Example 66 with SocketPermission
use of java.net.SocketPermission in project Bytecoder by mirkosertic.
the class SecurityManager method checkMulticast.
/**
* Throws a <code>SecurityException</code> if the
* calling thread is not allowed to use
* (join/leave/send/receive) IP multicast.
* <p>
* This method calls <code>checkPermission</code> with the
* <code>java.net.SocketPermission(maddr.getHostAddress(),
* "accept,connect")</code> permission.
* <p>
* If you override this method, then you should make a call to
* <code>super.checkMulticast</code>
* at the point the overridden method would normally throw an
* exception.
*
* @param maddr Internet group address to be used.
* @exception SecurityException if the calling thread is not allowed to
* use (join/leave/send/receive) IP multicast.
* @exception NullPointerException if the address argument is
* <code>null</code>.
* @since 1.1
* @see #checkPermission(java.security.Permission) checkPermission
*/
public void checkMulticast(InetAddress maddr) {
String host = maddr.getHostAddress();
if (!host.startsWith("[") && host.indexOf(':') != -1) {
host = "[" + host + "]";
}
checkPermission(new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
}
Also used :
SocketPermission(java.net.SocketPermission)
Example 67 with SocketPermission
use of java.net.SocketPermission in project cordova-android-chromeview by thedracle.
the class HttpURLConnectionImpl method getPermission.
@Override
public final Permission getPermission() throws IOException {
String hostName = getURL().getHost();
int hostPort = Util.getEffectivePort(getURL());
if (usingProxy()) {
InetSocketAddress proxyAddress = (InetSocketAddress) requestedProxy.address();
hostName = proxyAddress.getHostName();
hostPort = proxyAddress.getPort();
}
return new SocketPermission(hostName + ":" + hostPort, "connect, resolve");
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
SocketPermission(java.net.SocketPermission)
Example 68 with SocketPermission
use of java.net.SocketPermission in project lwjgl by LWJGL.
the class AppletLoader method updateClassPath.
/**
* Edits the ClassPath at runtime to include the jars
* that have just been downloaded and then adds the
* lwjgl natives folder property.
*
* @param path location where applet is stored
* @throws Exception if it fails to add classpath
*/
protected void updateClassPath(final String path) throws Exception {
setState(STATE_UPDATING_CLASSPATH);
percentage = 95;
URL[] urls = new URL[urlList.length];
for (int i = 0; i < urlList.length; i++) {
String file = new File(path, getJarName(urlList[i])).toURI().toString();
// fix JVM bug where ! is not escaped
file = file.replace("!", "%21");
urls[i] = new URL(file);
}
// get AppletLoader certificates
final Certificate[] certs = getCurrentCertificates();
// detect if we are running on a mac and save result as boolean
String osName = System.getProperty("os.name");
final boolean isMacOS = (osName.startsWith("Mac") || osName.startsWith("Darwin"));
// add downloaded jars to the classpath with required permissions
classLoader = new URLClassLoader(urls) {
protected PermissionCollection getPermissions(CodeSource codesource) {
PermissionCollection perms = null;
try {
// no permissions
perms = new Permissions();
// if certificates match the AppletLoader certificates then we should be all set
if (certificatesMatch(certs, codesource.getCertificates())) {
perms.add(new AllPermission());
return perms;
}
String host = getCodeBase().getHost();
if (host != null && (host.length() > 0)) {
// add permission for downloaded jars to access host they were from
perms.add(new SocketPermission(host, "connect,accept"));
} else if ("file".equals(codesource.getLocation().getProtocol())) {
// if running locally add file permission
String path = codesource.getLocation().getFile().replace('/', File.separatorChar);
perms.add(new FilePermission(path, "read"));
}
} catch (Exception e) {
e.printStackTrace();
}
return perms;
}
// allow non lwjgl native to be found from cache directory
protected String findLibrary(String libname) {
String libPath = path + "natives" + File.separator + LWJGLUtil.mapLibraryName(libname);
if (new File(libPath).exists()) {
return libPath;
}
return super.findLibrary(libname);
}
};
debug_sleep(2000);
// unload natives loaded by a previous instance of this lwjgl applet
unloadNatives(path);
// add natives files path to native class path
System.setProperty("org.lwjgl.librarypath", path + "natives");
// Make sure jinput knows about the new path too
System.setProperty("net.java.games.input.librarypath", path + "natives");
// set the library path, useful for non lwjgl natives
System.setProperty("java.library.path", path + "natives");
// mark natives as loaded
natives_loaded = true;
}
Also used :
PermissionCollection(java.security.PermissionCollection)
SocketPermission(java.net.SocketPermission)
CodeSource(java.security.CodeSource)
FilePermission(java.io.FilePermission)
URL(java.net.URL)
AccessControlException(java.security.AccessControlException)
IOException(java.io.IOException)
URLClassLoader(java.net.URLClassLoader)
Permissions(java.security.Permissions)
AllPermission(java.security.AllPermission)
JarFile(java.util.jar.JarFile)
ZipFile(java.util.zip.ZipFile)
File(java.io.File)
Certificate(java.security.cert.Certificate)
Example 69 with SocketPermission
use of java.net.SocketPermission in project newsrob by marianokamp.
the class UntrustedScriptHandler method run.
/**
* Runs this handler. This method is called by the SVG viewer
* when the scripts are loaded.
* @param doc The current document.
* @param win An object which represents the current viewer.
*/
public void run(final Document doc, final Window win) {
int nGrantedTmp = 0;
//
// If the document is loaded over the network, check that the
// class has permission to access the server
//
URL docURL = ((SVGOMDocument) doc).getURLObject();
if (docURL != null && docURL.getHost() != null && !"".equals(docURL.getHost())) {
permissions = new Object[basePermissions.length + 3][2];
System.arraycopy(basePermissions, 0, permissions, 3, basePermissions.length);
String docHost = docURL.getHost();
if (docURL.getPort() != -1) {
docHost += ":" + docURL.getPort();
}
permissions[0][0] = "SocketPermission accept " + docHost;
permissions[0][1] = new SocketPermission(docHost, "accept");
permissions[1][0] = "SocketPermission connect " + docHost;
permissions[1][1] = new SocketPermission(docHost, "connect");
permissions[2][0] = "SocketPermission resolve " + docHost;
permissions[2][1] = new SocketPermission(docHost, "resolve");
nGrantedTmp = 3;
} else {
permissions = basePermissions;
}
// Captures the number of permissions which should be
// granted to this code.
final int nGranted = nGrantedTmp;
//
// Build a table in the scrollable area of the document
//
Element securityResults = doc.getElementById("securityResults");
statusRects = new Element[permissions.length];
for (int i = 0; i < permissions.length; i++) {
Element textElt = doc.createElementNS(svgNS, "text");
textElt.setAttributeNS(null, "x", "55");
textElt.setAttributeNS(null, "y", "" + (85 + i * 20));
textElt.appendChild(doc.createTextNode(permissions[i][0].toString()));
securityResults.appendChild(textElt);
Element rectElt = doc.createElementNS(svgNS, "rect");
rectElt.setAttributeNS(null, "x", "50");
rectElt.setAttributeNS(null, "y", "" + (70 + i * 20));
rectElt.setAttributeNS(null, "width", "330");
rectElt.setAttributeNS(null, "height", "20");
rectElt.setAttributeNS(null, "class", "tableCell");
securityResults.appendChild(rectElt);
rectElt = doc.createElementNS(svgNS, "rect");
rectElt.setAttributeNS(null, "x", "380");
rectElt.setAttributeNS(null, "y", "" + (70 + i * 20));
rectElt.setAttributeNS(null, "width", "20");
rectElt.setAttributeNS(null, "height", "20");
rectElt.setAttributeNS(null, "class", "tableCell");
securityResults.appendChild(rectElt);
rectElt = doc.createElementNS(svgNS, "rect");
rectElt.setAttributeNS(null, "x", "383");
rectElt.setAttributeNS(null, "y", "" + (73 + i * 20));
rectElt.setAttributeNS(null, "width", "14");
rectElt.setAttributeNS(null, "height", "14");
rectElt.setAttributeNS(null, "class", "untested");
securityResults.appendChild(rectElt);
statusRects[i] = rectElt;
}
EventTarget testButton = (EventTarget) doc.getElementById("runTest");
testButton.addEventListener("click", new EventListener() {
public void handleEvent(Event evt) {
SecurityManager sm = System.getSecurityManager();
int successCnt = 0;
if (sm == null) {
for (int i = 0; i < nGranted; i++) {
statusRects[i].setAttributeNS(null, "class", "passedTest");
successCnt++;
}
for (int i = nGranted; i < permissions.length; i++) {
statusRects[i].setAttributeNS(null, "class", "failedTest");
}
} else {
for (int i = 0; i < nGranted; i++) {
Permission p = (Permission) permissions[i][1];
boolean success = true;
try {
sm.checkPermission(p);
statusRects[i].setAttributeNS(null, "class", "passedTest");
successCnt++;
} catch (SecurityException se) {
statusRects[i].setAttributeNS(null, "class", "failedTest");
System.out.println("*********************************************");
se.printStackTrace();
}
}
for (int i = nGranted; i < permissions.length; i++) {
Permission p = (Permission) permissions[i][1];
boolean success = true;
try {
sm.checkPermission(p);
statusRects[i].setAttributeNS(null, "class", "failedTest");
} catch (SecurityException se) {
statusRects[i].setAttributeNS(null, "class", "passedTest");
successCnt++;
}
}
}
// Update the global status
Element globalStatus = doc.getElementById("globalStatus");
if (successCnt == (statusRects.length)) {
globalStatus.setAttributeNS(null, "class", "passedTest");
} else {
globalStatus.setAttributeNS(null, "class", "failedTest");
}
String successRatioString = "Test Result: " + successCnt + " / " + statusRects.length;
Element successRatio = doc.getElementById("successRatio");
successRatio.replaceChild(doc.createTextNode(successRatioString), successRatio.getFirstChild());
}
}, false);
}
Also used :
SVGOMDocument(org.apache.batik.dom.svg.SVGOMDocument)
SocketPermission(java.net.SocketPermission)
ReflectPermission(java.lang.reflect.ReflectPermission)
SecurityPermission(java.security.SecurityPermission)
AllPermission(java.security.AllPermission)
SQLPermission(java.sql.SQLPermission)
PropertyPermission(java.util.PropertyPermission)
SerializablePermission(java.io.SerializablePermission)
NetPermission(java.net.NetPermission)
Permission(java.security.Permission)
FilePermission(java.io.FilePermission)
AWTPermission(java.awt.AWTPermission)
SocketPermission(java.net.SocketPermission)
AudioPermission(javax.sound.sampled.AudioPermission)
URL(java.net.URL)
Example 70 with SocketPermission
use of java.net.SocketPermission in project wildfly by wildfly.
the class RolloutPlanTestCase method before.
@BeforeClass
public static void before() throws Exception {
CLITestSuite.createSupport(RolloutPlanTestCase.class.getSimpleName());
final WebArchive war = ShrinkWrap.create(WebArchive.class, "RolloutPlanTestCase.war");
war.addClass(RolloutPlanTestServlet.class);
war.addAsManifestResource(createPermissionsXmlAsset(// main-one
new SocketPermission(TestSuiteEnvironment.formatPossibleIpv6Address(CLITestSuite.hostAddresses.get("master")) + ":" + TEST_PORT, "listen,resolve"), // main-three
new SocketPermission(TestSuiteEnvironment.formatPossibleIpv6Address(CLITestSuite.hostAddresses.get("master")) + ":" + (TEST_PORT + 350), "listen,resolve")), "permissions.xml");
String tempDir = System.getProperty("java.io.tmpdir");
warFile = new File(tempDir + File.separator + "RolloutPlanTestCase.war");
new ZipExporterImpl(war).exportTo(warFile, true);
AbstractCliTestBase.initCLI(DomainTestSupport.masterAddress);
// add another server group to default profile
cli.sendLine("/server-group=test-server-group:add(profile=default,socket-binding-group=standard-sockets)");
cli.sendLine("/server-group=test-server-group/jvm=default:add");
// add a server to the group
cli.sendLine("/host=master/server-config=test-one:add(group=test-server-group,socket-binding-port-offset=700");
cli.sendLine("/host=master/server-config=test-one/interface=public:add(inet-address=" + CLITestSuite.hostAddresses.get("master") + ")");
CLITestSuite.addServer("test-one", "master", "test-server-group", "default", 700, true);
// start main-two
cli.sendLine("/host=master/server-config=main-two:start(blocking=true)");
CLIOpResult res = cli.readAllAsOpResult();
Assert.assertTrue(res.isIsOutcomeSuccess());
waitUntilState("main-two", "STARTED");
// start test-one
cli.sendLine("/host=master/server-config=test-one:start(blocking=true)");
res = cli.readAllAsOpResult();
Assert.assertTrue(res.isIsOutcomeSuccess());
waitUntilState("test-one", "STARTED");
}
Also used :
WebArchive(org.jboss.shrinkwrap.api.spec.WebArchive)
SocketPermission(java.net.SocketPermission)
CLIOpResult(org.jboss.as.test.integration.management.util.CLIOpResult)
File(java.io.File)
ZipExporterImpl(org.jboss.shrinkwrap.impl.base.exporter.zip.ZipExporterImpl)
BeforeClass(org.junit.BeforeClass)
Aggregations
SocketPermission (java.net.SocketPermission)83
Deployment (org.jboss.arquillian.container.test.api.Deployment)27
WebArchive (org.jboss.shrinkwrap.api.spec.WebArchive)27
FilePermission (java.io.FilePermission)17
PropertyPermission (java.util.PropertyPermission)13
StringAsset (org.jboss.shrinkwrap.api.asset.StringAsset)13
AccessControlContext (java.security.AccessControlContext)9
JavaArchive (org.jboss.shrinkwrap.api.spec.JavaArchive)9
Test (org.testng.annotations.Test)8
URL (java.net.URL)7
PrivilegedActionException (java.security.PrivilegedActionException)6
OperateOnDeployment (org.jboss.arquillian.container.test.api.OperateOnDeployment)6
HttpRequest (org.jboss.as.test.integration.common.HttpRequest)6
MockTracer (io.opentracing.mock.MockTracer)5
IOException (java.io.IOException)5
DatagramSocket (java.net.DatagramSocket)5
SecurityPermission (java.security.SecurityPermission)5
InetAddress (java.net.InetAddress)4
InetSocketAddress (java.net.InetSocketAddress)4
MulticastSocket (java.net.MulticastSocket)4
