Search in sources :

Example 66 with SocketPermission

use of java.net.SocketPermission in project Bytecoder by mirkosertic.

the class SecurityManager method checkMulticast.

/**
 * Throws a <code>SecurityException</code> if the
 * calling thread is not allowed to use
 * (join/leave/send/receive) IP multicast.
 * <p>
 * This method calls <code>checkPermission</code> with the
 * <code>java.net.SocketPermission(maddr.getHostAddress(),
 * "accept,connect")</code> permission.
 * <p>
 * If you override this method, then you should make a call to
 * <code>super.checkMulticast</code>
 * at the point the overridden method would normally throw an
 * exception.
 *
 * @param      maddr  Internet group address to be used.
 * @exception  SecurityException  if the calling thread is not allowed to
 *  use (join/leave/send/receive) IP multicast.
 * @exception  NullPointerException if the address argument is
 *             <code>null</code>.
 * @since      1.1
 * @see        #checkPermission(java.security.Permission) checkPermission
 */
public void checkMulticast(InetAddress maddr) {
    String host = maddr.getHostAddress();
    if (!host.startsWith("[") && host.indexOf(':') != -1) {
        host = "[" + host + "]";
    }
    checkPermission(new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
}
Also used : SocketPermission(java.net.SocketPermission)

Example 67 with SocketPermission

use of java.net.SocketPermission in project cordova-android-chromeview by thedracle.

the class HttpURLConnectionImpl method getPermission.

@Override
public final Permission getPermission() throws IOException {
    String hostName = getURL().getHost();
    int hostPort = Util.getEffectivePort(getURL());
    if (usingProxy()) {
        InetSocketAddress proxyAddress = (InetSocketAddress) requestedProxy.address();
        hostName = proxyAddress.getHostName();
        hostPort = proxyAddress.getPort();
    }
    return new SocketPermission(hostName + ":" + hostPort, "connect, resolve");
}
Also used : InetSocketAddress(java.net.InetSocketAddress) SocketPermission(java.net.SocketPermission)

Example 68 with SocketPermission

use of java.net.SocketPermission in project lwjgl by LWJGL.

the class AppletLoader method updateClassPath.

/**
 * Edits the ClassPath at runtime to include the jars
 * that have just been downloaded and then adds the
 * lwjgl natives folder property.
 *
 * @param path location where applet is stored
 * @throws Exception if it fails to add classpath
 */
protected void updateClassPath(final String path) throws Exception {
    setState(STATE_UPDATING_CLASSPATH);
    percentage = 95;
    URL[] urls = new URL[urlList.length];
    for (int i = 0; i < urlList.length; i++) {
        String file = new File(path, getJarName(urlList[i])).toURI().toString();
        // fix JVM bug where ! is not escaped
        file = file.replace("!", "%21");
        urls[i] = new URL(file);
    }
    // get AppletLoader certificates
    final Certificate[] certs = getCurrentCertificates();
    // detect if we are running on a mac and save result as boolean
    String osName = System.getProperty("os.name");
    final boolean isMacOS = (osName.startsWith("Mac") || osName.startsWith("Darwin"));
    // add downloaded jars to the classpath with required permissions
    classLoader = new URLClassLoader(urls) {

        protected PermissionCollection getPermissions(CodeSource codesource) {
            PermissionCollection perms = null;
            try {
                // no permissions
                perms = new Permissions();
                // if certificates match the AppletLoader certificates then we should be all set
                if (certificatesMatch(certs, codesource.getCertificates())) {
                    perms.add(new AllPermission());
                    return perms;
                }
                String host = getCodeBase().getHost();
                if (host != null && (host.length() > 0)) {
                    // add permission for downloaded jars to access host they were from
                    perms.add(new SocketPermission(host, "connect,accept"));
                } else if ("file".equals(codesource.getLocation().getProtocol())) {
                    // if running locally add file permission
                    String path = codesource.getLocation().getFile().replace('/', File.separatorChar);
                    perms.add(new FilePermission(path, "read"));
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
            return perms;
        }

        // allow non lwjgl native to be found from cache directory
        protected String findLibrary(String libname) {
            String libPath = path + "natives" + File.separator + LWJGLUtil.mapLibraryName(libname);
            if (new File(libPath).exists()) {
                return libPath;
            }
            return super.findLibrary(libname);
        }
    };
    debug_sleep(2000);
    // unload natives loaded by a previous instance of this lwjgl applet
    unloadNatives(path);
    // add natives files path to native class path
    System.setProperty("org.lwjgl.librarypath", path + "natives");
    // Make sure jinput knows about the new path too
    System.setProperty("net.java.games.input.librarypath", path + "natives");
    // set the library path, useful for non lwjgl natives
    System.setProperty("java.library.path", path + "natives");
    // mark natives as loaded
    natives_loaded = true;
}
Also used : PermissionCollection(java.security.PermissionCollection) SocketPermission(java.net.SocketPermission) CodeSource(java.security.CodeSource) FilePermission(java.io.FilePermission) URL(java.net.URL) AccessControlException(java.security.AccessControlException) IOException(java.io.IOException) URLClassLoader(java.net.URLClassLoader) Permissions(java.security.Permissions) AllPermission(java.security.AllPermission) JarFile(java.util.jar.JarFile) ZipFile(java.util.zip.ZipFile) File(java.io.File) Certificate(java.security.cert.Certificate)

Example 69 with SocketPermission

use of java.net.SocketPermission in project newsrob by marianokamp.

the class UntrustedScriptHandler method run.

/**
 * Runs this handler.  This method is called by the SVG viewer
 * when the scripts are loaded.
 * @param doc The current document.
 * @param win An object which represents the current viewer.
 */
public void run(final Document doc, final Window win) {
    int nGrantedTmp = 0;
    // 
    // If the document is loaded over the network, check that the
    // class has permission to access the server
    // 
    URL docURL = ((SVGOMDocument) doc).getURLObject();
    if (docURL != null && docURL.getHost() != null && !"".equals(docURL.getHost())) {
        permissions = new Object[basePermissions.length + 3][2];
        System.arraycopy(basePermissions, 0, permissions, 3, basePermissions.length);
        String docHost = docURL.getHost();
        if (docURL.getPort() != -1) {
            docHost += ":" + docURL.getPort();
        }
        permissions[0][0] = "SocketPermission accept " + docHost;
        permissions[0][1] = new SocketPermission(docHost, "accept");
        permissions[1][0] = "SocketPermission connect " + docHost;
        permissions[1][1] = new SocketPermission(docHost, "connect");
        permissions[2][0] = "SocketPermission resolve " + docHost;
        permissions[2][1] = new SocketPermission(docHost, "resolve");
        nGrantedTmp = 3;
    } else {
        permissions = basePermissions;
    }
    // Captures the number of permissions which should be
    // granted to this code.
    final int nGranted = nGrantedTmp;
    // 
    // Build a table in the scrollable area of the document
    // 
    Element securityResults = doc.getElementById("securityResults");
    statusRects = new Element[permissions.length];
    for (int i = 0; i < permissions.length; i++) {
        Element textElt = doc.createElementNS(svgNS, "text");
        textElt.setAttributeNS(null, "x", "55");
        textElt.setAttributeNS(null, "y", "" + (85 + i * 20));
        textElt.appendChild(doc.createTextNode(permissions[i][0].toString()));
        securityResults.appendChild(textElt);
        Element rectElt = doc.createElementNS(svgNS, "rect");
        rectElt.setAttributeNS(null, "x", "50");
        rectElt.setAttributeNS(null, "y", "" + (70 + i * 20));
        rectElt.setAttributeNS(null, "width", "330");
        rectElt.setAttributeNS(null, "height", "20");
        rectElt.setAttributeNS(null, "class", "tableCell");
        securityResults.appendChild(rectElt);
        rectElt = doc.createElementNS(svgNS, "rect");
        rectElt.setAttributeNS(null, "x", "380");
        rectElt.setAttributeNS(null, "y", "" + (70 + i * 20));
        rectElt.setAttributeNS(null, "width", "20");
        rectElt.setAttributeNS(null, "height", "20");
        rectElt.setAttributeNS(null, "class", "tableCell");
        securityResults.appendChild(rectElt);
        rectElt = doc.createElementNS(svgNS, "rect");
        rectElt.setAttributeNS(null, "x", "383");
        rectElt.setAttributeNS(null, "y", "" + (73 + i * 20));
        rectElt.setAttributeNS(null, "width", "14");
        rectElt.setAttributeNS(null, "height", "14");
        rectElt.setAttributeNS(null, "class", "untested");
        securityResults.appendChild(rectElt);
        statusRects[i] = rectElt;
    }
    EventTarget testButton = (EventTarget) doc.getElementById("runTest");
    testButton.addEventListener("click", new EventListener() {

        public void handleEvent(Event evt) {
            SecurityManager sm = System.getSecurityManager();
            int successCnt = 0;
            if (sm == null) {
                for (int i = 0; i < nGranted; i++) {
                    statusRects[i].setAttributeNS(null, "class", "passedTest");
                    successCnt++;
                }
                for (int i = nGranted; i < permissions.length; i++) {
                    statusRects[i].setAttributeNS(null, "class", "failedTest");
                }
            } else {
                for (int i = 0; i < nGranted; i++) {
                    Permission p = (Permission) permissions[i][1];
                    boolean success = true;
                    try {
                        sm.checkPermission(p);
                        statusRects[i].setAttributeNS(null, "class", "passedTest");
                        successCnt++;
                    } catch (SecurityException se) {
                        statusRects[i].setAttributeNS(null, "class", "failedTest");
                        System.out.println("*********************************************");
                        se.printStackTrace();
                    }
                }
                for (int i = nGranted; i < permissions.length; i++) {
                    Permission p = (Permission) permissions[i][1];
                    boolean success = true;
                    try {
                        sm.checkPermission(p);
                        statusRects[i].setAttributeNS(null, "class", "failedTest");
                    } catch (SecurityException se) {
                        statusRects[i].setAttributeNS(null, "class", "passedTest");
                        successCnt++;
                    }
                }
            }
            // Update the global status
            Element globalStatus = doc.getElementById("globalStatus");
            if (successCnt == (statusRects.length)) {
                globalStatus.setAttributeNS(null, "class", "passedTest");
            } else {
                globalStatus.setAttributeNS(null, "class", "failedTest");
            }
            String successRatioString = "Test Result: " + successCnt + " / " + statusRects.length;
            Element successRatio = doc.getElementById("successRatio");
            successRatio.replaceChild(doc.createTextNode(successRatioString), successRatio.getFirstChild());
        }
    }, false);
}
Also used : SVGOMDocument(org.apache.batik.dom.svg.SVGOMDocument) SocketPermission(java.net.SocketPermission) ReflectPermission(java.lang.reflect.ReflectPermission) SecurityPermission(java.security.SecurityPermission) AllPermission(java.security.AllPermission) SQLPermission(java.sql.SQLPermission) PropertyPermission(java.util.PropertyPermission) SerializablePermission(java.io.SerializablePermission) NetPermission(java.net.NetPermission) Permission(java.security.Permission) FilePermission(java.io.FilePermission) AWTPermission(java.awt.AWTPermission) SocketPermission(java.net.SocketPermission) AudioPermission(javax.sound.sampled.AudioPermission) URL(java.net.URL)

Example 70 with SocketPermission

use of java.net.SocketPermission in project wildfly by wildfly.

the class RolloutPlanTestCase method before.

@BeforeClass
public static void before() throws Exception {
    CLITestSuite.createSupport(RolloutPlanTestCase.class.getSimpleName());
    final WebArchive war = ShrinkWrap.create(WebArchive.class, "RolloutPlanTestCase.war");
    war.addClass(RolloutPlanTestServlet.class);
    war.addAsManifestResource(createPermissionsXmlAsset(// main-one
    new SocketPermission(TestSuiteEnvironment.formatPossibleIpv6Address(CLITestSuite.hostAddresses.get("master")) + ":" + TEST_PORT, "listen,resolve"), // main-three
    new SocketPermission(TestSuiteEnvironment.formatPossibleIpv6Address(CLITestSuite.hostAddresses.get("master")) + ":" + (TEST_PORT + 350), "listen,resolve")), "permissions.xml");
    String tempDir = System.getProperty("java.io.tmpdir");
    warFile = new File(tempDir + File.separator + "RolloutPlanTestCase.war");
    new ZipExporterImpl(war).exportTo(warFile, true);
    AbstractCliTestBase.initCLI(DomainTestSupport.masterAddress);
    // add another server group to default profile
    cli.sendLine("/server-group=test-server-group:add(profile=default,socket-binding-group=standard-sockets)");
    cli.sendLine("/server-group=test-server-group/jvm=default:add");
    // add a server to the group
    cli.sendLine("/host=master/server-config=test-one:add(group=test-server-group,socket-binding-port-offset=700");
    cli.sendLine("/host=master/server-config=test-one/interface=public:add(inet-address=" + CLITestSuite.hostAddresses.get("master") + ")");
    CLITestSuite.addServer("test-one", "master", "test-server-group", "default", 700, true);
    // start main-two
    cli.sendLine("/host=master/server-config=main-two:start(blocking=true)");
    CLIOpResult res = cli.readAllAsOpResult();
    Assert.assertTrue(res.isIsOutcomeSuccess());
    waitUntilState("main-two", "STARTED");
    // start test-one
    cli.sendLine("/host=master/server-config=test-one:start(blocking=true)");
    res = cli.readAllAsOpResult();
    Assert.assertTrue(res.isIsOutcomeSuccess());
    waitUntilState("test-one", "STARTED");
}
Also used : WebArchive(org.jboss.shrinkwrap.api.spec.WebArchive) SocketPermission(java.net.SocketPermission) CLIOpResult(org.jboss.as.test.integration.management.util.CLIOpResult) File(java.io.File) ZipExporterImpl(org.jboss.shrinkwrap.impl.base.exporter.zip.ZipExporterImpl) BeforeClass(org.junit.BeforeClass)

Aggregations

SocketPermission (java.net.SocketPermission)83 Deployment (org.jboss.arquillian.container.test.api.Deployment)27 WebArchive (org.jboss.shrinkwrap.api.spec.WebArchive)27 FilePermission (java.io.FilePermission)17 PropertyPermission (java.util.PropertyPermission)13 StringAsset (org.jboss.shrinkwrap.api.asset.StringAsset)13 AccessControlContext (java.security.AccessControlContext)9 JavaArchive (org.jboss.shrinkwrap.api.spec.JavaArchive)9 Test (org.testng.annotations.Test)8 URL (java.net.URL)7 PrivilegedActionException (java.security.PrivilegedActionException)6 OperateOnDeployment (org.jboss.arquillian.container.test.api.OperateOnDeployment)6 HttpRequest (org.jboss.as.test.integration.common.HttpRequest)6 MockTracer (io.opentracing.mock.MockTracer)5 IOException (java.io.IOException)5 DatagramSocket (java.net.DatagramSocket)5 SecurityPermission (java.security.SecurityPermission)5 InetAddress (java.net.InetAddress)4 InetSocketAddress (java.net.InetSocketAddress)4 MulticastSocket (java.net.MulticastSocket)4