org.apache.axis2.java.security.AccessController Maven / Gradle / Ivy
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.axis2.java.security;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.Permission;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
/**
* This utility wrapper class is created to support AXIS2 runs
* inside of Java 2 Security environment. Due to the access control
* checking algorithm, for Java 2 Security to function properly,
* doPrivileged()
* is required in cases where there is application code on the stack frame
* accessing the system resources (ie, read/write files, opening ports, and etc).
* This class also improve performance no matther Security Manager is being enabled
* or not.
*
* Note: This utility should be used properly, otherwise might introduce
* security holes.
*
* Usage Example:
*
* public void changePassword() {
* ...
* AccessController.doPrivileged(new PrivilegedAction() {
* public Object run() {
* f = Util.openPasswordFile();
* ...
*
* }
* });
* ...
* }
*
*/
public class AccessController {
/**
* Performs the specified PrivilegedAction
with privileges
* enabled if a security manager is present.
*
* If the action's run
method throws an (unchecked) exception,
* it will propagate through this method.
*
* @param action the action to be performed.
* @return the value returned by the action's run
method.
* @see #doPrivileged(PrivilegedAction,AccessControlContext)
* @see #doPrivileged(PrivilegedExceptionAction)
*/
public static T doPrivileged(PrivilegedAction action) {
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
return (action.run());
} else {
return java.security.AccessController.doPrivileged(action);
}
}
/**
* Performs the specified PrivilegedAction
with privileges
* enabled and restricted by the specified AccessControlContext
.
* The action is performed with the intersection of the permissions
* possessed by the caller's protection domain, and those possessed
* by the domains represented by the specified
* AccessControlContext
if a security manager is present.
*
*
* If the action's run
method throws an (unchecked) exception,
* it will propagate through this method.
*
* @param action the action to be performed.
* @param context an access control context representing the
* restriction to be applied to the caller's domain's
* privileges before performing the specified action.
* @return the value returned by the action's run
method.
* @see #doPrivileged(PrivilegedAction)
* @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
*/
public static T doPrivileged(PrivilegedAction action, AccessControlContext context) {
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
return action.run();
} else {
return java.security.AccessController.doPrivileged(action, context);
}
}
/**
* Performs the specified PrivilegedExceptionAction
with
* privileges enabled. The action is performed with all of the
* permissions possessed by the caller's protection domain.
*
* If the action's run
method throws an unchecked
* exception, it will propagate through this method.
*
* @param action the action to be performed.
* @return the value returned by the action's run
method.
* @throws PrivilgedActionException the specified action's
* run
method threw a checked exception.
* @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
* @see #doPrivileged(PrivilegedAction)
*/
public static T doPrivileged(PrivilegedExceptionAction action)
throws PrivilegedActionException {
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
try {
return action.run();
} catch (java.lang.RuntimeException e) {
throw e;
} catch (Exception e) {
throw new PrivilegedActionException(e);
}
} else {
return java.security.AccessController.doPrivileged(action);
}
}
/**
* Performs the specified PrivilegedExceptionAction
with
* privileges enabled and restricted by the specified
* AccessControlContext
. The action is performed with the
* intersection of the the permissions possessed by the caller's
* protection domain, and those possessed by the domains represented by the
* specified AccessControlContext
.
*
* If the action's run
method throws an unchecked
* exception, it will propagate through this method.
*
* @param action the action to be performed.
* @param context an access control context representing the
* restriction to be applied to the caller's domain's
* privileges before performing the specified action.
* @return the value returned by the action's run
method.
* @throws PrivilegedActionException the specified action's
* run
method
* threw a checked exception.
* @see #doPrivileged(PrivilegedAction)
* @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
*/
public static T doPrivileged(PrivilegedExceptionAction action,
AccessControlContext context)
throws PrivilegedActionException {
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
try {
return action.run();
} catch (java.lang.RuntimeException e) {
throw e;
} catch (Exception e) {
throw new PrivilegedActionException(e);
}
} else {
return java.security.AccessController.doPrivileged(action, context);
}
}
/**
* This method takes a "snapshot" of the current calling context, which
* includes the current Thread's inherited AccessControlContext,
* and places it in an AccessControlContext object. This context may then
* be checked at a later point, possibly in another thread.
*
* @return the AccessControlContext based on the current context.
* @see AccessControlContext
*/
public static AccessControlContext getContext() {
return java.security.AccessController.getContext();
}
/**
* Determines whether the access request indicated by the
* specified permission should be allowed or denied, based on
* the security policy currently in effect.
* This method quietly returns if the access request
* is permitted, or throws a suitable AccessControlException otherwise.
*
* @param perm the requested permission.
* @throws AccessControlException if the specified permission
* is not permitted, based on the current security policy.
*/
public static void checkPermission(Permission perm) throws AccessControlException {
java.security.AccessController.checkPermission(perm);
}
/**
* No instantiation allowed
*/
private AccessController() {
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy