Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Licensed to the Apache Software Foundation (ASF) under one or more
   * contributor license agreements.  See the NOTICE file distributed with
   * this work for additional information regarding copyright ownership.
   * The ASF licenses this file to You under the Apache License, Version 2.0
   * (the "License"); you may not use this file except in compliance with
   * the License.  You may obtain a copy of the License at
   * 
   *      http://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.catalina.security;
 
 
 import java.util.Map;
 
 
This utility class associates a Subject to the current AccessControlContext. When a SecurityManager is used, * the container will always associate the called thread with an AccessControlContext * containing only the principal of the requested Servlet/Filter. This class uses reflection to invoke the invoke methods.

Author(s):
Jean-Francois Arcand
 
 
 public final class SecurityUtil{
     
     private final static int INIT= 0;
     private final static int SERVICE = 1;
     private final static int DOFILTER = 1;
     private final static int EVENT = 2;
     private final static int DOFILTEREVENT = 2;
     private final static int DESTROY = 3;
     
     private final static String INIT_METHOD = "init";
     private final static String DOFILTER_METHOD = "doFilter";
     private final static String SERVICE_METHOD = "service";
     private final static String EVENT_METHOD = "event";
     private final static String DOFILTEREVENT_METHOD = "doFilterEvent";
     private final static String DESTROY_METHOD = "destroy";
   
    
Cache every object for which we are creating method on it.
 
     private static Map<Object,Method[]> objectCache =
         new ConcurrentHashMap<Object,Method[]>();
         
     private static boolean packageDefinitionEnabled =  
          (System.getProperty("package.definition") == null && 
            System.getProperty("package.access")  == null) ? false : true;
    
    
Perform work as a particular Subject. Here the work will be granted to a null subject.

Parameters:
methodName the method to apply the security restriction
targetObject the Servlet on which the method will be called.
 
     public static void doAsPrivilege(final String methodName
                                      final Servlet targetObjectthrows java.lang.Exception{
          doAsPrivilege(methodNametargetObjectnullnullnull);                                
     }

    
    
Perform work as a particular Subject. Here the work will be granted to a null subject.

Parameters:
methodName the method to apply the security restriction
targetObject the Servlet on which the method will be called.
targetType Class array used to instanciate a i Method object.
targetArguments Object array contains the runtime parameters instance.
    public static void doAsPrivilege(final String methodName
                                     final Servlet targetObject
                                     final Class<?>[] targetType,
                                     final Object[] targetArguments
        throws java.lang.Exception{    
         doAsPrivilege(methodName
                       targetObject
                       targetType
                       targetArguments
                       null);                                
    }
    
    
    
Perform work as a particular Subject. Here the work will be granted to a null subject.

Parameters:
methodName the method to apply the security restriction
targetObject the Servlet on which the method will be called.
targetType Class array used to instanciate a Method object.
targetArguments Object array contains the runtime parameters instance.
principal the Principal to which the security privilege apply..
    
    public static void doAsPrivilege(final String methodName
                                     final Servlet targetObject
                                     final Class<?>[] targetType,
                                     final Object[] targetArguments,
                                     Principal principal
        throws java.lang.Exception{
        Method method = null;
        Method[] methodsCache = null;
        if(.containsKey(targetObject)){
            methodsCache = .get(targetObject);
            method = findMethod(methodsCachemethodName);
            if (method == null){
                method = createMethodAndCacheIt(methodsCache,
                                                methodName,
                                                targetObject,
                                                targetType);
            }
        } else {
            method = createMethodAndCacheIt(methodsCache,
                                            methodName,
                                            targetObject,
                                            targetType);                     
        }
        execute(methodtargetObjecttargetArgumentsprincipal);
    }
 
    
    
Perform work as a particular Subject. Here the work will be granted to a null subject.

Parameters:
methodName the method to apply the security restriction
targetObject the Filter on which the method will be called.
    
    public static void doAsPrivilege(final String methodName
                                     final Filter targetObject
        throws java.lang.Exception{
         doAsPrivilege(methodNametargetObjectnullnull);                                
    }
 
    
    
Perform work as a particular Subject. Here the work will be granted to a null subject.

Parameters:
methodName the method to apply the security restriction
targetObject the Filter on which the method will be called.
targetType Class array used to instanciate a Method object.
targetArguments Object array contains the runtime parameters instance.
    
    public static void doAsPrivilege(final String methodName
                                     final Filter targetObject
                                     final Class<?>[] targetType,
                                     final Object[] targetArguments
        throws java.lang.Exception{
        doAsPrivilege(
                methodNametargetObjecttargetTypetargetArgumentsnull);
    }
    
    
Perform work as a particular Subject. Here the work will be granted to a null subject.

Parameters:
methodName the method to apply the security restriction
targetObject the Filter on which the method will be called.
targetType Class array used to instanciate a Method object.
targetArguments Object array contains the runtime parameters instance.
principal the Principal to which the security privilege apply
    
    public static void doAsPrivilege(final String methodName
                                     final Filter targetObject
                                     final Class<?>[] targetType,
                                     final Object[] targetArguments,
                                     Principal principal
        throws java.lang.Exception{
        Method method = null;
        Method[] methodsCache = null;
        if(.containsKey(targetObject)){
            methodsCache = .get(targetObject);
            method = findMethod(methodsCachemethodName);
            if (method == null){
                method = createMethodAndCacheIt(methodsCache,
                                                methodName,
                                                targetObject,
                                                targetType);
            }
        } else {
            method = createMethodAndCacheIt(methodsCache,
                                            methodName,
                                            targetObject,
                                            targetType);                     
        }
        execute(methodtargetObjecttargetArgumentsprincipal);
    }
    
    
    
Perform work as a particular Subject. Here the work will be granted to a null subject.

Parameters:
methodName the method to apply the security restriction
targetObject the Servlet on which the method will be called.
targetArguments Object array contains the runtime parameters instance.
principal the Principal to which the security privilege applies
    
    private static void execute(final Method method,
                                final Object targetObject
                                final Object[] targetArguments,
                                Principal principal
        throws java.lang.Exception{
       
        try{   
            Subject subject = null;
            PrivilegedExceptionAction<Voidpea =
                new PrivilegedExceptionAction<Void>(){
                    public Void run() throws Exception{
                       method.invoke(targetObjecttargetArguments);
                       return null;
                    }
            };
            // The first argument is always the request object
            if (targetArguments != null 
                    && targetArguments[0] instanceof HttpServletRequest){
                HttpServletRequest request = 
                    (HttpServletRequest)targetArguments[0];
                boolean hasSubject = false;
                HttpSession session = request.getSession(false);
                if (session != null){
                    subject = 
                        (Subject)session.getAttribute(.);
                    hasSubject = (subject != null);
                }
                if (subject == null){
                    subject = new Subject();
                    
                    if (principal != null){
                        subject.getPrincipals().add(principal);
                    }
                }
                if (session != null && !hasSubject) {
                    session.setAttribute(.subject);
                }
            }
            Subject.doAsPrivileged(subjectpeanull);       
        } catchPrivilegedActionException pe) {
            Throwable e;
            if (pe.getException() instanceof InvocationTargetException) {
                e = ((InvocationTargetException)pe.getException())
                                .getTargetException();
            } else {
                e = pe;
            }
            
            if (e instanceof UnavailableException)
                throw (UnavailableExceptione;
            else if (e instanceof ServletException)
                throw (ServletExceptione;
            else if (e instanceof IOException)
                throw (IOExceptione;
            else if (e instanceof RuntimeException)
                throw (RuntimeExceptione;
            else
                throw new ServletException(e.getMessage(), e);
        }  
    }
    
    
    
Find a method stored within the cache.

Parameters:
methodsCache the cache used to store method instance
methodName the method to apply the security restriction
Returns:
the method instance, null if not yet created.
    private static Method findMethod(Method[] methodsCache,
                                     String methodName){
        if (methodName.equalsIgnoreCase(
                && methodsCache[] != null){
            return methodsCache[];
        } else if (methodName.equalsIgnoreCase(
                && methodsCache[] != null){
            return methodsCache[];            
        } else if (methodName.equalsIgnoreCase(
                && methodsCache[] != null){
            return methodsCache[];
        } else if (methodName.equalsIgnoreCase(
                && methodsCache[] != null){
            return methodsCache[];          
        } else if (methodName.equalsIgnoreCase(
                && methodsCache[] != null){
            return methodsCache[];          
        } else if (methodName.equalsIgnoreCase(
                && methodsCache[] != null){
            return methodsCache[];          
        } 
        return null;
    }
    
    
    
Create the method and cache it for further re-use.

Parameters:
methodsCache the cache used to store method instance
methodName the method to apply the security restriction
targetObject the Servlet on which the method will be called.
targetType Class array used to instanciate a Method object.
Returns:
the method instance.
    private static Method createMethodAndCacheIt(Method[] methodsCache,
                                                 String methodName,
                                                 Object targetObject,
                                                 Class<?>[] targetType
            throws Exception{
        
        if ( methodsCache == null){
            methodsCache = new Method[4];
        }               
                
        Method method = 
            targetObject.getClass().getMethod(methodNametargetType); 
        if (methodName.equalsIgnoreCase()){
            methodsCache[] = method;
        } else if (methodName.equalsIgnoreCase()){
            methodsCache[] = method;
        } else if (methodName.equalsIgnoreCase()){
            methodsCache[] = method;
        } else if (methodName.equalsIgnoreCase()){
            methodsCache[] = method;
        } else if (methodName.equalsIgnoreCase()){
            methodsCache[] = method;
        } else if (methodName.equalsIgnoreCase()){
            methodsCache[] = method;
        } 
         
        .put(targetObjectmethodsCache );
                                           
        return method;
    }

    
    
Remove the object from the cache.

Parameters:
cachedObject The object to remove
    public static void remove(Object cachedObject){
        .remove(cachedObject);
    }
    
    
    
Return the SecurityManager only if Security is enabled AND package protection mechanism is enabled.
    public static boolean isPackageProtectionEnabled(){
            return true;
        }
        return false;
    }
    
    
New to GrepCode? Check out our FAQ X