ISPN-9599 Require ADMIN permission for getGlobalComponentRegistry

* Deprecate getGlobalComponentRegistry and getComponentRegistry
* Require ADMIN permission for both
* Require ADMIN permission for configuration getters
  (getCacheManagerConfiguration, getDefaultCacheConfiguration,
  getCacheConfiguration)
* Remove some internal usages of the configuration getters
* Trust org.jboss.as.clustering.infinispan.* packages

cli/cli-interpreter/src/main/java/org/infinispan/cli/interpreter/Interpreter.java

@@ -26,6 +26,8 @@
 import org.infinispan.cli.interpreter.session.SessionImpl;
 import org.infinispan.cli.interpreter.statement.Statement;
 import org.infinispan.commons.api.BasicCacheContainer;
+import org.infinispan.commons.time.TimeService;
+import org.infinispan.configuration.ConfigurationManager;
 import org.infinispan.factories.annotations.Inject;
 import org.infinispan.factories.annotations.Start;
 import org.infinispan.factories.annotations.Stop;
@@ -35,7 +37,6 @@
 import org.infinispan.jmx.annotations.ManagedAttribute;
 import org.infinispan.jmx.annotations.ManagedOperation;
 import org.infinispan.manager.EmbeddedCacheManager;
-import org.infinispan.commons.time.TimeService;
 import org.infinispan.util.logging.LogFactory;
 
 @Scope(Scopes.GLOBAL)
@@ -49,6 +50,8 @@ public class Interpreter {
    private EmbeddedCacheManager cacheManager;
    @Inject
    private TimeService timeService;
+   @Inject
+   private ConfigurationManager configurationManager;
 
    private ScheduledExecutorService executor;
    private long sessionReaperWakeupInterval = DEFAULT_SESSION_REAPER_WAKEUP_INTERVAL;
@@ -79,7 +82,7 @@ public void stop() {
    @ManagedOperation(description = "Creates a new interpreter session")
    public String createSessionId(String cacheName) {
       String sessionId = UUID.randomUUID().toString();
-      SessionImpl session = new SessionImpl(codecRegistry, cacheManager, sessionId, timeService);
+      SessionImpl session = new SessionImpl(codecRegistry, cacheManager, sessionId, timeService, configurationManager);
       sessions.put(sessionId, session);
       if (cacheName != null) {
          session.setCurrentCache(cacheName);
@@ -119,7 +122,8 @@ void expireSessions() {
    @ManagedOperation(description = "Parses and executes IspnCliQL statements")
    public Map<String, String> execute(final String sessionId, final String s) throws Exception {
       Session session = null;
-      ClassLoader oldCL = SecurityActions.setThreadContextClassLoader(cacheManager.getCacheManagerConfiguration().classLoader());
+      ClassLoader classLoader = configurationManager.getGlobalConfiguration().classLoader();
+      ClassLoader oldCL = SecurityActions.setThreadContextClassLoader(classLoader);
       Map<String, String> response = new HashMap<>();
       try {
          session = validateSession(sessionId);
@@ -165,7 +169,7 @@ public Map<String, String> execute(final String sessionId, final String s) throw
 
    private Session validateSession(final String sessionId) {
       if (sessionId == null) {
-         Session session = new SessionImpl(codecRegistry, cacheManager, null, timeService);
+         Session session = new SessionImpl(codecRegistry, cacheManager, null, timeService, configurationManager);
          cacheManager.getCacheManagerConfiguration().defaultCacheName().ifPresent(session::setCurrentCache);
          return session;
       }

cli/cli-interpreter/src/main/java/org/infinispan/cli/interpreter/session/SecurityActions.java

@@ -37,70 +37,4 @@ static void endBatch(final AdvancedCache<?, ?> cache) {
          return null;
       });
    }
-
-   interface SetThreadContextClassLoaderAction {
-
-      ClassLoader setThreadContextClassLoader(Class cl);
-
-      ClassLoader setThreadContextClassLoader(ClassLoader cl);
-
-      SetThreadContextClassLoaderAction NON_PRIVILEGED = new SetThreadContextClassLoaderAction() {
-         @Override
-         public ClassLoader setThreadContextClassLoader(Class cl) {
-            ClassLoader old = Thread.currentThread().getContextClassLoader();
-            Thread.currentThread().setContextClassLoader(cl.getClassLoader());
-            return old;
-         }
-
-         @Override
-         public ClassLoader setThreadContextClassLoader(ClassLoader cl) {
-            ClassLoader old = Thread.currentThread().getContextClassLoader();
-            Thread.currentThread().setContextClassLoader(cl);
-            return old;
-         }
-      };
-
-      SetThreadContextClassLoaderAction PRIVILEGED = new SetThreadContextClassLoaderAction() {
-
-         @Override
-         public ClassLoader setThreadContextClassLoader(final Class cl) {
-            return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
-               @Override
-               public ClassLoader run() {
-                  ClassLoader old = Thread.currentThread().getContextClassLoader();
-                  Thread.currentThread().setContextClassLoader(cl.getClassLoader());
-                  return old;
-               }
-            });
-         }
-
-         @Override
-         public ClassLoader setThreadContextClassLoader(final ClassLoader cl) {
-            return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
-               @Override
-               public ClassLoader run() {
-                  ClassLoader old = Thread.currentThread().getContextClassLoader();
-                  Thread.currentThread().setContextClassLoader(cl);
-                  return old;
-               }
-            });
-         }
-      };
-   }
-
-   public static ClassLoader setThreadContextClassLoader(Class cl) {
-      if (System.getSecurityManager() == null) {
-         return SetThreadContextClassLoaderAction.NON_PRIVILEGED.setThreadContextClassLoader(cl);
-      } else {
-         return SetThreadContextClassLoaderAction.PRIVILEGED.setThreadContextClassLoader(cl);
-      }
-   }
-
-   public static ClassLoader setThreadContextClassLoader(ClassLoader cl) {
-      if (System.getSecurityManager() == null) {
-         return SetThreadContextClassLoaderAction.NON_PRIVILEGED.setThreadContextClassLoader(cl);
-      } else {
-         return SetThreadContextClassLoaderAction.PRIVILEGED.setThreadContextClassLoader(cl);
-      }
-   }
 }

cli/cli-interpreter/src/main/java/org/infinispan/cli/interpreter/session/SessionImpl.java

@@ -3,7 +3,6 @@
 import static org.infinispan.commons.dataconversion.MediaType.APPLICATION_OBJECT;
 
 import java.util.Collection;
-
 import javax.transaction.TransactionManager;
 
 import org.infinispan.AdvancedCache;
@@ -18,11 +17,12 @@
 import org.infinispan.commons.api.BasicCacheContainer;
 import org.infinispan.commons.dataconversion.IdentityEncoder;
 import org.infinispan.commons.dataconversion.MediaType;
+import org.infinispan.commons.time.TimeService;
+import org.infinispan.configuration.ConfigurationManager;
 import org.infinispan.configuration.cache.Configuration;
 import org.infinispan.configuration.cache.ConfigurationBuilder;
 import org.infinispan.manager.EmbeddedCacheManager;
 import org.infinispan.remoting.rpc.RpcManager;
-import org.infinispan.commons.time.TimeService;
 import org.infinispan.util.logging.LogFactory;
 
 public class SessionImpl implements Session {
@@ -33,19 +33,21 @@ public class SessionImpl implements Session {
    private final CodecRegistry codecRegistry;
    private final String id;
    private final TimeService timeService;
+   private ConfigurationManager configurationManager;
    private Cache<?, ?> cache = null;
    private String cacheName = null;
    private long timestamp;
    private Codec codec;
 
    public SessionImpl(final CodecRegistry codecRegistry, final EmbeddedCacheManager cacheManager, final String id,
-                      TimeService timeService) {
+                      TimeService timeService, ConfigurationManager configurationManager) {
       if (timeService == null) {
          throw new IllegalArgumentException("TimeService cannot be null");
       }
       this.codecRegistry = codecRegistry;
       this.cacheManager = cacheManager;
       this.timeService = timeService;
+      this.configurationManager = configurationManager;
       this.id = id;
       timestamp = timeService.time();
       codec = this.codecRegistry.getCodec("none");
@@ -95,7 +97,7 @@ public void setCurrentCache(final String cacheName) {
    public void createCache(String cacheName, String baseCacheName) {
       Configuration configuration;
       if (baseCacheName != null) {
-         configuration = cacheManager.getCacheConfiguration(baseCacheName);
+         configuration = configurationManager.getConfiguration(baseCacheName, true);
          if (configuration == null) {
             throw log.nonExistentCache(baseCacheName);
          }
@@ -114,7 +116,7 @@ public void createCache(String cacheName, String baseCacheName) {
          CreateCacheCommand ccc = factory.buildCreateCacheCommand(cacheName, baseCacheName);
          try {
             rpc.invokeRemotely(null, ccc, rpc.getDefaultRpcOptions(true));
-            ccc.init(cacheManager);
+            ccc.init(cacheManager, configurationManager);
             ccc.invoke();
          } catch (Throwable e) {
             throw log.cannotCreateClusteredCaches(e, cacheName);
@@ -129,7 +131,7 @@ public void createCache(String cacheName, String baseCacheName) {
 
    @Override
    public void reset() {
-      if (cacheManager.getCacheManagerConfiguration().defaultCacheName().isPresent())
+      if (configurationManager.getGlobalConfiguration().defaultCacheName().isPresent())
          resetCache(cacheManager.getCache());
       for (String cacheName : cacheManager.getCacheNames()) {
          resetCache(cacheManager.getCache(cacheName));

cli/cli-interpreter/src/main/java/org/infinispan/cli/interpreter/statement/DenyStatement.java

@@ -29,7 +29,8 @@ public DenyStatement(String roleName, String principalName) {
 
    @Override
    public Result execute(Session session) throws StatementException {
-      GlobalAuthorizationConfiguration gac = session.getCacheManager().getCacheManagerConfiguration().security().authorization();
+      GlobalAuthorizationConfiguration gac =
+         SecurityActions.getCacheManagerConfiguration(session.getCacheManager()).security().authorization();
       if (!gac.enabled()) {
          throw log.authorizationNotEnabledOnContainer();
       }

cli/cli-interpreter/src/main/java/org/infinispan/cli/interpreter/statement/GrantStatement.java

@@ -29,7 +29,8 @@ public GrantStatement(String roleName, String principalName) {
 
    @Override
    public Result execute(Session session) throws StatementException {
-      GlobalAuthorizationConfiguration gac = session.getCacheManager().getCacheManagerConfiguration().security().authorization();
+      GlobalAuthorizationConfiguration gac =
+         SecurityActions.getCacheManagerConfiguration(session.getCacheManager()).security().authorization();
       if (!gac.enabled()) {
          throw log.authorizationNotEnabledOnContainer();
       }

cli/cli-interpreter/src/main/java/org/infinispan/cli/interpreter/statement/InfoStatement.java

@@ -35,7 +35,7 @@ public Result execute(final Session session) throws StatementException {
 
    private Result cacheManagerInfo(Session session) {
       EmbeddedCacheManager cacheManager = session.getCacheManager();
-      GlobalConfiguration globalConfiguration = cacheManager.getCacheManagerConfiguration();
+      GlobalConfiguration globalConfiguration = SecurityActions.getCacheManagerConfiguration(cacheManager);
       return new StringResult(globalConfiguration.toString());
    }
 

cli/cli-interpreter/src/main/java/org/infinispan/cli/interpreter/statement/RolesStatement.java

@@ -27,7 +27,8 @@ public RolesStatement(String principalName) {
 
    @Override
    public Result execute(Session session) throws StatementException {
-      GlobalAuthorizationConfiguration gac = session.getCacheManager().getCacheManagerConfiguration().security().authorization();
+      GlobalAuthorizationConfiguration gac =
+         SecurityActions.getCacheManagerConfiguration(session.getCacheManager()).security().authorization();
       if (!gac.enabled()) {
          throw log.authorizationNotEnabledOnContainer();
       }

cli/cli-interpreter/src/main/java/org/infinispan/cli/interpreter/statement/SecurityActions.java

@@ -0,0 +1,38 @@
+package org.infinispan.cli.interpreter.statement;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+import org.infinispan.configuration.global.GlobalConfiguration;
+import org.infinispan.factories.GlobalComponentRegistry;
+import org.infinispan.manager.EmbeddedCacheManager;
+import org.infinispan.security.Security;
+import org.infinispan.security.actions.GetCacheManagerConfigurationAction;
+import org.infinispan.security.actions.GetGlobalComponentRegistryAction;
+
+/**
+ * SecurityActions for package org.infinispan.cli.interpreter.statement
+ *
+ * Do not move. Do not change class and method visibility to avoid being called from other
+ * {@link java.security.CodeSource}s, thus granting privilege escalation to external code.
+ *
+ * @author Tristan Tarrant
+ * @since 7.0
+ */
+final class SecurityActions {
+   private static <T> T doPrivileged(PrivilegedAction<T> action) {
+      if (System.getSecurityManager() != null) {
+         return AccessController.doPrivileged(action);
+      } else {
+         return Security.doPrivileged(action);
+      }
+   }
+
+   static GlobalConfiguration getCacheManagerConfiguration(EmbeddedCacheManager cacheManager) {
+      return doPrivileged(new GetCacheManagerConfigurationAction(cacheManager));
+   }
+
+   static GlobalComponentRegistry getGlobalComponentRegistry(EmbeddedCacheManager cacheManager) {
+      return doPrivileged(new GetGlobalComponentRegistryAction(cacheManager));
+   }
+}

cli/cli-interpreter/src/main/java/org/infinispan/cli/interpreter/statement/SiteStatement.java

@@ -99,7 +99,8 @@ private Result executeCacheOperation(Options option, Session session) throws Sta
 
    private Result executeContainerOperation(Options option, Session session) throws StatementException {
       EmbeddedCacheManager cacheManager = session.getCacheManager();
-      GlobalXSiteAdminOperations xSiteAdmin = cacheManager.getGlobalComponentRegistry().getComponent(GlobalXSiteAdminOperations.class);
+      GlobalXSiteAdminOperations xSiteAdmin = SecurityActions.getGlobalComponentRegistry(cacheManager)
+                                                             .getComponent(GlobalXSiteAdminOperations.class);
       String siteName = siteData != null ? siteData.getSiteName() : null;
       requireSiteName(siteName);
 

cli/cli-interpreter/src/test/java/org/infinispan/cli/interpreter/SessionTest.java

@@ -2,6 +2,7 @@
 
 import java.util.Map;
 
+import org.infinispan.configuration.ConfigurationManager;
 import org.infinispan.manager.EmbeddedCacheManager;
 import org.infinispan.test.SingleCacheManagerTest;
 import org.infinispan.test.TestingUtil;
@@ -13,7 +14,9 @@ public class SessionTest extends SingleCacheManagerTest {
 
    public void testSessionExpiration() throws Exception {
       Interpreter interpreter = new Interpreter();
-      TestingUtil.inject(interpreter, cacheManager, TIME_SERVICE);
+      ConfigurationManager configurationManager =
+         TestingUtil.extractGlobalComponent(cacheManager, ConfigurationManager.class);
+      TestingUtil.inject(interpreter, cacheManager, TIME_SERVICE, configurationManager);
       interpreter.setSessionTimeout(500);
       interpreter.setSessionReaperWakeupInterval(1000);
       interpreter.start();