Enh 38188654 - [38068862->22.06.14] Do not log an unnecessary message when an access controller fails to verify a subject

thegridman · thegridman · commit b2a69baa7a76 · 2025-07-14T11:28:37.000-05:00
(merge 14.1.1.2206 -&gt; ce/22.06 117378)

[git-p4: depot-paths = "//dev/coherence-ce/release/coherence-ce-v22.06/": change = 117380]
diff --git a/prj/coherence-core-components/src/main/java/com/tangosol/coherence/component/net/security/Standard.java b/prj/coherence-core-components/src/main/java/com/tangosol/coherence/component/net/security/Standard.java
@@ -1,6 +1,6 @@
 
 /*
- * Copyright (c) 2000, 2023, Oracle and/or its affiliates.
+ * Copyright (c) 2000, 2025, Oracle and/or its affiliates.
  *
  * Licensed under the Universal Permissive License v 1.0 as shown at
  * https://oss.oracle.com/licenses/upl.
@@ -271,7 +271,7 @@ public void checkPermission(com.tangosol.net.Cluster cluster, com.tangosol.net.C
             {
             try
                 {
-                validateSubject(sService, subject);
+                validateSubject(sService, subject, false);
                 fValid = true;
                 }
             catch (SecurityException ex)
@@ -291,7 +291,7 @@ public void checkPermission(com.tangosol.net.Cluster cluster, com.tangosol.net.C
         
         if (!fValid)
             {
-            validateSubject(sService, subject);
+            validateSubject(sService, subject, true);
             }
         
         // TODO: leave the audit trail?
@@ -685,10 +685,18 @@ private void setValidSubjects(java.util.Map cache)
      */
     protected void validateSubject(String sService, javax.security.auth.Subject subject)
         {
-        // import com.tangosol.net.security.AccessController as com.tangosol.net.security.AccessController;
-        // import java.util.Map;
-        // import javax.security.auth.Subject;
-        
+        validateSubject(sService, subject, true);
+        }
+
+    /**
+     * Prevent a security hole when a caller would construct a Subject object
+    * with a Principal object that have a high security clearance, but provide
+    * a valid cerificate representing a low security clearance Principal. The
+    * very first validated subject becomes assosiated with the specified
+    * service.
+     */
+    protected void validateSubject(String sService, javax.security.auth.Subject subject, boolean fLog)
+        {
         Map mapValid = getValidSubjects();
         
         if (!mapValid.containsKey(subject))
@@ -704,7 +712,10 @@ protected void validateSubject(String sService, javax.security.auth.Subject subj
                 }
             catch (Exception e)
                 {
-                _trace("Failed to verify the subject: " + subject + " due to: " + e.getMessage(), 3);
+                if (fLog)
+                    {
+                    _trace("Failed to verify the subject: " + subject + " due to: " + e.getMessage(), 3);
+                    }
                 throw new SecurityException("Failed to verify the subject");
                 }
             }

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`
`2`	`2`	`/*`
`3`		`- * Copyright (c) 2000, 2023, Oracle and/or its affiliates.`
	`3`	`+ * Copyright (c) 2000, 2025, Oracle and/or its affiliates.`
`4`	`4`	`*`
`5`	`5`	`* Licensed under the Universal Permissive License v 1.0 as shown at`
`6`	`6`	`* https://oss.oracle.com/licenses/upl.`
`@@ -271,7 +271,7 @@ public void checkPermission(com.tangosol.net.Cluster cluster, com.tangosol.net.C`
`271`	`271`	`{`
`272`	`272`	`try`
`273`	`273`	`{`
`274`		`- validateSubject(sService, subject);`
	`274`	`+ validateSubject(sService, subject, false);`
`275`	`275`	`fValid = true;`
`276`	`276`	`}`
`277`	`277`	`catch (SecurityException ex)`
`@@ -291,7 +291,7 @@ public void checkPermission(com.tangosol.net.Cluster cluster, com.tangosol.net.C`
`291`	`291`
`292`	`292`	`if (!fValid)`
`293`	`293`	`{`
`294`		`- validateSubject(sService, subject);`
	`294`	`+ validateSubject(sService, subject, true);`
`295`	`295`	`}`
`296`	`296`
`297`	`297`	`// TODO: leave the audit trail?`
`@@ -685,10 +685,18 @@ private void setValidSubjects(java.util.Map cache)`
`685`	`685`	`*/`
`686`	`686`	`protected void validateSubject(String sService, javax.security.auth.Subject subject)`
`687`	`687`	`{`
`688`		`- // import com.tangosol.net.security.AccessController as com.tangosol.net.security.AccessController;`
`689`		`- // import java.util.Map;`
`690`		`- // import javax.security.auth.Subject;`
`691`		`-`
	`688`	`+ validateSubject(sService, subject, true);`
	`689`	`+ }`
	`690`	`+`
	`691`	`+ /**`
	`692`	`+ * Prevent a security hole when a caller would construct a Subject object`
	`693`	`+ * with a Principal object that have a high security clearance, but provide`
	`694`	`+ * a valid cerificate representing a low security clearance Principal. The`
	`695`	`+ * very first validated subject becomes assosiated with the specified`
	`696`	`+ * service.`
	`697`	`+ */`
	`698`	`+ protected void validateSubject(String sService, javax.security.auth.Subject subject, boolean fLog)`
	`699`	`+ {`
`692`	`700`	`Map mapValid = getValidSubjects();`
`693`	`701`
`694`	`702`	`if (!mapValid.containsKey(subject))`
`@@ -704,7 +712,10 @@ protected void validateSubject(String sService, javax.security.auth.Subject subj`
`704`	`712`	`}`
`705`	`713`	`catch (Exception e)`
`706`	`714`	`{`
`707`		`- _trace("Failed to verify the subject: " + subject + " due to: " + e.getMessage(), 3);`
	`715`	`+ if (fLog)`
	`716`	`+ {`
	`717`	`+ _trace("Failed to verify the subject: " + subject + " due to: " + e.getMessage(), 3);`
	`718`	`+ }`
`708`	`719`	`throw new SecurityException("Failed to verify the subject");`
`709`	`720`	`}`
`710`	`721`	`}`