001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one
003: * or more contributor license agreements. See the NOTICE file
004: * distributed with this work for additional information
005: * regarding copyright ownership. The ASF licenses this file
006: * to you under the Apache License, Version 2.0 (the
007: * "License"); you may not use this file except in compliance
008: * with the License. You may obtain a copy of the License at
009: *
010: * http://www.apache.org/licenses/LICENSE-2.0
011: *
012: * Unless required by applicable law or agreed to in writing,
013: * software distributed under the License is distributed on an
014: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015: * KIND, either express or implied. See the License for the
016: * specific language governing permissions and limitations
017: * under the License.
018: */
019:
020: package org.apache.axis2.java.security;
021:
022: import java.security.AccessControlContext;
023: import java.security.AccessControlException;
024: import java.security.Permission;
025: import java.security.PrivilegedAction;
026: import java.security.PrivilegedActionException;
027: import java.security.PrivilegedExceptionAction;
028:
029: /**
030: * This utility wrapper class is created to support AXIS2 runs
031: * inside of Java 2 Security environment. Due to the access control
032: * checking algorithm, for Java 2 Security to function properly,
033: * <code>doPrivileged()</code>
034: * is required in cases where there is application code on the stack frame
035: * accessing the system resources (ie, read/write files, opening ports, and etc).
036: * This class also improve performance no matther Security Manager is being enabled
037: * or not.
038: * <p/>
039: * Note: This utility should be used properly, otherwise might introduce
040: * security holes.
041: * <p/>
042: * Usage Example:
043: * <code>
044: * public void changePassword() {
045: * ...
046: * AccessController.doPrivileged(new PrivilegedAction() {
047: * public Object run() {
048: * f = Util.openPasswordFile();
049: * ...
050: * <p/>
051: * }
052: * });
053: * ...
054: * }
055: * </code>
056: */
057:
058: public class AccessController {
059:
060: /**
061: * Performs the specified <code>PrivilegedAction</code> with privileges
062: * enabled if a security manager is present.
063: * <p/>
064: * If the action's <code>run</code> method throws an (unchecked) exception,
065: * it will propagate through this method.
066: *
067: * @param action the action to be performed.
068: * @return the value returned by the action's <code>run</code> method.
069: * @see #doPrivileged(PrivilegedAction,AccessControlContext)
070: * @see #doPrivileged(PrivilegedExceptionAction)
071: */
072: public static Object doPrivileged(PrivilegedAction action) {
073: SecurityManager sm = System.getSecurityManager();
074: if (sm == null) {
075: return (action.run());
076: } else {
077: return java.security.AccessController.doPrivileged(action);
078: }
079: }
080:
081: /**
082: * Performs the specified <code>PrivilegedAction</code> with privileges
083: * enabled and restricted by the specified <code>AccessControlContext</code>.
084: * The action is performed with the intersection of the permissions
085: * possessed by the caller's protection domain, and those possessed
086: * by the domains represented by the specified
087: * <code>AccessControlContext</code> if a security manager is present.
088: * <p/>
089: * <p/>
090: * If the action's <code>run</code> method throws an (unchecked) exception,
091: * it will propagate through this method.
092: *
093: * @param action the action to be performed.
094: * @param context an <i>access control context</i> representing the
095: * restriction to be applied to the caller's domain's
096: * privileges before performing the specified action.
097: * @return the value returned by the action's <code>run</code> method.
098: * @see #doPrivileged(PrivilegedAction)
099: * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
100: */
101: public static Object doPrivileged(PrivilegedAction action,
102: AccessControlContext context) {
103: SecurityManager sm = System.getSecurityManager();
104: if (sm == null) {
105: return action.run();
106: } else {
107: return java.security.AccessController.doPrivileged(action,
108: context);
109: }
110: }
111:
112: /**
113: * Performs the specified <code>PrivilegedExceptionAction</code> with
114: * privileges enabled. The action is performed with <i>all</i> of the
115: * permissions possessed by the caller's protection domain.
116: * <p/>
117: * If the action's <code>run</code> method throws an <i>unchecked</i>
118: * exception, it will propagate through this method.
119: *
120: * @param action the action to be performed.
121: * @return the value returned by the action's <code>run</code> method.
122: * @throws PrivilgedActionException the specified action's
123: * <code>run</code> method threw a <i>checked</i> exception.
124: * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
125: * @see #doPrivileged(PrivilegedAction)
126: */
127: public static Object doPrivileged(PrivilegedExceptionAction action)
128: throws PrivilegedActionException {
129: SecurityManager sm = System.getSecurityManager();
130: if (sm == null) {
131: try {
132: return action.run();
133: } catch (java.lang.RuntimeException e) {
134: throw e;
135: } catch (Exception e) {
136: throw new PrivilegedActionException(e);
137: }
138: } else {
139: return java.security.AccessController.doPrivileged(action);
140: }
141: }
142:
143: /**
144: * Performs the specified <code>PrivilegedExceptionAction</code> with
145: * privileges enabled and restricted by the specified
146: * <code>AccessControlContext</code>. The action is performed with the
147: * intersection of the the permissions possessed by the caller's
148: * protection domain, and those possessed by the domains represented by the
149: * specified <code>AccessControlContext</code>.
150: * <p/>
151: * If the action's <code>run</code> method throws an <i>unchecked</i>
152: * exception, it will propagate through this method.
153: *
154: * @param action the action to be performed.
155: * @param context an <i>access control context</i> representing the
156: * restriction to be applied to the caller's domain's
157: * privileges before performing the specified action.
158: * @return the value returned by the action's <code>run</code> method.
159: * @throws PrivilegedActionException the specified action's
160: * <code>run</code> method
161: * threw a <i>checked</i> exception.
162: * @see #doPrivileged(PrivilegedAction)
163: * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
164: */
165: public static Object doPrivileged(PrivilegedExceptionAction action,
166: AccessControlContext context)
167: throws PrivilegedActionException {
168:
169: SecurityManager sm = System.getSecurityManager();
170: if (sm == null) {
171: try {
172: return action.run();
173: } catch (java.lang.RuntimeException e) {
174: throw e;
175: } catch (Exception e) {
176: throw new PrivilegedActionException(e);
177: }
178: } else {
179: return java.security.AccessController.doPrivileged(action,
180: context);
181: }
182: }
183:
184: /**
185: * This method takes a "snapshot" of the current calling context, which
186: * includes the current Thread's inherited AccessControlContext,
187: * and places it in an AccessControlContext object. This context may then
188: * be checked at a later point, possibly in another thread.
189: *
190: * @return the AccessControlContext based on the current context.
191: * @see AccessControlContext
192: */
193: public static AccessControlContext getContext() {
194: return java.security.AccessController.getContext();
195: }
196:
197: /**
198: * Determines whether the access request indicated by the
199: * specified permission should be allowed or denied, based on
200: * the security policy currently in effect.
201: * This method quietly returns if the access request
202: * is permitted, or throws a suitable AccessControlException otherwise.
203: *
204: * @param perm the requested permission.
205: * @throws AccessControlException if the specified permission
206: * is not permitted, based on the current security policy.
207: */
208: public static void checkPermission(Permission perm)
209: throws AccessControlException {
210: java.security.AccessController.checkPermission(perm);
211: }
212:
213: /**
214: * No instantiation allowed
215: */
216: private AccessController() {
217: }
218: }
|