Examples with SocketPermission java.net.SocketPermission used on opensource projects

Example 11 with SocketPermission

use of java.net.SocketPermission in project wildfly by wildfly.

the class SPNEGOLoginModuleTestCase method deployment.

/**
     * Creates {@link WebArchive}.
     *
     * @return
     */
@Deployment(name = "WEB", testable = false)
public static WebArchive deployment() {
    LOGGER.debug("Web deployment");
    final WebArchive war = createWebApp(WEBAPP_NAME, "web-spnego-authn.xml", "SPNEGO");
    war.addAsManifestResource(PermissionUtils.createPermissionsXmlAsset(// Permissions for PropagateIdentityServlet to get delegation credentials DelegationCredentialContext.getDelegCredential()
    new RuntimePermission("org.jboss.security.negotiation.getDelegCredential"), // Permissions for PropagateIdentityServlet to read properties
    new PropertyPermission(GSSTestConstants.PROPERTY_PORT, "read"), new PropertyPermission(GSSTestConstants.PROPERTY_PRINCIPAL, "read"), new PropertyPermission(GSSTestConstants.PROPERTY_PASSWORD, "read"), // Permissions for GSSTestClient to connect to GSSTestServer
    new SocketPermission(TestSuiteEnvironment.getServerAddress(), "resolve,connect"), // Permissions for GSSTestClient to initiate gss context
    new ServicePermission(GSSTestConstants.PRINCIPAL, "initiate"), new ServicePermission("krbtgt/JBOSS.ORG@JBOSS.ORG", "initiate")), "permissions.xml");
    return war;
}

Example 12 with SocketPermission

use of java.net.SocketPermission in project wildfly by wildfly.

the class ServiceRefSevletTestCase method clientDeployment.

@Deployment(name = "servletClient", testable = false)
public static WebArchive clientDeployment() {
    WebArchive war = ShrinkWrap.create(WebArchive.class, "ws-serviceref-example-servlet-client.war").addClasses(EndpointInterface.class, EndpointService.class, ServletClient.class).addAsWebInfResource(ServiceRefSevletTestCase.class.getPackage(), "web.xml", "web.xml").addAsWebInfResource(ServiceRefSevletTestCase.class.getPackage(), "jboss-web.xml", "jboss-web.xml");
    String wsdl = FileUtils.readFile(ServiceRefSevletTestCase.class, "TestService.wsdl");
    final Properties properties = new Properties();
    properties.putAll(System.getProperties());
    final String node0 = NetworkUtils.formatPossibleIpv6Address((String) properties.get("node0"));
    if (properties.containsKey("node0")) {
        properties.put("node0", node0);
    }
    war.addAsWebInfResource(new StringAsset(PropertiesValueResolver.replaceProperties(wsdl, properties)), "wsdl/TestService.wsdl");
    // all the following permissions are needed because EndpointService directly extends javax.xml.ws.Service class
    // and CXF guys are not willing to add more privileged blocks into their code, thus deployments need to have
    // the following permissions (note that the wsdl.properties permission is needed by wsdl4j)
    war.addAsManifestResource(createPermissionsXmlAsset(new FilePermission(System.getProperty("java.home") + File.separator + "lib" + File.separator + "wsdl.properties", "read"), new PropertyPermission("user.dir", "read"), new RuntimePermission("getClassLoader"), new RuntimePermission("org.apache.cxf.permission", "resolveUri"), new RuntimePermission("createClassLoader"), new RuntimePermission("accessDeclaredMembers"), new SocketPermission(node0 + ":8080", "connect,resolve")), "jboss-permissions.xml");
    return war;
}

Example 13 with SocketPermission

use of java.net.SocketPermission in project wildfly by wildfly.

the class DeploymentHelper method getWebArchiveWithPermissions.

public WebArchive getWebArchiveWithPermissions(final String archiveName) {
    final String javaHome = TestSuiteEnvironment.getSystemProperty("java.home");
    final String serverHostPort = TestSuiteEnvironment.getServerAddress() + ":" + TestSuiteEnvironment.getHttpPort();
    final WebArchive webArchive = ShrinkWrap.create(WebArchive.class, archiveName + ".war").addAsWebInfResource(EmptyAsset.INSTANCE, ArchivePaths.create("beans.xml")).addAsManifestResource(PermissionUtils.createPermissionsXmlAsset(new ReflectPermission("suppressAccessChecks"), new ReflectPermission("accessDeclaredMembers"), // Permissions for port access
    new PropertyPermission("management.address", "read"), new PropertyPermission("node0", "read"), new PropertyPermission("jboss.http.port", "read"), new SocketPermission(serverHostPort, "connect,resolve"), // Permissions for the new client creation
    new RuntimePermission("accessDeclaredMembers"), new RuntimePermission("createClassLoader"), new RuntimePermission("getClassLoader"), new RuntimePermission("org.apache.cxf.permission"), new FilePermission(javaHome + File.separator + "lib" + File.separator + "wsdl.properties", "read"), new PropertyPermission("user.dir", "read"), new PropertyPermission("arquillian.debug", "read"), new FilePermission(System.getProperty("basedir") + File.separator + "target" + File.separator + "workdir" + File.separator + "xcatalog", "read")), "permissions.xml");
    return webArchive;
}

Example 14 with SocketPermission

use of java.net.SocketPermission in project jdk8u_jdk by JetBrains.

the class SecurityManager method checkMulticast.

/**
     * Throws a <code>SecurityException</code> if the
     * calling thread is not allowed to use
     * (join/leave/send/receive) IP multicast.
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>java.net.SocketPermission(maddr.getHostAddress(),
     * "accept,connect")</code> permission.
     * <p>
     * If you override this method, then you should make a call to
     * <code>super.checkMulticast</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @param      maddr  Internet group address to be used.
     * @param      ttl        value in use, if it is multicast send.
     * Note: this particular implementation does not use the ttl
     * parameter.
     * @exception  SecurityException  if the calling thread is not allowed to
     *  use (join/leave/send/receive) IP multicast.
     * @exception  NullPointerException if the address argument is
     *             <code>null</code>.
     * @since      JDK1.1
     * @deprecated Use #checkPermission(java.security.Permission) instead
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
@Deprecated
public void checkMulticast(InetAddress maddr, byte ttl) {
    String host = maddr.getHostAddress();
    if (!host.startsWith("[") && host.indexOf(':') != -1) {
        host = "[" + host + "]";
    }
    checkPermission(new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
}

Example 15 with SocketPermission

use of java.net.SocketPermission in project jdk8u_jdk by JetBrains.

the class AppletPanel method getAccessControlContext.

/**
     * get the context for the AppletClassLoader we are creating.
     * the context is granted permission to create the class loader,
     * connnect to the codebase, and whatever else the policy grants
     * to all codebases.
     */
private AccessControlContext getAccessControlContext(final URL codebase) {
    PermissionCollection perms = (PermissionCollection) AccessController.doPrivileged(new PrivilegedAction() {

        @Override
        public Object run() {
            Policy p = java.security.Policy.getPolicy();
            if (p != null) {
                return p.getPermissions(new CodeSource(null, (java.security.cert.Certificate[]) null));
            } else {
                return null;
            }
        }
    });
    if (perms == null)
        perms = new Permissions();
    //XXX: this is needed to be able to create the classloader itself!
    perms.add(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);
    Permission p;
    java.net.URLConnection urlConnection = null;
    try {
        urlConnection = codebase.openConnection();
        p = urlConnection.getPermission();
    } catch (java.io.IOException ioe) {
        p = null;
    }
    if (p != null)
        perms.add(p);
    if (p instanceof FilePermission) {
        String path = p.getName();
        int endIndex = path.lastIndexOf(File.separatorChar);
        if (endIndex != -1) {
            path = path.substring(0, endIndex + 1);
            if (path.endsWith(File.separator)) {
                path += "-";
            }
            perms.add(new FilePermission(path, SecurityConstants.FILE_READ_ACTION));
        }
    } else {
        URL locUrl = codebase;
        if (urlConnection instanceof JarURLConnection) {
            locUrl = ((JarURLConnection) urlConnection).getJarFileURL();
        }
        String host = locUrl.getHost();
        if (host != null && (host.length() > 0))
            perms.add(new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
    }
    ProtectionDomain domain = new ProtectionDomain(new CodeSource(codebase, (java.security.cert.Certificate[]) null), perms);
    AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] { domain });
    return acc;
}