Enh 38188653 - [38068862->14.1.2.0.4] Do not log an unnecessary message when an access controller fails to verify a subject

thegridman · thegridman · commit c4b358f2fa8b · 2025-07-14T11:06:35.000-05:00
(merge 14.1.2.0 -&gt; ce/14.1.2.0 117376)

[git-p4: depot-paths = "//dev/coherence-ce/release/coherence-ce-v14.1.2.0/": change = 117377]
diff --git a/prj/coherence-core-components/src/main/java/com/tangosol/coherence/component/net/security/Standard.java b/prj/coherence-core-components/src/main/java/com/tangosol/coherence/component/net/security/Standard.java
@@ -269,7 +269,7 @@ public void checkPermission(com.tangosol.net.Cluster cluster, com.tangosol.net.C
             {
             try
                 {
-                validateSubject(sService, subject);
+                validateSubject(sService, subject, false);
                 fValid = true;
                 }
             catch (SecurityException ex)
@@ -289,7 +289,7 @@ public void checkPermission(com.tangosol.net.Cluster cluster, com.tangosol.net.C
         
         if (!fValid)
             {
-            validateSubject(sService, subject);
+            validateSubject(sService, subject, true);
             }
         
         // TODO: leave the audit trail?
@@ -680,10 +680,18 @@ private void setValidSubjects(java.util.Map cache)
      */
     protected void validateSubject(String sService, javax.security.auth.Subject subject)
         {
-        // import com.tangosol.net.security.AccessController as com.tangosol.net.security.AccessController;
-        // import java.util.Map;
-        // import javax.security.auth.Subject;
-        
+        validateSubject(sService, subject, true);
+        }
+
+    /**
+     * Prevent a security hole when a caller would construct a Subject object
+    * with a Principal object that have a high security clearance, but provide
+    * a valid cerificate representing a low security clearance Principal. The
+    * very first validated subject becomes assosiated with the specified
+    * service.
+     */
+    protected void validateSubject(String sService, javax.security.auth.Subject subject, boolean fLog)
+        {
         Map mapValid = getValidSubjects();
         
         if (!mapValid.containsKey(subject))
@@ -699,7 +707,10 @@ protected void validateSubject(String sService, javax.security.auth.Subject subj
                 }
             catch (Exception e)
                 {
-                _trace("Failed to verify the subject: " + subject + " due to: " + e.getMessage(), 3);
+                if (fLog)
+                    {
+                    _trace("Failed to verify the subject: " + subject + " due to: " + e.getMessage(), 3);
+                    }
                 throw new SecurityException("Failed to verify the subject");
                 }
             }

Original file line number	Diff line number	Diff line change
`@@ -269,7 +269,7 @@ public void checkPermission(com.tangosol.net.Cluster cluster, com.tangosol.net.C`
`269`	`269`	`{`
`270`	`270`	`try`
`271`	`271`	`{`
`272`		`- validateSubject(sService, subject);`
	`272`	`+ validateSubject(sService, subject, false);`
`273`	`273`	`fValid = true;`
`274`	`274`	`}`
`275`	`275`	`catch (SecurityException ex)`
`@@ -289,7 +289,7 @@ public void checkPermission(com.tangosol.net.Cluster cluster, com.tangosol.net.C`
`289`	`289`
`290`	`290`	`if (!fValid)`
`291`	`291`	`{`
`292`		`- validateSubject(sService, subject);`
	`292`	`+ validateSubject(sService, subject, true);`
`293`	`293`	`}`
`294`	`294`
`295`	`295`	`// TODO: leave the audit trail?`
`@@ -680,10 +680,18 @@ private void setValidSubjects(java.util.Map cache)`
`680`	`680`	`*/`
`681`	`681`	`protected void validateSubject(String sService, javax.security.auth.Subject subject)`
`682`	`682`	`{`
`683`		`- // import com.tangosol.net.security.AccessController as com.tangosol.net.security.AccessController;`
`684`		`- // import java.util.Map;`
`685`		`- // import javax.security.auth.Subject;`
`686`		`-`
	`683`	`+ validateSubject(sService, subject, true);`
	`684`	`+ }`
	`685`	`+`
	`686`	`+ /**`
	`687`	`+ * Prevent a security hole when a caller would construct a Subject object`
	`688`	`+ * with a Principal object that have a high security clearance, but provide`
	`689`	`+ * a valid cerificate representing a low security clearance Principal. The`
	`690`	`+ * very first validated subject becomes assosiated with the specified`
	`691`	`+ * service.`
	`692`	`+ */`
	`693`	`+ protected void validateSubject(String sService, javax.security.auth.Subject subject, boolean fLog)`
	`694`	`+ {`
`687`	`695`	`Map mapValid = getValidSubjects();`
`688`	`696`
`689`	`697`	`if (!mapValid.containsKey(subject))`
`@@ -699,7 +707,10 @@ protected void validateSubject(String sService, javax.security.auth.Subject subj`
`699`	`707`	`}`
`700`	`708`	`catch (Exception e)`
`701`	`709`	`{`
`702`		`- _trace("Failed to verify the subject: " + subject + " due to: " + e.getMessage(), 3);`
	`710`	`+ if (fLog)`
	`711`	`+ {`
	`712`	`+ _trace("Failed to verify the subject: " + subject + " due to: " + e.getMessage(), 3);`
	`713`	`+ }`
`703`	`714`	`throw new SecurityException("Failed to verify the subject");`
`704`	`715`	`}`
`705`	`716`	`}`