/** * Run an action under this identity. * * @param action the action to run * @param <T> the action return type * @return the action result (may be {@code null}) * @deprecated Use {@link #runAsSupplier(Supplier)} instead. */ @Deprecated public <T> T runAs(PrivilegedAction<T> action) { if (action == null) return null; return runAs(action, (ParametricPrivilegedAction<T, PrivilegedAction<T>>) PrivilegedAction::run); }
/** * Run an action under this identity. * * @param action the action to run * @param <T> the action return type * @return the action result (may be {@code null}) * @throws PrivilegedActionException if the action fails * @deprecated Use {@link #runAsSupplierEx(ExceptionSupplier)} instead. */ @Deprecated public <T> T runAs(PrivilegedExceptionAction<T> action) throws PrivilegedActionException { if (action == null) return null; return runAs(action, (ParametricPrivilegedExceptionAction<T, PrivilegedExceptionAction<T>>) PrivilegedExceptionAction::run); }
@Override public void run() { if (securityIdentity != null) { securityIdentity.runAs(super::run); } else { super.run(); } }
/** * Runs the work contained in {@param runnable} as an authenticated Identity. * * @param work executes the work */ public void runWork(Runnable work) { // if we have an authenticated subject we check if it contains a security identity and use the identity to run the work. if (this.authenticatedSubject != null) { Set<SecurityIdentity> authenticatedIdentities = this.getPrivateCredentials(SecurityIdentity.class); if (!authenticatedIdentities.isEmpty()) { SecurityIdentity identity = authenticatedIdentities.iterator().next(); identity.runAs(work); return; } } // no authenticated subject found or the subject didn't have a security identity - just run the work. work.run(); }
static <T> Callable<T> doIdentityWrap(final Callable<T> callable) { if(callable == null) { return null; } final SecurityIdentity securityIdentity = getSecurityIdentity(); if(securityIdentity == null) { return callable; } Callable<T> securedCallable = () -> securityIdentity.runAs(callable); return callable instanceof ManagedTask ? new SecuredManagedCallable<T>(securedCallable, (ManagedTask) callable) : securedCallable; }
static Runnable doIdentityWrap(final Runnable runnable) { if(runnable == null) { return null; } final SecurityIdentity securityIdentity = getSecurityIdentity(); if(securityIdentity == null) { return runnable; } Runnable securedRunnable = () -> securityIdentity.runAs(runnable); return runnable instanceof ManagedTask ? new SecuredManagedRunnable(securedRunnable, (ManagedTask) runnable) : securedRunnable; }
@Override public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { if (securityIdentity != null) { try { return securityIdentity.runAs((PrivilegedExceptionAction<Object>) (() -> { try { return super.invoke(proxy, method, args); } catch (Throwable e) { throw new WrapperException(e); } })); } catch (PrivilegedActionException e) { Throwable cause = e.getCause(); throw cause instanceof WrapperException ? cause.getCause() : cause; } } else { return super.invoke(proxy, method, args); } }
@Override public Consumer<Runnable> getSecurityContextAssociator(){ SecurityDomain elytronDomain = getCurrentSecurityDomain(); if(elytronDomain != null) { // store the identity from the original thread and use it in callback which will be invoked in a different thread SecurityIdentity storedSecurityIdentity = elytronDomain.getCurrentSecurityIdentity(); return (action) -> storedSecurityIdentity.runAs(action); } else { return SecurityServices.super.getSecurityContextAssociator(); } }
@Override public void handleRequest(HttpServerExchange exchange) throws Exception { SecurityIdentity securityIdentity = exchange.getAttachment(IDENTITY_KEY); if(securityIdentity == null) { next.handleRequest(exchange); } else { securityIdentity.runAs((PrivilegedExceptionAction<Object>) () -> { next.handleRequest(exchange); return null; }); } } }
@Override public void run() { final ContextHandle.Handle handle = contextHandle.setup(); try { if (identity == null) { jobTask.run(); } else { identity.runAs(jobTask); } } finally { handle.tearDown(); } } };
public Object processInvocation(final InterceptorContext context) throws Exception { final SecurityDomain securityDomain = context.getPrivateData(SecurityDomain.class); Assert.checkNotNullParam("securityDomain", securityDomain); final SecurityIdentity currentIdentity = securityDomain.getCurrentSecurityIdentity(); final RoleMapper mergeMapper = roleMapper.or((roles) -> currentIdentity.getRoles(category)); final SecurityIdentity newIdentity = currentIdentity.withRoleMapper(category, mergeMapper); try { return newIdentity.runAs(context); } catch (PrivilegedActionException e) { Throwable cause = e.getCause(); if(cause != null) { if(cause instanceof Exception) { throw (Exception) cause; } else { throw new RuntimeException(e); } } else { throw e; } } } }
private <V> V privilegedRunAs(final String user, final Callable<V> callable) throws Exception { final SecurityDomain securityDomain = getBatchEnvironment().getSecurityDomain(); if (securityDomain == null) { return callable.call(); } final SecurityIdentity securityIdentity; if (user != null) { if (WildFlySecurityManager.isChecking()) { securityIdentity = AccessController.doPrivileged((PrivilegedAction<SecurityIdentity>) () -> securityDomain.getAnonymousSecurityIdentity().createRunAsIdentity(user, false)); } else { securityIdentity = securityDomain.getAnonymousSecurityIdentity().createRunAsIdentity(user, false); } } else { securityIdentity = securityDomain.getCurrentSecurityIdentity(); } return securityIdentity.runAs(callable); }
return newIdentity.runAs(context); } catch (PrivilegedActionException e) { Throwable cause = e.getCause();
return newIdentity.runAs(context); } catch (PrivilegedActionException e) { Throwable cause = e.getCause();
try { final AuthenticationContext context = AuthenticationContext.captureCurrent().with(MatchRule.ALL.matchProtocol("iiop"), authenticationConfiguration); retVal = identity.runAs((PrivilegedExceptionAction<Object>) () -> context.run((PrivilegedExceptionAction<Object>) () -> this.componentView.invoke(interceptorContext))); } catch (PrivilegedActionException e) { throw e.getCause();
executor.execute(securityIdentity == null ? task : () -> securityIdentity.runAs(task));
securityIdentity.runAs(() -> { final XARecoverable recoverable = localTransactionContext.getRecoveryInterface(); Xid[] xids;
return; securityIdentity.runAs((Runnable) () -> { final LocalTransaction transaction = txn.getTransaction(); if (transaction != null) try {
return; securityIdentity.runAs(() -> { final LocalTransaction transaction = txn.getTransaction(); if (transaction != null) try {
@Override public void run() { if (securityIdentity != null) { securityIdentity.runAs(super::run); } else { super.run(); } }