); return null; }); } catch (PrivilegedActionException e) { throw e.getException();
public Object processInvocation(final InterceptorContext context) throws Exception { final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class); Assert.checkNotNullParam("securityDomain", securityDomain); final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity(); final Set<String> securityRoles = principalVsRolesMap.get(currentIdentity.getPrincipal().getName()); if (securityRoles != null && ! securityRoles.isEmpty()) { final RoleMapper mergeMapper = roleMapper.or((roles) -> currentIdentity.getRoles(category)); final SecurityIdentity newIdentity; if(WildFlySecurityManager.isChecking()) { newIdentity = AccessController.doPrivileged((PrivilegedAction<SecurityIdentity>) () -> currentIdentity.withRoleMapper(category, mergeMapper)); } else { newIdentity = currentIdentity.withRoleMapper(category, mergeMapper); return newIdentity.runAs(context); } catch (PrivilegedActionException e) { Throwable cause = e.getCause(); if(cause != null) { if(cause instanceof Exception) {
final ClassLoader oldCl = WildFlySecurityManager.getCurrentContextClassLoaderPrivileged(); NamespaceContextSelector.pushCurrentSelector(selector); try { WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(classLoader); org.omg.CORBA_2_3.portable.OutputStream out; try { if (this.securityDomain != null) { SecurityIdentity identity = this.securityDomain.getAnonymousSecurityIdentity(); AuthenticationConfiguration authenticationConfiguration = AuthenticationConfiguration.EMPTY; identity = this.securityDomain.getAnonymousSecurityIdentity().createRunAsIdentity(identityPrincipal.getName(), true); retVal = identity.runAs((PrivilegedExceptionAction<Object>) () -> context.run((PrivilegedExceptionAction<Object>) () -> this.componentView.invoke(interceptorContext))); } catch (PrivilegedActionException e) { throw e.getCause(); if (WildFlySecurityManager.isChecking()) { legacyContext = AccessController.doPrivileged((PrivilegedExceptionAction<SecurityContext>) () -> { SecurityContext sc = SecurityContextFactory.createSecurityContext(this.legacySecurityDomain); sc.getUtil().createSubjectInfo(finalPrincipal, finalCredential, null); } finally { NamespaceContextSelector.popCurrentSelector(); WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(oldCl);
if(WildFlySecurityManager.isChecking()) { try { AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { @Override public ProtectionDomain run() { throw e.getException();
private Registration registerElytronDeployment(final String deploymentName, final ClassLoader classLoader) { if (WildFlySecurityManager.isChecking()) { doPrivileged((PrivilegedAction<Void>) () -> { securityDomain.registerWithClassLoader(classLoader); return null; }); } else { securityDomain.registerWithClassLoader(classLoader); } RegistrationImpl registration = new RegistrationImpl(deploymentName, classLoader); synchronized(registrations) { registrations.add(registration); } return registration; } }
private <V> V privilegedRunAs(final String user, final Callable<V> callable) throws Exception { final SecurityDomain securityDomain = getBatchEnvironment().getSecurityDomain(); if (securityDomain == null) { return callable.call(); } final SecurityIdentity securityIdentity; if (user != null) { if (WildFlySecurityManager.isChecking()) { securityIdentity = AccessController.doPrivileged((PrivilegedAction<SecurityIdentity>) () -> securityDomain.getAnonymousSecurityIdentity().createRunAsIdentity(user, false)); } else { securityIdentity = securityDomain.getAnonymousSecurityIdentity().createRunAsIdentity(user, false); } } else { securityIdentity = securityDomain.getCurrentSecurityIdentity(); } return securityIdentity.runAs(callable); }
private ObjectFactory createObjectFactory(OperationContext context, ModelNode model) throws OperationFailedException { final ModuleIdentifier moduleID = ModuleIdentifier.fromString(NamingBindingResourceDefinition.MODULE.resolveModelAttribute(context, model).asString()); final String className = NamingBindingResourceDefinition.CLASS.resolveModelAttribute(context, model).asString(); final Module module; try { module = Module.getBootModuleLoader().loadModule(moduleID); } catch (ModuleNotFoundException e) { throw NamingLogger.ROOT_LOGGER.moduleNotFound(moduleID, e.getMessage()); } catch (ModuleLoadException e) { throw NamingLogger.ROOT_LOGGER.couldNotLoadModule(moduleID); } final ObjectFactory objectFactoryClassInstance; final ClassLoader cl = WildFlySecurityManager.getCurrentContextClassLoaderPrivileged(); try { WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(module.getClassLoader()); final Class<?> clazz = module.getClassLoader().loadClass(className); objectFactoryClassInstance = (ObjectFactory) clazz.newInstance(); } catch (ClassNotFoundException e) { throw NamingLogger.ROOT_LOGGER.couldNotLoadClassFromModule(className, moduleID); } catch (InstantiationException e) { throw NamingLogger.ROOT_LOGGER.couldNotInstantiateClassInstanceFromModule(className, moduleID); } catch (IllegalAccessException e) { throw NamingLogger.ROOT_LOGGER.couldNotInstantiateClassInstanceFromModule(className, moduleID); } catch (ClassCastException e) { throw NamingLogger.ROOT_LOGGER.notAnInstanceOfObjectFactory(className, moduleID); } finally { WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(cl); } return objectFactoryClassInstance; }