Package org.apache.catalina.security
Class SecurityUtil
- java.lang.Object
-
- org.apache.catalina.security.SecurityUtil
-
public final class SecurityUtil extends Object
This utility class associates aSubject
to the currentAccessControlContext
. When aSecurityManager
is used, the container will always associate the called thread with an AccessControlContext containing only the principal of the requested Servlet/Filter. This class uses reflection to invoke the invoke methods.- Author:
- Jean-Francois Arcand
-
-
Field Summary
Fields Modifier and Type Field Description static boolean
executeUnderSubjectDoAs
Do we need to execute all invokation under a Subject.doAs call.
-
Constructor Summary
Constructors Constructor Description SecurityUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static void
doAsPrivilege(String methodName, jakarta.servlet.Filter targetObject)
Perform work as a particularSubject
.static void
doAsPrivilege(String methodName, jakarta.servlet.Filter targetObject, Class[] targetType, Object[] targetArguments, Principal principal)
Perform work as a particularSubject
.static void
doAsPrivilege(String methodName, jakarta.servlet.Filter targetObject, Class<?>[] targetType, Object[] targetArguments)
Perform work as a particularSubject
.static void
doAsPrivilege(String methodName, jakarta.servlet.Servlet targetObject)
Perform work as a particularSubject
.static void
doAsPrivilege(String methodName, jakarta.servlet.Servlet targetObject, Class<?>[] targetType, Object[] targetArguments)
Perform work as a particularSubject
.static void
doAsPrivilege(String methodName, jakarta.servlet.Servlet targetObject, Class<?>[] targetType, Object[] targetArguments, Principal principal)
Perform work as a particularSubject
.static boolean
executeUnderSubjectDoAs()
Return true if aSecurityManager
is used and isisDoAsRequired
is required.static boolean
isPackageProtectionEnabled()
Return theSecurityManager
only if Security is enabled AND package protection mechanism is enabled.static void
remove(Object cachedObject)
Remove the object from the cache.
-
-
-
Field Detail
-
executeUnderSubjectDoAs
public static final boolean executeUnderSubjectDoAs
Do we need to execute all invokation under a Subject.doAs call.- See Also:
- Constant Field Values
-
-
Method Detail
-
doAsPrivilege
public static void doAsPrivilege(String methodName, jakarta.servlet.Servlet targetObject) throws Exception
Perform work as a particularSubject
. Here the work will be granted to anull
subject.- Parameters:
methodName
- the method to apply the security restrictiontargetObject
- theServlet
on which the method will be called.- Throws:
Exception
-
doAsPrivilege
public static void doAsPrivilege(String methodName, jakarta.servlet.Servlet targetObject, Class<?>[] targetType, Object[] targetArguments) throws Exception
Perform work as a particularSubject
. Here the work will be granted to anull
subject.- Parameters:
methodName
- the method to apply the security restrictiontargetObject
- theServlet
on which the method will be called.targetType
-Class
array used to instantiate a iMethod
object.targetObject
-Object
array contains the runtime parameters instance.- Throws:
Exception
-
doAsPrivilege
public static void doAsPrivilege(String methodName, jakarta.servlet.Servlet targetObject, Class<?>[] targetType, Object[] targetArguments, Principal principal) throws Exception
Perform work as a particularSubject
. Here the work will be granted to anull
subject.- Parameters:
methodName
- the method to apply the security restrictiontargetObject
- theServlet
on which the method will be called.targetType
-Class
array used to instantiate aMethod
object.targetArguments
-Object
array contains the runtime parameters instance.principal
- thePrincipal
to which the security privilege apply..- Throws:
Exception
-
doAsPrivilege
public static void doAsPrivilege(String methodName, jakarta.servlet.Filter targetObject) throws Exception
Perform work as a particularSubject
. Here the work will be granted to anull
subject.- Parameters:
methodName
- the method to apply the security restrictiontargetObject
- theFilter
on which the method will be called.- Throws:
Exception
-
doAsPrivilege
public static void doAsPrivilege(String methodName, jakarta.servlet.Filter targetObject, Class<?>[] targetType, Object[] targetArguments) throws Exception
Perform work as a particularSubject
. Here the work will be granted to anull
subject.- Parameters:
methodName
- the method to apply the security restrictiontargetObject
- theFilter
on which the method will be called.targetType
-Class
array used to instantiate aMethod
object.targetArguments
-Object
array contains the runtime parameters instance.- Throws:
Exception
-
doAsPrivilege
public static void doAsPrivilege(String methodName, jakarta.servlet.Filter targetObject, Class[] targetType, Object[] targetArguments, Principal principal) throws Exception
Perform work as a particularSubject
. Here the work will be granted to anull
subject.- Parameters:
methodName
- the method to apply the security restrictiontargetObject
- theFilter
on which the method will be called.targetType
-Class
array used to instantiate aMethod
object.targetArguments
-Object
array contains the runtime parameters instance.principal
- thePrincipal
to which the security privilege apply- Throws:
Exception
-
remove
public static void remove(Object cachedObject)
Remove the object from the cache.
-
isPackageProtectionEnabled
public static boolean isPackageProtectionEnabled()
Return theSecurityManager
only if Security is enabled AND package protection mechanism is enabled.
-
executeUnderSubjectDoAs
public static boolean executeUnderSubjectDoAs()
Return true if aSecurityManager
is used and isisDoAsRequired
is required.
-
-