Examples with AclEntry java.nio.file.attribute.AclEntry used on opensource projects

Example 1 with AclEntry

use of java.nio.file.attribute.AclEntry in project java-chassis by ServiceComb.

the class FortifyUtils method getDefaultFileAttributes.

public static FileAttribute<?> getDefaultFileAttributes(String filePath) {
    Path file = new File(filePath).toPath();
    if (isPosix()) {
        return PosixFilePermissions.asFileAttribute(FilePerm.getDefaultPosixPerm());
    } else {
        // for not posix must support ACL, or failed.
        String userName = System.getProperty("user.name");
        UserPrincipal user = null;
        try {
            user = file.getFileSystem().getUserPrincipalLookupService().lookupPrincipalByName(userName);
        } catch (IOException e) {
            throw new RuntimeException("Unknown user error.");
        }
        final AclEntry entry = AclEntry.newBuilder().setType(AclEntryType.ALLOW).setPrincipal(user).setPermissions(FilePerm.getDefaultAclPerm()).setFlags(new AclEntryFlag[] { AclEntryFlag.FILE_INHERIT, AclEntryFlag.DIRECTORY_INHERIT }).build();
        return new FileAttribute<List<AclEntry>>() {

            public String name() {
                return "acl:acl";
            }

            /* Windows ACL */
            //public Object value() { ArrayList l = new ArrayList(); l.add(entry); return l; }
            public List<AclEntry> value() {
                ArrayList<AclEntry> l = new ArrayList<AclEntry>();
                l.add(entry);
                return l;
            }
        };
    }
}

Example 2 with AclEntry

use of java.nio.file.attribute.AclEntry in project derby by apache.

the class FileUtil method limitAccessToOwnerViaFileAttributeView.

/**
 * Limit access to owner using a
 * {@code java.nio.file.attribute.FileAttributeView}.
 * Such views are only available on Java 7 and higher, and only on
 * file systems that support changing file permissions. Currently,
 * this is supported on POSIX file systems and file systems that
 * maintain access control lists (ACLs).
 *
 * @param file the file to limit access to
 * @return {@code true} on success, or {@code false} if some of the
 * permissions could not be changed
 */
private static boolean limitAccessToOwnerViaFileAttributeView(File file) throws IOException {
    Path fileP = file.toPath();
    PosixFileAttributeView posixView = Files.getFileAttributeView(fileP, PosixFileAttributeView.class);
    if (posixView != null) {
        // This is a POSIX file system. Usually,
        // FileUtil.limitAccessToOwnerViaFile() will successfully set
        // the permissions on such file systems using the java.io.File
        // class, so we don't get here. If, however, that approach failed,
        // we try again here using a PosixFileAttributeView. That's likely
        // to fail too, but at least now we will get an IOException that
        // explains why it failed.
        EnumSet<PosixFilePermission> perms = EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE);
        if (file.isDirectory()) {
            perms.add(PosixFilePermission.OWNER_EXECUTE);
        }
        posixView.setPermissions(perms);
        return true;
    }
    AclFileAttributeView aclView = Files.getFileAttributeView(fileP, AclFileAttributeView.class);
    if (aclView != null) {
        // Since we have an AclFileAttributeView which is not a
        // PosixFileAttributeView, we probably have an NTFS file
        // system.
        // Remove existing ACEs, build a new one which simply
        // gives all possible permissions to current owner.
        AclEntry ace = AclEntry.newBuilder().setPrincipal(Files.getOwner(fileP)).setType(AclEntryType.ALLOW).setPermissions(EnumSet.allOf(AclEntryPermission.class)).build();
        aclView.setAcl(Collections.singletonList(ace));
        return true;
    }
    // We don't know how to set permissions on this file system.
    return false;
}

Example 3 with AclEntry

use of java.nio.file.attribute.AclEntry in project keycloak by keycloak.

the class IoUtil method setWindowsPermissions.

private static void setWindowsPermissions(Path path) throws IOException {
    AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class);
    UserPrincipal owner = view.getOwner();
    List<AclEntry> acl = view.getAcl();
    ListIterator<AclEntry> it = acl.listIterator();
    while (it.hasNext()) {
        AclEntry entry = it.next();
        if ("BUILTIN\\Administrators".equals(entry.principal().getName()) || "NT AUTHORITY\\SYSTEM".equals(entry.principal().getName())) {
            continue;
        }
        it.remove();
    }
    AclEntry entry = AclEntry.newBuilder().setType(AclEntryType.ALLOW).setPrincipal(owner).setPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.WRITE_DATA, AclEntryPermission.APPEND_DATA, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.WRITE_NAMED_ATTRS, AclEntryPermission.EXECUTE, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.WRITE_ATTRIBUTES, AclEntryPermission.DELETE, AclEntryPermission.READ_ACL, AclEntryPermission.SYNCHRONIZE).build();
    acl.add(entry);
    view.setAcl(acl);
}

Example 4 with AclEntry

use of java.nio.file.attribute.AclEntry in project keycloak by keycloak.

the class IoUtil method setWindowsPermissions.

private static void setWindowsPermissions(Path path) throws IOException {
    AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class);
    UserPrincipal owner = view.getOwner();
    List<AclEntry> acl = view.getAcl();
    ListIterator<AclEntry> it = acl.listIterator();
    while (it.hasNext()) {
        AclEntry entry = it.next();
        if ("BUILTIN\\Administrators".equals(entry.principal().getName()) || "NT AUTHORITY\\SYSTEM".equals(entry.principal().getName())) {
            continue;
        }
        it.remove();
    }
    AclEntry entry = AclEntry.newBuilder().setType(AclEntryType.ALLOW).setPrincipal(owner).setPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.WRITE_DATA, AclEntryPermission.APPEND_DATA, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.WRITE_NAMED_ATTRS, AclEntryPermission.EXECUTE, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.WRITE_ATTRIBUTES, AclEntryPermission.DELETE, AclEntryPermission.READ_ACL, AclEntryPermission.SYNCHRONIZE).build();
    acl.add(entry);
    view.setAcl(acl);
}

Example 5 with AclEntry

use of java.nio.file.attribute.AclEntry in project che by eclipse.

the class WindowsSshScript method protectPrivateKeyFile.

@Override
protected void protectPrivateKeyFile(File sshKey) throws ServerException {
    try {
        AclFileAttributeView attributes = Files.getFileAttributeView(sshKey.toPath(), AclFileAttributeView.class);
        AclEntry.Builder builder = AclEntry.newBuilder();
        builder.setType(ALLOW);
        String ownerName = System.getProperty(OWNER_NAME_PROPERTY);
        UserPrincipal userPrincipal = FileSystems.getDefault().getUserPrincipalLookupService().lookupPrincipalByName(ownerName);
        builder.setPrincipal(userPrincipal);
        builder.setPermissions(READ_DATA, APPEND_DATA, READ_NAMED_ATTRS, READ_ATTRIBUTES, DELETE, READ_ACL, SYNCHRONIZE);
        AclEntry entry = builder.build();
        List<AclEntry> aclEntryList = new ArrayList<>();
        aclEntryList.add(entry);
        attributes.setAcl(aclEntryList);
    } catch (IOException e) {
        throw new ServerException("Failed to set file permissions");
    }
}