| /* |
| * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Oracle designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Oracle in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| package com.sun.jmx.remote.security; |
| |
| import java.security.AccessController; |
| import java.security.AccessControlContext; |
| import java.security.Permission; |
| import java.security.Principal; |
| import java.security.PrivilegedAction; |
| import javax.security.auth.Subject; |
| |
| import javax.management.remote.SubjectDelegationPermission; |
| |
| import java.util.*; |
| |
| public class SubjectDelegator { |
| /* Return the AccessControlContext appropriate to execute an |
| operation on behalf of the delegatedSubject. If the |
| authenticatedAccessControlContext does not have permission to |
| delegate to that subject, throw SecurityException. */ |
| public AccessControlContext |
| delegatedContext(AccessControlContext authenticatedACC, |
| Subject delegatedSubject, |
| boolean removeCallerContext) |
| throws SecurityException { |
| |
| if (System.getSecurityManager() != null && authenticatedACC == null) { |
| throw new SecurityException("Illegal AccessControlContext: null"); |
| } |
| |
| // Check if the subject delegation permission allows the |
| // authenticated subject to assume the identity of each |
| // principal in the delegated subject |
| // |
| Collection<Principal> ps = getSubjectPrincipals(delegatedSubject); |
| final Collection<Permission> permissions = new ArrayList<>(ps.size()); |
| for(Principal p : ps) { |
| final String pname = p.getClass().getName() + "." + p.getName(); |
| permissions.add(new SubjectDelegationPermission(pname)); |
| } |
| PrivilegedAction<Void> action = |
| new PrivilegedAction<Void>() { |
| public Void run() { |
| for (Permission sdp : permissions) { |
| AccessController.checkPermission(sdp); |
| } |
| return null; |
| } |
| }; |
| AccessController.doPrivileged(action, authenticatedACC); |
| |
| return getDelegatedAcc(delegatedSubject, removeCallerContext); |
| } |
| |
| private AccessControlContext getDelegatedAcc(Subject delegatedSubject, boolean removeCallerContext) { |
| if (removeCallerContext) { |
| return JMXSubjectDomainCombiner.getDomainCombinerContext(delegatedSubject); |
| } else { |
| return JMXSubjectDomainCombiner.getContext(delegatedSubject); |
| } |
| } |
| |
| /** |
| * Check if the connector server creator can assume the identity of each |
| * principal in the authenticated subject, i.e. check if the connector |
| * server creator codebase contains a subject delegation permission for |
| * each principal present in the authenticated subject. |
| * |
| * @return {@code true} if the connector server creator can delegate to all |
| * the authenticated principals in the subject. Otherwise, {@code false}. |
| */ |
| public static synchronized boolean |
| checkRemoveCallerContext(Subject subject) { |
| try { |
| for (Principal p : getSubjectPrincipals(subject)) { |
| final String pname = |
| p.getClass().getName() + "." + p.getName(); |
| final Permission sdp = |
| new SubjectDelegationPermission(pname); |
| AccessController.checkPermission(sdp); |
| } |
| } catch (SecurityException e) { |
| return false; |
| } |
| return true; |
| } |
| |
| /** |
| * Retrieves the {@linkplain Subject} principals |
| * @param subject The subject |
| * @return If the {@code Subject} is immutable it will return the principals directly. |
| * If the {@code Subject} is mutable it will create an unmodifiable copy. |
| */ |
| private static Collection<Principal> getSubjectPrincipals(Subject subject) { |
| if (subject.isReadOnly()) { |
| return subject.getPrincipals(); |
| } |
| |
| List<Principal> principals = Arrays.asList(subject.getPrincipals().toArray(new Principal[0])); |
| return Collections.unmodifiableList(principals); |
| } |
| } |