private ServiceLoader(Class svc, ClassLoader cl)
{
Service = Objects.RequireNonNull(svc, "Service interface cannot be null");
Loader = (cl == null) ? ClassLoader.SystemClassLoader : cl;
Acc = (System.SecurityManager != null) ? AccessController.Context : null;
Reload();
}
public AuthorizeCardHandler(
DeviceController deviceController,
AccessControlContext context)
{
_deviceController = deviceController;
_context = context;
}
/// <summary>
/// Version for InnocuousForkJoinWorkerThread
/// </summary>
internal ForkJoinWorkerThread(ForkJoinPool pool, ThreadGroup threadGroup, AccessControlContext acc) : base(threadGroup, null, "aForkJoinWorkerThread")
{
U.putOrderedObject(this, INHERITEDACCESSCONTROLCONTEXT, acc);
EraseThreadLocals(); // clear before registering
this.Pool_Renamed = pool;
this.WorkQueue = pool.RegisterWorker(this);
}
/// <summary>
/// Implements the SPNEGO authentication sequence interaction using the current default principal
/// in the Kerberos cache (normally set via kinit).
/// </summary>
/// <param name="token">the authentication token being used for the user.</param>
/// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
/// <exception cref="AuthenticationException">if an authentication error occurred.</exception>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// "/>
private void DoSpnegoSequence(AuthenticatedURL.Token token)
{
try
{
AccessControlContext context = AccessController.GetContext();
Subject subject = Subject.GetSubject(context);
if (subject == null || (subject.GetPrivateCredentials <KerberosKey>().IsEmpty() &&
subject.GetPrivateCredentials <KerberosTicket>().IsEmpty()))
{
Log.Debug("No subject in context, logging in");
subject = new Subject();
LoginContext login = new LoginContext(string.Empty, subject, null, new KerberosAuthenticator.KerberosConfiguration
());
login.Login();
}
if (Log.IsDebugEnabled())
{
Log.Debug("Using subject: " + subject);
}
Subject.DoAs(subject, new _PrivilegedExceptionAction_287(this));
}
catch (PrivilegedActionException ex)
{
// Loop while the context is still not established
throw new AuthenticationException(ex.GetException());
}
catch (LoginException ex)
{
throw new AuthenticationException(ex);
}
AuthenticatedURL.ExtractToken(conn, token);
}
/// <summary>
/// Extract the appropriate property value from the event and
/// pass it to the action associated with
/// this <code>EventHandler</code>.
/// </summary>
/// <param name="proxy"> the proxy object </param>
/// <param name="method"> the method in the listener interface </param>
/// <returns> the result of applying the action to the target
/// </returns>
/// <seealso cref= EventHandler </seealso>
//JAVA TO C# CONVERTER WARNING: 'final' parameters are not allowed in .NET:
//ORIGINAL LINE: public Object invoke(final Object proxy, final Method method, final Object[] arguments)
public virtual Object Invoke(Object proxy, Method method, Object[] arguments)
{
AccessControlContext acc = this.Acc;
if ((acc == null) && (System.SecurityManager != null))
{
throw new SecurityException("AccessControlContext is not set");
}
return(AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper(this, proxy, method, arguments), acc));
}
/// <summary>
/// Reads the menu component from an object input stream.
/// </summary>
/// <param name="s"> the <code>ObjectInputStream</code> to read </param>
/// <exception cref="HeadlessException"> if
/// <code>GraphicsEnvironment.isHeadless</code> returns
/// <code>true</code>
/// @serial </exception>
/// <seealso cref= java.awt.GraphicsEnvironment#isHeadless </seealso>
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: private void readObject(java.io.ObjectInputStream s) throws ClassNotFoundException, java.io.IOException, HeadlessException
private void ReadObject(ObjectInputStream s)
{
GraphicsEnvironment.CheckHeadless();
Acc = AccessController.Context;
s.DefaultReadObject();
AppContext = AppContext.AppContext;
}
/// <summary>
/// Creates a new instance of URLClassLoader for the specified
/// URLs and default parent class loader. If a security manager is
/// installed, the {@code loadClass} method of the URLClassLoader
/// returned by this method will invoke the
/// {@code SecurityManager.checkPackageAccess} before
/// loading the class.
/// </summary>
/// <param name="urls"> the URLs to search for classes and resources </param>
/// <exception cref="NullPointerException"> if {@code urls} is {@code null}. </exception>
/// <returns> the resulting class loader </returns>
//JAVA TO C# CONVERTER WARNING: 'final' parameters are not allowed in .NET:
//ORIGINAL LINE: public static URLClassLoader newInstance(final URL[] urls)
public static URLClassLoader NewInstance(URL[] urls)
{
// Save the caller's context
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final java.security.AccessControlContext acc = java.security.AccessController.getContext();
AccessControlContext acc = AccessController.Context;
// Need a privileged block to create the class loader
URLClassLoader ucl = AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper5(urls, acc));
return(ucl);
}
/// <summary>
/// Constructs a new URLClassLoader for the specified URLs using the
/// default delegation parent {@code ClassLoader}. The URLs will
/// be searched in the order specified for classes and resources after
/// first searching in the parent class loader. Any URL that ends with
/// a '/' is assumed to refer to a directory. Otherwise, the URL is
/// assumed to refer to a JAR file which will be downloaded and opened
/// as needed.
///
/// <para>If there is a security manager, this method first
/// calls the security manager's {@code checkCreateClassLoader} method
/// to ensure creation of a class loader is allowed.
///
/// </para>
/// </summary>
/// <param name="urls"> the URLs from which to load classes and resources
/// </param>
/// <exception cref="SecurityException"> if a security manager exists and its
/// {@code checkCreateClassLoader} method doesn't allow
/// creation of a class loader. </exception>
/// <exception cref="NullPointerException"> if {@code urls} is {@code null}. </exception>
/// <seealso cref= SecurityManager#checkCreateClassLoader </seealso>
public URLClassLoader(URL[] urls) : base()
{
// this is to make the stack depth consistent with 1.1
SecurityManager security = System.SecurityManager;
if (security != null)
{
security.CheckCreateClassLoader();
}
Ucp = new URLClassPath(urls);
this.Acc = AccessController.Context;
}
/// <summary>
/// Constructs a new URLClassLoader for the specified URLs, parent
/// class loader, and URLStreamHandlerFactory. The parent argument
/// will be used as the parent class loader for delegation. The
/// factory argument will be used as the stream handler factory to
/// obtain protocol handlers when creating new jar URLs.
///
/// <para>If there is a security manager, this method first
/// calls the security manager's {@code checkCreateClassLoader} method
/// to ensure creation of a class loader is allowed.
///
/// </para>
/// </summary>
/// <param name="urls"> the URLs from which to load classes and resources </param>
/// <param name="parent"> the parent class loader for delegation </param>
/// <param name="factory"> the URLStreamHandlerFactory to use when creating URLs
/// </param>
/// <exception cref="SecurityException"> if a security manager exists and its
/// {@code checkCreateClassLoader} method doesn't allow
/// creation of a class loader. </exception>
/// <exception cref="NullPointerException"> if {@code urls} is {@code null}. </exception>
/// <seealso cref= SecurityManager#checkCreateClassLoader </seealso>
public URLClassLoader(URL[] urls, ClassLoader parent, URLStreamHandlerFactory factory) : base(parent)
{
// this is to make the stack depth consistent with 1.1
SecurityManager security = System.SecurityManager;
if (security != null)
{
security.CheckCreateClassLoader();
}
Ucp = new URLClassPath(urls, factory);
Acc = AccessController.Context;
}
internal URLClassLoader(URL[] urls, ClassLoader parent, AccessControlContext acc) : base(parent)
{
// this is to make the stack depth consistent with 1.1
SecurityManager security = System.SecurityManager;
if (security != null)
{
security.CheckCreateClassLoader();
}
Ucp = new URLClassPath(urls);
this.Acc = acc;
}
internal PrivilegedThreadFactory() : base()
{
SecurityManager sm = System.SecurityManager;
if (sm != null)
{
// Calls to getContextClassLoader from this class
// never trigger a security check, but we check
// whether our callers have this permission anyways.
sm.CheckPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
// Fail fast
sm.CheckPermission(new RuntimePermission("setContextClassLoader"));
}
this.Acc = AccessController.Context;
this.Ccl = Thread.CurrentThread.ContextClassLoader;
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: Object invoke() throws Exception
internal virtual Object Invoke()
{
AccessControlContext acc = this.Acc;
if ((acc == null) && (System.SecurityManager != null))
{
throw new SecurityException("AccessControlContext is not set");
}
try
{
return(AccessController.doPrivileged(new PrivilegedExceptionActionAnonymousInnerClassHelper(this),
acc));
}
catch (PrivilegedActionException exception)
{
throw exception.Exception;
}
}
internal PrivilegedCallableUsingCurrentClassLoader(Callable <T> task)
{
SecurityManager sm = System.SecurityManager;
if (sm != null)
{
// Calls to getContextClassLoader from this class
// never trigger a security check, but we check
// whether our callers have this permission anyways.
sm.CheckPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
// Whether setContextClassLoader turns out to be necessary
// or not, we fail fast if permission is not available.
sm.CheckPermission(new RuntimePermission("setContextClassLoader"));
}
this.Task = task;
this.Acc = AccessController.Context;
this.Ccl = Thread.CurrentThread.ContextClassLoader;
}
//JAVA TO C# CONVERTER WARNING: 'final' parameters are not allowed in .NET:
//ORIGINAL LINE: @Override public <T> T doIntersectionPrivilege(PrivilegedAction<T> action, final AccessControlContext stack, final AccessControlContext context)
public override T doIntersectionPrivilege <T>(PrivilegedAction <T> action, AccessControlContext stack, AccessControlContext context)
{
if (action == null)
{
throw new NullPointerException();
}
return(AccessController.doPrivileged(action, GetCombinedACC(context, stack)));
}
internal PrivilegedCallable(Callable <T> task)
{
this.Task = task;
this.Acc = AccessController.Context;
}
public override T doIntersectionPrivilege <T>(PrivilegedAction <T> action, AccessControlContext context)
{
return(DoIntersectionPrivilege(action, AccessController.Context, context));
}
public PrivilegedActionAnonymousInnerClassHelper5(java.net.URL[] urls, AccessControlContext acc)
{
this.Urls = urls;
this.Acc = acc;
}
public PrivilegedActionAnonymousInnerClassHelper4(java.net.URL[] urls, java.lang.ClassLoader parent, AccessControlContext acc)
{
this.Urls = urls;
this.Parent = parent;
this.Acc = acc;
}
protected override void Seed(AccessControlContext context)
{
var persons = new List <Person>
{
new Person {
FirstName = "Riste", LastName = "Poposki", DateOfBirth = DateTime.Parse("2018-09-17"), EnrollmentDate = DateTime.Now
},
new Person {
FirstName = "Monkas", LastName = "Noob", DateOfBirth = DateTime.Parse("2018-06-01"), EnrollmentDate = DateTime.Now
}
};
persons.ForEach(s => context.Persons.Add(s));
context.SaveChanges();
var devices = new List <Device>
{
new Device {
Type = DeviceType.Card, Code = "12345678", DateCreated = DateTime.Now, PersonID = 1
},
new Device {
Type = DeviceType.KeyPadCode, Code = "1234", DateCreated = DateTime.Now, PersonID = 2
}
};
devices.ForEach(s => context.Devices.Add(s));
context.SaveChanges();
var pointOfAccess = new List <PointOfAccess>
{
new PointOfAccess {
Name = "DomaVrata", Location = "Skopje", DateCreated = DateTime.Now,
},
new PointOfAccess {
Name = "Garaza", Location = "Struga", DateCreated = DateTime.Now.AddDays(-5)
},
};
pointOfAccess.ForEach(s => context.PointsOfAccess.Add(s));
context.SaveChanges();
var registrations = new List <Registration>
{
new Registration {
PointOfAccessID = 1, DeviceID = 1, DateCreated = DateTime.Now,
},
new Registration {
PointOfAccessID = 1, DeviceID = 2, DateCreated = DateTime.Now,
},
new Registration {
PointOfAccessID = 2, DeviceID = 1, DateCreated = DateTime.Now,
},
};
registrations.ForEach(s => context.Registrations.Add(s));
context.SaveChanges();
var logs = new List <EntryLog>
{
new EntryLog {
PointOfAccessID = 1, DeviceID = 2, DateCreated = DateTime.Now.AddDays(-1), Success = true
},
new EntryLog {
PointOfAccessID = 2, DeviceID = 1, DateCreated = DateTime.Now.AddDays(-2), Success = false
},
};
logs.ForEach(s => context.EntryLogs.Add(s));
context.SaveChanges();
}
internal FactoryURLClassLoader(URL[] urls, AccessControlContext acc) : base(urls, acc)
{
}
public ItemsController(AccessControlContext db)
{
this.db = db;
}
public IdentitiesController(AccessControlContext db)
{
this.db = db;
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
if (!context.HttpContext.Request.Headers.TryGetValue("X-API-Key", out var extractedApiKey))
{
context.Result = new ContentResult()
{
StatusCode = 401,
Content = "'X-API-Key'-Header was not provided"
};
return;
}
ApiKeyConfigurationEntry keyConfig = AccessSettings.Current.ApiKeys.Where(e => e.ApiKey.Equals(extractedApiKey)).SingleOrDefault();
if (keyConfig == null)
{
context.Result = new ContentResult()
{
StatusCode = 401,
Content = "'X-API-Key'-Header doesn't contain a valid api key"
};
return;
}
if (keyConfig.Expires > DateTime.MinValue && keyConfig.Expires < DateTime.Now)
{
context.Result = new ContentResult()
{
StatusCode = 401,
Content = "the provided api key has expired"
};
return;
}
if (keyConfig.AllowedHosts != null && keyConfig.AllowedHosts.Length > 0)
{
if (!keyConfig.AllowedHosts.Contains(context.HttpContext.Request.Host.Host.ToLower()))
{
context.Result = new ContentResult()
{
StatusCode = 401,
Content = "access denied by firewall rules"
};
return;
}
}
using (var mac = new AccessControlContext()) {
mac.AddPermissions(keyConfig.Permissions);
mac.AddDeniedPermissions(keyConfig.DenyPermissions);
mac.AddClearances(new {
Institute = keyConfig.ScopeToExecutingInstituteIdentifier,
Study = keyConfig.ScopeToStudyIdentifier,
});
if (_RequiredPermissions.Length > 0)
{
foreach (string requiredPermission in _RequiredPermissions)
{
if (!mac.HasEffectivePermission(requiredPermission))
{
context.Result = new ContentResult()
{
StatusCode = 401,
Content = "missing permissions for this operation"
};
return;
}
}
}
await next();
}
}
internal static AccessControlContext GetCombinedACC(AccessControlContext context, AccessControlContext stack)
{
AccessControlContext acc = new AccessControlContext(context, stack.Combiner, true);
return((new AccessControlContext(stack.Context, acc)).Optimize());
}
public static object doPrivileged(Type accessController, PrivilegedAction action, AccessControlContext context)
{
return(doPrivileged(accessController, action));
}
public AccessLogController(AccessControlContext db)
{
this.db = db;
}
