From 461579d1f91a71160f5e7da35e375d763afd5ea4 Mon Sep 17 00:00:00 2001 From: Maduranga Siriwardena Date: Thu, 12 Mar 2026 15:22:09 +0530 Subject: [PATCH] Remove Java Security Manager --- .../JDBCAuthorizationManager.java | 213 ----- .../core/common/AbstractUserStoreManager.java | 869 ++---------------- .../user/core/common/DefaultRealmService.java | 29 +- .../carbon/user/core/internal/Activator.java | 7 - 4 files changed, 92 insertions(+), 1026 deletions(-) diff --git a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/authorization/JDBCAuthorizationManager.java b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/authorization/JDBCAuthorizationManager.java index b10bc60a7cd..91a606d0d34 100644 --- a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/authorization/JDBCAuthorizationManager.java +++ b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/authorization/JDBCAuthorizationManager.java @@ -38,10 +38,6 @@ import org.wso2.carbon.utils.dbcreator.DatabaseCreator; import javax.sql.DataSource; -import java.lang.reflect.Method; -import java.security.AccessController; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; @@ -82,13 +78,6 @@ public class JDBCAuthorizationManager implements AuthorizationManager { private static final String DELETE_ROLE_PERMISSIONS_MYSQL = "DeleteRolePermissions-mysql"; private static final String DELETE_USER_PERMISSIONS_MYSQL = "DeleteUserPermissions-mysql"; - private static final ThreadLocal isSecureCall = new ThreadLocal() { - @Override - protected Boolean initialValue() { - return Boolean.FALSE; - } - }; - public JDBCAuthorizationManager(RealmConfiguration realmConfig, Map properties, ClaimManager claimManager, ProfileConfigurationManager profileManager, UserRealm realm, Integer tenantId) throws UserStoreException { @@ -183,12 +172,6 @@ public boolean isRoleAuthorized(String roleName, String resourceId, String actio resourceId = resourceId.toLowerCase(); } - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class, String.class}; - Object object = callSecure("isRoleAuthorized", new Object[]{roleName, resourceId, action}, argTypes); - return (Boolean) object; - } - for (AuthorizationManagerListener listener : UMListenerServiceComponent .getAuthorizationManagerListeners()) { if (!listener.isRoleAuthorized(roleName, resourceId, action, this)) { @@ -222,12 +205,6 @@ public boolean isUserAuthorized(String userName, String resourceId, String actio resourceId = resourceId.toLowerCase(); } - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class, String.class}; - Object object = callSecure("isUserAuthorized", new Object[]{userName, resourceId, action}, argTypes); - return (Boolean) object; - } - if (CarbonConstants.REGISTRY_SYSTEM_USERNAME.equals(userName)) { return true; } @@ -389,12 +366,6 @@ public String[] getAllowedRolesForResource(String resourceId, String action) resourceId = resourceId.toLowerCase(); } - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class}; - Object object = callSecure("getAllowedRolesForResource", new Object[]{resourceId, action}, argTypes); - return (String[]) object; - } - TreeNode.Permission permission = PermissionTreeUtil.actionToPermission(action); permissionTree.updatePermissionTree(); SearchResult sr = @@ -426,12 +397,6 @@ public String[] getExplicitlyAllowedUsersForResource(String resourceId, String a resourceId = resourceId.toLowerCase(); } - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class}; - Object object = callSecure("getExplicitlyAllowedUsersForResource", new Object[]{resourceId, action}, argTypes); - return (String[]) object; - } - TreeNode.Permission permission = PermissionTreeUtil.actionToPermission(action); permissionTree.updatePermissionTree(); SearchResult sr = @@ -458,12 +423,6 @@ public String[] getDeniedRolesForResource(String resourceId, String action) resourceId = resourceId.toLowerCase(); } - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class}; - Object object = callSecure("getDeniedRolesForResource", new Object[]{resourceId, action}, argTypes); - return (String[]) object; - } - TreeNode.Permission permission = PermissionTreeUtil.actionToPermission(action); permissionTree.updatePermissionTree(); SearchResult sr = @@ -481,13 +440,6 @@ public String[] getExplicitlyDeniedUsersForResource(String resourceId, String ac resourceId = resourceId.toLowerCase(); } - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class}; - Object object = callSecure("getExplicitlyDeniedUsersForResource", new Object[]{resourceId, action}, - argTypes); - return (String[]) object; - } - TreeNode.Permission permission = PermissionTreeUtil.actionToPermission(action); permissionTree.updatePermissionTree(); SearchResult sr = @@ -501,13 +453,6 @@ public String[] getExplicitlyDeniedUsersForResource(String resourceId, String ac public String[] getAllowedUIResourcesForUser(String userName, String permissionRootPath) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class}; - Object object = callSecure("getAllowedUIResourcesForUser", new Object[]{userName, permissionRootPath}, - argTypes); - return (String[]) object; - } - List lstPermissions = new ArrayList<>(); if (isRoleAndGroupSeparationEnabled || verifyByRetrievingAllUserRoles) { String[] roles = this.userRealm.getUserStoreManager().getRoleListOfUser(userName); @@ -562,13 +507,6 @@ public String[] getAllowedUIResourcesForUser(String userName, String permissionR public String[] getAllowedUIResourcesForRole(String roleName, String permissionRootPath) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class}; - Object object = callSecure("getAllowedUIResourcesForRole", - new Object[]{roleName, permissionRootPath}, argTypes); - return (String[]) object; - } - List lstPermissions = new ArrayList(); List resourceIds = getUIPermissionId(); if (resourceIds != null) { @@ -605,13 +543,6 @@ public void authorizeRole(String roleName, String resourceId, String action) resourceId = resourceId.toLowerCase(); } - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class, String.class}; - callSecure("authorizeRole", new Object[]{roleName, resourceId, action}, - argTypes); - return; - } - for (AuthorizationManagerListener listener : UMListenerServiceComponent .getAuthorizationManagerListeners()) { if (!listener.authorizeRole(roleName, resourceId, action, this)) { @@ -633,13 +564,6 @@ public void denyRole(String roleName, String resourceId, String action) resourceId = resourceId.toLowerCase(); } - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class, String.class}; - callSecure("denyRole", new Object[]{roleName, resourceId, action}, - argTypes); - return; - } - for (AuthorizationManagerListener listener : UMListenerServiceComponent .getAuthorizationManagerListeners()) { if (!listener.denyRole(roleName, resourceId, action, this)) { @@ -657,13 +581,6 @@ public void denyRole(String roleName, String resourceId, String action) public void authorizeUser(String userName, String resourceId, String action) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class, String.class}; - callSecure("authorizeUser", new Object[]{userName, resourceId, action}, - argTypes); - return; - } - for (AuthorizationManagerListener listener : UMListenerServiceComponent .getAuthorizationManagerListeners()) { if (!listener.authorizeUser(userName, resourceId, action, this)) { @@ -684,14 +601,6 @@ public void authorizeUser(String userName, String resourceId, String action) public void denyUser(String userName, String resourceId, String action) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class, String.class}; - callSecure("denyUser", new Object[]{userName, resourceId, action}, - argTypes); - return; - } - - for (AuthorizationManagerListener listener : UMListenerServiceComponent .getAuthorizationManagerListeners()) { if (!listener.denyUser(userName, resourceId, action, this)) { @@ -716,14 +625,6 @@ public void clearResourceAuthorizations(String resourceId) throws UserStoreExcep resourceId = resourceId.toLowerCase(); } - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class}; - callSecure("clearResourceAuthorizations", new Object[]{resourceId}, - argTypes); - return; - } - - for (AuthorizationManagerListener listener : UMListenerServiceComponent .getAuthorizationManagerListeners()) { if (!listener.clearResourceAuthorizations(resourceId, this)) { @@ -788,14 +689,6 @@ public void clearRoleAuthorization(String roleName, String resourceId, String ac resourceId = resourceId.toLowerCase(); } - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class, String.class}; - callSecure("clearRoleAuthorization", new Object[]{roleName, resourceId, action}, - argTypes); - return; - } - - for (AuthorizationManagerListener listener : UMListenerServiceComponent .getAuthorizationManagerListeners()) { if (!listener.clearRoleAuthorization(roleName, resourceId, action, this)) { @@ -834,14 +727,6 @@ public void clearRoleAuthorization(String roleName, String resourceId, String ac public void clearUserAuthorization(String userName, String resourceId, String action) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class, String.class}; - callSecure("clearUserAuthorization", new Object[]{userName, resourceId, action}, - argTypes); - return; - } - - for (AuthorizationManagerListener listener : UMListenerServiceComponent .getAuthorizationManagerListeners()) { if (!listener.clearUserAuthorization(userName, resourceId, action, this)) { @@ -877,14 +762,6 @@ public void clearUserAuthorization(String userName, String resourceId, String ac public void clearRoleActionOnAllResources(String roleName, String action) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class}; - callSecure("clearRoleActionOnAllResources", new Object[]{roleName, action}, - argTypes); - return; - } - - for (AuthorizationManagerListener listener : UMListenerServiceComponent .getAuthorizationManagerListeners()) { if (!listener.clearRoleActionOnAllResources(roleName, action, this)) { @@ -924,14 +801,6 @@ public void clearRoleActionOnAllResources(String roleName, String action) public void clearRoleAuthorization(String roleName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class}; - callSecure("clearRoleAuthorization", new Object[]{roleName}, - argTypes); - return; - } - - for (AuthorizationManagerListener listener : UMListenerServiceComponent .getAuthorizationManagerListeners()) { if (!listener.clearRoleAuthorization(roleName, this)) { @@ -970,13 +839,6 @@ public void clearRoleAuthorization(String roleName) throws UserStoreException { public void clearUserAuthorization(String userName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class}; - callSecure("clearUserAuthorization", new Object[]{userName}, - argTypes); - return; - } - for (AuthorizationManagerListener listener : UMListenerServiceComponent .getAuthorizationManagerListeners()) { if (!listener.clearUserAuthorization(userName, this)) { @@ -1010,13 +872,6 @@ public void clearUserAuthorization(String userName) throws UserStoreException { public void resetPermissionOnUpdateRole(String roleName, String newRoleName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class}; - callSecure("resetPermissionOnUpdateRole", new Object[]{roleName, newRoleName}, - argTypes); - return; - } - for (AuthorizationManagerListener listener : UMListenerServiceComponent .getAuthorizationManagerListeners()) { if (!listener.resetPermissionOnUpdateRole(roleName, newRoleName, this)) { @@ -1066,13 +921,6 @@ public void addAuthorization(String subject, String resourceId, String action, resourceId = resourceId.toLowerCase(); } - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class, String.class, boolean.class, boolean.class}; - callSecure("addAuthorization", new Object[]{subject, resourceId, action, authorized, isRole}, - argTypes); - return; - } - short allow = 0; if (authorized) { allow = UserCoreConstants.ALLOW; @@ -1400,11 +1248,6 @@ private Connection getDBConnection() throws SQLException { public void populatePermissionTreeFromDB() throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[0]; - callSecure("populatePermissionTreeFromDB", new Object[0], argTypes); - return; - } permissionTree.updatePermissionTreeFromDB(); } @@ -1413,17 +1256,6 @@ public void populatePermissionTreeFromDB() throws UserStoreException { * scenario. */ public void clearPermissionTree() { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[0]; - try { - callSecure("clearPermissionTree", new Object[0], argTypes); - } catch (UserStoreException e) { - if(log.isDebugEnabled()){ - log.debug("Error while clearing Permission Tree : " + e); - } - } - return; - } this.permissionTree.clear(); this.authorizationCache.clearCache(); } @@ -1505,49 +1337,4 @@ public String[] normalizeRoles(String[] roles) { return roles; } - /** - * This method is used by the APIs' in the JDBCAuthorizationManager - * to make compatible with Java Security Manager. - */ - private Object callSecure(final String methodName, final Object[] objects, final Class[] argTypes) - throws UserStoreException { - - final JDBCAuthorizationManager instance = this; - - isSecureCall.set(Boolean.TRUE); - final Method method; - try { - Class clazz = Class.forName("org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager"); - method = clazz.getDeclaredMethod(methodName, argTypes); - - } catch (NoSuchMethodException e) { - log.error("Error occurred when calling method " + methodName, e); - throw new UserStoreException(e); - } catch (ClassNotFoundException e) { - log.error("Error occurred when calling class " + methodName, e); - throw new UserStoreException(e); - } - - try { - return AccessController.doPrivileged(new PrivilegedExceptionAction() { - @Override - public Object run() throws Exception { - return method.invoke(instance, objects); - } - }); - } catch (PrivilegedActionException e) { - if (e.getCause() != null && e.getCause().getCause() != null && e.getCause().getCause() instanceof - UserStoreException) { - // Actual UserStoreException get wrapped with two exceptions - throw new UserStoreException(e.getCause().getCause().getMessage(), e); - - } else { - String msg = "Error occurred while accessing Java Security Manager Privilege Block"; - log.error(msg); - throw new UserStoreException(msg, e); - } - } finally { - isSecureCall.set(Boolean.FALSE); - } - } } diff --git a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserStoreManager.java b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserStoreManager.java index 05b0b02c213..074a777715e 100644 --- a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserStoreManager.java +++ b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserStoreManager.java @@ -85,11 +85,7 @@ import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import java.lang.reflect.Constructor; -import java.lang.reflect.Method; import java.nio.CharBuffer; -import java.security.AccessController; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; @@ -201,12 +197,6 @@ public abstract class AbstractUserStoreManager implements PaginatedUserStoreMana private Map maxUserListCount = null; private Map maxRoleListCount = null; private List listener = new ArrayList(); - private static final ThreadLocal isSecureCall = new ThreadLocal() { - @Override - protected Boolean initialValue() { - return Boolean.FALSE; - } - }; private UserUniqueIDManger userUniqueIDManger = new UserUniqueIDManger(); protected UserUniqueIDDomainResolver userUniqueIDDomainResolver; @@ -220,69 +210,6 @@ private void setClaimManager(ClaimManager claimManager) throws IllegalAccessExce } } - /** - * This method is used by the APIs' in the AbstractUserStoreManager - * to make compatible with Java Security Manager. - */ - private Object callSecure(final String methodName, final Object[] objects, final Class[] argTypes) - throws UserStoreException { - - final AbstractUserStoreManager instance = this; - - isSecureCall.set(Boolean.TRUE); - final Method method; - try { - Class clazz = Class.forName("org.wso2.carbon.user.core.common.AbstractUserStoreManager"); - method = clazz.getDeclaredMethod(methodName, argTypes); - - } catch (NoSuchMethodException e) { - log.error("Error occurred when calling method " + methodName, e); - throw new UserStoreException(e); - } catch (ClassNotFoundException e) { - log.error("Error occurred when calling class " + methodName, e); - throw new UserStoreException(e); - } - - try { - return AccessController.doPrivileged(new PrivilegedExceptionAction() { - @Override - public Object run() throws Exception { - return method.invoke(instance, objects); - } - }); - } catch (PrivilegedActionException e) { - if (e.getCause() != null && e.getCause().getCause() != null && e.getCause().getCause() instanceof - UserStoreException) { - boolean isClientException = e.getCause().getCause() instanceof UserStoreClientException; - String errorCode = ((UserStoreException) e.getCause().getCause()).getErrorCode(); - String errorMessage = e.getCause().getCause().getMessage(); - if (isClientException) { - if (StringUtils.isBlank(errorCode)) { - throw new UserStoreClientException(errorMessage, e); - } - throw new UserStoreClientException(errorMessage, errorCode, e); - } else { - if (StringUtils.isBlank(errorCode)) { - throw new UserStoreException(errorMessage, e); - } - throw new UserStoreException(errorMessage, errorCode, e); - } - } else { - String msg; - if (objects != null && argTypes != null) { - msg = "Error occurred while accessing Java Security Manager Privilege Block when called by " + - "method " + methodName + " with " + objects.length + " length of Objects and argTypes " + - Arrays.toString(argTypes); - } else { - msg = "Error occurred while accessing Java Security Manager Privilege Block"; - } - log.error(msg, e); - throw new UserStoreException(msg, e); - } - } finally { - isSecureCall.set(Boolean.FALSE); - } - } /** * This method is used by the support system to read properties @@ -1620,35 +1547,18 @@ private boolean validateUserNameAndCredentials(List loginIdenti */ public final boolean authenticate(final String userName, final Object credential) throws UserStoreException { - try { - return AccessController.doPrivileged((PrivilegedExceptionAction) - () -> { - if (!validateUserNameAndCredential(userName, credential)) { - return false; - } - int index = userName.indexOf(CarbonConstants.DOMAIN_SEPARATOR); - boolean domainProvided = index > 0; - return authenticate(userName, credential, domainProvided); - }); - } catch (PrivilegedActionException e) { - if (!(e.getException() instanceof UserStoreException)) { - handleOnAuthenticateFailure(ErrorMessages.ERROR_CODE_ERROR_WHILE_AUTHENTICATION.getCode(), - String.format(ErrorMessages.ERROR_CODE_ERROR_WHILE_AUTHENTICATION.getMessage(), e.getMessage()), - userName, credential); - } - throw (UserStoreException) e.getException(); + if (!validateUserNameAndCredential(userName, credential)) { + return false; } + int index = userName.indexOf(CarbonConstants.DOMAIN_SEPARATOR); + boolean domainProvided = index > 0; + return authenticate(userName, credential, domainProvided); } protected boolean authenticate(final String userName, final Object credential, final boolean domainProvided) throws UserStoreException { - try { - return AccessController.doPrivileged((PrivilegedExceptionAction) - () -> authenticateInternalIteration(userName, credential, domainProvided)); - } catch (PrivilegedActionException e) { - throw (UserStoreException) e.getException(); - } + return authenticateInternalIteration(userName, credential, domainProvided); } private boolean authenticateInternalIteration(String userName, Object credential, boolean domainProvided) @@ -2040,12 +1950,6 @@ private void handleGetUserClaimValueFailureWithID(String errorCode, String error public final String getUserClaimValue(String userName, String claim, String profileName) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{String.class, String.class, String.class}; - Object object = callSecure("getUserClaimValue", new Object[]{userName, claim, profileName}, argTypes); - return (String) object; - } - UserStore userStore = getUserStore(userName); if (userStore.isRecurssive()) { return userStore.getUserStoreManager().getUserClaimValue(userStore.getDomainFreeName(), @@ -2194,12 +2098,6 @@ private void handleGetUserClaimValuesFailureWithID(String errorCode, String erro public final Claim[] getUserClaimValues(String userName, String profileName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class}; - Object object = callSecure("getUserClaimValues", new Object[]{userName, profileName}, argTypes); - return (Claim[]) object; - } - UserStore userStore = getUserStore(userName); if (userStore.isRecurssive()) { return userStore.getUserStoreManager().getUserClaimValues( @@ -2257,12 +2155,6 @@ public final Claim[] getUserClaimValues(String userName, String profileName) public final Map getUserClaimValues(String userName, String[] claims, String profileName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String[].class, String.class}; - Object object = callSecure("getUserClaimValues", new Object[]{userName, claims, profileName}, argTypes); - return (Map) object; - } - UserStore userStore = getUserStore(userName); if (userStore.isRecurssive()) { return userStore.getUserStoreManager().getUserClaimValues( @@ -2999,12 +2891,6 @@ private void handlePostListPaginatedUsersWithID(String filter, int limit, int of @Override public final String[] getUserList(String claim, String claimValue, String profileName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String.class, String.class, String.class }; - Object object = callSecure("getUserList", new Object[] { claim, claimValue, profileName }, argTypes); - return (String[]) object; - } - if (claim == null) { String errorCode = ErrorMessages.ERROR_CODE_INVALID_CLAIM_URI.getCode(); String errorMessage = String.format(ErrorMessages.ERROR_CODE_INVALID_CLAIM_URI.getMessage(), ""); @@ -3297,12 +3183,6 @@ private List doGetUserList(String claim, String claimValue, String profi public final List getUserListWithID(String claim, String claimValue, String profileName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String.class, String.class, String.class }; - Object object = callSecure("getUserListWithID", new Object[] { claim, claimValue, profileName }, argTypes); - return (List) object; - } - if (claim == null) { String errorCode = ErrorMessages.ERROR_CODE_INVALID_CLAIM_URI.getCode(); String errorMessage = String.format(ErrorMessages.ERROR_CODE_INVALID_CLAIM_URI.getMessage(), ""); @@ -3782,12 +3662,6 @@ private void handleUpdateCredentialFailure(String errorCode, String errorMessage public final void updateCredential(String userName, Object newCredential, Object oldCredential) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, Object.class, Object.class}; - callSecure("updateCredential", new Object[]{userName, newCredential, oldCredential}, argTypes); - return; - } - UserStore userStore = getUserStore(userName); if (userStore.isRecurssive()) { userStore.getUserStoreManager().updateCredential(userStore.getDomainFreeName(), @@ -4024,12 +3898,6 @@ private void handleUpdateCredentialByAdminFailureWithID(String errorCode, String public final void updateCredentialByAdmin(String userName, Object newCredential) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, Object.class}; - callSecure("updateCredentialByAdmin", new Object[]{userName, newCredential}, argTypes); - return; - } - UserStore userStore = getUserStore(userName); if (userStore.isRecurssive()) { userStore.getUserStoreManager().updateCredentialByAdmin(userStore.getDomainFreeName(), @@ -4312,12 +4180,6 @@ private void handleDeleteUserFailureWithID(String errorCode, String errorMessage */ public final void deleteUser(String userName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class}; - callSecure("deleteUser", new Object[]{userName}, argTypes); - return; - } - String loggedInUser = CarbonContext.getThreadLocalCarbonContext().getUsername(); if (loggedInUser != null) { loggedInUser = UserCoreUtil.addDomainToName(loggedInUser, UserCoreUtil.getDomainFromThreadLocal()); @@ -4808,12 +4670,6 @@ private void handleDeleteUserClaimValueFailureWithID(String errorCode, String er public final void deleteUserClaimValue(String userName, String claimURI, String profileName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class, String.class}; - callSecure("deleteUserClaimValue", new Object[]{userName, claimURI, profileName}, argTypes); - return; - } - UserStore userStore = getUserStore(userName); if (userStore.isRecurssive()) { userStore.getUserStoreManager().deleteUserClaimValue(userStore.getDomainFreeName(), @@ -4952,12 +4808,6 @@ private void handleDeleteUserClaimValuesFailureWithID(String errorCode, String e public final void deleteUserClaimValues(String userName, String[] claims, String profileName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String.class, String[].class, String.class }; - callSecure("deleteUserClaimValues", new Object[] { userName, claims, profileName }, argTypes); - return; - } - UserStore userStore = getUserStore(userName); if (userStore.isRecurssive()) { userStore.getUserStoreManager().deleteUserClaimValues(userStore.getDomainFreeName(), claims, profileName); @@ -5066,14 +4916,6 @@ public final void addUser(String userName, Object credential, String[] roleList, throws UserStoreException { // We have to make sure this call is going through the Java Security Manager. - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{String.class, Object.class, String[].class, Map.class, String.class, - boolean.class}; - callSecure("addUser", new Object[]{userName, credential, roleList, claims, profileName, - requirePasswordChange}, argTypes); - return; - } - User user = null; // If we don't have a username, we cannot proceed. if (StringUtils.isEmpty(userName)) { @@ -5484,19 +5326,7 @@ private void handleAddUserFailureWithID(String errorCode, String errorMessage, S public final void updateUserListOfRole(final String roleName, final String[] deletedUsers, final String[] newUsers) throws UserStoreException { - try { - AccessController.doPrivileged((PrivilegedExceptionAction) () -> { - updateUserListOfRoleInternal(roleName, deletedUsers, newUsers); - return null; - }); - } catch (PrivilegedActionException e) { - if (!(e.getException() instanceof UserStoreException)) { - handleUpdateUserListOfRoleFailure(ErrorMessages.ERROR_CODE_ERROR_WHILE_UPDATING_ROLE_OF_USER.getCode(), - String.format(ErrorMessages.ERROR_CODE_ERROR_WHILE_UPDATING_ROLE_OF_USER.getMessage(), - e.getMessage()), roleName, deletedUsers, newUsers); - } - throw (UserStoreException) e.getException(); - } + updateUserListOfRoleInternal(roleName, deletedUsers, newUsers); } /** @@ -5753,19 +5583,7 @@ private void handleDoPostUpdateUserListOfRoleWithID(String roleName, String[] de public final void updateRoleListOfUser(final String username, final String[] deletedRoles, final String[] newRoles) throws UserStoreException { - try { - AccessController.doPrivileged((PrivilegedExceptionAction) () -> { - updateRoleListOfUserInternal(username, deletedRoles, newRoles); - return null; - }); - } catch (PrivilegedActionException e) { - if (!(e.getException() instanceof UserStoreException)) { - handleUpdateRoleListOfUserFailure(ErrorMessages.ERROR_CODE_ERROR_DURING_UPDATE_USERS_OF_ROLE.getCode(), - String.format(ErrorMessages.ERROR_CODE_ERROR_DURING_UPDATE_USERS_OF_ROLE.getMessage(), - e.getMessage()), username, deletedRoles, newRoles); - } - throw (UserStoreException) e.getException(); - } + updateRoleListOfUserInternal(username, deletedRoles, newRoles); } /** @@ -6141,12 +5959,6 @@ private boolean handlePreUpdateRoleName(String roleName, String newRoleName, boo */ public final void updateRoleName(String roleName, String newRoleName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class}; - callSecure("updateRoleName", new Object[]{roleName, newRoleName}, argTypes); - return; - } - if (UserCoreUtil.isPrimaryAdminRole(newRoleName, realmConfig)) { handleUpdateRoleNameFailure(ErrorMessages.ERROR_CODE_CANNOT_UPDATE_ADMIN_ROLE.getCode(), ErrorMessages.ERROR_CODE_CANNOT_UPDATE_ADMIN_ROLE.getMessage(), roleName, newRoleName); @@ -6269,12 +6081,6 @@ public boolean isExistingRole(String roleName, boolean shared) throws org.wso2.c */ public boolean isExistingRole(String roleName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class}; - Object object = callSecure("isExistingRole", new Object[]{roleName}, argTypes); - return (Boolean) object; - } - UserStore userStore = getUserStoreOfRoles(roleName); if (userStore.isRecurssive()) { @@ -6333,12 +6139,6 @@ public boolean isExistingRole(String roleName) throws UserStoreException { */ public boolean isExistingShareRole(String roleName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class}; - Object object = callSecure("isExistingShareRole", new Object[]{roleName}, argTypes); - return (Boolean) object; - } - UserStoreManager manager = getUserStoreWithSharedRoles(); if (manager == null) { @@ -6482,12 +6282,6 @@ public void addInternalRole(String roleName, String[] userList, private UserStoreManager getUserStoreWithSharedRoles() throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{}; - Object object = callSecure("getUserStoreWithSharedRoles", new Object[]{}, argTypes); - return (UserStoreManager) object; - } - UserStoreManager sharedRoleManager = null; if (isSharedGroupEnabled()) { @@ -6518,12 +6312,6 @@ private UserStoreManager getUserStoreWithSharedRoles() throws UserStoreException */ public boolean isUserInRole(String userName, String roleName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class}; - Object object = callSecure("isUserInRole", new Object[]{userName, roleName}, argTypes); - return (Boolean) object; - } - if (roleName == null || roleName.trim().length() == 0 || userName == null || userName.trim().length() == 0) { return false; @@ -6703,12 +6491,6 @@ private void addToIsUserHasRole(String userName, String roleName, String[] curre */ public boolean isExistingUser(String userName) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{String.class}; - Object object = callSecure("isExistingUser", new Object[]{userName}, argTypes); - return (Boolean) object; - } - if (UserCoreUtil.isRegistrySystemUser(userName)) { return true; } @@ -6745,12 +6527,6 @@ public boolean isExistingUser(String userName) throws UserStoreException { */ public final String[] listUsers(String filter, int maxItemLimit) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{String.class, int.class}; - Object object = callSecure("listUsers", new Object[]{filter, maxItemLimit}, argTypes); - return (String[]) object; - } - int index; index = filter.indexOf(CarbonConstants.DOMAIN_SEPARATOR); String[] userList; @@ -6881,12 +6657,6 @@ public final String[] listUsers(String filter, int maxItemLimit) throws UserStor */ public long countRoles(String filter) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{String.class}; - Object object = callSecure("countRoles", new Object[]{filter}, argTypes); - return (long) object; - } - int index; index = filter.indexOf(CarbonConstants.DOMAIN_SEPARATOR); @@ -6972,12 +6742,6 @@ private void handleDoPostGetUserListOfRole(String roleName, String[] userList) t */ public final String[] getUserListOfRole(String roleName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class}; - Object object = callSecure("getUserListOfRole", new Object[]{roleName}, argTypes); - return (String[]) object; - } - return getUserListOfRole(roleName, QUERY_FILTER_STRING_ANY, QUERY_MAX_ITEM_LIMIT_ANY); } @@ -6992,12 +6756,6 @@ public final String[] getUserListOfRole(String roleName) throws UserStoreExcepti */ public final String[] getUserListOfRole(String roleName, String filter, int maxItemLimit) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class, int.class}; - Object object = callSecure("getUserListOfRole", new Object[]{roleName, filter, maxItemLimit}, argTypes); - return (String[]) object; - } - String[] userNames = new String[0]; // If role does not exit, just return @@ -7107,12 +6865,6 @@ public final String[] getUserListOfRole(String roleName, String filter, int maxI public String[] getRoleListOfUser(String userName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class}; - Object object = callSecure("getRoleListOfUser", new Object[]{userName}, argTypes); - return (String[]) object; - } - String[] roleNames; String userID; @@ -8075,11 +7827,6 @@ private boolean handleDoPreDeleteRole(String roleName, boolean isAuditLogOnly) t */ public final void deleteRole(String roleName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class}; - callSecure("deleteRole", new Object[]{roleName}, argTypes); - return; - } if (UserCoreUtil.isPrimaryAdminRole(roleName, realmConfig) && !StringUtils.equals(getTenantDomain(tenantId), realmConfig.getAssociatedOrganizationUUID())) { handleDeleteRoleFailure(ErrorMessages.ERROR_CODE_CANNOT_DELETE_ADMIN_ROLE.getCode(), @@ -8209,42 +7956,22 @@ protected Date doGetPasswordExpirationTimeWithID(String userName) throws UserSto private UserStore getUserStore(final String user) throws UserStoreException { - try { - return AccessController - .doPrivileged((PrivilegedExceptionAction) () -> getUserStoreInternal(user)); - } catch (PrivilegedActionException e) { - throw (UserStoreException) e.getException(); - } + return getUserStoreInternal(user); } protected UserStore getUserStoreWithID(final String userID) throws UserStoreException { - try { - return AccessController - .doPrivileged((PrivilegedExceptionAction) () -> getUserStoreInternalWithId(userID)); - } catch (PrivilegedActionException e) { - throw (UserStoreException) e.getException(); - } + return getUserStoreInternalWithId(userID); } protected UserStore getUserStoreWithGroupId(final String groupId) throws UserStoreException { - try { - return AccessController.doPrivileged((PrivilegedExceptionAction) - () -> getUserStoreInternalWithGroupId(groupId)); - } catch (PrivilegedActionException e) { - throw (UserStoreException) e.getException(); - } + return getUserStoreInternalWithGroupId(groupId); } protected UserStore getUserStoreWithGroupName(final String groupName) throws UserStoreException { - try { - return AccessController.doPrivileged((PrivilegedExceptionAction) () -> - getUserStoreInternalWithGroupName(groupName)); - } catch (PrivilegedActionException e) { - throw (UserStoreException) e.getException(); - } + return getUserStoreInternalWithGroupName(groupName); } private UserStore getUserStoreOfRoles(final String role) throws UserStoreException { @@ -8740,12 +8467,6 @@ public final void clearAllSecondaryUserStores() { */ public final String[] getAllSecondaryRoles() throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{}; - Object object = callSecure("getAllSecondaryRoles", new Object[]{}, argTypes); - return (String[]) object; - } - UserStoreManager secondary = this.getSecondaryUserStoreManager(); List roleList = new ArrayList(); while (secondary != null) { @@ -8882,13 +8603,6 @@ public final String[] getRoleNames(String filter, int maxItemLimit, boolean noIn boolean noSystemRole, boolean noSharedRoles) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, int.class, boolean.class, boolean.class, boolean.class}; - Object object = callSecure("getRoleNames", new Object[]{filter, maxItemLimit, noInternalRoles, - noSystemRole, noSharedRoles}, argTypes); - return (String[]) object; - } - String[] roleList = new String[0]; if (!noInternalRoles && (filter.toLowerCase().startsWith(APPLICATION_DOMAIN.toLowerCase()))) { @@ -9256,12 +8970,6 @@ protected boolean checkUserPasswordValid(Object credential) throws UserStoreExce if (UserCoreUtil.getSkipPasswordPatternValidationThreadLocal()) { return true; } - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{Object.class}; - Object object = callSecure("checkUserPasswordValid", new Object[]{credential}, argTypes); - return (Boolean) object; - } - if (credential == null) { return false; } @@ -9305,12 +9013,6 @@ protected boolean checkUserPasswordValid(Object credential) throws UserStoreExce * @throws UserStoreException */ protected boolean isValidCredentials(Object credential) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { Object.class }; - Object object = callSecure("isValidCredentials", new Object[] { credential }, argTypes); - return (Boolean) object; - } - if (credential == null) { return false; } @@ -9394,12 +9096,6 @@ protected boolean checkUserNameValid(String userName) throws UserStoreException * @throws UserStoreException when checking the call is secure or not */ protected boolean isValidUserName(String userName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String.class }; - Object object = callSecure("isValidUserName", new Object[] { userName }, argTypes); - return (Boolean) object; - } - if (userName == null || CarbonConstants.REGISTRY_SYSTEM_USERNAME.equals(userName)) { return false; } @@ -9614,12 +9310,6 @@ protected String replaceEscapeCharacters(String userName) { */ public RoleDTO[] getAllSecondaryRoleDTOs() throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{}; - Object object = callSecure("getAllSecondaryRoleDTOs", new Object[]{}, argTypes); - return (RoleDTO[]) object; - } - UserStoreManager secondary = this.getSecondaryUserStoreManager(); List roleList = new ArrayList(); while (secondary != null) { @@ -9765,12 +9455,6 @@ protected List doGetUserListOfRoleWithID(String roleName, String filter, i */ public List doGetRoleListOfUserWithID(String userID, String filter) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String.class, String.class }; - Object object = callSecure("doGetRoleListOfUserWithID", new Object[] { userID, filter }, argTypes); - return (List) object; - } - String username = getUserNameFromUserID(userID); if (username != null) { String[] roleListOfUserFromCache = getRoleListOfUserFromCache(this.tenantId, username); @@ -9840,12 +9524,6 @@ private List getUserRolesWithID(String userID, String filter) throws Use */ public final String[] doGetRoleListOfUser(String userName, String filter) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String.class, String.class }; - Object object = callSecure("doGetRoleListOfUser", new Object[] { userName, filter }, argTypes); - return (String[]) object; - } - String[] roleList = getRoleListOfUserFromCache(this.tenantId, userName); if (roleList != null && roleList.length > 0) { return roleList; @@ -9904,12 +9582,6 @@ private String[] getUserRoles(String username, String filter) throws UserStoreEx public final String[] getRoleListOfUserFromDatabase(String username, String filter) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class}; - Object object = callSecure("getRoleListOfUserFromDatabase", new Object[]{username, filter}, argTypes); - return (String[]) object; - } - if (isUniqueUserIdEnabledInUserStore(getUserStore(username))) { String userID = getUserIDFromUserName(username); if (userID == null) { @@ -10520,12 +10192,6 @@ public void addChangeListener(UserStoreManagerConfigurationListener newListener) private UserStoreManager createSecondaryUserStoreManager(RealmConfiguration realmConfig, UserRealm realm) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{RealmConfiguration.class, UserRealm.class}; - Object object = callSecure("createSecondaryUserStoreManager", new Object[]{realmConfig, realm}, argTypes); - return (UserStoreManager) object; - } - // setting global realm configurations such as everyone role, admin role and admin user realmConfig.setEveryOneRoleName(this.realmConfig.getEveryOneRoleName()); realmConfig.setAdminUserName(this.realmConfig.getAdminUserName()); @@ -10623,12 +10289,6 @@ private UserStoreManager createSecondaryUserStoreManager(RealmConfiguration real public void addSecondaryUserStoreManager(RealmConfiguration userStoreRealmConfig, UserRealm realm) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{RealmConfiguration.class, UserRealm.class}; - callSecure("addSecondaryUserStoreManager", new Object[]{userStoreRealmConfig, realm}, argTypes); - return; - } - boolean isDisabled = Boolean.parseBoolean(userStoreRealmConfig .getUserStoreProperty(UserCoreConstants.RealmConfig.USER_STORE_DISABLED)); @@ -10676,12 +10336,6 @@ public void addSecondaryUserStoreManager(RealmConfiguration userStoreRealmConfig @Override public Map> getRoleListOfUsers(String[] userNames) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String[].class }; - Object object = callSecure("getRoleListOfUsers", new Object[] { userNames }, argTypes); - return (Map>) object; - } - Map> allRoleNames = new HashMap<>(); Map> domainFreeUsers = getDomainFreeUsers(userNames); @@ -10730,12 +10384,6 @@ public Map> getRoleListOfUsers(String[] userNames) throws U public Map> doGetRoleListOfUsers(List userNames, String domainName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { List.class, String.class }; - Object object = callSecure("doGetRoleListOfUsers", new Object[] { userNames, domainName }, argTypes); - return (Map>) object; - } - Map> internalRoles = doGetInternalRoleListOfUsers(userNames, domainName); Map> externalRoles = new HashMap<>(); @@ -10795,13 +10443,6 @@ protected Map> doGetExternalRoleListOfUsersWithID(List> getUsersPropertyValues(List u */ public void removeSecondaryUserStoreManager(String userStoreDomainName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class}; - callSecure("removeSecondaryUserStoreManager", new Object[]{userStoreDomainName}, argTypes); - return; - } - if (userStoreDomainName == null) { throw new UserStoreException("Cannot remove user store. User store domain name is null"); } @@ -11030,13 +10665,6 @@ public HybridRoleManager getInternalRoleManager() { public String[] getUserList(String claim, String claimValue, String profileName, int limit, int offset) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class, String.class, int.class, int.class}; - Object object = callSecure("getUserList", new Object[]{claim, claimValue, profileName, limit, offset}, - argTypes); - return (String[]) object; - } - if (claim == null) { String errorCode = ErrorMessages.ERROR_CODE_INVALID_CLAIM_URI.getCode(); String errorMessage = String.format(ErrorMessages.ERROR_CODE_INVALID_CLAIM_URI.getMessage(), ""); @@ -11172,12 +10800,6 @@ public String[] getUserList(String claim, String claimValue, String profileName, */ public long getUserCountWithClaims(String claimUri, String filter) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class}; - Object object = callSecure("getUserCountWithClaims", new Object[]{claimUri,filter}, argTypes); - return (long) object; - } - if (claimUri == null) { String errorCode = ErrorMessages.ERROR_CODE_NULL_CLAIM_URI.getCode(); String errorMessage = String.format(ErrorMessages.ERROR_CODE_NULL_CLAIM_URI.getMessage()); @@ -11315,12 +10937,6 @@ protected UniqueIDPaginatedUsernameSearchResult doGetUsernameListWithID(Conditio @Override public String[] listUsers(String filter, int limit, int offset) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, int.class, int.class}; - Object object = callSecure("listUsers", new Object[]{filter, limit, offset}, argTypes); - return (String[]) object; - } - int index = filter.indexOf(CarbonConstants.DOMAIN_SEPARATOR); PaginatedSearchResult userList; String[] users = new String[0]; @@ -11682,36 +11298,24 @@ private void createSystemRole(String roleName, String[] userList, Permission[] p public final AuthenticationResult authenticateWithID(final List loginIdentifiers, final String domain, final Object credential) throws UserStoreException { - try { - return AccessController.doPrivileged((PrivilegedExceptionAction) () -> { - if (!validateUserNameAndCredentials(loginIdentifiers, credential)) { - AuthenticationResult authenticationResult = new AuthenticationResult( - AuthenticationResult.AuthenticationStatus.FAIL); - authenticationResult.setFailureReason(new FailureReason("Invalid Credentials")); - return authenticationResult; - } - - List userStorePreferenceOrder = new ArrayList<>(); - // Check whether user store chain needs to be generated or not. - if (isUserStoreChainNeeded(userStorePreferenceOrder)) { - if (log.isDebugEnabled()) { - log.debug("User store chain generation is needed hence generating the user store chain using " - + "the user" + " store preference order: " + userStorePreferenceOrder); - } - return generateUserStoreChainWithID(loginIdentifiers, domain, credential, userStorePreferenceOrder); - } else { - // Authenticate the user. - return authenticateInternalWithID(loginIdentifiers, domain, credential); - } + if (!validateUserNameAndCredentials(loginIdentifiers, credential)) { + AuthenticationResult authenticationResult = new AuthenticationResult( + AuthenticationResult.AuthenticationStatus.FAIL); + authenticationResult.setFailureReason(new FailureReason("Invalid Credentials")); + return authenticationResult; + } - }); - } catch (PrivilegedActionException e) { - if (!(e.getException() instanceof UserStoreException)) { - handleOnAuthenticateFailureWithID(ErrorMessages.ERROR_CODE_ERROR_WHILE_AUTHENTICATION.getCode(), - String.format(ErrorMessages.ERROR_CODE_ERROR_WHILE_AUTHENTICATION.getMessage(), e.getMessage()), - loginIdentifiers, credential); + List userStorePreferenceOrder = new ArrayList<>(); + // Check whether user store chain needs to be generated or not. + if (isUserStoreChainNeeded(userStorePreferenceOrder)) { + if (log.isDebugEnabled()) { + log.debug("User store chain generation is needed hence generating the user store chain using " + + "the user" + " store preference order: " + userStorePreferenceOrder); } - throw (UserStoreException) e.getException(); + return generateUserStoreChainWithID(loginIdentifiers, domain, credential, userStorePreferenceOrder); + } else { + // Authenticate the user. + return authenticateInternalWithID(loginIdentifiers, domain, credential); } } @@ -12060,27 +11664,16 @@ public final AuthenticationResult authenticateWithID(final String preferredUserN final String preferredUserNameValue, final Object credential, final String profileName) throws UserStoreException { - try { - return AccessController.doPrivileged((PrivilegedExceptionAction) () -> { - if (!validateUserNameAndCredential(preferredUserNameClaim, preferredUserNameValue, credential)) { - AuthenticationResult authenticationResult = new AuthenticationResult( - AuthenticationResult.AuthenticationStatus.FAIL); - authenticationResult.setFailureReason(new FailureReason("Invalid Credentials")); - return authenticationResult; - } - int index = preferredUserNameValue.indexOf(CarbonConstants.DOMAIN_SEPARATOR); - boolean domainProvided = index > 0; - return authenticateWithID(preferredUserNameClaim, preferredUserNameValue, credential, profileName, - domainProvided); - }); - } catch (PrivilegedActionException e) { - if (!(e.getException() instanceof UserStoreException)) { - handleOnAuthenticateFailureWithID(ErrorMessages.ERROR_CODE_ERROR_WHILE_AUTHENTICATION.getCode(), - String.format(ErrorMessages.ERROR_CODE_ERROR_WHILE_AUTHENTICATION.getMessage(), e.getMessage()), - preferredUserNameClaim, preferredUserNameValue, credential); - } - throw (UserStoreException) e.getException(); + if (!validateUserNameAndCredential(preferredUserNameClaim, preferredUserNameValue, credential)) { + AuthenticationResult authenticationResult = new AuthenticationResult( + AuthenticationResult.AuthenticationStatus.FAIL); + authenticationResult.setFailureReason(new FailureReason("Invalid Credentials")); + return authenticationResult; } + int index = preferredUserNameValue.indexOf(CarbonConstants.DOMAIN_SEPARATOR); + boolean domainProvided = index > 0; + return authenticateWithID(preferredUserNameClaim, preferredUserNameValue, credential, profileName, + domainProvided); } /** @@ -12100,15 +11693,8 @@ protected AuthenticationResult authenticateWithID(final String preferredUserName final Object credential, final String profileName, final boolean domainProvided) throws UserStoreException { - try { - return AccessController.doPrivileged( - (PrivilegedExceptionAction) () - -> authenticateInternalIterationWithID(preferredUserNameClaim, - preferredUserNameValue, credential, profileName, domainProvided)); - } catch (PrivilegedActionException e) { - throw (UserStoreException) e.getException(); - } - + return authenticateInternalIterationWithID(preferredUserNameClaim, + preferredUserNameValue, credential, profileName, domainProvided); } private AuthenticationResult authenticateInternalIterationWithID(String preferredUserNameClaim, @@ -12457,38 +12043,26 @@ private AuthenticationResult authenticateInternalWithID(String preferredUserName public final AuthenticationResult authenticateWithID(final String userID, final Object credential) throws UserStoreException { - try { - return AccessController.doPrivileged((PrivilegedExceptionAction) () -> { - if (!validateUserIDAndCredential(userID, credential)) { - AuthenticationResult authenticationResult = new AuthenticationResult( - AuthenticationResult.AuthenticationStatus.FAIL); - authenticationResult.setFailureReason(new FailureReason("Invalid Credentials")); - return authenticationResult; - } - - List userStorePreferenceOrder = new ArrayList<>(); - // Check whether user store chain needs to be generated or not. - if (isUserStoreChainNeeded(userStorePreferenceOrder)) { - if (log.isDebugEnabled()) { - log.debug( - "User store chain generation is needed hence generating the user store chain using " - + "the user" - + " store preference order: " + userStorePreferenceOrder); - } - return generateUserStoreChainWithID(userID, credential, userStorePreferenceOrder); - } else { - // Authenticate the user. - return authenticateInternalWithID(userID, credential); - } + if (!validateUserIDAndCredential(userID, credential)) { + AuthenticationResult authenticationResult = new AuthenticationResult( + AuthenticationResult.AuthenticationStatus.FAIL); + authenticationResult.setFailureReason(new FailureReason("Invalid Credentials")); + return authenticationResult; + } - }); - } catch (PrivilegedActionException e) { - if (!(e.getException() instanceof UserStoreException)) { - handleOnAuthenticateFailureWithID(ErrorMessages.ERROR_CODE_ERROR_WHILE_AUTHENTICATION.getCode(), - String.format(ErrorMessages.ERROR_CODE_ERROR_WHILE_AUTHENTICATION.getMessage(), e.getMessage()), - userID, credential); + List userStorePreferenceOrder = new ArrayList<>(); + // Check whether user store chain needs to be generated or not. + if (isUserStoreChainNeeded(userStorePreferenceOrder)) { + if (log.isDebugEnabled()) { + log.debug( + "User store chain generation is needed hence generating the user store chain using " + + "the user" + + " store preference order: " + userStorePreferenceOrder); } - throw (UserStoreException) e.getException(); + return generateUserStoreChainWithID(userID, credential, userStorePreferenceOrder); + } else { + // Authenticate the user. + return authenticateInternalWithID(userID, credential); } } @@ -12681,12 +12255,6 @@ private AuthenticationResult authenticateInternalWithID(String userID, Object cr @Override public final List listUsersWithID(String filter, int maxItemLimit) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String.class, int.class }; - Object object = callSecure("listUsersWithID", new Object[] { filter, maxItemLimit }, argTypes); - return (List) object; - } - int index; index = filter.indexOf(CarbonConstants.DOMAIN_SEPARATOR); List userList; @@ -12787,13 +12355,6 @@ public User updateUserName(String userID, String newUserName) throws UserStoreEx @Override public User getUserWithID(String userID, String[] requestedClaims, String profileName) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[] { String.class, String[].class, String.class }; - Object object = callSecure("getUserWithID", new Object[] { userID, requestedClaims, profileName }, - argTypes); - return (User) object; - } - UserStore userStore = getUserStoreWithID(userID); if (userStore.isRecurssive()) { return ((AbstractUserStoreManager) userStore.getUserStoreManager()) @@ -12867,12 +12428,6 @@ public User getUserWithID(String userID, String[] requestedClaims, String profil @Override public boolean isExistingUserWithID(String userID) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String.class }; - Object object = callSecure("isExistingUserWithID", new Object[] { userID }, argTypes); - return (Boolean) object; - } - if (UserCoreUtil.isRegistrySystemUser(userID)) { return true; } @@ -12904,12 +12459,6 @@ public boolean isExistingUserWithID(String userID) throws UserStoreException { @Override public List getRoleListOfUserWithID(String userID) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String.class }; - Object object = callSecure("getRoleListOfUserWithID", new Object[] { userID }, argTypes); - return (List) object; - } - List roleNames; // anonymous user is only assigned to anonymous role @@ -12968,12 +12517,6 @@ private List getRolesListOfUserWithId(String userID, UserStore userStore @Override public final List getUserListOfRoleWithID(String roleName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String.class }; - Object object = callSecure("getUserListOfRoleWithID", new Object[] { roleName }, argTypes); - return (List) object; - } - return getUserListOfRoleWithID(roleName, QUERY_FILTER_STRING_ANY, QUERY_MAX_ITEM_LIMIT_ANY); } @@ -12981,13 +12524,6 @@ public final List getUserListOfRoleWithID(String roleName) throws UserStor public final List getUserListOfRoleWithID(String roleName, String filter, int maxItemLimit) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String.class, String.class, int.class }; - Object object = callSecure("getUserListOfRoleWithID", new Object[] { roleName, filter, maxItemLimit }, - argTypes); - return (List) object; - } - List users = new ArrayList<>(); // If role does not exit, just return @@ -13098,12 +12634,6 @@ public final List getUserListOfRoleWithID(String roleName, String filter, @Override public final List getUserListOfGroupWithID(String groupName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class}; - Object object = callSecure("getUserListOfGroupWithID", new Object[]{groupName}, argTypes); - return (List) object; - } - return getUserListOfGroupWithID(groupName, QUERY_FILTER_STRING_ANY, QUERY_MAX_ITEM_LIMIT_ANY); } @@ -13111,13 +12641,6 @@ public final List getUserListOfGroupWithID(String groupName) throws UserSt public final List getUserListOfGroupWithID(String groupName, String filter, int maxItemLimit) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class, int.class}; - Object object = callSecure("getUserListOfGroupWithID", new Object[]{groupName, filter, maxItemLimit}, - argTypes); - return (List) object; - } - List users = new ArrayList<>(); // If group does not exit, just return @@ -13166,13 +12689,6 @@ public final List getUserListOfGroupWithID(String groupName, String filter public final String getUserClaimValueWithID(String userID, String claim, String profileName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String.class, String.class, String.class }; - Object object = callSecure("getUserClaimValueWithID", new Object[] { userID, claim, profileName }, - argTypes); - return (String) object; - } - UserStore userStore = getUserStoreWithID(userID); if (userStore.isRecurssive()) { return ((AbstractUserStoreManager) userStore.getUserStoreManager()) @@ -13263,13 +12779,6 @@ public final String getUserClaimValueWithID(String userID, String claim, String public final Map getUserClaimValuesWithID(String userID, String[] claims, String profileName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String.class, String[].class, String.class }; - Object object = callSecure("getUserClaimValuesWithID", new Object[] { userID, claims, profileName }, - argTypes); - return (Map) object; - } - UserStore userStore = getUserStoreWithID(userID); if (userStore.isRecurssive()) { return ((AbstractUserStoreManager) userStore.getUserStoreManager()) @@ -13350,12 +12859,6 @@ public final Map getUserClaimValuesWithID(String userID, String[ @Override public final List getUserClaimValuesWithID(String userID, String profileName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String.class, String.class }; - Object object = callSecure("getUserClaimValuesWithID", new Object[] { userID, profileName }, argTypes); - return (List) object; - } - UserStore userStore = getUserStoreWithID(userID); if (userStore.isRecurssive()) { return ((AbstractUserStoreManager) userStore.getUserStoreManager()) @@ -13409,14 +12912,6 @@ public final List getUserClaimValuesWithID(String userID, String profileN protected Map doGetUserClaimValuesWithID(String userID, String[] claims, String domainName, String profileName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String.class, String[].class, String.class, String.class }; - Object object = callSecure("doGetUserClaimValuesWithID", new Object[] { - userID, claims, domainName, profileName - }, argTypes); - return (Map) object; - } - if (ArrayUtils.isEmpty(claims)) { return new HashMap<>(); } @@ -13614,12 +13109,6 @@ private void addClaimValues(Map values, List finalValues) public final void updateCredentialWithID(String userID, Object newCredential, Object oldCredential) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{String.class, Object.class, Object.class}; - callSecure("updateCredentialWithID", new Object[] { userID, newCredential, oldCredential }, argTypes); - return; - } - UserStore userStore = getUserStoreWithID(userID); if (userStore.isRecurssive()) { ((AbstractUserStoreManager) userStore.getUserStoreManager()) @@ -14269,12 +13758,6 @@ protected Map addUserIDAttribute(String userID, Map) () -> { - // If unique id feature is not enabled, we have to call the legacy methods. - if (!isUniqueUserIdEnabled()) { - User user = userUniqueIDManger.getUser(userID, this); - if (user == null) { - throw new UserStoreException("User cannot be found."); - } - updateRoleListOfUserInternal(user.getDomainQualifiedUsername(), deletedRoles, newRoles); - return null; - } else { - updateRoleListOfUserInternalWithID(userID, deletedRoles, newRoles); - return null; - } - }); - } catch (PrivilegedActionException e) { - if (!(e.getException() instanceof UserStoreException)) { - handleUpdateRoleListOfUserFailureWithID( - ErrorMessages.ERROR_CODE_ERROR_DURING_UPDATE_USERS_OF_ROLE.getCode(), - String.format(ErrorMessages.ERROR_CODE_ERROR_DURING_UPDATE_USERS_OF_ROLE.getMessage(), - e.getMessage()), userID, deletedRoles, newRoles); + // If unique id feature is not enabled, we have to call the legacy methods. + if (!isUniqueUserIdEnabled()) { + User user = userUniqueIDManger.getUser(userID, this); + if (user == null) { + throw new UserStoreException("User cannot be found."); } - throw (UserStoreException) e.getException(); + updateRoleListOfUserInternal(user.getDomainQualifiedUsername(), deletedRoles, newRoles); + } else { + updateRoleListOfUserInternalWithID(userID, deletedRoles, newRoles); } } @@ -15570,36 +15021,23 @@ private void processDeletedRoles(List internalRoleDel, List role public final void updateUserListOfRoleWithID(final String roleName, String[] deletedUserIDs, String[] newUserIDs) throws UserStoreException { - try { - AccessController.doPrivileged((PrivilegedExceptionAction) () -> { - // If unique id feature is not enabled, we have to call the legacy methods. - UserStore userStore = getUserStore(roleName); - if (!isUniqueUserIdEnabledInUserStore(userStore)) { - List deletedUsers = new ArrayList<>(); - List newUsers = new ArrayList<>(); - if (deletedUserIDs != null) { - deletedUsers = userUniqueIDManger.getUsers(Arrays.asList(deletedUserIDs), this); - } - if (newUserIDs != null) { - newUsers = userUniqueIDManger.getUsers(Arrays.asList(newUserIDs), this); - } - // If we don't have a record for this user, let's try to call directly using the user id. - updateUserListOfRoleInternal(roleName, deletedUsers.stream().map(User::getDomainQualifiedUsername) - .toArray(String[]::new), newUsers.stream().map(User::getDomainQualifiedUsername).toArray(String[]::new)); - return null; - } - updateUserListOfRoleInternalWithID(roleName, deletedUserIDs, newUserIDs); - return null; - }); - } catch (PrivilegedActionException e) { - if (!(e.getException() instanceof UserStoreException)) { - handleUpdateRoleListOfUserFailureWithID( - ErrorMessages.ERROR_CODE_ERROR_WHILE_UPDATING_ROLE_OF_USER.getCode(), - String.format(ErrorMessages.ERROR_CODE_ERROR_WHILE_UPDATING_ROLE_OF_USER.getMessage(), - e.getMessage()), roleName, deletedUserIDs, newUserIDs); + // If unique id feature is not enabled, we have to call the legacy methods. + UserStore userStore = getUserStore(roleName); + if (!isUniqueUserIdEnabledInUserStore(userStore)) { + List deletedUsers = new ArrayList<>(); + List newUsers = new ArrayList<>(); + if (deletedUserIDs != null) { + deletedUsers = userUniqueIDManger.getUsers(Arrays.asList(deletedUserIDs), this); + } + if (newUserIDs != null) { + newUsers = userUniqueIDManger.getUsers(Arrays.asList(newUserIDs), this); } - throw (UserStoreException) e.getException(); + // If we don't have a record for this user, let's try to call directly using the user id. + updateUserListOfRoleInternal(roleName, deletedUsers.stream().map(User::getDomainQualifiedUsername) + .toArray(String[]::new), newUsers.stream().map(User::getDomainQualifiedUsername).toArray(String[]::new)); + return; } + updateUserListOfRoleInternalWithID(roleName, deletedUserIDs, newUserIDs); } /** @@ -15747,15 +15185,6 @@ public final User addUserWithID(String userName, Object credential, String[] rol String profileName) throws UserStoreException { // We have to make sure this call is going through the Java Security Manager. - if (!isSecureCall.get()) { - Class[] argTypes = new Class[] { - String.class, Object.class, String[].class, Map.class, String.class - }; - Object object = callSecure("addUserWithID", - new Object[] { userName, credential, roleList, claims, profileName }, argTypes); - return (User) object; - } - // If we don't have a username, we cannot proceed. if (StringUtils.isEmpty(userName)) { String message = ErrorMessages.ERROR_CODE_USERNAME_CANNOT_BE_EMPTY.getMessage(); @@ -16462,12 +15891,6 @@ private void filterRoles(String[] roleList, List internalRoles, List listUsersWithID(String filter, int limit, int offset) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{String.class, int.class, int.class}; - Object object = callSecure("listUsersWithID", new Object[] { filter, limit, offset }, argTypes); - return (List) object; - } - int index = filter.indexOf(CarbonConstants.DOMAIN_SEPARATOR); UniqueIDPaginatedSearchResult userList; @@ -16692,13 +16109,6 @@ public List listUsersWithID(String filter, int limit, int offset) throws U public List getUserListWithID(String claim, String claimValue, String profileName, int limit, int offset) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[] { String.class, String.class, String.class, int.class, int.class }; - Object object = callSecure("getUserListWithID", - new Object[] { claim, claimValue, profileName, limit, offset }, argTypes); - return (List) object; - } - if (claim == null) { String errorCode = ErrorMessages.ERROR_CODE_INVALID_CLAIM_URI.getCode(); String errorMessage = String.format(ErrorMessages.ERROR_CODE_INVALID_CLAIM_URI.getMessage(), ""); @@ -17699,13 +17109,6 @@ private List doGetUserListWithID(String claim, String claimValue, String p public List getUsersClaimValuesWithID(List userIDs, List claims, String profileName) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[] { List.class, List.class, String.class }; - Object object = callSecure("getUsersClaimValuesWithID", new Object[] { userIDs, claims, profileName }, - argTypes); - return (List) object; - } - if (StringUtils.isEmpty(profileName)) { profileName = UserCoreConstants.DEFAULT_PROFILE; } @@ -17892,12 +17295,6 @@ protected Map> getUsersPropertyValuesWithID(List> getRoleListOfUsersWithID(List userIDs) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[] { List.class }; - Object object = callSecure("getRoleListOfUsersWithID", new Object[] { userIDs }, argTypes); - return (Map>) object; - } - Map> allRoleNames = new HashMap<>(); Map> domainFreeUsers = getDomainFreeUsersWithID(userIDs); @@ -17937,12 +17334,6 @@ public Map> getRoleListOfUsersWithID(List userIDs) public Map> doGetRoleListOfUsersWithID(List userIDs, String domainName) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[] { List.class, String.class }; - Object object = callSecure("doGetRoleListOfUsersWithID", new Object[] { userIDs, domainName }, argTypes); - return (Map>) object; - } - Map> internalRoles = doGetInternalRoleListOfUsersWithID(userIDs, domainName); Map> externalRoles = new HashMap<>(); @@ -18271,12 +17662,6 @@ private void updateClaimsWithGroupAttributes(Group group, List getGroupListOfUser(String userId, int limit, int offset, String sortBy, String sortOrder) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{String.class, int.class, int.class, String.class, String.class}; - Object object = callSecure("getGroupListOfUser", - new Object[]{userId, limit, offset, sortBy, sortOrder}, argTypes); - return (List) object; - } if (StringUtils.isBlank(userId)) { throw new UserStoreClientException(ERROR_EMPTY_USER_ID.getMessage(), ERROR_EMPTY_USER_ID.getCode()); } @@ -18416,12 +17801,6 @@ private int resolveListOffset(int givenOffset) { public List getUserListOfGroup(String groupID, int limit, int offset, String sortBy, String sortOrder) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{String.class, int.class, int.class, String.class, String.class}; - Object object = callSecure("getUserListOfGroup", - new Object[]{groupID, limit, offset, sortBy, sortOrder}, argTypes); - return (List) object; - } if (StringUtils.isBlank(groupID)) { throw new UserStoreClientException(ERROR_EMPTY_GROUP_ID.getMessage(), ERROR_EMPTY_GROUP_ID.getCode()); } @@ -18497,27 +17876,14 @@ public void updateUserListOfGroup(String groupID, List deletedUserIds, L handleUpdateUserListOfGroupFailure(errorCode, errorMessage, groupID, deletedUserIds, newUserIds); throw new UserStoreClientException(errorMessage, errorCode); } - try { - AccessController.doPrivileged((PrivilegedExceptionAction) () -> { - // If group Id feature is not enabled, we need to call the legacy method. - if (isUniqueGroupIdEnabled()) { - updateUserListOfGroupByGroupId(groupID, UserCoreUtil.removeDomainFromName(groupName), - deletedUserIds, newUserIds); - } else { - // Need to attach the user store domain name to the group name. - updateUserListOfRoleWithID(UserCoreUtil.addDomainToName(groupName, getMyDomainName()), - deletedUserIds.toArray(new String[0]), newUserIds.toArray(new String[0])); - } - return null; - }); - } catch (PrivilegedActionException e) { - if (!(e.getException() instanceof UserStoreException)) { - handleUpdateUserListOfGroupFailure( - ErrorMessages.ERROR_WHILE_UPDATE_USER_LIST_OF_GROUP.getCode(), - String.format(ErrorMessages.ERROR_WHILE_UPDATE_USER_LIST_OF_GROUP.getMessage(), - e.getMessage()), groupID, deletedUserIds, newUserIds); - } - throw (UserStoreException) e.getException(); + // If group Id feature is not enabled, we need to call the legacy method. + if (isUniqueGroupIdEnabled()) { + updateUserListOfGroupByGroupId(groupID, UserCoreUtil.removeDomainFromName(groupName), + deletedUserIds, newUserIds); + } else { + // Need to attach the user store domain name to the group name. + updateUserListOfRoleWithID(UserCoreUtil.addDomainToName(groupName, getMyDomainName()), + deletedUserIds.toArray(new String[0]), newUserIds.toArray(new String[0])); } } @@ -18597,11 +17963,6 @@ public void updateGroupListOfUser(String userID, List deletedGroupIds, L @Override public boolean isUserInGroup(String userID, String groupID) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{String.class, String.class}; - Object object = callSecure("isUserInGroup", new Object[]{userID, groupID}, argTypes); - return (boolean) object; - } if (StringUtils.isBlank(groupID)) { throw new UserStoreClientException(ERROR_EMPTY_GROUP_ID.getMessage(), ERROR_EMPTY_GROUP_ID.getCode()); } @@ -18619,11 +17980,6 @@ public boolean isUserInGroup(String userID, String groupID) throws UserStoreExce @Override public Map> getGroupListOfUsers(List userIDs) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{List.class}; - Object object = callSecure("getGroupListOfUsers", new Object[]{userIDs}, argTypes); - return (Map>) object; - } if (CollectionUtils.isEmpty(userIDs)) { return new HashMap<>(); } @@ -18638,12 +17994,6 @@ public Map> getGroupListOfUsers(List userIDs) throws @Override public boolean isGroupExist(String groupID) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{String.class}; - Object object = callSecure("isGroupExist", new Object[]{groupID}, argTypes); - return (boolean) object; - } - if (StringUtils.isBlank(groupID)) { throw new UserStoreClientException(ERROR_EMPTY_GROUP_ID.getMessage(), ERROR_EMPTY_GROUP_ID.getCode()); } @@ -18659,11 +18009,6 @@ public boolean isGroupExist(String groupID) throws UserStoreException { @Override public boolean isGroupExistWithName(String groupName) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{String.class}; - Object object = callSecure("isGroupExistWithName", new Object[]{groupName}, argTypes); - return (boolean) object; - } if (StringUtils.isBlank(groupName)) { throw new UserStoreClientException(ERROR_EMPTY_GROUP_NAME.getMessage(), ERROR_EMPTY_GROUP_NAME.getCode()); } @@ -18679,11 +18024,6 @@ public boolean isGroupExistWithName(String groupName) throws UserStoreException @Override public void deleteGroup(String groupID) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class}; - callSecure("deleteGroup", new Object[]{groupID}, argTypes); - return; - } UserStore userStore = getUserStoreWithGroupId(groupID); if (userStore.isRecurssive()) { ((AbstractUserStoreManager) userStore.getUserStoreManager()).deleteGroup(userStore.getDomainFreeGroupId()); @@ -18745,11 +18085,6 @@ public void deleteGroup(String groupID) throws UserStoreException { @Override public Group renameGroup(String groupID, String newGroupName) throws UserStoreException { - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class, String.class}; - Object object = callSecure("renameGroup", new Object[]{groupID, newGroupName}, argTypes); - return (Group) object; - } UserStore userStore = getUserStoreWithGroupId(groupID); UserStore newUserStore = getUserStoreWithGroupName(newGroupName); if (userStore.isRecurssive()) { @@ -18857,11 +18192,6 @@ public User addUser(String userName, Object credential, List claims, List @Override public String getGroupNameByGroupId(String groupId) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{String.class}; - Object object = callSecure("getGroupNameByGroupId", new Object[]{groupId}, argTypes); - return (String) object; - } if (StringUtils.isBlank(groupId)) { throw new UserStoreClientException(ERROR_EMPTY_GROUP_ID.getMessage(), ERROR_EMPTY_GROUP_ID.getCode()); } @@ -18948,11 +18278,6 @@ private String getGroupNameById(String groupId) throws UserStoreException { @Override public String getGroupIdByGroupName(String groupName) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{String.class}; - Object object = callSecure("getGroupIdByGroupName", new Object[]{groupName}, argTypes); - return (String) object; - } if (StringUtils.isBlank(groupName)) { throw new UserStoreClientException(ERROR_EMPTY_GROUP_NAME.getMessage(), ERROR_EMPTY_GROUP_NAME.getCode()); } @@ -19026,12 +18351,6 @@ public String getGroupIdByGroupName(String groupName) throws UserStoreException @Override public Group getGroupByGroupName(String groupName, List requiredAttributes) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{String.class, List.class}; - Object object = callSecure("getGroupByGroupName", - new Object[]{groupName, requiredAttributes}, argTypes); - return (Group) object; - } if (StringUtils.isBlank(groupName)) { throw new UserStoreClientException(ERROR_EMPTY_GROUP_NAME.getMessage(), ERROR_EMPTY_GROUP_NAME.getCode()); } @@ -19107,12 +18426,6 @@ public Group getGroupByGroupName(String groupName, List requiredAttribut @Override public Group getGroup(String groupID, List requiredAttributes) throws UserStoreException { - if (!isSecureCall.get()) { - Class[] argTypes = new Class[]{String.class, List.class}; - Object object = callSecure("getGroup", new Object[]{groupID, requiredAttributes}, argTypes); - return (Group) object; - } - if (StringUtils.isBlank(groupID)) { throw new UserStoreClientException(ERROR_EMPTY_GROUP_ID.getMessage(), ERROR_EMPTY_GROUP_ID.getCode()); } @@ -20083,12 +19396,6 @@ public UserUniqueIDDomainResolver getUserUniqueIDDomainResolver() { public int getUserCountForGroup(String groupName) throws UserStoreException { int count = 0; - if (!isSecureCall.get()) { - Class argTypes[] = new Class[]{String.class}; - Object object = callSecure("getUserCountForGroup", new Object[]{groupName}, argTypes); - return (int) object; - } - // If group does not exit, just return. if (!isExistingRole(groupName)) { return count; diff --git a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/DefaultRealmService.java b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/DefaultRealmService.java index ef8f1d19593..c888283c05d 100644 --- a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/DefaultRealmService.java +++ b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/DefaultRealmService.java @@ -50,9 +50,6 @@ import java.io.InputStream; import java.lang.reflect.Constructor; import java.nio.file.Paths; -import java.security.AccessController; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.util.Dictionary; import java.util.Hashtable; import java.util.Map; @@ -146,19 +143,10 @@ private TenantMgtConfiguration buildTenantMgtConfig(BundleContext bc, String ten } @Override - public org.wso2.carbon.user.api.UserRealm getTenantUserRealm(final int tenantId) + public org.wso2.carbon.user.api.UserRealm getTenantUserRealm(int tenantId) throws org.wso2.carbon.user.api.UserStoreException { - try { - return AccessController.doPrivileged(new PrivilegedExceptionAction() { - @Override - public org.wso2.carbon.user.api.UserRealm run() throws Exception { - return getTenantUserRealmInternal(tenantId); - } - }); - } catch (PrivilegedActionException e) { - throw (org.wso2.carbon.user.api.UserStoreException) e.getException(); - } + return getTenantUserRealmInternal(tenantId); } private org.wso2.carbon.user.api.UserRealm getTenantUserRealmInternal(int tenantId) @@ -215,18 +203,9 @@ public void clearCachedUserRealm(int tenantId) throws UserStoreException { } @Override - public UserRealm getUserRealm(final RealmConfiguration tenantRealmConfig) throws UserStoreException { + public UserRealm getUserRealm(RealmConfiguration tenantRealmConfig) throws UserStoreException { - try { - return AccessController.doPrivileged(new PrivilegedExceptionAction() { - @Override - public UserRealm run() throws Exception { - return getUserRealmInternal(tenantRealmConfig); - } - }); - } catch (PrivilegedActionException e) { - throw (UserStoreException) e.getException(); - } + return getUserRealmInternal(tenantRealmConfig); } private UserRealm getUserRealmInternal(RealmConfiguration tenantRealmConfig) throws UserStoreException { diff --git a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/internal/Activator.java b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/internal/Activator.java index 42506a1d5d3..6f4f63480e9 100644 --- a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/internal/Activator.java +++ b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/internal/Activator.java @@ -33,7 +33,6 @@ import org.wso2.carbon.user.core.util.UserCoreUtil; import java.io.File; -import java.lang.management.ManagementPermission; import java.util.Collection; /** @@ -46,9 +45,6 @@ public class Activator extends BundleCheckActivator { private static final Log log = LogFactory.getLog(Activator.class); public void startDeploy(BundleContext bundleContext) throws Exception { - // Need permissions in order to instantiate user core - SecurityManager secMan = System.getSecurityManager(); - /* * Read the SSL trust store configurations from the Security.TrustStore * element of the Carbon.xml @@ -63,9 +59,6 @@ public void startDeploy(BundleContext bundleContext) throws Exception { System.setProperty("javax.net.ssl.trustStoreType", type); System.setProperty("javax.net.ssl.trustStorePassword", password); - if (secMan != null) { - secMan.checkPermission(new ManagementPermission("control")); - } try { if (Boolean.parseBoolean(System.getProperty("NonUserCoreMode"))) { log.debug("UserCore component activated in NonUserCoreMode Mode");