Skip to content

Clean up AccessController with Exception disambiguation #5815

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
cwperks merged 2 commits into from
Nov 26, 2025
Merged

Clean up AccessController with Exception disambiguation #5815

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b16ff3b
Clean up AccessController with Exception disambiguation
cwperks Nov 26, 2025
f343144
Catch specific exception
cwperks Nov 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 1 addition & 10 deletions src/main/java/org/opensearch/security/auth/http/saml/SamlFilesystemMetadataResolver.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,16 +29,7 @@ public class SamlFilesystemMetadataResolver extends FilesystemMetadataResolver {

@Override
protected byte[] fetchMetadata() throws ResolverException {
try {
return AccessController.doPrivilegedChecked(SamlFilesystemMetadataResolver.super::fetchMetadata);
} catch (Exception e) {

if (e instanceof ResolverException) {
throw (ResolverException) e;
} else {
throw new RuntimeException(e);
}
}
return AccessController.doPrivilegedChecked(SamlFilesystemMetadataResolver.super::fetchMetadata);
}

private static File getMetadataFile(String filePath, Settings settings, Path configPath) {
Expand Down
10 changes: 1 addition & 9 deletions src/main/java/org/opensearch/security/auth/http/saml/SamlHTTPMetadataResolver.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,15 +37,7 @@ public class SamlHTTPMetadataResolver extends HTTPMetadataResolver {

@Override
protected byte[] fetchMetadata() throws ResolverException {
try {
return AccessController.doPrivilegedChecked(SamlHTTPMetadataResolver.super::fetchMetadata);
} catch (Exception e) {
if (e instanceof ResolverException) {
throw (ResolverException) e;
} else {
throw new RuntimeException(e);
}
}
return AccessController.doPrivilegedChecked(SamlHTTPMetadataResolver.super::fetchMetadata);
}

private static SettingsBasedSSLConfiguratorV4.SSLConfig getSSLConfig(Settings settings, Path configPath) throws Exception {
Expand Down
10 changes: 2 additions & 8 deletions src/main/java/org/opensearch/security/auth/ldap/util/LdapHelper.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,14 +66,8 @@ public static List<LdapEntry> search(

return entries;
});
} catch (Exception e) {
if (e instanceof LdapException) {
throw (LdapException) e;
} else if (e instanceof RuntimeException) {
throw (RuntimeException) e;
} else {
throw new RuntimeException(e);
}
} catch (InvalidNameException e) {
throw new RuntimeException(e);
}
}

Expand Down
26 changes: 2 additions & 24 deletions src/main/java/org/opensearch/security/auth/ldap2/LDAPAuthenticationBackend2.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,17 +87,7 @@ public LDAPAuthenticationBackend2(final Settings settings, final Path configPath

@Override
public User authenticate(AuthenticationContext context) throws OpenSearchSecurityException {
try {
return AccessController.doPrivilegedChecked(() -> authenticate0(context));
} catch (Exception e) {
if (e instanceof OpenSearchSecurityException) {
throw (OpenSearchSecurityException) e;
} else if (e instanceof RuntimeException) {
throw (RuntimeException) e;
} else {
throw new RuntimeException(e);
}
}
return AccessController.doPrivilegedChecked(() -> authenticate0(context));
}

private User authenticate0(AuthenticationContext context) throws OpenSearchSecurityException {
Expand Down Expand Up @@ -217,19 +207,7 @@ public Optional<User> impersonate(User user) {
}

private void authenticateByLdapServer(final Connection connection, final String dn, byte[] password) throws LdapException {
try {
AccessController.doPrivilegedChecked(
() -> connection.getProviderConnection().bind(new BindRequest(dn, new Credential(password)))
);
} catch (Exception e) {
if (e instanceof LdapException) {
throw (LdapException) e;
} else if (e instanceof RuntimeException) {
throw (RuntimeException) e;
} else {
throw new RuntimeException(e);
}
}
AccessController.doPrivilegedChecked(() -> connection.getProviderConnection().bind(new BindRequest(dn, new Credential(password))));
}

private void authenticateByLdapServerWithSeparateConnection(final String dn, byte[] password) throws LdapException {
Expand Down
12 changes: 1 addition & 11 deletions src/main/java/org/opensearch/security/auth/ldap2/LDAPAuthorizationBackend2.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,17 +120,7 @@ private static List<Map.Entry<String, Settings>> convertOldStyleSettingsToNewSty

@Override
public User addRoles(final User user, AuthenticationContext context) throws OpenSearchSecurityException {
try {
return AccessController.doPrivilegedChecked(() -> addRoles0(user, context));
} catch (Exception e) {
if (e instanceof OpenSearchSecurityException) {
throw (OpenSearchSecurityException) e;
} else if (e instanceof RuntimeException) {
throw (RuntimeException) e;
} else {
throw new RuntimeException(e);
}
}
return AccessController.doPrivilegedChecked(() -> addRoles0(user, context));
}

private User addRoles0(final User user, AuthenticationContext context) throws OpenSearchSecurityException {
Expand Down
7 changes: 1 addition & 6 deletions src/main/java/org/opensearch/security/auth/ldap2/MakeJava9Happy.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,12 +27,7 @@ static ClassLoader getClassLoader() {
}

if (classLoader == null) {

try {
return AccessController.doPrivilegedChecked(() -> new Java9CL());
} catch (Exception e) {
throw new RuntimeException(e);
}
return AccessController.doPrivilegedChecked(() -> new Java9CL());
}

return classLoader;
Expand Down
42 changes: 11 additions & 31 deletions src/main/java/org/opensearch/security/auth/ldap2/PrivilegedProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,17 +78,7 @@ public JndiProviderConfig getProviderConfig() {

@Override
public ProviderConnection create() throws LdapException {
try {
return AccessController.doPrivilegedChecked(() -> new PrivilegedProviderConnection(delegate.create(), getProviderConfig()));
} catch (Exception e) {
if (e instanceof LdapException) {
throw (LdapException) e;
} else if (e instanceof RuntimeException) {
throw (RuntimeException) e;
} else {
throw new RuntimeException(e);
}
}
return AccessController.doPrivilegedChecked(() -> new PrivilegedProviderConnection(delegate.create(), getProviderConfig()));
}

}
Expand All @@ -103,30 +93,20 @@ public PrivilegedProviderConnection(ProviderConnection delegate, JndiProviderCon
}

public Response<Void> bind(BindRequest request) throws LdapException {
try {
return AccessController.doPrivilegedChecked(() -> {
if (jndiProviderConfig.getClassLoader() != null) {
ClassLoader originalClassLoader = Thread.currentThread().getContextClassLoader();

try {
Thread.currentThread().setContextClassLoader(jndiProviderConfig.getClassLoader());
return delegate.bind(request);
} finally {
Thread.currentThread().setContextClassLoader(originalClassLoader);
}
} else {
return AccessController.doPrivilegedChecked(() -> {
if (jndiProviderConfig.getClassLoader() != null) {
ClassLoader originalClassLoader = Thread.currentThread().getContextClassLoader();

try {
Thread.currentThread().setContextClassLoader(jndiProviderConfig.getClassLoader());
return delegate.bind(request);
} finally {
Thread.currentThread().setContextClassLoader(originalClassLoader);
}
});
} catch (Exception e) {
if (e instanceof LdapException) {
throw (LdapException) e;
} else if (e instanceof RuntimeException) {
throw (RuntimeException) e;
} else {
throw new RuntimeException(e);
return delegate.bind(request);
}
}
});
}

public Response<Void> add(AddRequest request) throws LdapException {
Expand Down
29 changes: 3 additions & 26 deletions src/main/java/org/opensearch/security/dlic/rest/support/Utils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
Expand Down Expand Up @@ -149,34 +148,12 @@ public static JsonNode convertJsonToJackson(ToXContent jsonContent, boolean omit
}

public static byte[] jsonMapToByteArray(Map<String, Object> jsonAsMap) throws IOException {

try {
return AccessController.doPrivilegedChecked(() -> internalMapper.writeValueAsBytes(jsonAsMap));
} catch (final Exception e) {
if (e instanceof JsonProcessingException) {
throw (JsonProcessingException) e;
} else if (e instanceof RuntimeException) {
throw (RuntimeException) e;
} else {
throw new RuntimeException(e);
}
}
return AccessController.doPrivilegedChecked(() -> internalMapper.writeValueAsBytes(jsonAsMap));
}

public static Map<String, Object> byteArrayToMutableJsonMap(byte[] jsonBytes) throws IOException {

try {
return AccessController.doPrivilegedChecked(() -> internalMapper.readValue(jsonBytes, new TypeReference<Map<String, Object>>() {
}));
} catch (final Exception e) {
if (e instanceof IOException) {
throw (IOException) e;
} else if (e instanceof RuntimeException) {
throw (RuntimeException) e;
} else {
throw new RuntimeException(e);
}
}
return AccessController.doPrivilegedChecked(() -> internalMapper.readValue(jsonBytes, new TypeReference<Map<String, Object>>() {
}));
}

/**
Expand Down
45 changes: 14 additions & 31 deletions src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -870,24 +870,15 @@ private SslContext buildSSLServerContext(
final SslProvider sslProvider,
final ClientAuth authMode
) throws SSLException {
final SslContextBuilder _sslContextBuilder = AccessController.doPrivilegedChecked(
() -> configureSSLServerContextBuilder(SslContextBuilder.forServer(_key, _cert), sslProvider, ciphers, authMode)
);

try {
final SslContextBuilder _sslContextBuilder = AccessController.doPrivilegedChecked(
() -> configureSSLServerContextBuilder(SslContextBuilder.forServer(_key, _cert), sslProvider, ciphers, authMode)
);

if (_trustedCerts != null && _trustedCerts.length > 0) {
_sslContextBuilder.trustManager(_trustedCerts);
}

return buildSSLContext0(_sslContextBuilder);
} catch (final Exception e) {
if (e.getCause() instanceof SSLException) {
throw (SSLException) e.getCause();
} else {
throw new RuntimeException(e);
}
if (_trustedCerts != null && _trustedCerts.length > 0) {
_sslContextBuilder.trustManager(_trustedCerts);
}

return buildSSLContext0(_sslContextBuilder);
}

private SslContext buildSSLServerContext(
Expand All @@ -899,23 +890,15 @@ private SslContext buildSSLServerContext(
final SslProvider sslProvider,
final ClientAuth authMode
) throws SSLException {
try {
final SslContextBuilder _sslContextBuilder = AccessController.doPrivilegedChecked(
() -> configureSSLServerContextBuilder(SslContextBuilder.forServer(_cert, _key, pwd), sslProvider, ciphers, authMode)
);

if (_trustedCerts != null) {
_sslContextBuilder.trustManager(_trustedCerts);
}
final SslContextBuilder _sslContextBuilder = AccessController.doPrivilegedChecked(
() -> configureSSLServerContextBuilder(SslContextBuilder.forServer(_cert, _key, pwd), sslProvider, ciphers, authMode)
);

return buildSSLContext0(_sslContextBuilder);
} catch (final Exception e) {
if (e.getCause() instanceof SSLException) {
throw (SSLException) e.getCause();
} else {
throw new RuntimeException(e);
}
if (_trustedCerts != null) {
_sslContextBuilder.trustManager(_trustedCerts);
}

return buildSSLContext0(_sslContextBuilder);
}

private SslContextBuilder configureSSLServerContextBuilder(
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/opensearch/security/ssl/SslConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.x500.X500Principal;

Expand Down Expand Up @@ -117,7 +118,7 @@ SslContext buildServerSslContext(final boolean validateCertificates) {
.trustManager(trustStoreConfiguration.createTrustManagerFactory(validateCertificates, issuerDns))
.build();
});
} catch (Exception e) {
} catch (SSLException e) {
throw new OpenSearchException("Failed to build server SSL context", e);
}
}
Expand Down
Loading