Package org.apache.catalina.security

Class SecurityUtil

  • public final class SecurityUtil
extends Object
    This utility class associates a Subject to the current AccessControlContext. When a SecurityManager is used, the container will always associate the called thread with an AccessControlContext containing only the principal of the requested Servlet/Filter. This class uses reflection to invoke the invoke methods.
    Author:
    Jean-Francois Arcand

    • Field Detail

      • executeUnderSubjectDoAs

        public static final boolean executeUnderSubjectDoAs
        Do we need to execute all invokation under a Subject.doAs call.
        See Also:
        Constant Field Values

    • Constructor Detail

      • SecurityUtil

        public SecurityUtil()

    • Method Detail

      • doAsPrivilege

        public static void doAsPrivilege​(String methodName,
                                 jakarta.servlet.Servlet targetObject)
                          throws Exception
        Perform work as a particular Subject. Here the work will be granted to a null subject.
        Parameters:
        methodName - the method to apply the security restriction
        targetObject - the Servlet on which the method will be called.
        Throws:
        Exception

      • doAsPrivilege

        public static void doAsPrivilege​(String methodName,
                                 jakarta.servlet.Servlet targetObject,
                                 Class<?>[] targetType,
                                 Object[] targetArguments)
                          throws Exception
        Perform work as a particular Subject. Here the work will be granted to a null subject.
        Parameters:
        methodName - the method to apply the security restriction
        targetObject - the Servlet on which the method will be called.
        targetType - Class array used to instantiate a i Method object.
        targetObject - Object array contains the runtime parameters instance.
        Throws:
        Exception

      • doAsPrivilege

        public static void doAsPrivilege​(String methodName,
                                 jakarta.servlet.Servlet targetObject,
                                 Class<?>[] targetType,
                                 Object[] targetArguments,
                                 Principal principal)
                          throws Exception
        Perform work as a particular Subject. Here the work will be granted to a null subject.
        Parameters:
        methodName - the method to apply the security restriction
        targetObject - the Servlet on which the method will be called.
        targetType - Class array used to instantiate a Method object.
        targetArguments - Object array contains the runtime parameters instance.
        principal - the Principal to which the security privilege apply..
        Throws:
        Exception

      • doAsPrivilege

        public static void doAsPrivilege​(String methodName,
                                 jakarta.servlet.Filter targetObject)
                          throws Exception
        Perform work as a particular Subject. Here the work will be granted to a null subject.
        Parameters:
        methodName - the method to apply the security restriction
        targetObject - the Filter on which the method will be called.
        Throws:
        Exception

      • doAsPrivilege

        public static void doAsPrivilege​(String methodName,
                                 jakarta.servlet.Filter targetObject,
                                 Class<?>[] targetType,
                                 Object[] targetArguments)
                          throws Exception
        Perform work as a particular Subject. Here the work will be granted to a null subject.
        Parameters:
        methodName - the method to apply the security restriction
        targetObject - the Filter on which the method will be called.
        targetType - Class array used to instantiate a Method object.
        targetArguments - Object array contains the runtime parameters instance.
        Throws:
        Exception

      • doAsPrivilege

        public static void doAsPrivilege​(String methodName,
                                 jakarta.servlet.Filter targetObject,
                                 Class[] targetType,
                                 Object[] targetArguments,
                                 Principal principal)
                          throws Exception
        Perform work as a particular Subject. Here the work will be granted to a null subject.
        Parameters:
        methodName - the method to apply the security restriction
        targetObject - the Filter on which the method will be called.
        targetType - Class array used to instantiate a Method object.
        targetArguments - Object array contains the runtime parameters instance.
        principal - the Principal to which the security privilege apply
        Throws:
        Exception

      • remove

        public static void remove​(Object cachedObject)
        Remove the object from the cache.

      • isPackageProtectionEnabled

        public static boolean isPackageProtectionEnabled()
        Return the SecurityManager only if Security is enabled AND package protection mechanism is enabled.

      • executeUnderSubjectDoAs

        public static boolean executeUnderSubjectDoAs()
        Return true if a SecurityManager is used and is isDoAsRequired is required.