infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-04-16 01:40:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

8029286: Enhance subject delegation

Browse Source 
Reviewed-by: dfuchs, ahgross
This commit is contained in:
Jaroslav Bachorik 2013-12-23 14:29:27 +01:00
parent b921c9e927
commit 60a88657a7
1 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
jdk/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java
View File

@ -35,6 +35,8 @@ import javax.security.auth.Subject;
import javax.management.remote.SubjectDelegationPermission;
import com.sun.jmx.remote.util.CacheMap;
import java.util.ArrayList;
import java.util.Collection;
public class SubjectDelegator {
private static final int PRINCIPALS_CACHE_SIZE = 10;
@ -53,11 +55,14 @@ public class SubjectDelegator {
boolean removeCallerContext)
throws SecurityException {
if (System.getSecurityManager() != null && authenticatedACC == null) {
throw new SecurityException("Illegal AccessControlContext: null");
}
if (principalsCache == null || accCache == null) {
principalsCache =
new CacheMap<Subject, Principal[]>(PRINCIPALS_CACHE_SIZE);
new CacheMap<>(PRINCIPALS_CACHE_SIZE);
accCache =
new CacheMap<Subject, AccessControlContext>(ACC_CACHE_SIZE);
new CacheMap<>(ACC_CACHE_SIZE);
}
// Retrieve the principals for the given
@ -101,14 +106,15 @@ public class SubjectDelegator {
// principal in the delegated subject
//
final Principal[] dp = delegatedPrincipals;
final Collection<Permission> permissions = new ArrayList<>(dp.length);
for(Principal p : dp) {
final String pname = p.getClass().getName() + "." + p.getName();
permissions.add(new SubjectDelegationPermission(pname));
}
PrivilegedAction<Void> action =
new PrivilegedAction<Void>() {
public Void run() {
for (int i = 0 ; i < dp.length ; i++) {
final String pname =
dp[i].getClass().getName() + "." + dp[i].getName();
Permission sdp =
new SubjectDelegationPermission(pname);
for (Permission sdp : permissions) {
AccessController.checkPermission(sdp);
}
return null;