use of java.security.Policy in project elasticsearch by elastic.
the class BootstrapForTesting method getPluginPermissions.
/**
* we don't know which codesources belong to which plugin, so just remove the permission from key codebases
* like core, test-framework, etc. this way tests fail if accesscontroller blocks are missing.
*/
@SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
static Map<String, Policy> getPluginPermissions() throws Exception {
List<URL> pluginPolicies = Collections.list(BootstrapForTesting.class.getClassLoader().getResources(PluginInfo.ES_PLUGIN_POLICY));
if (pluginPolicies.isEmpty()) {
return Collections.emptyMap();
}
// compute classpath minus obvious places, all other jars will get the permission.
Set<URL> codebases = new HashSet<>(Arrays.asList(parseClassPathWithSymlinks()));
Set<URL> excluded = new HashSet<>(Arrays.asList(// es core
Bootstrap.class.getProtectionDomain().getCodeSource().getLocation(), // es test framework
BootstrapForTesting.class.getProtectionDomain().getCodeSource().getLocation(), // lucene test framework
LuceneTestCase.class.getProtectionDomain().getCodeSource().getLocation(), // randomized runner
RandomizedRunner.class.getProtectionDomain().getCodeSource().getLocation(), // junit library
Assert.class.getProtectionDomain().getCodeSource().getLocation()));
codebases.removeAll(excluded);
// parse each policy file, with codebase substitution from the classpath
final List<Policy> policies = new ArrayList<>();
for (URL policyFile : pluginPolicies) {
policies.add(Security.readPolicy(policyFile, codebases.toArray(new URL[codebases.size()])));
}
// consult each policy file for those codebases
Map<String, Policy> map = new HashMap<>();
for (URL url : codebases) {
map.put(url.getFile(), new Policy() {
@Override
public boolean implies(ProtectionDomain domain, Permission permission) {
// implements union
for (Policy p : policies) {
if (p.implies(domain, permission)) {
return true;
}
}
return false;
}
});
}
return Collections.unmodifiableMap(map);
}
use of java.security.Policy in project voltdb by VoltDB.
the class JSR166TestCase method runWithSecurityManagerWithPermissions.
/**
* Runs Runnable r with a security policy that permits precisely
* the specified permissions. If there is no current security
* manager, a temporary one is set for the duration of the
* Runnable. We require that any security manager permit
* getPolicy/setPolicy.
*/
public void runWithSecurityManagerWithPermissions(Runnable r, Permission... permissions) {
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
Policy savedPolicy = Policy.getPolicy();
try {
Policy.setPolicy(permissivePolicy());
System.setSecurityManager(new SecurityManager());
runWithSecurityManagerWithPermissions(r, permissions);
} finally {
System.setSecurityManager(null);
Policy.setPolicy(savedPolicy);
}
} else {
Policy savedPolicy = Policy.getPolicy();
AdjustablePolicy policy = new AdjustablePolicy(permissions);
Policy.setPolicy(policy);
try {
r.run();
} finally {
policy.addPermission(new SecurityPermission("setPolicy"));
Policy.setPolicy(savedPolicy);
}
}
}
use of java.security.Policy in project joda-time by JodaOrg.
the class TestDateTimeZone method testZoneInfoProviderResourceLoading.
public void testZoneInfoProviderResourceLoading() {
final Set<String> ids = new HashSet<String>(DateTimeZone.getAvailableIDs());
ids.remove(DateTimeZone.getDefault().getID());
final String id = ids.toArray(new String[ids.size()])[new Random().nextInt(ids.size())];
try {
Policy.setPolicy(new Policy() {
@Override
public PermissionCollection getPermissions(CodeSource codesource) {
Permissions p = new Permissions();
// enable everything
p.add(new AllPermission());
return p;
}
@Override
public void refresh() {
}
@Override
public boolean implies(ProtectionDomain domain, Permission permission) {
return !(permission instanceof FilePermission) && !permission.getName().contains(id);
}
});
System.setSecurityManager(new SecurityManager());
// will throw IllegalArgumentException if the resource can
// not be loaded
final DateTimeZone zone = DateTimeZone.forID(id);
assertNotNull(zone);
} finally {
System.setSecurityManager(null);
Policy.setPolicy(ALLOW);
}
}
use of java.security.Policy in project jdk8u_jdk by JetBrains.
the class XPathExFuncTest method testEnableExtFunc.
/**
* Security is enabled, use new feature: enableExtensionFunctions
*/
public void testEnableExtFunc() {
Policy p = new SimplePolicy(new AllPermission());
Policy.setPolicy(p);
System.setSecurityManager(new SecurityManager());
try {
evaluate(true);
System.out.println("testEnableExt: OK");
} catch (XPathFactoryConfigurationException e) {
fail(e.getMessage());
} catch (XPathExpressionException e) {
fail(e.getMessage());
} finally {
System.setSecurityManager(null);
}
}
use of java.security.Policy in project jdk8u_jdk by JetBrains.
the class XSLTExFuncTest method testTemplatesEnableExtFunc.
/**
* use Templates template = factory.newTemplates(new StreamSource( new
* FileInputStream(xslFilename))); // Use the template to create a
* transformer Transformer xformer = template.newTransformer();
*
* @param factory
* @return
*/
/**
* Security is enabled, use new feature: enableExtensionFunctions Use the
* template to create a transformer
*/
public void testTemplatesEnableExtFunc() {
Policy p = new SimplePolicy(new AllPermission());
Policy.setPolicy(p);
System.setSecurityManager(new SecurityManager());
TransformerFactory factory = TransformerFactory.newInstance();
/**
* Use of the extension function 'http://exslt.org/strings:tokenize' is
* not allowed when the secure processing feature is set to true.
* Attempt to use the new property to enable extension function
*/
boolean isExtensionSupported = enableExtensionFunction(factory);
try {
SAXSource xslSource = new SAXSource(new InputSource(xslFile));
xslSource.setSystemId(xslFileId);
Templates template = factory.newTemplates(xslSource);
Transformer transformer = template.newTransformer();
StringWriter stringResult = new StringWriter();
Result result = new StreamResult(stringResult);
transformer.transform(new SAXSource(new InputSource(xmlFile)), result);
System.out.println("testTemplatesEnableExtFunc: OK");
} catch (TransformerConfigurationException e) {
fail(e.getMessage());
} catch (TransformerException e) {
fail(e.getMessage());
} finally {
System.setSecurityManager(null);
}
}
Aggregations