QPID-5567 : Always Use AccessControllerContext to find the current context Subject

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1569934 13f79535-47bb-0310-9956-ffa450edef68

2 files changed, 29 insertions, 50 deletions

diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
index 674ff71232..0efb76a241 100644
--- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
+++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
@@ -24,6 +24,7 @@ import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.security.AccessControlException;
 import java.security.Principal;
+import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.security.cert.X509Certificate;
@@ -119,37 +120,22 @@ public class HttpManagementUtil
     public static void assertManagementAccess(final SecurityManager securityManager, Subject subject, LogActor actor)
     {
         // TODO: We should eliminate SecurityManager.setThreadSubject in favour of Subject.doAs
-        SecurityManager.setThreadSubject(subject); // Required for accessManagement check
         CurrentActor.set(actor);
         try
         {
-            try
+            Subject.doAs(subject, new PrivilegedAction<Void>()
             {
-                Subject.doAs(subject, new PrivilegedExceptionAction<Void>()
+                @Override
+                public Void run()
                 {
-                    @Override
-                    public Void run()
-                    {
-                        securityManager.accessManagement();
-                        return null;
-                    }
-                });
-            }
-            catch (PrivilegedActionException e)
-            {
-                throw new ServerScopedRuntimeException("Unable to perform access check", e);
-            }
+                    securityManager.accessManagement();
+                    return null;
+                }
+            });
         }
         finally
         {
-            try
-            {
-                CurrentActor.remove();
-            }
-            finally
-            {
-                SecurityManager.setThreadSubject(null);
-            }
+            CurrentActor.remove();
         }
     }
 
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java
index 0381b711bc..1a13733ff5 100644
--- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java
+++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java
@@ -198,43 +198,36 @@ public abstract class AbstractServlet extends HttpServlet
             return;
         }
 
-        SecurityManager.setThreadSubject(subject);
+        HttpManagementActor logActor = HttpManagementUtil.getOrCreateAndCacheLogActor(request, _broker);
+        CurrentActor.set(logActor);
         try
         {
-            HttpManagementActor logActor = HttpManagementUtil.getOrCreateAndCacheLogActor(request, _broker);
-            CurrentActor.set(logActor);
-            try
-            {
-                Subject.doAs(subject, privilegedExceptionAction);
-            }
-            catch(RuntimeException e)
-            {
-                LOGGER.error("Unable to perform action", e);
-                throw e;
-            }
-            catch (PrivilegedActionException e)
+            Subject.doAs(subject, privilegedExceptionAction);
+        }
+        catch(RuntimeException e)
+        {
+            LOGGER.error("Unable to perform action", e);
+            throw e;
+        }
+        catch (PrivilegedActionException e)
+        {
+            LOGGER.error("Unable to perform action", e);
+            Throwable cause = e.getCause();
+            if(cause instanceof RuntimeException)
             {
-                LOGGER.error("Unable to perform action", e);
-                Throwable cause = e.getCause();
-                if(cause instanceof RuntimeException)
-                {
-                    throw (RuntimeException)cause;
-                }
-                if(cause instanceof Error)
-                {
-                    throw (Error)cause;
-                }
-                throw new ConnectionScopedRuntimeException(e.getCause());
+                throw (RuntimeException)cause;
             }
-            finally
+            if(cause instanceof Error)
             {
-                CurrentActor.remove();
+                throw (Error)cause;
             }
+            throw new ConnectionScopedRuntimeException(e.getCause());
         }
         finally
         {
-            SecurityManager.setThreadSubject(null);
+            CurrentActor.remove();
         }
+
     }
 
     protected Subject getAuthorisedSubject(HttpServletRequest request)