/*
 * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package com.sun.jmx.remote.security;

import java.security.AccessController;
import java.security.AccessControlContext;
import java.security.Permission;
import java.security.Principal;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;

import javax.management.remote.SubjectDelegationPermission;

import java.util.*;

public class SubjectDelegator {
    /* Return the AccessControlContext appropriate to execute an
       operation on behalf of the delegatedSubject.  If the
       authenticatedAccessControlContext does not have permission to
       delegate to that subject, throw SecurityException.  */
    public AccessControlContext
        delegatedContext(AccessControlContext authenticatedACC,
                         Subject delegatedSubject,
                         boolean removeCallerContext)
            throws SecurityException {

        if (System.getSecurityManager() != null && authenticatedACC == null) {
            throw new SecurityException("Illegal AccessControlContext: null");
        }

        // Check if the subject delegation permission allows the
        // authenticated subject to assume the identity of each
        // principal in the delegated subject
        //
        Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
        final Collection<Permission> permissions = new ArrayList<Permission>(ps.size());
        for(Principal p : ps) {
            final String pname = p.getClass().getName() + "." + p.getName();
            permissions.add(new SubjectDelegationPermission(pname));
        }
        PrivilegedAction<Void> action =
            new PrivilegedAction<Void>() {
                public Void run() {
                    for (Permission sdp : permissions) {
                        AccessController.checkPermission(sdp);
                    }
                    return null;
                }
            };
        AccessController.doPrivileged(action, authenticatedACC);

        return getDelegatedAcc(delegatedSubject, removeCallerContext);
    }

    private AccessControlContext getDelegatedAcc(Subject delegatedSubject, boolean removeCallerContext) {
        if (removeCallerContext) {
            return JMXSubjectDomainCombiner.getDomainCombinerContext(delegatedSubject);
        } else {
            return JMXSubjectDomainCombiner.getContext(delegatedSubject);
        }
    }

    
Check if the connector server creator can assume the identity of each principal in the authenticated subject, i.e. check if the connector server creator codebase contains a subject delegation permission for each principal present in the authenticated subject.
Returns:true if the connector server creator can delegate to all the authenticated principals in the subject. Otherwise, false.
/** * Check if the connector server creator can assume the identity of each * principal in the authenticated subject, i.e. check if the connector * server creator codebase contains a subject delegation permission for * each principal present in the authenticated subject. * * @return {@code true} if the connector server creator can delegate to all * the authenticated principals in the subject. Otherwise, {@code false}. */
public static synchronized boolean checkRemoveCallerContext(Subject subject) { try { for (Principal p : getSubjectPrincipals(subject)) { final String pname = p.getClass().getName() + "." + p.getName(); final Permission sdp = new SubjectDelegationPermission(pname); AccessController.checkPermission(sdp); } } catch (SecurityException e) { return false; } return true; }
Retrieves the Subject principals
Params:
  • subject – The subject
Returns:If the Subject is immutable it will return the principals directly. If the Subject is mutable it will create an unmodifiable copy.
/** * Retrieves the {@linkplain Subject} principals * @param subject The subject * @return If the {@code Subject} is immutable it will return the principals directly. * If the {@code Subject} is mutable it will create an unmodifiable copy. */
private static Collection<Principal> getSubjectPrincipals(Subject subject) { if (subject.isReadOnly()) { return subject.getPrincipals(); } List<Principal> principals = Arrays.asList(subject.getPrincipals().toArray(new Principal[0])); return Collections.unmodifiableList(principals); } }