8344420: Remove Security Manager dependencies from javax.security package
Reviewed-by: alanb, rriggs, wetmore
This commit is contained in:
Sean Mullan
parent
246552674c
commit
65c98e577f
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2010, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2010, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,8 +25,6 @@
|
||||
|
||||
package com.sun.security.ntlm;
|
||||
|
||||
import sun.security.action.GetBooleanAction;
|
||||
|
||||
import static com.sun.security.ntlm.Version.*;
|
||||
import java.io.IOException;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
@ -57,8 +55,7 @@ class NTLM {
|
||||
private final MessageDigest md4;
|
||||
private final Mac hmac;
|
||||
private final MessageDigest md5;
|
||||
private static final boolean DEBUG
|
||||
= GetBooleanAction.privilegedGetProperty("ntlm.debug");
|
||||
private static final boolean DEBUG = Boolean.getBoolean("ntlm.debug");
|
||||
|
||||
final Version v;
|
||||
|
||||
|
||||
@ -237,12 +237,6 @@ public final class Subject implements java.io.Serializable {
|
||||
* it can not be reset to being writable again.
|
||||
*/
|
||||
public void setReadOnly() {
|
||||
@SuppressWarnings("removal")
|
||||
java.lang.SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(AuthPermissionHolder.SET_READ_ONLY_PERMISSION);
|
||||
}
|
||||
|
||||
this.readOnly = true;
|
||||
}
|
||||
|
||||
@ -305,7 +299,6 @@ public final class Subject implements java.io.Serializable {
|
||||
* @see #callAs(Subject, Callable)
|
||||
* @since 18
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
public static Subject current() {
|
||||
return SCOPED_SUBJECT.orElse(null);
|
||||
}
|
||||
@ -375,16 +368,10 @@ public final class Subject implements java.io.Serializable {
|
||||
*
|
||||
* @see #callAs(Subject, Callable)
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
@Deprecated(since="18", forRemoval=true)
|
||||
public static <T> T doAs(final Subject subject,
|
||||
final java.security.PrivilegedAction<T> action) {
|
||||
|
||||
java.lang.SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION);
|
||||
}
|
||||
|
||||
Objects.requireNonNull(action,
|
||||
ResourcesMgr.getString("invalid.null.action.provided"));
|
||||
|
||||
@ -441,17 +428,11 @@ public final class Subject implements java.io.Serializable {
|
||||
*
|
||||
* @see #callAs(Subject, Callable)
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
@Deprecated(since="18", forRemoval=true)
|
||||
public static <T> T doAs(final Subject subject,
|
||||
final java.security.PrivilegedExceptionAction<T> action)
|
||||
throws java.security.PrivilegedActionException {
|
||||
|
||||
java.lang.SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION);
|
||||
}
|
||||
|
||||
Objects.requireNonNull(action,
|
||||
ResourcesMgr.getString("invalid.null.action.provided"));
|
||||
|
||||
@ -514,11 +495,6 @@ public final class Subject implements java.io.Serializable {
|
||||
final java.security.PrivilegedAction<T> action,
|
||||
final java.security.AccessControlContext acc) {
|
||||
|
||||
java.lang.SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION);
|
||||
}
|
||||
|
||||
Objects.requireNonNull(action,
|
||||
ResourcesMgr.getString("invalid.null.action.provided"));
|
||||
|
||||
@ -585,11 +561,6 @@ public final class Subject implements java.io.Serializable {
|
||||
final java.security.AccessControlContext acc)
|
||||
throws java.security.PrivilegedActionException {
|
||||
|
||||
java.lang.SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION);
|
||||
}
|
||||
|
||||
Objects.requireNonNull(action,
|
||||
ResourcesMgr.getString("invalid.null.action.provided"));
|
||||
|
||||
@ -609,25 +580,6 @@ public final class Subject implements java.io.Serializable {
|
||||
}
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
private static AccessControlContext createContext(final Subject subject,
|
||||
final AccessControlContext acc) {
|
||||
|
||||
|
||||
return java.security.AccessController.doPrivileged
|
||||
(new java.security.PrivilegedAction<>() {
|
||||
public AccessControlContext run() {
|
||||
if (subject == null) {
|
||||
return new AccessControlContext(acc, null);
|
||||
} else {
|
||||
return new AccessControlContext
|
||||
(acc,
|
||||
new SubjectDomainCombiner(subject));
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the {@code Set} of Principals associated with this
|
||||
* {@code Subject}. Each {@code Principal} represents
|
||||
@ -713,14 +665,6 @@ public final class Subject implements java.io.Serializable {
|
||||
*/
|
||||
public Set<Object> getPrivateCredentials() {
|
||||
|
||||
// XXX
|
||||
// we do not need a security check for
|
||||
// AuthPermission(getPrivateCredentials)
|
||||
// because we already restrict access to private credentials
|
||||
// via the PrivateCredentialPermission. all the extra AuthPermission
|
||||
// would do is protect the set operations themselves
|
||||
// (like size()), which don't seem security-sensitive.
|
||||
|
||||
// always return an empty Set instead of null
|
||||
// so LoginModules can add to the Set if necessary
|
||||
return privCredentials;
|
||||
@ -782,14 +726,6 @@ public final class Subject implements java.io.Serializable {
|
||||
*/
|
||||
public <T> Set<T> getPrivateCredentials(Class<T> c) {
|
||||
|
||||
// XXX
|
||||
// we do not need a security check for
|
||||
// AuthPermission(getPrivateCredentials)
|
||||
// because we already restrict access to private credentials
|
||||
// via the PrivateCredentialPermission. all the extra AuthPermission
|
||||
// would do is protect the set operations themselves
|
||||
// (like size()), which don't seem security-sensitive.
|
||||
|
||||
Objects.requireNonNull(c,
|
||||
ResourcesMgr.getString("invalid.null.Class.provided"));
|
||||
|
||||
@ -857,15 +793,6 @@ public final class Subject implements java.io.Serializable {
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
return toString(true);
|
||||
}
|
||||
|
||||
/**
|
||||
* package private convenience method to print out the Subject
|
||||
* without firing off a security check when trying to access
|
||||
* the Private Credentials
|
||||
*/
|
||||
String toString(boolean includePrivateCredentials) {
|
||||
|
||||
String s = ResourcesMgr.getString("Subject.");
|
||||
String suffix = "";
|
||||
@ -885,21 +812,19 @@ public final class Subject implements java.io.Serializable {
|
||||
}
|
||||
}
|
||||
|
||||
if (includePrivateCredentials) {
|
||||
synchronized(privCredentials) {
|
||||
Iterator<Object> pI = privCredentials.iterator();
|
||||
while (pI.hasNext()) {
|
||||
try {
|
||||
Object o = pI.next();
|
||||
suffix += ResourcesMgr.getString
|
||||
(".Private.Credential.") +
|
||||
o.toString() +
|
||||
ResourcesMgr.getString("NEWLINE");
|
||||
} catch (SecurityException se) {
|
||||
suffix += ResourcesMgr.getString
|
||||
(".Private.Credential.inaccessible.");
|
||||
break;
|
||||
}
|
||||
synchronized(privCredentials) {
|
||||
Iterator<Object> pI = privCredentials.iterator();
|
||||
while (pI.hasNext()) {
|
||||
try {
|
||||
Object o = pI.next();
|
||||
suffix += ResourcesMgr.getString
|
||||
(".Private.Credential.") +
|
||||
o.toString() +
|
||||
ResourcesMgr.getString("NEWLINE");
|
||||
} catch (SecurityException se) {
|
||||
suffix += ResourcesMgr.getString
|
||||
(".Private.Credential.inaccessible.");
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1091,22 +1016,6 @@ public final class Subject implements java.io.Serializable {
|
||||
}
|
||||
|
||||
public E next() {
|
||||
if (which != Subject.PRIV_CREDENTIAL_SET) {
|
||||
return i.next();
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
try {
|
||||
sm.checkPermission(new PrivateCredentialPermission
|
||||
(list.get(i.nextIndex()).getClass().getName(),
|
||||
subject.getPrincipals()));
|
||||
} catch (SecurityException se) {
|
||||
i.next();
|
||||
throw (se);
|
||||
}
|
||||
}
|
||||
return i.next();
|
||||
}
|
||||
|
||||
@ -1117,21 +1026,6 @@ public final class Subject implements java.io.Serializable {
|
||||
("Subject.is.read.only"));
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
java.lang.SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
switch (which) {
|
||||
case Subject.PRINCIPAL_SET:
|
||||
sm.checkPermission(AuthPermissionHolder.MODIFY_PRINCIPALS_PERMISSION);
|
||||
break;
|
||||
case Subject.PUB_CREDENTIAL_SET:
|
||||
sm.checkPermission(AuthPermissionHolder.MODIFY_PUBLIC_CREDENTIALS_PERMISSION);
|
||||
break;
|
||||
default:
|
||||
sm.checkPermission(AuthPermissionHolder.MODIFY_PRIVATE_CREDENTIALS_PERMISSION);
|
||||
break;
|
||||
}
|
||||
}
|
||||
i.remove();
|
||||
}
|
||||
};
|
||||
@ -1147,22 +1041,6 @@ public final class Subject implements java.io.Serializable {
|
||||
(ResourcesMgr.getString("Subject.is.read.only"));
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
java.lang.SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
switch (which) {
|
||||
case Subject.PRINCIPAL_SET:
|
||||
sm.checkPermission(AuthPermissionHolder.MODIFY_PRINCIPALS_PERMISSION);
|
||||
break;
|
||||
case Subject.PUB_CREDENTIAL_SET:
|
||||
sm.checkPermission(AuthPermissionHolder.MODIFY_PUBLIC_CREDENTIALS_PERMISSION);
|
||||
break;
|
||||
default:
|
||||
sm.checkPermission(AuthPermissionHolder.MODIFY_PRIVATE_CREDENTIALS_PERMISSION);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
switch (which) {
|
||||
case Subject.PRINCIPAL_SET:
|
||||
if (!(o instanceof Principal)) {
|
||||
@ -1180,10 +1058,9 @@ public final class Subject implements java.io.Serializable {
|
||||
return elements.add(o);
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
public boolean remove(Object o) {
|
||||
|
||||
Objects.requireNonNull(o,
|
||||
@ -1191,17 +1068,7 @@ public final class Subject implements java.io.Serializable {
|
||||
|
||||
final Iterator<E> e = iterator();
|
||||
while (e.hasNext()) {
|
||||
E next;
|
||||
if (which != Subject.PRIV_CREDENTIAL_SET) {
|
||||
next = e.next();
|
||||
} else {
|
||||
next = java.security.AccessController.doPrivileged
|
||||
(new java.security.PrivilegedAction<E>() {
|
||||
public E run() {
|
||||
return e.next();
|
||||
}
|
||||
});
|
||||
}
|
||||
E next = e.next();
|
||||
|
||||
if (next.equals(o)) {
|
||||
e.remove();
|
||||
@ -1211,7 +1078,6 @@ public final class Subject implements java.io.Serializable {
|
||||
return false;
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
public boolean contains(Object o) {
|
||||
|
||||
Objects.requireNonNull(o,
|
||||
@ -1219,30 +1085,7 @@ public final class Subject implements java.io.Serializable {
|
||||
|
||||
final Iterator<E> e = iterator();
|
||||
while (e.hasNext()) {
|
||||
E next;
|
||||
if (which != Subject.PRIV_CREDENTIAL_SET) {
|
||||
next = e.next();
|
||||
} else {
|
||||
|
||||
// For private credentials:
|
||||
// If the caller does not have read permission
|
||||
// for o.getClass(), we throw a SecurityException.
|
||||
// Otherwise, we check the private cred set to see whether
|
||||
// it contains the Object
|
||||
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new PrivateCredentialPermission
|
||||
(o.getClass().getName(),
|
||||
subject.getPrincipals()));
|
||||
}
|
||||
next = java.security.AccessController.doPrivileged
|
||||
(new java.security.PrivilegedAction<E>() {
|
||||
public E run() {
|
||||
return e.next();
|
||||
}
|
||||
});
|
||||
}
|
||||
E next = e.next();
|
||||
|
||||
if (next.equals(o)) {
|
||||
return true;
|
||||
@ -1263,24 +1106,13 @@ public final class Subject implements java.io.Serializable {
|
||||
return result;
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
public boolean removeAll(Collection<?> c) {
|
||||
c = collectionNullClean(c);
|
||||
|
||||
boolean modified = false;
|
||||
final Iterator<E> e = iterator();
|
||||
while (e.hasNext()) {
|
||||
E next;
|
||||
if (which != Subject.PRIV_CREDENTIAL_SET) {
|
||||
next = e.next();
|
||||
} else {
|
||||
next = java.security.AccessController.doPrivileged
|
||||
(new java.security.PrivilegedAction<E>() {
|
||||
public E run() {
|
||||
return e.next();
|
||||
}
|
||||
});
|
||||
}
|
||||
E next = e.next();
|
||||
|
||||
for (Object o : c) {
|
||||
if (next.equals(o)) {
|
||||
@ -1305,24 +1137,13 @@ public final class Subject implements java.io.Serializable {
|
||||
return true;
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
public boolean retainAll(Collection<?> c) {
|
||||
c = collectionNullClean(c);
|
||||
|
||||
boolean modified = false;
|
||||
final Iterator<E> e = iterator();
|
||||
while (e.hasNext()) {
|
||||
E next;
|
||||
if (which != Subject.PRIV_CREDENTIAL_SET) {
|
||||
next = e.next();
|
||||
} else {
|
||||
next = java.security.AccessController.doPrivileged
|
||||
(new java.security.PrivilegedAction<E>() {
|
||||
public E run() {
|
||||
return e.next();
|
||||
}
|
||||
});
|
||||
}
|
||||
E next = e.next();
|
||||
|
||||
if (c.contains(next) == false) {
|
||||
e.remove();
|
||||
@ -1333,21 +1154,10 @@ public final class Subject implements java.io.Serializable {
|
||||
return modified;
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
public void clear() {
|
||||
final Iterator<E> e = iterator();
|
||||
while (e.hasNext()) {
|
||||
E next;
|
||||
if (which != Subject.PRIV_CREDENTIAL_SET) {
|
||||
next = e.next();
|
||||
} else {
|
||||
next = java.security.AccessController.doPrivileged
|
||||
(new java.security.PrivilegedAction<E>() {
|
||||
public E run() {
|
||||
return e.next();
|
||||
}
|
||||
});
|
||||
}
|
||||
E next = e.next();
|
||||
e.remove();
|
||||
}
|
||||
}
|
||||
@ -1357,30 +1167,10 @@ public final class Subject implements java.io.Serializable {
|
||||
}
|
||||
|
||||
public Object[] toArray() {
|
||||
final Iterator<E> e = iterator();
|
||||
while (e.hasNext()) {
|
||||
// The next() method performs a security manager check
|
||||
// on each element in the SecureSet. If we make it all
|
||||
// the way through we should be able to simply return
|
||||
// element's toArray results. Otherwise, we'll let
|
||||
// the SecurityException pass up the call stack.
|
||||
e.next();
|
||||
}
|
||||
|
||||
return elements.toArray();
|
||||
}
|
||||
|
||||
public <T> T[] toArray(T[] a) {
|
||||
final Iterator<E> e = iterator();
|
||||
while (e.hasNext()) {
|
||||
// The next() method performs a security manager check
|
||||
// on each element in the SecureSet. If we make it all
|
||||
// the way through we should be able to simply return
|
||||
// element's toArray results. Otherwise, we'll let
|
||||
// the SecurityException pass up the call stack.
|
||||
e.next();
|
||||
}
|
||||
|
||||
return elements.toArray(a);
|
||||
}
|
||||
|
||||
@ -1425,13 +1215,6 @@ public final class Subject implements java.io.Serializable {
|
||||
private void writeObject(java.io.ObjectOutputStream oos)
|
||||
throws java.io.IOException {
|
||||
|
||||
if (which == Subject.PRIV_CREDENTIAL_SET) {
|
||||
// check permissions before serializing
|
||||
Iterator<E> i = iterator();
|
||||
while (i.hasNext()) {
|
||||
i.next();
|
||||
}
|
||||
}
|
||||
ObjectOutputStream.PutField fields = oos.putFields();
|
||||
fields.put("this$0", subject);
|
||||
fields.put("elements", elements);
|
||||
@ -1490,7 +1273,7 @@ public final class Subject implements java.io.Serializable {
|
||||
}
|
||||
}
|
||||
|
||||
@SuppressWarnings({"removal","unchecked"}) /*To suppress warning from line 1374*/
|
||||
@SuppressWarnings("unchecked")
|
||||
private void populateSet() {
|
||||
final Iterator<?> iterator;
|
||||
switch(which) {
|
||||
@ -1505,34 +1288,10 @@ public final class Subject implements java.io.Serializable {
|
||||
break;
|
||||
}
|
||||
|
||||
// Check whether the caller has permission to get
|
||||
// credentials of Class c
|
||||
|
||||
while (iterator.hasNext()) {
|
||||
Object next;
|
||||
if (which == Subject.PRIV_CREDENTIAL_SET) {
|
||||
next = java.security.AccessController.doPrivileged
|
||||
(new java.security.PrivilegedAction<>() {
|
||||
public Object run() {
|
||||
return iterator.next();
|
||||
}
|
||||
});
|
||||
} else {
|
||||
next = iterator.next();
|
||||
}
|
||||
Object next = iterator.next();
|
||||
if (c.isAssignableFrom(next.getClass())) {
|
||||
if (which != Subject.PRIV_CREDENTIAL_SET) {
|
||||
set.add((T)next);
|
||||
} else {
|
||||
// Check permission for private creds
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new PrivateCredentialPermission
|
||||
(next.getClass().getName(),
|
||||
Subject.this.getPrincipals()));
|
||||
}
|
||||
set.add((T)next);
|
||||
}
|
||||
set.add((T)next);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1560,27 +1319,4 @@ public final class Subject implements java.io.Serializable {
|
||||
return set.add(o);
|
||||
}
|
||||
}
|
||||
|
||||
static final class AuthPermissionHolder {
|
||||
static final AuthPermission DO_AS_PERMISSION =
|
||||
new AuthPermission("doAs");
|
||||
|
||||
static final AuthPermission DO_AS_PRIVILEGED_PERMISSION =
|
||||
new AuthPermission("doAsPrivileged");
|
||||
|
||||
static final AuthPermission SET_READ_ONLY_PERMISSION =
|
||||
new AuthPermission("setReadOnly");
|
||||
|
||||
static final AuthPermission GET_SUBJECT_PERMISSION =
|
||||
new AuthPermission("getSubject");
|
||||
|
||||
static final AuthPermission MODIFY_PRINCIPALS_PERMISSION =
|
||||
new AuthPermission("modifyPrincipals");
|
||||
|
||||
static final AuthPermission MODIFY_PUBLIC_CREDENTIALS_PERMISSION =
|
||||
new AuthPermission("modifyPublicCredentials");
|
||||
|
||||
static final AuthPermission MODIFY_PRIVATE_CREDENTIALS_PERMISSION =
|
||||
new AuthPermission("modifyPrivateCredentials");
|
||||
}
|
||||
}
|
||||
|
||||
@ -25,9 +25,7 @@
|
||||
|
||||
package javax.security.auth;
|
||||
|
||||
import java.security.AccessController;
|
||||
import java.security.Principal;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.security.ProtectionDomain;
|
||||
import java.util.Set;
|
||||
import java.util.WeakHashMap;
|
||||
@ -84,11 +82,6 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
|
||||
* {@code SubjectDomainCombiner}.
|
||||
*/
|
||||
public Subject getSubject() {
|
||||
java.lang.SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new AuthPermission
|
||||
("getSubjectFromDomainCombiner"));
|
||||
}
|
||||
return subject;
|
||||
}
|
||||
|
||||
@ -144,14 +137,7 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
|
||||
if (subject == null) {
|
||||
debug.println("null subject");
|
||||
} else {
|
||||
final Subject s = subject;
|
||||
AccessController.doPrivileged
|
||||
(new java.security.PrivilegedAction<Void>() {
|
||||
public Void run() {
|
||||
debug.println(s.toString());
|
||||
return null;
|
||||
}
|
||||
});
|
||||
debug.println(subject.toString());
|
||||
}
|
||||
printInputDomains(currentDomains, assignedDomains);
|
||||
}
|
||||
@ -349,11 +335,7 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
|
||||
if (pd == null) {
|
||||
return "null";
|
||||
}
|
||||
return AccessController.doPrivileged(new PrivilegedAction<String>() {
|
||||
public String run() {
|
||||
return pd.toString();
|
||||
}
|
||||
});
|
||||
return pd.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -25,12 +25,6 @@
|
||||
|
||||
package javax.security.auth.login;
|
||||
|
||||
import javax.security.auth.AuthPermission;
|
||||
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.security.PrivilegedActionException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.security.Provider;
|
||||
@ -190,19 +184,6 @@ public abstract class Configuration {
|
||||
|
||||
private static Configuration configuration;
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
private final java.security.AccessControlContext acc =
|
||||
java.security.AccessController.getContext();
|
||||
|
||||
private static void checkPermission(String type) {
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new AuthPermission
|
||||
("createLoginConfiguration." + type));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Sole constructor. (For invocation by subclass constructors, typically
|
||||
* implicit.)
|
||||
@ -219,64 +200,29 @@ public abstract class Configuration {
|
||||
*
|
||||
* @see #setConfiguration
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
public static Configuration getConfiguration() {
|
||||
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null)
|
||||
sm.checkPermission(new AuthPermission("getLoginConfiguration"));
|
||||
|
||||
synchronized (Configuration.class) {
|
||||
if (configuration == null) {
|
||||
String config_class = null;
|
||||
config_class = AccessController.doPrivileged
|
||||
(new PrivilegedAction<>() {
|
||||
public String run() {
|
||||
return java.security.Security.getProperty
|
||||
("login.configuration.provider");
|
||||
}
|
||||
});
|
||||
String config_class = Security.getProperty
|
||||
("login.configuration.provider");
|
||||
if (config_class == null) {
|
||||
config_class = "sun.security.provider.ConfigFile";
|
||||
}
|
||||
|
||||
try {
|
||||
final String finalClass = config_class;
|
||||
Configuration untrustedImpl = AccessController.doPrivileged(
|
||||
new PrivilegedExceptionAction<>() {
|
||||
public Configuration run() throws ClassNotFoundException,
|
||||
InstantiationException,
|
||||
IllegalAccessException {
|
||||
Class<? extends Configuration> implClass = Class.forName(
|
||||
finalClass, false,
|
||||
Thread.currentThread().getContextClassLoader()
|
||||
).asSubclass(Configuration.class);
|
||||
@SuppressWarnings("deprecation")
|
||||
Configuration result = implClass.newInstance();
|
||||
return result;
|
||||
}
|
||||
});
|
||||
AccessController.doPrivileged(
|
||||
new PrivilegedExceptionAction<>() {
|
||||
public Void run() {
|
||||
setConfiguration(untrustedImpl);
|
||||
return null;
|
||||
}
|
||||
}, Objects.requireNonNull(untrustedImpl.acc)
|
||||
);
|
||||
} catch (PrivilegedActionException e) {
|
||||
Exception ee = e.getException();
|
||||
if (ee instanceof InstantiationException) {
|
||||
throw new SecurityException
|
||||
("Configuration error:" +
|
||||
ee.getCause().getMessage() +
|
||||
"\n", ee.getCause());
|
||||
} else {
|
||||
throw new SecurityException
|
||||
("Configuration error: " +
|
||||
ee.toString() +
|
||||
"\n", ee);
|
||||
}
|
||||
Class<? extends Configuration> implClass = Class.forName(
|
||||
config_class, false,
|
||||
Thread.currentThread().getContextClassLoader()
|
||||
).asSubclass(Configuration.class);
|
||||
@SuppressWarnings("deprecation")
|
||||
Configuration result = implClass.newInstance();
|
||||
setConfiguration(result);
|
||||
} catch (ReflectiveOperationException e) {
|
||||
throw new SecurityException
|
||||
("Configuration error: " +
|
||||
e.toString() +
|
||||
"\n", e);
|
||||
}
|
||||
}
|
||||
return configuration;
|
||||
@ -291,10 +237,6 @@ public abstract class Configuration {
|
||||
* @see #getConfiguration
|
||||
*/
|
||||
public static void setConfiguration(Configuration configuration) {
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null)
|
||||
sm.checkPermission(new AuthPermission("setLoginConfiguration"));
|
||||
Configuration.configuration = configuration;
|
||||
}
|
||||
|
||||
@ -346,7 +288,6 @@ public abstract class Configuration {
|
||||
throws NoSuchAlgorithmException {
|
||||
|
||||
Objects.requireNonNull(type, "null type name");
|
||||
checkPermission(type);
|
||||
try {
|
||||
GetInstance.Instance instance = GetInstance.getInstance
|
||||
("Configuration",
|
||||
@ -412,7 +353,6 @@ public abstract class Configuration {
|
||||
throw new IllegalArgumentException("missing provider");
|
||||
}
|
||||
|
||||
checkPermission(type);
|
||||
try {
|
||||
GetInstance.Instance instance = GetInstance.getInstance
|
||||
("Configuration",
|
||||
@ -473,7 +413,6 @@ public abstract class Configuration {
|
||||
throw new IllegalArgumentException("missing provider");
|
||||
}
|
||||
|
||||
checkPermission(type);
|
||||
try {
|
||||
GetInstance.Instance instance = GetInstance.getInstance
|
||||
("Configuration",
|
||||
|
||||
@ -25,16 +25,13 @@
|
||||
|
||||
package javax.security.auth.login;
|
||||
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.util.Map;
|
||||
import java.util.HashMap;
|
||||
import java.security.Security;
|
||||
import java.text.MessageFormat;
|
||||
import javax.security.auth.Subject;
|
||||
import javax.security.auth.AuthPermission;
|
||||
import javax.security.auth.callback.*;
|
||||
import javax.security.auth.spi.LoginModule;
|
||||
import java.security.AccessControlContext;
|
||||
import java.util.ServiceLoader;
|
||||
|
||||
import sun.security.util.PendingException;
|
||||
@ -182,8 +179,6 @@ public class LoginContext {
|
||||
private final Map<String,?> state = new HashMap<>();
|
||||
|
||||
private Configuration config;
|
||||
@SuppressWarnings("removal")
|
||||
private AccessControlContext creatorAcc = null; // customized config only
|
||||
private ModuleInfo[] moduleStack;
|
||||
private ClassLoader contextClassLoader = null;
|
||||
|
||||
@ -200,38 +195,21 @@ public class LoginContext {
|
||||
private static final WeakHashMap<ClassLoader, Set<Provider<LoginModule>>> providersCache =
|
||||
new WeakHashMap<>();
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
private void init(String name) throws LoginException {
|
||||
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null && creatorAcc == null) {
|
||||
sm.checkPermission(new AuthPermission
|
||||
("createLoginContext." + name));
|
||||
}
|
||||
|
||||
if (name == null)
|
||||
throw new LoginException
|
||||
(ResourcesMgr.getString("Invalid.null.input.name"));
|
||||
|
||||
// get the Configuration
|
||||
if (config == null) {
|
||||
config = java.security.AccessController.doPrivileged
|
||||
(new java.security.PrivilegedAction<Configuration>() {
|
||||
public Configuration run() {
|
||||
return Configuration.getConfiguration();
|
||||
}
|
||||
});
|
||||
config = Configuration.getConfiguration();
|
||||
}
|
||||
|
||||
// get the LoginModules configured for this application
|
||||
AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name);
|
||||
if (entries == null) {
|
||||
|
||||
if (sm != null && creatorAcc == null) {
|
||||
sm.checkPermission(new AuthPermission
|
||||
("createLoginContext." + OTHER));
|
||||
}
|
||||
|
||||
entries = config.getAppConfigurationEntry(OTHER);
|
||||
if (entries == null) {
|
||||
MessageFormat form = new MessageFormat(ResourcesMgr.getString
|
||||
@ -251,55 +229,30 @@ public class LoginContext {
|
||||
null);
|
||||
}
|
||||
|
||||
contextClassLoader = java.security.AccessController.doPrivileged
|
||||
(new java.security.PrivilegedAction<ClassLoader>() {
|
||||
public ClassLoader run() {
|
||||
ClassLoader loader =
|
||||
Thread.currentThread().getContextClassLoader();
|
||||
if (loader == null) {
|
||||
// Don't use bootstrap class loader directly to ensure
|
||||
// proper package access control!
|
||||
loader = ClassLoader.getSystemClassLoader();
|
||||
}
|
||||
|
||||
return loader;
|
||||
}
|
||||
});
|
||||
ClassLoader loader = Thread.currentThread().getContextClassLoader();
|
||||
if (loader == null) {
|
||||
loader = ClassLoader.getSystemClassLoader();
|
||||
}
|
||||
contextClassLoader = loader;
|
||||
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
@SuppressWarnings("deprecation")
|
||||
private void loadDefaultCallbackHandler() throws LoginException {
|
||||
|
||||
// get the default handler class
|
||||
try {
|
||||
|
||||
final ClassLoader finalLoader = contextClassLoader;
|
||||
|
||||
this.callbackHandler = java.security.AccessController.doPrivileged(
|
||||
new java.security.PrivilegedExceptionAction<CallbackHandler>() {
|
||||
public CallbackHandler run() throws Exception {
|
||||
String defaultHandler = java.security.Security.getProperty
|
||||
(DEFAULT_HANDLER);
|
||||
if (defaultHandler == null || defaultHandler.isEmpty())
|
||||
return null;
|
||||
Class<? extends CallbackHandler> c = Class.forName(
|
||||
defaultHandler, true,
|
||||
finalLoader).asSubclass(CallbackHandler.class);
|
||||
@SuppressWarnings("deprecation")
|
||||
CallbackHandler result = c.newInstance();
|
||||
return result;
|
||||
}
|
||||
});
|
||||
} catch (java.security.PrivilegedActionException pae) {
|
||||
throw new LoginException(pae.getException().toString());
|
||||
}
|
||||
|
||||
// secure it with the caller's ACC
|
||||
if (this.callbackHandler != null && creatorAcc == null) {
|
||||
this.callbackHandler = new SecureCallbackHandler
|
||||
(java.security.AccessController.getContext(),
|
||||
this.callbackHandler);
|
||||
String defaultHandler = Security.getProperty(DEFAULT_HANDLER);
|
||||
if (defaultHandler == null || defaultHandler.isEmpty()) {
|
||||
this.callbackHandler = null;
|
||||
} else {
|
||||
Class<? extends CallbackHandler> c = Class.forName(
|
||||
defaultHandler, true,
|
||||
contextClassLoader).asSubclass(CallbackHandler.class);
|
||||
this.callbackHandler = (CallbackHandler) c.newInstance();
|
||||
}
|
||||
} catch (ReflectiveOperationException e) {
|
||||
throw new LoginException(e.toString());
|
||||
}
|
||||
}
|
||||
|
||||
@ -367,16 +320,13 @@ public class LoginContext {
|
||||
* for "{@code other}", or if the caller-specified
|
||||
* {@code callbackHandler} is {@code null}.
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
public LoginContext(String name, CallbackHandler callbackHandler)
|
||||
throws LoginException {
|
||||
init(name);
|
||||
if (callbackHandler == null)
|
||||
throw new LoginException(ResourcesMgr.getString
|
||||
("invalid.null.CallbackHandler.provided"));
|
||||
this.callbackHandler = new SecureCallbackHandler
|
||||
(java.security.AccessController.getContext(),
|
||||
callbackHandler);
|
||||
this.callbackHandler = callbackHandler;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -400,16 +350,13 @@ public class LoginContext {
|
||||
* or if the caller-specified
|
||||
* {@code callbackHandler} is {@code null}.
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
public LoginContext(String name, Subject subject,
|
||||
CallbackHandler callbackHandler) throws LoginException {
|
||||
this(name, subject);
|
||||
if (callbackHandler == null)
|
||||
throw new LoginException(ResourcesMgr.getString
|
||||
("invalid.null.CallbackHandler.provided"));
|
||||
this.callbackHandler = new SecureCallbackHandler
|
||||
(java.security.AccessController.getContext(),
|
||||
callbackHandler);
|
||||
this.callbackHandler = callbackHandler;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -437,14 +384,10 @@ public class LoginContext {
|
||||
*
|
||||
* @since 1.5
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
public LoginContext(String name, Subject subject,
|
||||
CallbackHandler callbackHandler,
|
||||
Configuration config) throws LoginException {
|
||||
this.config = config;
|
||||
if (config != null) {
|
||||
creatorAcc = java.security.AccessController.getContext();
|
||||
}
|
||||
|
||||
init(name);
|
||||
if (subject != null) {
|
||||
@ -453,10 +396,6 @@ public class LoginContext {
|
||||
}
|
||||
if (callbackHandler == null) {
|
||||
loadDefaultCallbackHandler();
|
||||
} else if (creatorAcc == null) {
|
||||
this.callbackHandler = new SecureCallbackHandler
|
||||
(java.security.AccessController.getContext(),
|
||||
callbackHandler);
|
||||
} else {
|
||||
this.callbackHandler = callbackHandler;
|
||||
}
|
||||
@ -518,13 +457,12 @@ public class LoginContext {
|
||||
}
|
||||
|
||||
try {
|
||||
// module invoked in doPrivileged
|
||||
invokePriv(LOGIN_METHOD);
|
||||
invokePriv(COMMIT_METHOD);
|
||||
invoke(LOGIN_METHOD);
|
||||
invoke(COMMIT_METHOD);
|
||||
loginSucceeded = true;
|
||||
} catch (LoginException le) {
|
||||
try {
|
||||
invokePriv(ABORT_METHOD);
|
||||
invoke(ABORT_METHOD);
|
||||
} catch (LoginException le2) {
|
||||
throw le;
|
||||
}
|
||||
@ -557,8 +495,7 @@ public class LoginContext {
|
||||
("null.subject.logout.called.before.login"));
|
||||
}
|
||||
|
||||
// module invoked in doPrivileged
|
||||
invokePriv(LOGOUT_METHOD);
|
||||
invoke(LOGOUT_METHOD);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -597,28 +534,8 @@ public class LoginContext {
|
||||
}
|
||||
|
||||
/**
|
||||
* Invokes the login, commit, and logout methods
|
||||
* from a LoginModule inside a doPrivileged block restricted
|
||||
* by creatorAcc (may be null).
|
||||
*
|
||||
* This version is called if the caller did not instantiate
|
||||
* the LoginContext with a Configuration object.
|
||||
* Invokes the login, commit, and logout methods from a LoginModule.
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
private void invokePriv(final String methodName) throws LoginException {
|
||||
try {
|
||||
java.security.AccessController.doPrivileged
|
||||
(new java.security.PrivilegedExceptionAction<Void>() {
|
||||
public Void run() throws LoginException {
|
||||
invoke(methodName);
|
||||
return null;
|
||||
}
|
||||
}, creatorAcc);
|
||||
} catch (java.security.PrivilegedActionException pae) {
|
||||
throw (LoginException)pae.getException();
|
||||
}
|
||||
}
|
||||
|
||||
private void invoke(String methodName) throws LoginException {
|
||||
|
||||
// start at moduleIndex
|
||||
@ -639,11 +556,8 @@ public class LoginContext {
|
||||
if (debug != null){
|
||||
debug.println("Build ServiceProviders cache for ClassLoader: " + contextClassLoader.getName());
|
||||
}
|
||||
@SuppressWarnings("removal")
|
||||
ServiceLoader<LoginModule> sc = AccessController.doPrivileged(
|
||||
(PrivilegedAction<ServiceLoader<LoginModule>>)
|
||||
() -> java.util.ServiceLoader.load(
|
||||
LoginModule.class, contextClassLoader));
|
||||
ServiceLoader<LoginModule> sc = ServiceLoader.load(
|
||||
LoginModule.class, contextClassLoader);
|
||||
lmProviders = sc.stream().collect(Collectors.toSet());
|
||||
if (debug != null){
|
||||
debug.println("Discovered ServiceProviders for ClassLoader: " + contextClassLoader.getName());
|
||||
@ -841,45 +755,6 @@ public class LoginContext {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Wrap the caller-specified CallbackHandler in our own
|
||||
* and invoke it within a privileged block, constrained by
|
||||
* the caller's AccessControlContext.
|
||||
*/
|
||||
private static class SecureCallbackHandler implements CallbackHandler {
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
private final java.security.AccessControlContext acc;
|
||||
private final CallbackHandler ch;
|
||||
|
||||
SecureCallbackHandler(@SuppressWarnings("removal") java.security.AccessControlContext acc,
|
||||
CallbackHandler ch) {
|
||||
this.acc = acc;
|
||||
this.ch = ch;
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
public void handle(final Callback[] callbacks)
|
||||
throws java.io.IOException, UnsupportedCallbackException {
|
||||
try {
|
||||
java.security.AccessController.doPrivileged
|
||||
(new java.security.PrivilegedExceptionAction<Void>() {
|
||||
public Void run() throws java.io.IOException,
|
||||
UnsupportedCallbackException {
|
||||
ch.handle(callbacks);
|
||||
return null;
|
||||
}
|
||||
}, acc);
|
||||
} catch (java.security.PrivilegedActionException pae) {
|
||||
if (pae.getException() instanceof java.io.IOException) {
|
||||
throw (java.io.IOException)pae.getException();
|
||||
} else {
|
||||
throw (UnsupportedCallbackException)pae.getException();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* LoginModule information -
|
||||
* encapsulates Configuration info and actual module instances
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -30,9 +30,7 @@ import java.io.InputStream;
|
||||
import java.lang.reflect.Constructor;
|
||||
import java.lang.reflect.InvocationTargetException;
|
||||
import java.math.BigInteger;
|
||||
import java.security.AccessController;
|
||||
import java.security.Principal;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.security.Security;
|
||||
import java.util.Date;
|
||||
|
||||
@ -140,17 +138,7 @@ public abstract class X509Certificate extends Certificate {
|
||||
* </pre>
|
||||
*/
|
||||
private static final String X509_PROVIDER = "cert.provider.x509v1";
|
||||
private static String X509Provider;
|
||||
|
||||
static {
|
||||
X509Provider = AccessController.doPrivileged(
|
||||
new PrivilegedAction<>() {
|
||||
public String run() {
|
||||
return Security.getProperty(X509_PROVIDER);
|
||||
}
|
||||
}
|
||||
);
|
||||
}
|
||||
private static String X509Provider = Security.getProperty(X509_PROVIDER);
|
||||
|
||||
/**
|
||||
* Instantiates an X509Certificate object, and initializes it with
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -21,7 +21,7 @@
|
||||
* questions.
|
||||
*/
|
||||
|
||||
import java.security.*;
|
||||
import java.security.URIParameter;
|
||||
import javax.security.auth.login.*;
|
||||
import com.sun.security.auth.login.*;
|
||||
|
||||
@ -31,16 +31,11 @@ public class GetInstanceConfigSpi extends ConfigurationSpi {
|
||||
|
||||
public GetInstanceConfigSpi(final Configuration.Parameters params) {
|
||||
|
||||
c = AccessController.doPrivileged
|
||||
(new PrivilegedAction<Configuration>() {
|
||||
public Configuration run() {
|
||||
if (params instanceof URIParameter) {
|
||||
URIParameter uriParam = (URIParameter)params;
|
||||
return new ConfigFile(uriParam.getURI());
|
||||
}
|
||||
return new ConfigFile();
|
||||
}
|
||||
});
|
||||
if (params instanceof URIParameter uriParam) {
|
||||
c = new ConfigFile(uriParam.getURI());
|
||||
} else {
|
||||
c = new ConfigFile();
|
||||
}
|
||||
}
|
||||
|
||||
public AppConfigurationEntry[] engineGetAppConfigurationEntry(String name) {
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -21,7 +21,7 @@
|
||||
* questions.
|
||||
*/
|
||||
|
||||
import java.security.*;
|
||||
import java.security.Provider;
|
||||
|
||||
public class GetInstanceProvider extends Provider {
|
||||
|
||||
@ -30,12 +30,6 @@ public class GetInstanceProvider extends Provider {
|
||||
"1",
|
||||
"GetInstanceProvider: Configuration.GetInstanceConfigSpi");
|
||||
|
||||
AccessController.doPrivileged(new PrivilegedAction() {
|
||||
public Object run() {
|
||||
put("Configuration.GetInstanceConfigSpi",
|
||||
"GetInstanceConfigSpi");
|
||||
return null;
|
||||
}
|
||||
});
|
||||
put("Configuration.GetInstanceConfigSpi", "GetInstanceConfigSpi");
|
||||
}
|
||||
}
|
||||
|
||||
@ -31,12 +31,6 @@
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* This test shares the login config with ConfigConstructorNoPerm.
|
||||
* This test has all necessary permissions configured in the policy
|
||||
* (ConfigConstructorNoPerm has no perms and checks for SecurityExceptions).
|
||||
*/
|
||||
|
||||
import java.util.Map;
|
||||
import javax.security.auth.Subject;
|
||||
import javax.security.auth.login.AppConfigurationEntry;
|
||||
@ -209,8 +203,7 @@ public class ConfigConstructor {
|
||||
public void initialize(Subject s, CallbackHandler ch,
|
||||
Map<String,?> state, Map<String,?> options) {
|
||||
if (s != ConfigConstructor.s ||
|
||||
ch == null ||
|
||||
ch == ConfigConstructor.ch) {
|
||||
ch == null) {
|
||||
throw new SecurityException("Module 3 failed");
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -287,15 +287,9 @@ public class LCTest {
|
||||
return false;
|
||||
}
|
||||
userPrincipal = new UnixPrincipal(username);
|
||||
final Subject s = subject;
|
||||
final UnixPrincipal up = userPrincipal;
|
||||
java.security.AccessController.doPrivileged
|
||||
((java.security.PrivilegedAction) () -> {
|
||||
if (!s.getPrincipals().contains(up)) {
|
||||
s.getPrincipals().add(up);
|
||||
}
|
||||
return null;
|
||||
});
|
||||
if (!subject.getPrincipals().contains(userPrincipal)) {
|
||||
subject.getPrincipals().add(userPrincipal);
|
||||
}
|
||||
password = null;
|
||||
commitSucceeded = true;
|
||||
return true;
|
||||
@ -320,13 +314,7 @@ public class LCTest {
|
||||
|
||||
private void clearState() {
|
||||
if (commitSucceeded) {
|
||||
final Subject s = subject;
|
||||
final UnixPrincipal up = userPrincipal;
|
||||
java.security.AccessController.doPrivileged
|
||||
((java.security.PrivilegedAction) () -> {
|
||||
s.getPrincipals().remove(up);
|
||||
return null;
|
||||
});
|
||||
subject.getPrincipals().remove(userPrincipal);
|
||||
}
|
||||
username = null;
|
||||
password = null;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user