void lock(Object key) { Assert.assertNotNull(key); if (! lockRef.compareAndSet(null, key)) { throw new SecurityException("Selector is locked"); } }
void unlock(Object key) { Assert.assertNotNull(key); if (! lockRef.compareAndSet(key, null)) { throw new SecurityException("Selector could not be unlocked"); } } }
SecurityIdentity transform(final SecurityIdentity securityIdentity) { Assert.checkNotNullParam("securityIdentity", securityIdentity); return Assert.assertNotNull(securityIdentityTransformer.apply(securityIdentity)); }
Holder(final Class<T> clazz) { Assert.assertNotNull(clazz); this.clazz = clazz; getPermission = new SelectorPermission(clazz.getName(), "get"); setPermission = new SelectorPermission(clazz.getName(), "set"); changePermission = new SelectorPermission(clazz.getName(), "change"); }
private static Cipher getCipher(final String algorithm, final char[] initialKeyMaterial, final int iterationCount, final byte[] salt, final int mode) throws InvalidKeySpecException { try { // Create the factories first to fail fast final String pbeName = MaskedPassword.getPBEName(algorithm); Assert.assertNotNull(pbeName); final SecretKeyFactory factory = SecretKeyFactory.getInstance(pbeName); final Cipher cipher = Cipher.getInstance(pbeName); // Create the PBE secret key final PBEParameterSpec cipherSpec = new PBEParameterSpec(salt, iterationCount); final PBEKeySpec keySpec = new PBEKeySpec(initialKeyMaterial); final SecretKey cipherKey = factory.generateSecret(keySpec); cipher.init(mode, cipherKey, cipherSpec); return cipher; } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidAlgorithmParameterException | InvalidKeyException e) { throw new InvalidKeySpecException(e); } }
/** * Attempt to import a transaction, which subsequently may be controlled by its XID or by the returned handle. * * @param xid the XID of the transaction to import (must not be {@code null}) * @param timeout the transaction timeout to use, if new * @return the transaction import result (not {@code null}) * @throws XAException if a problem occurred while importing the transaction */ @NotNull public ImportResult<LocalTransaction> findOrImportTransaction(Xid xid, int timeout) throws XAException { return Assert.assertNotNull(findOrImportTransaction(xid, timeout, false)); }
SecurityDomain(Builder builder, final LinkedHashMap<String, RealmInfo> realmMap) { this.realmMap = realmMap; this.defaultRealmName = builder.defaultRealmName; this.preRealmPrincipalRewriter = builder.principalDecoder.andThen(builder.preRealmRewriter); this.realmMapper = builder.realmMapper; this.roleMapper = builder.roleMapper; this.permissionMapper = builder.permissionMapper; this.postRealmPrincipalRewriter = builder.postRealmRewriter; this.securityIdentityTransformer = builder.securityIdentityTransformer; this.trustedSecurityDomain = builder.trustedSecurityDomain; this.securityEventListener = builder.securityEventListener; final Map<String, RoleMapper> originalRoleMappers = builder.categoryRoleMappers; final Map<String, RoleMapper> copiedRoleMappers; if (originalRoleMappers.isEmpty()) { copiedRoleMappers = emptyMap(); } else if (originalRoleMappers.size() == 1) { final Map.Entry<String, RoleMapper> entry = originalRoleMappers.entrySet().iterator().next(); copiedRoleMappers = Collections.singletonMap(entry.getKey(), entry.getValue()); } else { copiedRoleMappers = new LinkedHashMap<>(originalRoleMappers); } this.categoryRoleMappers = copiedRoleMappers; // todo configurable anonymousIdentity = Assert.assertNotNull(securityIdentityTransformer.apply(new SecurityIdentity(this, AnonymousPrincipal.getInstance(), EMPTY_REALM_INFO, AuthorizationIdentity.EMPTY, copiedRoleMappers, IdentityCredentials.NONE, IdentityCredentials.NONE))); currentSecurityIdentity = ThreadLocal.withInitial(() -> anonymousIdentity); }
@Override public void persistCredential(final Credential credential) throws RealmUnavailableException { // TODO - We probably need some better resolution here of the existing attributes - i.e. different types we would want to add, same type we would want to replace. try { byte[] composedPassword = UserPasswordPasswordUtil.composeUserPassword(credential.castAndApply(PasswordCredential.class, PasswordCredential::getPassword)); Assert.assertNotNull(composedPassword); Attributes attributes = new BasicAttributes(); attributes.put(userPasswordAttributeName, composedPassword); context.modifyAttributes(distinguishedName, DirContext.REPLACE_ATTRIBUTE, attributes); } catch (NamingException | IOException e) { throw log.ldapRealmCredentialPersistingFailed(credential.toString(), distinguishedName, e); } }
Affinity oldAffinity = invocationHandler.getLocator().getAffinity(); Affinity newAffinity = transformOperator.apply(oldAffinity); Assert.assertNotNull(newAffinity); if (oldAffinity.equals(newAffinity)) { return; oldAffinity = invocationHandler.getLocator().getAffinity(); newAffinity = transformOperator.apply(oldAffinity); Assert.assertNotNull(newAffinity); if (oldAffinity.equals(newAffinity)) { return;
/** * Get or compute the value for the given key, storing the computed value (if one is generated). The function * must not generate a {@code null} value or an unspecified exception will result. * * @param sslSession the SSL session (must not be {@code null}) * @param key the key to retrieve (must not be {@code null}) * @param mappingFunction the function to apply to acquire the value (must not be {@code null}) * @return the stored or new value (not {@code null}) */ public static <R> R computeIfAbsent(SSLSession sslSession, String key, Function<String, R> mappingFunction) { Assert.checkNotNullParam("sslSession", sslSession); Assert.checkNotNullParam("key", key); Assert.checkNotNullParam("mappingFunction", mappingFunction); synchronized (sslSession) { final R existing = (R) sslSession.getValue(key); if (existing == null) { R newValue = mappingFunction.apply(key); Assert.assertNotNull(newValue); sslSession.putValue(key, newValue); return newValue; } else { return existing; } } } }
/** * Get or compute the value for the given key in HttpScope, storing the computed value (if one is generated). * The function must not generate a {@code null} value or an unspecified exception will result. * * @param scope the HTTP scope to store computed value (must not be {@code null}) * @param key the key to retrieve (must not be {@code null}) * @param mappingFunction the function to apply to acquire the value (must not be {@code null}) * @return the stored or new value (not {@code null}) */ public static <R> R computeIfAbsent(HttpScope scope, String key, Function<String, R> mappingFunction) { Assert.checkNotNullParam("scope", scope); Assert.checkNotNullParam("key", key); Assert.checkNotNullParam("mappingFunction", mappingFunction); synchronized (scope) { if (! scope.exists()) { scope.create(); } final R existing = (R) scope.getAttachment(key); if (existing == null) { R newValue = mappingFunction.apply(key); Assert.assertNotNull(newValue); scope.setAttachment(key, newValue); return newValue; } else { return existing; } } } }
try { PasswordFactory factory = PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR, providers); return Assert.assertNotNull(factory.generatePassword(new ClearPasswordSpec(finalPassword)).castAs(ClearPassword.class)); } catch (InvalidKeySpecException | NoSuchAlgorithmException cause) { throw xmlLog.xmlFailedToCreateCredential(location, cause);
private TransactionID calculateTransactionId(final Transaction transaction) throws RollbackException, SystemException, InvalidTransactionException { final URI location = channel.getConnection().getPeerURI(); Assert.assertNotNull(transaction); if (transaction instanceof RemoteTransaction) { final RemoteTransaction remoteTransaction = (RemoteTransaction) transaction; remoteTransaction.setLocation(location); final SimpleIdResolver ir = remoteTransaction.getProviderInterface(SimpleIdResolver.class); if (ir == null) throw Logs.TXN.cannotEnlistTx(); return new UserTransactionID(channel.getConnection().getRemoteEndpointName(), ir.getTransactionId(channel.getConnection())); } else if (transaction instanceof LocalTransaction) { final LocalTransaction localTransaction = (LocalTransaction) transaction; final XAOutflowHandle outflowHandle = transactionContext.outflowTransaction(location, localTransaction); // always verify V1/2 outflows outflowHandle.verifyEnlistment(); return new XidTransactionID(outflowHandle.getXid()); } else { throw Logs.TXN.cannotEnlistTx(); } }
final SecurityDomain domain = capturedIdentity.getSecurityDomain(); SecurityIdentity authorizedIdentity = Assert.assertNotNull(domain.transform(new SecurityIdentity(domain, authenticationPrincipal, realmInfo, authorizationIdentity, domain.getCategoryRoleMappers(), IdentityCredentials.NONE, IdentityCredentials.NONE))); authorizedIdentity = authorizedIdentity.withPublicCredentials(publicCredentials).withPrivateCredentials(privateCredentials); if (log.isTraceEnabled()) {
void unlock(Object key) { Assert.assertNotNull(key); if (! lockRef.compareAndSet(key, null)) { throw new SecurityException("Selector could not be unlocked"); } } }
@Override public void removeContext(String contextName) { Assert.assertNotNull(serverManagement); serverManagement.removeContext(contextName); }
@Override public void addManagementHandler(String contextName, boolean requiresSecurity, HttpHandler managementHandler) { Assert.assertNotNull(serverManagement); serverManagement.addManagementHandler(contextName, requiresSecurity, managementHandler); }
protected AbstractWriteAttributeHandler(final AttributeDefinition... definitions) { Assert.assertNotNull(definitions); attributeDefinitions = new HashMap<String, AttributeDefinition>(); for (AttributeDefinition def : definitions) { attributeDefinitions.put(def.getName(), def); } }
@Override public void addManagementGetRemapContext(String contextName, final PathRemapper remapper) { Assert.assertNotNull(serverManagement); serverManagement.addManagementGetRemapContext(contextName, new ManagementHttpServer.PathRemapper() { @Override public String remapPath(String originalPath) { return remapper.remapPath(originalPath); } }); }
Holder(final Class<T> clazz) { Assert.assertNotNull(clazz); this.clazz = clazz; getPermission = new SelectorPermission(clazz.getName(), "get"); setPermission = new SelectorPermission(clazz.getName(), "set"); changePermission = new SelectorPermission(clazz.getName(), "change"); }