001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: DecodeAction.java,v 1.4 2008/08/19 19:14:55 veiming Exp $ 026 * 027 */ 028 029/* 030 * Portions Copyrighted 2011 ForgeRock AS 031 */ 032package com.sun.identity.security; 033 034import java.security.PrivilegedAction; 035 036import com.iplanet.services.util.AMEncryption; 037import com.iplanet.services.util.Crypt; 038 039/** 040 * 041 * The class is used to perform privileged operations with 042 * <code>AccessController.doPrivileged() 043 * </code> when using 044 * <code> com.iplanet.services.util.Crypt</code> to decode passwords. Ths class 045 * implements the interface <code> 046 * PrivilegedAction </code> with a non-default 047 * constructor. This class should be used in order to perform the privileged 048 * operation of <code> com.iplanet.services.util.Crypt.decode/decrypt()</code>. 049 * 050 * <PRE> 051 * 052 * This line of code: String decStr = 053 * com.iplanet.services.util.Crypt.decode(str) should be replaced with: String 054 * decStr = (String) AccessController.doPrivileged( new DecodeAction(str)); If 055 * this is not done and Java security permissions check is enabled, then the 056 * operation will fail and return a null everytime. 057 * 058 * Note: Java security permissions check for OpenSSO can be enabled by 059 * setting the property <code>com.sun.identity.security.checkcaller</code> to 060 * true in AMConfig properties file. 061 * 062 * </PRE> 063 * 064 * @supported.all.api 065 */ 066public class DecodeAction implements PrivilegedAction<String> { 067 068 protected String value; 069 protected AMEncryption encr; 070 071 /** 072 * Non default constructor to be used when a <code>doPrivileged()</code> 073 * is performed for the decryption operations. 074 * 075 * @param svalue 076 * Value of string to be encoded/decoded 077 * 078 */ 079 public DecodeAction(String svalue) { 080 super(); 081 value = svalue; 082 } 083 084 /** 085 * @param value 086 * Value to be decoded 087 * @param encrKey 088 * Encryption object to be used for decoding 089 */ 090 public DecodeAction(String value, AMEncryption encrKey) { 091 super(); 092 this.value = value; 093 this.encr = encrKey; 094 } 095 096 /* 097 * (non-Javadoc) 098 * 099 * @see java.security.PrivilegedAction#run() 100 */ 101 public String run() { 102 if (encr != null) { 103 return Crypt.decode(value, encr); 104 } else { 105 return Crypt.decode(value); 106 } 107 } 108 109}
Copyright © 2010-2017, ForgeRock All Rights Reserved.