Author: anil.saldhana(a)jboss.com Date: 2010-12-28 15:18:36 -0500 (Tue, 28 Dec 2010) New Revision: 620 Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java Log: add in security perm check Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java 2010-12-28 19:44:29 UTC (rev 619) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java 2010-12-28 20:18:36 UTC (rev 620) @@ -41,6 +41,8 @@ */ public class PicketLinkCoreSTS { + private RuntimePermission rte = new RuntimePermission( "org.picketlink.sts" ); + protected STSCoreConfig configuration; private static PicketLinkCoreSTS _instance = null; @@ -66,9 +68,14 @@ * Issue a security token * @param protocolContext * @throws ProcessingException + * @throws {@link SecurityException} if the caller does not have a runtime permission for "org.picketlink.sts" */ public void issueToken( ProtocolContext protocolContext) throws ProcessingException { + SecurityManager sm = System.getSecurityManager(); + if( sm != null ) + sm.checkPermission( rte ); + SecurityTokenProvider provider = getProvider(protocolContext); if( provider == null ) @@ -85,9 +92,14 @@ * * @param protocolContext the {@code ProtocolContext} that contains the token to be renewed. * @throws ProcessingException if an error occurs while renewing the security token. + * @throws {@link SecurityException} if the caller does not have a runtime permission for "org.picketlink.sts" */ public void renewToken( ProtocolContext protocolContext) throws ProcessingException { + SecurityManager sm = System.getSecurityManager(); + if( sm != null ) + sm.checkPermission( rte ); + SecurityTokenProvider provider = null; if( provider == null ) @@ -104,9 +116,14 @@ * * @param protocolContext the {@code ProtocolContext} that contains the token to be canceled. * @throws ProcessingException if an error occurs while canceling the security token. + * @throws {@link SecurityException} if the caller does not have a runtime permission for "org.picketlink.sts" */ public void cancelToken( ProtocolContext protocolContext) throws ProcessingException { + SecurityManager sm = System.getSecurityManager(); + if( sm != null ) + sm.checkPermission( rte ); + SecurityTokenProvider provider = null; if( provider == null ) @@ -123,9 +140,14 @@ * * @param protocolContext the {@code ProtocolContext} that contains the token to be validated. * @throws ProcessingException if an error occurs while validating the security token. + * @throws {@link SecurityException} if the caller does not have a runtime permission for "org.picketlink.sts" */ public void validateToken( ProtocolContext protocolContext) throws ProcessingException { + SecurityManager sm = System.getSecurityManager(); + if( sm != null ) + sm.checkPermission( rte ); + SecurityTokenProvider provider = null; if( provider == null )