Search in sources :

Example 41 with FilePermission

use of java.io.FilePermission in project wildfly by wildfly.

the class WarStructureDeploymentProcessor method deploy.

@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
    final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
    if (!DeploymentTypeMarker.isType(DeploymentType.WAR, deploymentUnit)) {
        // Skip non web deployments
        return;
    }
    final ResourceRoot deploymentResourceRoot = deploymentUnit.getAttachment(Attachments.DEPLOYMENT_ROOT);
    final VirtualFile deploymentRoot = deploymentResourceRoot.getRoot();
    if (deploymentRoot == null) {
        return;
    }
    // set the child first behaviour
    final ModuleSpecification moduleSpecification = deploymentUnit.getAttachment(Attachments.MODULE_SPECIFICATION);
    if (moduleSpecification == null) {
        return;
    }
    moduleSpecification.setPrivateModule(true);
    // other sub deployments should not have access to classes in the war module
    PrivateSubDeploymentMarker.mark(deploymentUnit);
    // OSGi WebApp deployments (WAB) may use the deployment root if they don't use WEB-INF/classes already
    if (!deploymentUnit.hasAttachment(Attachments.OSGI_MANIFEST) || deploymentRoot.getChild(WEB_INF_CLASSES).exists()) {
        // we do not want to index the resource root, only WEB-INF/classes and WEB-INF/lib
        deploymentResourceRoot.putAttachment(Attachments.INDEX_RESOURCE_ROOT, false);
        // Make sure the root does not end up in the module, only META-INF
        deploymentResourceRoot.getExportFilters().add(new FilterSpecification(PathFilters.getMetaInfFilter(), true));
        deploymentResourceRoot.getExportFilters().add(new FilterSpecification(PathFilters.getMetaInfSubdirectoriesFilter(), true));
        deploymentResourceRoot.getExportFilters().add(new FilterSpecification(PathFilters.acceptAll(), false));
        ModuleRootMarker.mark(deploymentResourceRoot, true);
    }
    // TODO: This needs to be ported to add additional resource roots the standard way
    final MountHandle mountHandle = deploymentResourceRoot.getMountHandle();
    try {
        // add standard resource roots, this should eventually replace ClassPathEntry
        final List<ResourceRoot> resourceRoots = createResourceRoots(deploymentRoot, deploymentUnit);
        for (ResourceRoot root : resourceRoots) {
            deploymentUnit.addToAttachmentList(Attachments.RESOURCE_ROOTS, root);
        }
    } catch (Exception e) {
        throw new DeploymentUnitProcessingException(e);
    }
    // Add the war metadata
    final WarMetaData warMetaData = new WarMetaData();
    deploymentUnit.putAttachment(WarMetaData.ATTACHMENT_KEY, warMetaData);
    String deploymentName;
    if (deploymentUnit.getParent() == null) {
        deploymentName = deploymentUnit.getName();
    } else {
        deploymentName = deploymentUnit.getParent().getName() + "." + deploymentUnit.getName();
    }
    PathManager pathManager = deploymentUnit.getAttachment(Attachments.PATH_MANAGER);
    File tempDir = new File(pathManager.getPathEntry(TEMP_DIR).resolvePath(), deploymentName);
    tempDir.mkdirs();
    warMetaData.setTempDir(tempDir);
    moduleSpecification.addPermissionFactory(new ImmediatePermissionFactory(new FilePermission(tempDir.getAbsolutePath() + File.separatorChar + "-", "read,write,delete")));
    // Add the shared TLDs metadata
    final TldsMetaData tldsMetaData = new TldsMetaData();
    tldsMetaData.setSharedTlds(sharedTldsMetaData);
    deploymentUnit.putAttachment(TldsMetaData.ATTACHMENT_KEY, tldsMetaData);
    processExternalMounts(deploymentUnit, deploymentRoot);
}
Also used : VirtualFile(org.jboss.vfs.VirtualFile) DeploymentUnitProcessingException(org.jboss.as.server.deployment.DeploymentUnitProcessingException) PathManager(org.jboss.as.controller.services.path.PathManager) MountHandle(org.jboss.as.server.deployment.module.MountHandle) FilterSpecification(org.jboss.as.server.deployment.module.FilterSpecification) WarMetaData(org.jboss.as.web.common.WarMetaData) FilePermission(java.io.FilePermission) DeploymentUnitProcessingException(org.jboss.as.server.deployment.DeploymentUnitProcessingException) IOException(java.io.IOException) ResourceRoot(org.jboss.as.server.deployment.module.ResourceRoot) ModuleSpecification(org.jboss.as.server.deployment.module.ModuleSpecification) ImmediatePermissionFactory(org.jboss.modules.security.ImmediatePermissionFactory) DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit) VirtualFile(org.jboss.vfs.VirtualFile) File(java.io.File)

Example 42 with FilePermission

use of java.io.FilePermission in project wildfly by wildfly.

the class ServiceRefTestCase method deployment.

@Deployment
public static JavaArchive deployment() {
    String wsdl = FileUtils.readFile(ServiceRefTestCase.class, "TestService.wsdl");
    final Properties properties = new Properties();
    properties.putAll(System.getProperties());
    final String node0 = NetworkUtils.formatPossibleIpv6Address((String) properties.get("node0"));
    if (properties.containsKey("node0")) {
        properties.put("node0", node0);
    }
    return ShrinkWrap.create(JavaArchive.class, "ws-serviceref-example.jar").addClasses(EJB3Bean.class, EndpointInterface.class, EndpointService.class, StatelessBean.class, StatelessRemote.class, CdiBean.class).addAsManifestResource(ServiceRefTestCase.class.getPackage(), "ejb-jar.xml", "ejb-jar.xml").addAsManifestResource(ServiceRefTestCase.class.getPackage(), "jboss-ejb3.xml", "jboss-ejb3.xml").addAsManifestResource(new StringAsset(PropertiesValueResolver.replaceProperties(wsdl, properties)), "wsdl/TestService.wsdl").addAsManifestResource(EmptyAsset.INSTANCE, "beans.xml").addAsManifestResource(createPermissionsXmlAsset(new FilePermission(System.getProperty("java.home") + File.separator + "lib" + File.separator + "wsdl.properties", "read"), new PropertyPermission("user.dir", "read"), new RuntimePermission("getClassLoader"), new RuntimePermission("org.apache.cxf.permission", "resolveUri"), new RuntimePermission("createClassLoader"), new RuntimePermission("accessDeclaredMembers"), new SocketPermission(node0 + ":8080", "connect,resolve")), "jboss-permissions.xml");
}
Also used : StringAsset(org.jboss.shrinkwrap.api.asset.StringAsset) PropertyPermission(java.util.PropertyPermission) SocketPermission(java.net.SocketPermission) Properties(java.util.Properties) FilePermission(java.io.FilePermission) Deployment(org.jboss.arquillian.container.test.api.Deployment)

Example 43 with FilePermission

use of java.io.FilePermission in project wildfly by wildfly.

the class ServiceRefEarTestCase method deployment.

@Deployment(testable = false)
public static Archive<?> deployment() {
    JavaArchive jar = ShrinkWrap.create(JavaArchive.class, "ws-serviceref-example.jar").addClasses(EJB3Bean.class, EndpointInterface.class);
    WebArchive war = ShrinkWrap.create(WebArchive.class, "ws-serviceref-example-servlet-client.war").addClasses(EndpointInterface.class, EndpointService.class, ServletClient.class).addAsWebInfResource(ServiceRefEarTestCase.class.getPackage(), "web.xml", "web.xml").addAsWebInfResource(ServiceRefEarTestCase.class.getPackage(), "jboss-web.xml", "jboss-web.xml");
    String wsdl = FileUtils.readFile(ServiceRefEarTestCase.class, "TestService.wsdl");
    final Properties properties = new Properties();
    properties.putAll(System.getProperties());
    final String node0 = NetworkUtils.formatPossibleIpv6Address((String) properties.get("node0"));
    if (properties.containsKey("node0")) {
        properties.put("node0", node0);
    }
    war.addAsWebInfResource(new StringAsset(PropertiesValueResolver.replaceProperties(wsdl, properties)), "wsdl/TestService.wsdl");
    EnterpriseArchive ear = ShrinkWrap.create(EnterpriseArchive.class, "ws-serviceref-example.ear").addAsModule(jar).addAsModule(war);
    // all the following permissions are needed because EndpointService directly extends javax.xml.ws.Service class
    // and CXF guys are not willing to add more privileged blocks into their code, thus deployments need to have
    // the following permissions (note that the wsdl.properties permission is needed by wsdl4j)
    ear.addAsManifestResource(createPermissionsXmlAsset(new FilePermission(System.getProperty("java.home") + File.separator + "lib" + File.separator + "wsdl.properties", "read"), new PropertyPermission("user.dir", "read"), new RuntimePermission("getClassLoader"), new RuntimePermission("org.apache.cxf.permission", "resolveUri"), new RuntimePermission("createClassLoader"), new RuntimePermission("accessDeclaredMembers"), new SocketPermission(node0 + ":8080", "connect,resolve")), "jboss-permissions.xml");
    return ear;
}
Also used : EnterpriseArchive(org.jboss.shrinkwrap.api.spec.EnterpriseArchive) StringAsset(org.jboss.shrinkwrap.api.asset.StringAsset) PropertyPermission(java.util.PropertyPermission) WebArchive(org.jboss.shrinkwrap.api.spec.WebArchive) SocketPermission(java.net.SocketPermission) Properties(java.util.Properties) FilePermission(java.io.FilePermission) JavaArchive(org.jboss.shrinkwrap.api.spec.JavaArchive) Deployment(org.jboss.arquillian.container.test.api.Deployment)

Example 44 with FilePermission

use of java.io.FilePermission in project android by JetBrains.

the class RenderSecurityManagerTest method testEnterExitSafeRegion.

@Test
public void testEnterExitSafeRegion() throws Exception {
    RenderSecurityManager manager = new RenderSecurityManager(null, null);
    Object credential = new Object();
    try {
        manager.setActive(true, credential);
        boolean token = RenderSecurityManager.enterSafeRegion(credential);
        manager.checkPermission(new FilePermission("/foo", "execute"));
        RenderSecurityManager.exitSafeRegion(token);
        assertNotNull(RenderSecurityManager.getCurrent());
        boolean tokenOuter = RenderSecurityManager.enterSafeRegion(credential);
        assertNull(RenderSecurityManager.getCurrent());
        boolean tokenInner = RenderSecurityManager.enterSafeRegion(credential);
        assertNull(RenderSecurityManager.getCurrent());
        manager.checkPermission(new FilePermission("/foo", "execute"));
        assertNull(RenderSecurityManager.getCurrent());
        manager.checkPermission(new FilePermission("/foo", "execute"));
        RenderSecurityManager.exitSafeRegion(tokenInner);
        assertNull(RenderSecurityManager.getCurrent());
        RenderSecurityManager.exitSafeRegion(tokenOuter);
        assertNotNull(RenderSecurityManager.getCurrent());
        // Wrong credential
        Object wrongCredential = new Object();
        try {
            token = RenderSecurityManager.enterSafeRegion(wrongCredential);
            manager.checkPermission(new FilePermission("/foo", "execute"));
            RenderSecurityManager.exitSafeRegion(token);
            fail("Should have thrown exception");
        } catch (SecurityException e) {
        // pass
        }
        // Try turning off the security manager
        try {
            manager.setActive(false, wrongCredential);
        } catch (SecurityException e) {
        // pass
        }
        try {
            manager.setActive(false, null);
        } catch (SecurityException e) {
        // pass
        }
        try {
            manager.dispose(wrongCredential);
        } catch (SecurityException e) {
        // pass
        }
        // Try looking up the secret
        try {
            Field field = RenderSecurityManager.class.getField("sCredential");
            field.setAccessible(true);
            Object secret = field.get(null);
            manager.dispose(secret);
            fail("Shouldn't be able to find our way to the credential");
        } catch (Exception e) {
            // pass
            assertEquals("java.lang.NoSuchFieldException: sCredential", e.toString());
        }
    } finally {
        manager.dispose(credential);
    }
}
Also used : Field(java.lang.reflect.Field) FilePermission(java.io.FilePermission) BrokenBarrierException(java.util.concurrent.BrokenBarrierException) Test(org.junit.Test)

Example 45 with FilePermission

use of java.io.FilePermission in project android by JetBrains.

the class RenderSecurityManagerTest method testDelete.

@Test
public void testDelete() throws Exception {
    RenderSecurityManager manager = new RenderSecurityManager(null, null);
    try {
        manager.setActive(true, myCredential);
        manager.checkPermission(new FilePermission("/foo", "delete"));
        fail("Should have thrown security exception");
    } catch (SecurityException exception) {
        assertEquals("Write access not allowed during rendering (/foo)", exception.toString());
    // pass
    } finally {
        manager.dispose(myCredential);
    }
}
Also used : FilePermission(java.io.FilePermission) Test(org.junit.Test)

Aggregations

FilePermission (java.io.FilePermission)57 IOException (java.io.IOException)16 File (java.io.File)14 URL (java.net.URL)13 PermissionCollection (java.security.PermissionCollection)11 SocketPermission (java.net.SocketPermission)9 Permission (java.security.Permission)9 Permissions (java.security.Permissions)9 Test (org.junit.Test)9 CodeSource (java.security.CodeSource)7 PropertyPermission (java.util.PropertyPermission)7 Path (java.nio.file.Path)6 Deployment (org.jboss.arquillian.container.test.api.Deployment)6 Policy (java.security.Policy)5 URLClassLoader (java.net.URLClassLoader)4 ProtectionDomain (java.security.ProtectionDomain)4 Properties (java.util.Properties)4 WebArchive (org.jboss.shrinkwrap.api.spec.WebArchive)4 FileInputStream (java.io.FileInputStream)3 ReflectPermission (java.lang.reflect.ReflectPermission)3