Example 21 with FilePermission
use of java.io.FilePermission in project jdk8u_jdk by JetBrains.
the class LoaderHandler method addPermissionsForURLs.
/**
* Adds to the specified permission collection the permissions
* necessary to load classes from a loader with the specified URL
* path; if "forLoader" is true, also adds URL-specific
* permissions necessary for the security context that such a
* loader operates within, such as permissions necessary for
* granting automatic permissions to classes defined by the
* loader. A given permission is only added to the collection if
* it is not already implied by the collection.
*/
private static void addPermissionsForURLs(URL[] urls, PermissionCollection perms, boolean forLoader) {
for (int i = 0; i < urls.length; i++) {
URL url = urls[i];
try {
URLConnection urlConnection = url.openConnection();
Permission p = urlConnection.getPermission();
if (p != null) {
if (p instanceof FilePermission) {
/*
* If the codebase is a file, the permission required
* to actually read classes from the codebase URL is
* the permission to read all files beneath the last
* directory in the file path, either because JAR
* files can refer to other JAR files in the same
* directory, or because permission to read a
* directory is not implied by permission to read the
* contents of a directory, which all that might be
* granted.
*/
String path = p.getName();
int endIndex = path.lastIndexOf(File.separatorChar);
if (endIndex != -1) {
path = path.substring(0, endIndex + 1);
if (path.endsWith(File.separator)) {
path += "-";
}
Permission p2 = new FilePermission(path, "read");
if (!perms.implies(p2)) {
perms.add(p2);
}
perms.add(new FilePermission(path, "read"));
} else {
/*
* No directory separator: use permission to
* read the file.
*/
if (!perms.implies(p)) {
perms.add(p);
}
}
} else {
if (!perms.implies(p)) {
perms.add(p);
}
/*
* If the purpose of these permissions is to grant
* them to an instance of a URLClassLoader subclass,
* we must add permission to connect to and accept
* from the host of non-"file:" URLs, otherwise the
* getPermissions() method of URLClassLoader will
* throw a security exception.
*/
if (forLoader) {
// get URL with meaningful host component
URL hostURL = url;
for (URLConnection conn = urlConnection; conn instanceof JarURLConnection; ) {
hostURL = ((JarURLConnection) conn).getJarFileURL();
conn = hostURL.openConnection();
}
String host = hostURL.getHost();
if (host != null && p.implies(new SocketPermission(host, "resolve"))) {
Permission p2 = new SocketPermission(host, "connect,accept");
if (!perms.implies(p2)) {
perms.add(p2);
}
}
}
}
}
} catch (IOException e) {
/*
* This shouldn't happen, although it is declared to be
* thrown by openConnection() and getPermission(). If it
* does, don't bother granting or requiring any permissions
* for this URL.
*/
}
}
}
Also used :
JarURLConnection(java.net.JarURLConnection)
SocketPermission(java.net.SocketPermission)
FilePermission(java.io.FilePermission)
SocketPermission(java.net.SocketPermission)
Permission(java.security.Permission)
IOException(java.io.IOException)
FilePermission(java.io.FilePermission)
URL(java.net.URL)
URLConnection(java.net.URLConnection)
JarURLConnection(java.net.JarURLConnection)
Example 22 with FilePermission
use of java.io.FilePermission in project tomcat by apache.
the class WebappLoader method setPermissions.
/**
* Configure associated class loader permissions.
*/
private void setPermissions() {
if (!Globals.IS_SECURITY_ENABLED)
return;
if (context == null)
return;
// Tell the class loader the root of the context
ServletContext servletContext = context.getServletContext();
// Assigning permissions for the work directory
File workDir = (File) servletContext.getAttribute(ServletContext.TEMPDIR);
if (workDir != null) {
try {
String workDirPath = workDir.getCanonicalPath();
classLoader.addPermission(new FilePermission(workDirPath, "read,write"));
classLoader.addPermission(new FilePermission(workDirPath + File.separator + "-", "read,write,delete"));
} catch (IOException e) {
// Ignore
}
}
for (URL url : context.getResources().getBaseUrls()) {
classLoader.addPermission(url);
}
}
Also used :
ServletContext(javax.servlet.ServletContext)
IOException(java.io.IOException)
File(java.io.File)
FilePermission(java.io.FilePermission)
URL(java.net.URL)
Example 23 with FilePermission
use of java.io.FilePermission in project tomcat by apache.
the class ClassLoaderLogManager method readConfiguration.
/**
* Read configuration for the specified classloader.
*
* @param classLoader The classloader
* @throws IOException Error reading configuration
*/
protected synchronized void readConfiguration(ClassLoader classLoader) throws IOException {
InputStream is = null;
// only look in the local repositories to avoid redefining loggers 20 times
try {
if (classLoader instanceof URLClassLoader) {
URL logConfig = ((URLClassLoader) classLoader).findResource("logging.properties");
if (null != logConfig) {
if (Boolean.getBoolean(DEBUG_PROPERTY))
System.err.println(getClass().getName() + ".readConfiguration(): " + "Found logging.properties at " + logConfig);
is = classLoader.getResourceAsStream("logging.properties");
} else {
if (Boolean.getBoolean(DEBUG_PROPERTY))
System.err.println(getClass().getName() + ".readConfiguration(): " + "Found no logging.properties");
}
}
} catch (AccessControlException ace) {
// No permission to configure logging in context
// Log and carry on
ClassLoaderLogInfo info = classLoaderLoggers.get(ClassLoader.getSystemClassLoader());
if (info != null) {
Logger log = info.loggers.get("");
if (log != null) {
Permission perm = ace.getPermission();
if (perm instanceof FilePermission && perm.getActions().equals("read")) {
log.warning("Reading " + perm.getName() + " is not permitted. See \"per context logging\" in the default catalina.policy file.");
} else {
log.warning("Reading logging.properties is not permitted in some context. See \"per context logging\" in the default catalina.policy file.");
log.warning("Original error was: " + ace.getMessage());
}
}
}
}
if ((is == null) && (classLoader == ClassLoader.getSystemClassLoader())) {
String configFileStr = System.getProperty("java.util.logging.config.file");
if (configFileStr != null) {
try {
is = new FileInputStream(replace(configFileStr));
} catch (IOException e) {
System.err.println("Configuration error");
e.printStackTrace();
}
}
// Try the default JVM configuration
if (is == null) {
File defaultFile = new File(new File(System.getProperty("java.home"), "lib"), "logging.properties");
try {
is = new FileInputStream(defaultFile);
} catch (IOException e) {
System.err.println("Configuration error");
e.printStackTrace();
}
}
}
Logger localRootLogger = new RootLogger();
if (is == null) {
// Retrieve the root logger of the parent classloader instead
ClassLoader current = classLoader.getParent();
ClassLoaderLogInfo info = null;
while (current != null && info == null) {
info = getClassLoaderInfo(current);
current = current.getParent();
}
if (info != null) {
localRootLogger.setParent(info.rootNode.logger);
}
}
ClassLoaderLogInfo info = new ClassLoaderLogInfo(new LogNode(null, localRootLogger));
classLoaderLoggers.put(classLoader, info);
if (is != null) {
readConfiguration(is, classLoader);
}
addLogger(localRootLogger);
}
Also used :
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
AccessControlException(java.security.AccessControlException)
IOException(java.io.IOException)
Logger(java.util.logging.Logger)
FilePermission(java.io.FilePermission)
URL(java.net.URL)
FileInputStream(java.io.FileInputStream)
URLClassLoader(java.net.URLClassLoader)
Permission(java.security.Permission)
FilePermission(java.io.FilePermission)
URLClassLoader(java.net.URLClassLoader)
File(java.io.File)
Example 24 with FilePermission
use of java.io.FilePermission in project tomcat by apache.
the class WebappClassLoaderBase method getPermissions.
/**
* Get the Permissions for a CodeSource. If this instance
* of WebappClassLoaderBase is for a web application context,
* add read FilePermission for the appropriate resources.
*
* @param codeSource where the code was loaded from
* @return PermissionCollection for CodeSource
*/
@Override
protected PermissionCollection getPermissions(CodeSource codeSource) {
String codeUrl = codeSource.getLocation().toString();
PermissionCollection pc;
if ((pc = loaderPC.get(codeUrl)) == null) {
pc = super.getPermissions(codeSource);
if (pc != null) {
Iterator<Permission> perms = permissionList.iterator();
while (perms.hasNext()) {
Permission p = perms.next();
pc.add(p);
}
loaderPC.put(codeUrl, pc);
}
}
return (pc);
}
Also used :
PermissionCollection(java.security.PermissionCollection)
FilePermission(java.io.FilePermission)
Permission(java.security.Permission)
Example 25 with FilePermission
use of java.io.FilePermission in project tomcat by apache.
the class WebappClassLoaderBase method addPermission.
/**
* If there is a Java SecurityManager create a read permission for the
* target of the given URL as appropriate.
*
* @param url URL for a file or directory on local system
*/
void addPermission(URL url) {
if (url == null) {
return;
}
if (securityManager != null) {
String protocol = url.getProtocol();
if ("file".equalsIgnoreCase(protocol)) {
URI uri;
File f;
String path;
try {
uri = url.toURI();
f = new File(uri);
path = f.getCanonicalPath();
} catch (IOException | URISyntaxException e) {
log.warn(sm.getString("webappClassLoader.addPermisionNoCanonicalFile", url.toExternalForm()));
return;
}
if (f.isFile()) {
// Allow the file to be read
addPermission(new FilePermission(path, "read"));
} else if (f.isDirectory()) {
addPermission(new FilePermission(path, "read"));
addPermission(new FilePermission(path + File.separator + "-", "read"));
} else {
// File does not exist - ignore (shouldn't happen)
}
} else {
// Unsupported URL protocol
log.warn(sm.getString("webappClassLoader.addPermisionNoProtocol", protocol, url.toExternalForm()));
}
}
}
Also used :
IOException(java.io.IOException)
URISyntaxException(java.net.URISyntaxException)
URI(java.net.URI)
File(java.io.File)
FilePermission(java.io.FilePermission)
Aggregations
FilePermission (java.io.FilePermission)57
IOException (java.io.IOException)16
File (java.io.File)14
URL (java.net.URL)13
PermissionCollection (java.security.PermissionCollection)11
SocketPermission (java.net.SocketPermission)9
Permission (java.security.Permission)9
Permissions (java.security.Permissions)9
Test (org.junit.Test)9
CodeSource (java.security.CodeSource)7
PropertyPermission (java.util.PropertyPermission)7
Path (java.nio.file.Path)6
Deployment (org.jboss.arquillian.container.test.api.Deployment)6
Policy (java.security.Policy)5
URLClassLoader (java.net.URLClassLoader)4
ProtectionDomain (java.security.ProtectionDomain)4
Properties (java.util.Properties)4
WebArchive (org.jboss.shrinkwrap.api.spec.WebArchive)4
FileInputStream (java.io.FileInputStream)3
ReflectPermission (java.lang.reflect.ReflectPermission)3
