use of java.io.FilePermission in project wildfly by wildfly.
the class WarStructureDeploymentProcessor method deploy.
@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
if (!DeploymentTypeMarker.isType(DeploymentType.WAR, deploymentUnit)) {
// Skip non web deployments
return;
}
final ResourceRoot deploymentResourceRoot = deploymentUnit.getAttachment(Attachments.DEPLOYMENT_ROOT);
final VirtualFile deploymentRoot = deploymentResourceRoot.getRoot();
if (deploymentRoot == null) {
return;
}
// set the child first behaviour
final ModuleSpecification moduleSpecification = deploymentUnit.getAttachment(Attachments.MODULE_SPECIFICATION);
if (moduleSpecification == null) {
return;
}
moduleSpecification.setPrivateModule(true);
// other sub deployments should not have access to classes in the war module
PrivateSubDeploymentMarker.mark(deploymentUnit);
// OSGi WebApp deployments (WAB) may use the deployment root if they don't use WEB-INF/classes already
if (!deploymentUnit.hasAttachment(Attachments.OSGI_MANIFEST) || deploymentRoot.getChild(WEB_INF_CLASSES).exists()) {
// we do not want to index the resource root, only WEB-INF/classes and WEB-INF/lib
deploymentResourceRoot.putAttachment(Attachments.INDEX_RESOURCE_ROOT, false);
// Make sure the root does not end up in the module, only META-INF
deploymentResourceRoot.getExportFilters().add(new FilterSpecification(PathFilters.getMetaInfFilter(), true));
deploymentResourceRoot.getExportFilters().add(new FilterSpecification(PathFilters.getMetaInfSubdirectoriesFilter(), true));
deploymentResourceRoot.getExportFilters().add(new FilterSpecification(PathFilters.acceptAll(), false));
ModuleRootMarker.mark(deploymentResourceRoot, true);
}
// TODO: This needs to be ported to add additional resource roots the standard way
final MountHandle mountHandle = deploymentResourceRoot.getMountHandle();
try {
// add standard resource roots, this should eventually replace ClassPathEntry
final List<ResourceRoot> resourceRoots = createResourceRoots(deploymentRoot, deploymentUnit);
for (ResourceRoot root : resourceRoots) {
deploymentUnit.addToAttachmentList(Attachments.RESOURCE_ROOTS, root);
}
} catch (Exception e) {
throw new DeploymentUnitProcessingException(e);
}
// Add the war metadata
final WarMetaData warMetaData = new WarMetaData();
deploymentUnit.putAttachment(WarMetaData.ATTACHMENT_KEY, warMetaData);
String deploymentName;
if (deploymentUnit.getParent() == null) {
deploymentName = deploymentUnit.getName();
} else {
deploymentName = deploymentUnit.getParent().getName() + "." + deploymentUnit.getName();
}
PathManager pathManager = deploymentUnit.getAttachment(Attachments.PATH_MANAGER);
File tempDir = new File(pathManager.getPathEntry(TEMP_DIR).resolvePath(), deploymentName);
tempDir.mkdirs();
warMetaData.setTempDir(tempDir);
moduleSpecification.addPermissionFactory(new ImmediatePermissionFactory(new FilePermission(tempDir.getAbsolutePath() + File.separatorChar + "-", "read,write,delete")));
// Add the shared TLDs metadata
final TldsMetaData tldsMetaData = new TldsMetaData();
tldsMetaData.setSharedTlds(sharedTldsMetaData);
deploymentUnit.putAttachment(TldsMetaData.ATTACHMENT_KEY, tldsMetaData);
processExternalMounts(deploymentUnit, deploymentRoot);
}
use of java.io.FilePermission in project wildfly by wildfly.
the class ServiceRefTestCase method deployment.
@Deployment
public static JavaArchive deployment() {
String wsdl = FileUtils.readFile(ServiceRefTestCase.class, "TestService.wsdl");
final Properties properties = new Properties();
properties.putAll(System.getProperties());
final String node0 = NetworkUtils.formatPossibleIpv6Address((String) properties.get("node0"));
if (properties.containsKey("node0")) {
properties.put("node0", node0);
}
return ShrinkWrap.create(JavaArchive.class, "ws-serviceref-example.jar").addClasses(EJB3Bean.class, EndpointInterface.class, EndpointService.class, StatelessBean.class, StatelessRemote.class, CdiBean.class).addAsManifestResource(ServiceRefTestCase.class.getPackage(), "ejb-jar.xml", "ejb-jar.xml").addAsManifestResource(ServiceRefTestCase.class.getPackage(), "jboss-ejb3.xml", "jboss-ejb3.xml").addAsManifestResource(new StringAsset(PropertiesValueResolver.replaceProperties(wsdl, properties)), "wsdl/TestService.wsdl").addAsManifestResource(EmptyAsset.INSTANCE, "beans.xml").addAsManifestResource(createPermissionsXmlAsset(new FilePermission(System.getProperty("java.home") + File.separator + "lib" + File.separator + "wsdl.properties", "read"), new PropertyPermission("user.dir", "read"), new RuntimePermission("getClassLoader"), new RuntimePermission("org.apache.cxf.permission", "resolveUri"), new RuntimePermission("createClassLoader"), new RuntimePermission("accessDeclaredMembers"), new SocketPermission(node0 + ":8080", "connect,resolve")), "jboss-permissions.xml");
}
use of java.io.FilePermission in project wildfly by wildfly.
the class ServiceRefEarTestCase method deployment.
@Deployment(testable = false)
public static Archive<?> deployment() {
JavaArchive jar = ShrinkWrap.create(JavaArchive.class, "ws-serviceref-example.jar").addClasses(EJB3Bean.class, EndpointInterface.class);
WebArchive war = ShrinkWrap.create(WebArchive.class, "ws-serviceref-example-servlet-client.war").addClasses(EndpointInterface.class, EndpointService.class, ServletClient.class).addAsWebInfResource(ServiceRefEarTestCase.class.getPackage(), "web.xml", "web.xml").addAsWebInfResource(ServiceRefEarTestCase.class.getPackage(), "jboss-web.xml", "jboss-web.xml");
String wsdl = FileUtils.readFile(ServiceRefEarTestCase.class, "TestService.wsdl");
final Properties properties = new Properties();
properties.putAll(System.getProperties());
final String node0 = NetworkUtils.formatPossibleIpv6Address((String) properties.get("node0"));
if (properties.containsKey("node0")) {
properties.put("node0", node0);
}
war.addAsWebInfResource(new StringAsset(PropertiesValueResolver.replaceProperties(wsdl, properties)), "wsdl/TestService.wsdl");
EnterpriseArchive ear = ShrinkWrap.create(EnterpriseArchive.class, "ws-serviceref-example.ear").addAsModule(jar).addAsModule(war);
// all the following permissions are needed because EndpointService directly extends javax.xml.ws.Service class
// and CXF guys are not willing to add more privileged blocks into their code, thus deployments need to have
// the following permissions (note that the wsdl.properties permission is needed by wsdl4j)
ear.addAsManifestResource(createPermissionsXmlAsset(new FilePermission(System.getProperty("java.home") + File.separator + "lib" + File.separator + "wsdl.properties", "read"), new PropertyPermission("user.dir", "read"), new RuntimePermission("getClassLoader"), new RuntimePermission("org.apache.cxf.permission", "resolveUri"), new RuntimePermission("createClassLoader"), new RuntimePermission("accessDeclaredMembers"), new SocketPermission(node0 + ":8080", "connect,resolve")), "jboss-permissions.xml");
return ear;
}
use of java.io.FilePermission in project android by JetBrains.
the class RenderSecurityManagerTest method testEnterExitSafeRegion.
@Test
public void testEnterExitSafeRegion() throws Exception {
RenderSecurityManager manager = new RenderSecurityManager(null, null);
Object credential = new Object();
try {
manager.setActive(true, credential);
boolean token = RenderSecurityManager.enterSafeRegion(credential);
manager.checkPermission(new FilePermission("/foo", "execute"));
RenderSecurityManager.exitSafeRegion(token);
assertNotNull(RenderSecurityManager.getCurrent());
boolean tokenOuter = RenderSecurityManager.enterSafeRegion(credential);
assertNull(RenderSecurityManager.getCurrent());
boolean tokenInner = RenderSecurityManager.enterSafeRegion(credential);
assertNull(RenderSecurityManager.getCurrent());
manager.checkPermission(new FilePermission("/foo", "execute"));
assertNull(RenderSecurityManager.getCurrent());
manager.checkPermission(new FilePermission("/foo", "execute"));
RenderSecurityManager.exitSafeRegion(tokenInner);
assertNull(RenderSecurityManager.getCurrent());
RenderSecurityManager.exitSafeRegion(tokenOuter);
assertNotNull(RenderSecurityManager.getCurrent());
// Wrong credential
Object wrongCredential = new Object();
try {
token = RenderSecurityManager.enterSafeRegion(wrongCredential);
manager.checkPermission(new FilePermission("/foo", "execute"));
RenderSecurityManager.exitSafeRegion(token);
fail("Should have thrown exception");
} catch (SecurityException e) {
// pass
}
// Try turning off the security manager
try {
manager.setActive(false, wrongCredential);
} catch (SecurityException e) {
// pass
}
try {
manager.setActive(false, null);
} catch (SecurityException e) {
// pass
}
try {
manager.dispose(wrongCredential);
} catch (SecurityException e) {
// pass
}
// Try looking up the secret
try {
Field field = RenderSecurityManager.class.getField("sCredential");
field.setAccessible(true);
Object secret = field.get(null);
manager.dispose(secret);
fail("Shouldn't be able to find our way to the credential");
} catch (Exception e) {
// pass
assertEquals("java.lang.NoSuchFieldException: sCredential", e.toString());
}
} finally {
manager.dispose(credential);
}
}
use of java.io.FilePermission in project android by JetBrains.
the class RenderSecurityManagerTest method testDelete.
@Test
public void testDelete() throws Exception {
RenderSecurityManager manager = new RenderSecurityManager(null, null);
try {
manager.setActive(true, myCredential);
manager.checkPermission(new FilePermission("/foo", "delete"));
fail("Should have thrown security exception");
} catch (SecurityException exception) {
assertEquals("Write access not allowed during rendering (/foo)", exception.toString());
// pass
} finally {
manager.dispose(myCredential);
}
}
Aggregations