Example 16 with SocketPermission
use of java.net.SocketPermission in project jdk8u_jdk by JetBrains.
the class SecurityManager method checkMulticast.
/**
* Throws a <code>SecurityException</code> if the
* calling thread is not allowed to use
* (join/leave/send/receive) IP multicast.
* <p>
* This method calls <code>checkPermission</code> with the
* <code>java.net.SocketPermission(maddr.getHostAddress(),
* "accept,connect")</code> permission.
* <p>
* If you override this method, then you should make a call to
* <code>super.checkMulticast</code>
* at the point the overridden method would normally throw an
* exception.
*
* @param maddr Internet group address to be used.
* @exception SecurityException if the calling thread is not allowed to
* use (join/leave/send/receive) IP multicast.
* @exception NullPointerException if the address argument is
* <code>null</code>.
* @since JDK1.1
* @see #checkPermission(java.security.Permission) checkPermission
*/
public void checkMulticast(InetAddress maddr) {
String host = maddr.getHostAddress();
if (!host.startsWith("[") && host.indexOf(':') != -1) {
host = "[" + host + "]";
}
checkPermission(new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
}
Also used :
SocketPermission(java.net.SocketPermission)
Example 17 with SocketPermission
use of java.net.SocketPermission in project jdk8u_jdk by JetBrains.
the class EmptyInputStream method getInputStream.
@Override
public synchronized InputStream getInputStream() throws IOException {
connecting = true;
SocketPermission p = URLtoSocketPermission(this.url);
if (p != null) {
try {
return AccessController.doPrivilegedWithCombiner(new PrivilegedExceptionAction<InputStream>() {
public InputStream run() throws IOException {
return getInputStream0();
}
}, null, p);
} catch (PrivilegedActionException e) {
throw (IOException) e.getException();
}
} else {
return getInputStream0();
}
}
Also used :
PrivilegedActionException(java.security.PrivilegedActionException)
ChunkedInputStream(sun.net.www.http.ChunkedInputStream)
SocketPermission(java.net.SocketPermission)
Example 18 with SocketPermission
use of java.net.SocketPermission in project jdk8u_jdk by JetBrains.
the class EmptyInputStream method getOutputStream.
/*
* Allowable input/output sequences:
* [interpreted as request entity]
* - get output, [write output,] get input, [read input]
* - get output, [write output]
* [interpreted as GET]
* - get input, [read input]
* Disallowed:
* - get input, [read input,] get output, [write output]
*/
@Override
public synchronized OutputStream getOutputStream() throws IOException {
connecting = true;
SocketPermission p = URLtoSocketPermission(this.url);
if (p != null) {
try {
return AccessController.doPrivilegedWithCombiner(new PrivilegedExceptionAction<OutputStream>() {
public OutputStream run() throws IOException {
return getOutputStream0();
}
}, null, p);
} catch (PrivilegedActionException e) {
throw (IOException) e.getException();
}
} else {
return getOutputStream0();
}
}
Also used :
PrivilegedActionException(java.security.PrivilegedActionException)
SocketPermission(java.net.SocketPermission)
ChunkedOutputStream(sun.net.www.http.ChunkedOutputStream)
PosterOutputStream(sun.net.www.http.PosterOutputStream)
Example 19 with SocketPermission
use of java.net.SocketPermission in project jdk8u_jdk by JetBrains.
the class LoaderHandler method addPermissionsForURLs.
/**
* Adds to the specified permission collection the permissions
* necessary to load classes from a loader with the specified URL
* path; if "forLoader" is true, also adds URL-specific
* permissions necessary for the security context that such a
* loader operates within, such as permissions necessary for
* granting automatic permissions to classes defined by the
* loader. A given permission is only added to the collection if
* it is not already implied by the collection.
*/
private static void addPermissionsForURLs(URL[] urls, PermissionCollection perms, boolean forLoader) {
for (int i = 0; i < urls.length; i++) {
URL url = urls[i];
try {
URLConnection urlConnection = url.openConnection();
Permission p = urlConnection.getPermission();
if (p != null) {
if (p instanceof FilePermission) {
/*
* If the codebase is a file, the permission required
* to actually read classes from the codebase URL is
* the permission to read all files beneath the last
* directory in the file path, either because JAR
* files can refer to other JAR files in the same
* directory, or because permission to read a
* directory is not implied by permission to read the
* contents of a directory, which all that might be
* granted.
*/
String path = p.getName();
int endIndex = path.lastIndexOf(File.separatorChar);
if (endIndex != -1) {
path = path.substring(0, endIndex + 1);
if (path.endsWith(File.separator)) {
path += "-";
}
Permission p2 = new FilePermission(path, "read");
if (!perms.implies(p2)) {
perms.add(p2);
}
perms.add(new FilePermission(path, "read"));
} else {
/*
* No directory separator: use permission to
* read the file.
*/
if (!perms.implies(p)) {
perms.add(p);
}
}
} else {
if (!perms.implies(p)) {
perms.add(p);
}
/*
* If the purpose of these permissions is to grant
* them to an instance of a URLClassLoader subclass,
* we must add permission to connect to and accept
* from the host of non-"file:" URLs, otherwise the
* getPermissions() method of URLClassLoader will
* throw a security exception.
*/
if (forLoader) {
// get URL with meaningful host component
URL hostURL = url;
for (URLConnection conn = urlConnection; conn instanceof JarURLConnection; ) {
hostURL = ((JarURLConnection) conn).getJarFileURL();
conn = hostURL.openConnection();
}
String host = hostURL.getHost();
if (host != null && p.implies(new SocketPermission(host, "resolve"))) {
Permission p2 = new SocketPermission(host, "connect,accept");
if (!perms.implies(p2)) {
perms.add(p2);
}
}
}
}
}
} catch (IOException e) {
/*
* This shouldn't happen, although it is declared to be
* thrown by openConnection() and getPermission(). If it
* does, don't bother granting or requiring any permissions
* for this URL.
*/
}
}
}
Also used :
JarURLConnection(java.net.JarURLConnection)
SocketPermission(java.net.SocketPermission)
FilePermission(java.io.FilePermission)
SocketPermission(java.net.SocketPermission)
Permission(java.security.Permission)
IOException(java.io.IOException)
FilePermission(java.io.FilePermission)
URL(java.net.URL)
URLConnection(java.net.URLConnection)
JarURLConnection(java.net.JarURLConnection)
Example 20 with SocketPermission
use of java.net.SocketPermission in project elasticsearch by elastic.
the class ESPolicyUnitTests method testListen.
public void testListen() {
assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
final PermissionCollection noPermissions = new Permissions();
final ESPolicy policy = new ESPolicy(noPermissions, Collections.emptyMap(), true);
assertFalse(policy.implies(new ProtectionDomain(ESPolicyUnitTests.class.getProtectionDomain().getCodeSource(), noPermissions), new SocketPermission("localhost:" + randomFrom(0, randomIntBetween(49152, 65535)), "listen")));
}
Also used :
PermissionCollection(java.security.PermissionCollection)
ProtectionDomain(java.security.ProtectionDomain)
SocketPermission(java.net.SocketPermission)
Permissions(java.security.Permissions)
Aggregations
SocketPermission (java.net.SocketPermission)45
Deployment (org.jboss.arquillian.container.test.api.Deployment)13
WebArchive (org.jboss.shrinkwrap.api.spec.WebArchive)10
AccessControlContext (java.security.AccessControlContext)9
PropertyPermission (java.util.PropertyPermission)9
FilePermission (java.io.FilePermission)8
Test (org.testng.annotations.Test)8
StringAsset (org.jboss.shrinkwrap.api.asset.StringAsset)7
URL (java.net.URL)6
IOException (java.io.IOException)5
DatagramSocket (java.net.DatagramSocket)5
InetAddress (java.net.InetAddress)4
InetSocketAddress (java.net.InetSocketAddress)4
MulticastSocket (java.net.MulticastSocket)4
ServerSocket (java.net.ServerSocket)3
Permissions (java.security.Permissions)3
PrivilegedActionException (java.security.PrivilegedActionException)3
Properties (java.util.Properties)3
JavaArchive (org.jboss.shrinkwrap.api.spec.JavaArchive)3
File (java.io.File)2
