diff --git a/authentication/pom.xml b/authentication/pom.xml
index d4114f8b2..9ade3c2a2 100644
--- a/authentication/pom.xml
+++ b/authentication/pom.xml
@@ -83,7 +83,7 @@
-
+
@@ -100,19 +100,11 @@
org.wildfly.security
wildfly-elytron-credential
-
- org.wildfly.security
- wildfly-elytron-permission
-
org.wildfly.security
wildfly-elytron-realm
-
- org.wildfly.security
- wildfly-elytron-security-manager-action
-
-
+
org.jboss.logging
jboss-logging-annotations
@@ -139,7 +131,7 @@
jakarta.servlet-api
provided
-
+
org.wildfly.common
wildfly-common
@@ -157,5 +149,5 @@
test
-
+
diff --git a/authentication/src/main/java/org/wildfly/security/auth/jaspi/ElytronAuthConfigFactory.java b/authentication/src/main/java/org/wildfly/security/auth/jaspi/ElytronAuthConfigFactory.java
index 3d0111a14..eabea5316 100644
--- a/authentication/src/main/java/org/wildfly/security/auth/jaspi/ElytronAuthConfigFactory.java
+++ b/authentication/src/main/java/org/wildfly/security/auth/jaspi/ElytronAuthConfigFactory.java
@@ -16,14 +16,11 @@
package org.wildfly.security.auth.jaspi;
-import static java.lang.System.getSecurityManager;
import static org.wildfly.common.Assert.checkNotNullParam;
import static org.wildfly.security.auth.jaspi._private.ElytronMessages.log;
import static org.wildfly.security.auth.jaspi._private.ElytronEEMessages.eeLog;
import java.lang.reflect.Constructor;
-import java.security.AccessController;
-import java.security.SecurityPermission;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
@@ -35,7 +32,6 @@
import org.wildfly.security.auth.jaspi.impl.AuthenticationModuleDefinition;
import org.wildfly.security.auth.jaspi.impl.ElytronAuthConfigProvider;
-import org.wildfly.security.manager.action.GetContextClassLoaderAction;
import jakarta.security.auth.message.config.AuthConfigFactory;
import jakarta.security.auth.message.config.AuthConfigProvider;
@@ -142,8 +138,6 @@ boolean matchesRegistration(final String layer, final String appContext) {
*/
@Override
public String registerConfigProvider(AuthConfigProvider provider, String layer, String appContext, String description) {
- checkPermission(providerRegistrationSecurityPermission);
-
return registerConfigProvider(provider, layer, appContext, description, false);
}
@@ -153,8 +147,6 @@ public String registerConfigProvider(AuthConfigProvider provider, String layer,
@Override
public String registerConfigProvider(String className, Map properties, String layer, String appContext, String description) {
// TODO [ELY-1548] We should support persisting to configuration changes made by calling this method.
- checkPermission(providerRegistrationSecurityPermission);
-
AuthConfigProvider authConfigProvider = null;
if (className != null) {
ClassLoader classLoader = identifyClassLoader();
@@ -234,8 +226,6 @@ public void removeServerAuthModule(Object context) {
*/
@Override
public boolean removeRegistration(String registrationId) {
- checkPermission(providerRegistrationSecurityPermission);
-
String layer = null;
String appContext = null;
boolean removed = false;
@@ -271,7 +261,6 @@ public boolean removeRegistration(String registrationId) {
@Override
public String[] detachListener(RegistrationListener listener, String layer, String appContext) {
checkNotNullParam("listener", listener);
- checkPermission(providerRegistrationSecurityPermission);
List registrationIDs = new ArrayList<>();
synchronized (layerContextRegistration) {
for (Registration current : layerContextRegistration.values()) {
@@ -335,23 +324,10 @@ public String[] getRegistrationIDs(AuthConfigProvider provider) {
@Override
public void refresh() {
// [ELY-1538] Dynamic loading not presently supported, once supported refresh will reload the configuration.
- checkPermission(providerRegistrationSecurityPermission);
- }
-
-
-
-
- private static void checkPermission(final SecurityPermission securityPermission) {
- SecurityManager securityManager = getSecurityManager();
- if (securityManager != null) {
- securityManager.checkPermission(securityPermission);
- }
}
private static ClassLoader identifyClassLoader() {
- ClassLoader classLoader = getSecurityManager() != null
- ? AccessController.doPrivileged(GetContextClassLoaderAction.getInstance())
- : GetContextClassLoaderAction.getInstance().run();
+ ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
return classLoader != null ? classLoader : ClassLoader.getSystemClassLoader();
}
diff --git a/authentication/src/main/java/org/wildfly/security/auth/jaspi/impl/JaspiAuthenticationContext.java b/authentication/src/main/java/org/wildfly/security/auth/jaspi/impl/JaspiAuthenticationContext.java
index 32c3dde39..c9183a0d5 100644
--- a/authentication/src/main/java/org/wildfly/security/auth/jaspi/impl/JaspiAuthenticationContext.java
+++ b/authentication/src/main/java/org/wildfly/security/auth/jaspi/impl/JaspiAuthenticationContext.java
@@ -18,13 +18,10 @@
import static org.wildfly.common.Assert.checkNotNullParam;
import static org.wildfly.security.auth.jaspi._private.ElytronMessages.log;
-import static org.wildfly.security.auth.jaspi.impl.SecurityActions.doPrivileged;
import java.io.IOException;
import java.security.Principal;
-import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
@@ -134,10 +131,7 @@ private CallbackHandler createCommonCallbackHandler(final boolean integrated) {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
try {
- doPrivileged((PrivilegedExceptionAction) () -> {
- handleOne(callbacks, 0);
- return null;
- });
+ handleOne(callbacks, 0);
} catch (Exception e) {
if (e instanceof PrivilegedActionException) {
if (e.getCause() instanceof UnsupportedCallbackException) {
@@ -299,7 +293,7 @@ public SecurityIdentity getAuthorizedIdentity() throws IllegalStateException {
Roles roles = Roles.fromSet(this.roles);
RoleMapper roleMapper = RoleMapper.constant(roles);
SecurityIdentity temp = securityIdentity;
- securityIdentity = doPrivileged((PrivilegedAction) (() -> temp.withDefaultRoleMapper(roleMapper)));
+ securityIdentity = temp.withDefaultRoleMapper(roleMapper);
} else {
log.trace("No roles request of CallbackHandler.");
}
diff --git a/authentication/src/main/java/org/wildfly/security/auth/jaspi/impl/SecurityActions.java b/authentication/src/main/java/org/wildfly/security/auth/jaspi/impl/SecurityActions.java
deleted file mode 100644
index 0e0238564..000000000
--- a/authentication/src/main/java/org/wildfly/security/auth/jaspi/impl/SecurityActions.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2015 Red Hat, Inc., and individual contributors
- * as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.wildfly.security.auth.jaspi.impl;
-
-import static java.lang.System.getSecurityManager;
-
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedExceptionAction;
-
-/**
- * Wrapper around {@link AccessController#doPrivileged(PrivilegedAction)} for the 'org.wildfly.extension.elytron' package.
- *
- * @author Darran Lofthouse
- */
-final class SecurityActions {
-
- static T doPrivileged(final PrivilegedAction action) {
- return getSecurityManager() != null ? AccessController.doPrivileged(action) : action.run();
- }
-
- static T doPrivileged(final PrivilegedExceptionAction action) throws Exception {
- return getSecurityManager() != null ? AccessController.doPrivileged(action) : action.run();
- }
-
-}
diff --git a/pom.xml b/pom.xml
index 19eb12810..b3b12c8f3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
17
17
- 3.0.0
+ 3.1.0
2.1.0
4.0.1
3.1.0