From 0f038bc05f93b7bbd006fcec033daaf78e6e7470 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Fri, 15 Dec 2023 23:51:44 -0500 Subject: [PATCH] Backport SAML permissions changes in DynamicConfigModelV7 Signed-off-by: Craig Perkins --- .../securityconf/DynamicConfigModelV7.java | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java index 483e3bcbd3..0de83f2e2e 100644 --- a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java +++ b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java @@ -29,6 +29,8 @@ import java.net.InetAddress; import java.nio.file.Path; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Collections; import java.util.HashSet; @@ -44,6 +46,7 @@ import com.google.common.collect.Multimap; import com.google.common.collect.Multimaps; +import org.opensearch.SpecialPermission; import org.opensearch.common.settings.Settings; import org.opensearch.common.xcontent.XContentType; import org.opensearch.security.auth.AuthDomain; @@ -433,14 +436,11 @@ private void destroyDestroyables(List destroyableComponents) { } private T newInstance(final String clazzOrShortcut, String type, final Settings settings, final Path configPath) { - - String clazz = clazzOrShortcut; - - if (authImplMap.containsKey(clazz + "_" + type)) { - clazz = authImplMap.get(clazz + "_" + type); - } - - return ReflectionHelper.instantiateAAA(clazz, settings, configPath); + final String clazz = authImplMap.computeIfAbsent(clazzOrShortcut + "_" + type, k -> clazzOrShortcut); + return AccessController.doPrivileged((PrivilegedAction) () -> { + SpecialPermission.check(); + return ReflectionHelper.instantiateAAA(clazz, settings, configPath); + }); } private String translateShortcutToClassName(final String clazzOrShortcut, final String type) {