0N/A/*
2362N/A * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
2362N/A * published by the Free Software Foundation. Oracle designates this
0N/A * particular file as subject to the "Classpath" exception as provided
2362N/A * by Oracle in the LICENSE file that accompanied this code.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/Apackage com.sun.jmx.remote.security;
0N/A
0N/Aimport java.security.AccessController;
0N/Aimport java.security.AccessControlContext;
0N/Aimport java.security.Permission;
0N/Aimport java.security.Principal;
0N/Aimport java.security.PrivilegedAction;
0N/Aimport javax.security.auth.Subject;
0N/A
0N/Aimport javax.management.remote.SubjectDelegationPermission;
0N/A
0N/Aimport com.sun.jmx.remote.util.CacheMap;
0N/A
0N/Apublic class SubjectDelegator {
0N/A private static final int PRINCIPALS_CACHE_SIZE = 10;
0N/A private static final int ACC_CACHE_SIZE = 10;
0N/A
0N/A private CacheMap<Subject, Principal[]> principalsCache;
0N/A private CacheMap<Subject, AccessControlContext> accCache;
0N/A
0N/A /* Return the AccessControlContext appropriate to execute an
0N/A operation on behalf of the delegatedSubject. If the
0N/A authenticatedAccessControlContext does not have permission to
0N/A delegate to that subject, throw SecurityException. */
0N/A public synchronized AccessControlContext
0N/A delegatedContext(AccessControlContext authenticatedACC,
0N/A Subject delegatedSubject,
0N/A boolean removeCallerContext)
0N/A throws SecurityException {
0N/A
0N/A if (principalsCache == null || accCache == null) {
0N/A principalsCache =
0N/A new CacheMap<Subject, Principal[]>(PRINCIPALS_CACHE_SIZE);
0N/A accCache =
0N/A new CacheMap<Subject, AccessControlContext>(ACC_CACHE_SIZE);
0N/A }
0N/A
0N/A // Retrieve the principals for the given
0N/A // delegated subject from the cache
0N/A //
0N/A Principal[] delegatedPrincipals = principalsCache.get(delegatedSubject);
0N/A
0N/A // Convert the set of principals stored in the
0N/A // delegated subject into an array of principals
0N/A // and store it in the cache
0N/A //
0N/A if (delegatedPrincipals == null) {
0N/A delegatedPrincipals =
0N/A delegatedSubject.getPrincipals().toArray(new Principal[0]);
0N/A principalsCache.put(delegatedSubject, delegatedPrincipals);
0N/A }
0N/A
0N/A // Retrieve the access control context for the
0N/A // given delegated subject from the cache
0N/A //
0N/A AccessControlContext delegatedACC = accCache.get(delegatedSubject);
0N/A
0N/A // Build the access control context to be used
0N/A // when executing code as the delegated subject
0N/A // and store it in the cache
0N/A //
0N/A if (delegatedACC == null) {
0N/A if (removeCallerContext) {
0N/A delegatedACC =
0N/A JMXSubjectDomainCombiner.getDomainCombinerContext(
0N/A delegatedSubject);
0N/A } else {
0N/A delegatedACC =
0N/A JMXSubjectDomainCombiner.getContext(delegatedSubject);
0N/A }
0N/A accCache.put(delegatedSubject, delegatedACC);
0N/A }
0N/A
0N/A // Check if the subject delegation permission allows the
0N/A // authenticated subject to assume the identity of each
0N/A // principal in the delegated subject
0N/A //
0N/A final Principal[] dp = delegatedPrincipals;
0N/A PrivilegedAction<Void> action =
0N/A new PrivilegedAction<Void>() {
0N/A public Void run() {
0N/A for (int i = 0 ; i < dp.length ; i++) {
0N/A final String pname =
0N/A dp[i].getClass().getName() + "." + dp[i].getName();
0N/A Permission sdp =
0N/A new SubjectDelegationPermission(pname);
0N/A AccessController.checkPermission(sdp);
0N/A }
0N/A return null;
0N/A }
0N/A };
0N/A AccessController.doPrivileged(action, authenticatedACC);
0N/A
0N/A return delegatedACC;
0N/A }
0N/A
0N/A /**
0N/A * Check if the connector server creator can assume the identity of each
0N/A * principal in the authenticated subject, i.e. check if the connector
0N/A * server creator codebase contains a subject delegation permission for
0N/A * each principal present in the authenticated subject.
0N/A *
0N/A * @return {@code true} if the connector server creator can delegate to all
0N/A * the authenticated principals in the subject. Otherwise, {@code false}.
0N/A */
0N/A public static synchronized boolean
0N/A checkRemoveCallerContext(Subject subject) {
0N/A try {
0N/A final Principal[] dp =
0N/A subject.getPrincipals().toArray(new Principal[0]);
0N/A for (int i = 0 ; i < dp.length ; i++) {
0N/A final String pname =
0N/A dp[i].getClass().getName() + "." + dp[i].getName();
0N/A final Permission sdp =
0N/A new SubjectDelegationPermission(pname);
0N/A AccessController.checkPermission(sdp);
0N/A }
0N/A } catch (SecurityException e) {
0N/A return false;
0N/A }
0N/A return true;
0N/A }
0N/A}