use of com.sun.enterprise.security.integration.DDPermissionsLoader in project Payara by payara.
the class EarHandler method getClassLoader.
public ClassLoader getClassLoader(final ClassLoader parent, DeploymentContext context) {
final ReadableArchive archive = context.getSource();
final ApplicationHolder holder = getApplicationHolder(archive, context, true);
// the ear classloader hierachy will be
// ear lib classloader <- embedded rar classloader <-
// ear classloader <- various module classloaders
final DelegatingClassLoader embeddedConnCl;
final EarClassLoader cl;
// Add the libraries packaged in the application library directory
try {
String compatProp = context.getAppProps().getProperty(COMPATIBILITY);
// let's see if it's defined in glassfish-application.xml
if (compatProp == null) {
GFApplicationXmlParser gfApplicationXmlParser = new GFApplicationXmlParser(context.getSource());
compatProp = gfApplicationXmlParser.getCompatibilityValue();
if (compatProp != null) {
context.getAppProps().put(COMPATIBILITY, compatProp);
}
}
// let's see if it's defined in sun-application.xml
if (compatProp == null) {
SunApplicationXmlParser sunApplicationXmlParser = new SunApplicationXmlParser(context.getSourceDir());
compatProp = sunApplicationXmlParser.getCompatibilityValue();
if (compatProp != null) {
context.getAppProps().put(COMPATIBILITY, compatProp);
}
}
if (getSecurityManager() != null) {
// Process declared permissions
earDeclaredPC = getDeclaredPermissions(CommponentType.ear, context);
// Process EE permissions
processEEPermissions(context);
}
final URL[] earLibURLs = ASClassLoaderUtil.getAppLibDirLibraries(context.getSourceDir(), holder.app.getLibraryDirectory(), compatProp);
final EarLibClassLoader earLibCl = AccessController.doPrivileged(new PrivilegedAction<EarLibClassLoader>() {
@Override
public EarLibClassLoader run() {
return new EarLibClassLoader(earLibURLs, parent);
}
});
String clDelegate = holder.app.getClassLoadingDelegate();
// Default to true if null
if (Boolean.parseBoolean(clDelegate == null ? "true" : clDelegate) == false) {
earLibCl.enableCurrentBeforeParentUnconditional();
} else if (clDelegate != null) {
// otherwise clDelegate == true
earLibCl.disableCurrentBeforeParent();
}
if (System.getSecurityManager() != null) {
addEEOrDeclaredPermissions(earLibCl, earDeclaredPC, false);
if (_logger.isLoggable(FINE)) {
_logger.fine("added declaredPermissions to earlib: " + earDeclaredPC);
}
addEEOrDeclaredPermissions(earLibCl, eeGarntsMap.get(CommponentType.ear), true);
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("added all ee permissions to earlib: " + eeGarntsMap.get(CommponentType.ear));
}
}
embeddedConnCl = AccessController.doPrivileged(new PrivilegedAction<DelegatingClassLoader>() {
@Override
public DelegatingClassLoader run() {
return new DelegatingClassLoader(earLibCl);
}
});
cl = AccessController.doPrivileged(new PrivilegedAction<EarClassLoader>() {
@Override
public EarClassLoader run() {
return new EarClassLoader(embeddedConnCl, holder.app);
}
});
// add ear lib to module classloader list so we can
// clean it up later
cl.addModuleClassLoader(EAR_LIB, earLibCl);
if (System.getSecurityManager() != null) {
// push declared permissions to ear classloader
addEEOrDeclaredPermissions(cl, earDeclaredPC, false);
if (_logger.isLoggable(Level.FINE))
_logger.fine("declaredPermissions added: " + earDeclaredPC);
// push ejb permissions to ear classloader
addEEOrDeclaredPermissions(cl, eeGarntsMap.get(CommponentType.ejb), true);
if (_logger.isLoggable(Level.FINE))
_logger.fine("ee permissions added: " + eeGarntsMap.get(CommponentType.ejb));
}
} catch (Exception e) {
_logger.log(Level.SEVERE, strings.get("errAddLibs"), e);
throw new RuntimeException(e);
}
for (ModuleDescriptor md : holder.app.getModules()) {
ReadableArchive sub = null;
String moduleUri = md.getArchiveUri();
try {
sub = archive.getSubArchive(moduleUri);
if (sub instanceof InputJarArchive) {
throw new IllegalArgumentException(strings.get("wrongArchType", moduleUri));
}
} catch (IOException e) {
_logger.log(Level.FINE, "Sub archive " + moduleUri + " seems unreadable", e);
}
if (sub != null) {
try {
ArchiveHandler handler = context.getModuleArchiveHandlers().get(moduleUri);
if (handler == null) {
handler = getArchiveHandlerFromModuleType(md.getModuleType());
if (handler == null) {
handler = deployment.getArchiveHandler(sub);
}
context.getModuleArchiveHandlers().put(moduleUri, handler);
}
if (handler != null) {
ActionReport subReport = context.getActionReport().addSubActionsReport();
// todo : this is a hack, once again,
// the handler is assuming a file:// url
ExtendedDeploymentContext subContext = new DeploymentContextImpl(subReport, sub, context.getCommandParameters(DeployCommandParameters.class), env) {
@Override
public File getScratchDir(String subDirName) {
String modulePortion = Util.getURIName(getSource().getURI());
return (new File(super.getScratchDir(subDirName), modulePortion));
}
};
// sub context will store the root archive handler also
// so we can figure out the enclosing archive type
subContext.setArchiveHandler(context.getArchiveHandler());
subContext.setParentContext((ExtendedDeploymentContext) context);
sub.setParentArchive(context.getSource());
ClassLoader subCl = handler.getClassLoader(cl, subContext);
if ((System.getSecurityManager() != null) && (subCl instanceof DDPermissionsLoader)) {
addEEOrDeclaredPermissions(subCl, earDeclaredPC, false);
if (_logger.isLoggable(Level.FINE))
_logger.fine("added declared permissions to sub module of " + subCl);
}
if (md.getModuleType().equals(DOLUtils.ejbType())) {
// for ejb module, we just add the ejb urls
// to EarClassLoader and use that to load
// ejb module
URL[] moduleURLs = ((URLClassLoader) subCl).getURLs();
for (URL moduleURL : moduleURLs) {
cl.addURL(moduleURL);
}
cl.addModuleClassLoader(moduleUri, cl);
PreDestroy.class.cast(subCl).preDestroy();
} else if (md.getModuleType().equals(DOLUtils.rarType())) {
embeddedConnCl.addDelegate((DelegatingClassLoader.ClassFinder) subCl);
cl.addModuleClassLoader(moduleUri, subCl);
} else {
Boolean isTempClassLoader = context.getTransientAppMetaData(ExtendedDeploymentContext.IS_TEMP_CLASSLOADER, Boolean.class);
if (subCl instanceof URLClassLoader && (isTempClassLoader != null) && isTempClassLoader) {
// for temp classloader, we add all the module
// urls to the top level EarClassLoader
URL[] moduleURLs = ((URLClassLoader) subCl).getURLs();
for (URL moduleURL : moduleURLs) {
cl.addURL(moduleURL);
}
}
cl.addModuleClassLoader(moduleUri, subCl);
}
}
} catch (IOException e) {
_logger.log(Level.SEVERE, strings.get("noClassLoader", moduleUri), e);
}
}
}
return cl;
}
use of com.sun.enterprise.security.integration.DDPermissionsLoader in project Payara by payara.
the class SetPermissionsAction method processModuleDeclaredAndEEPermissions.
/**
* Get the declared permissions and EE permissions, then add them to the classloader
*
* @param type module type
* @param context deployment context
* @param classloader throws AccessControlException if caller has no privilege
*/
private static void processModuleDeclaredAndEEPermissions(CommponentType type, DeploymentContext context, ClassLoader classloader) throws SecurityException {
if (System.getSecurityManager() != null) {
if (!(classloader instanceof DDPermissionsLoader)) {
return;
}
if (!(context instanceof ExtendedDeploymentContext)) {
return;
}
DDPermissionsLoader permissionsLoader = (DDPermissionsLoader) classloader;
if (((ExtendedDeploymentContext) context).getParentContext() == null) {
permissionsLoader.addDeclaredPermissions(getDeclaredPermissions(type, context));
}
permissionsLoader.addEEPermissions(processEEPermissions(type, context));
}
}
use of com.sun.enterprise.security.integration.DDPermissionsLoader in project Payara by payara.
the class PermsArchiveDelegate method processModuleDeclaredAndEEPemirssions.
/**
* Get the declared permissions and EE permissions, then add them to the classloader
*
* @param type module type
* @param context deployment context
* @param classloader throws AccessControlException if caller has no privilege
*/
public static void processModuleDeclaredAndEEPemirssions(SMGlobalPolicyUtil.CommponentType type, DeploymentContext context, ClassLoader classloader) throws SecurityException {
if (System.getSecurityManager() != null) {
if (!(classloader instanceof DDPermissionsLoader))
return;
if (!(context instanceof ExtendedDeploymentContext))
return;
DDPermissionsLoader ddcl = (DDPermissionsLoader) classloader;
if (((ExtendedDeploymentContext) context).getParentContext() == null) {
PermissionCollection declPc = getDeclaredPermissions(type, context);
ddcl.addDeclaredPermissions(declPc);
}
PermissionCollection eePc = processEEPermissions(type, context);
ddcl.addEEPermissions(eePc);
}
}
use of com.sun.enterprise.security.integration.DDPermissionsLoader in project Payara by payara.
the class EarHandler method addEEOrDeclaredPermissions.
// set ee or declared permissions
private void addEEOrDeclaredPermissions(ClassLoader cloader, final PermissionCollection pc, final boolean isEEPermission) {
if (!(cloader instanceof DDPermissionsLoader))
return;
final DDPermissionsLoader ddpl = (DDPermissionsLoader) cloader;
try {
AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
public Object run() throws SecurityException {
if (isEEPermission)
ddpl.addEEPermissions(pc);
else
ddpl.addDeclaredPermissions(pc);
return null;
}
});
} catch (PrivilegedActionException e) {
throw new SecurityException(e.getException());
}
}
Aggregations