use of java.nio.file.attribute.AclEntry in project java-chassis by ServiceComb.
the class FortifyUtils method getDefaultFileAttributes.
public static FileAttribute<?> getDefaultFileAttributes(String filePath) {
Path file = new File(filePath).toPath();
if (isPosix()) {
return PosixFilePermissions.asFileAttribute(FilePerm.getDefaultPosixPerm());
} else {
// for not posix must support ACL, or failed.
String userName = System.getProperty("user.name");
UserPrincipal user = null;
try {
user = file.getFileSystem().getUserPrincipalLookupService().lookupPrincipalByName(userName);
} catch (IOException e) {
throw new RuntimeException("Unknown user error.");
}
final AclEntry entry = AclEntry.newBuilder().setType(AclEntryType.ALLOW).setPrincipal(user).setPermissions(FilePerm.getDefaultAclPerm()).setFlags(new AclEntryFlag[] { AclEntryFlag.FILE_INHERIT, AclEntryFlag.DIRECTORY_INHERIT }).build();
return new FileAttribute<List<AclEntry>>() {
public String name() {
return "acl:acl";
}
/* Windows ACL */
//public Object value() { ArrayList l = new ArrayList(); l.add(entry); return l; }
public List<AclEntry> value() {
ArrayList<AclEntry> l = new ArrayList<AclEntry>();
l.add(entry);
return l;
}
};
}
}
use of java.nio.file.attribute.AclEntry in project derby by apache.
the class FileUtil method limitAccessToOwnerViaFileAttributeView.
/**
* Limit access to owner using a
* {@code java.nio.file.attribute.FileAttributeView}.
* Such views are only available on Java 7 and higher, and only on
* file systems that support changing file permissions. Currently,
* this is supported on POSIX file systems and file systems that
* maintain access control lists (ACLs).
*
* @param file the file to limit access to
* @return {@code true} on success, or {@code false} if some of the
* permissions could not be changed
*/
private static boolean limitAccessToOwnerViaFileAttributeView(File file) throws IOException {
Path fileP = file.toPath();
PosixFileAttributeView posixView = Files.getFileAttributeView(fileP, PosixFileAttributeView.class);
if (posixView != null) {
// This is a POSIX file system. Usually,
// FileUtil.limitAccessToOwnerViaFile() will successfully set
// the permissions on such file systems using the java.io.File
// class, so we don't get here. If, however, that approach failed,
// we try again here using a PosixFileAttributeView. That's likely
// to fail too, but at least now we will get an IOException that
// explains why it failed.
EnumSet<PosixFilePermission> perms = EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE);
if (file.isDirectory()) {
perms.add(PosixFilePermission.OWNER_EXECUTE);
}
posixView.setPermissions(perms);
return true;
}
AclFileAttributeView aclView = Files.getFileAttributeView(fileP, AclFileAttributeView.class);
if (aclView != null) {
// Since we have an AclFileAttributeView which is not a
// PosixFileAttributeView, we probably have an NTFS file
// system.
// Remove existing ACEs, build a new one which simply
// gives all possible permissions to current owner.
AclEntry ace = AclEntry.newBuilder().setPrincipal(Files.getOwner(fileP)).setType(AclEntryType.ALLOW).setPermissions(EnumSet.allOf(AclEntryPermission.class)).build();
aclView.setAcl(Collections.singletonList(ace));
return true;
}
// We don't know how to set permissions on this file system.
return false;
}
use of java.nio.file.attribute.AclEntry in project keycloak by keycloak.
the class IoUtil method setWindowsPermissions.
private static void setWindowsPermissions(Path path) throws IOException {
AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class);
UserPrincipal owner = view.getOwner();
List<AclEntry> acl = view.getAcl();
ListIterator<AclEntry> it = acl.listIterator();
while (it.hasNext()) {
AclEntry entry = it.next();
if ("BUILTIN\\Administrators".equals(entry.principal().getName()) || "NT AUTHORITY\\SYSTEM".equals(entry.principal().getName())) {
continue;
}
it.remove();
}
AclEntry entry = AclEntry.newBuilder().setType(AclEntryType.ALLOW).setPrincipal(owner).setPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.WRITE_DATA, AclEntryPermission.APPEND_DATA, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.WRITE_NAMED_ATTRS, AclEntryPermission.EXECUTE, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.WRITE_ATTRIBUTES, AclEntryPermission.DELETE, AclEntryPermission.READ_ACL, AclEntryPermission.SYNCHRONIZE).build();
acl.add(entry);
view.setAcl(acl);
}
use of java.nio.file.attribute.AclEntry in project keycloak by keycloak.
the class IoUtil method setWindowsPermissions.
private static void setWindowsPermissions(Path path) throws IOException {
AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class);
UserPrincipal owner = view.getOwner();
List<AclEntry> acl = view.getAcl();
ListIterator<AclEntry> it = acl.listIterator();
while (it.hasNext()) {
AclEntry entry = it.next();
if ("BUILTIN\\Administrators".equals(entry.principal().getName()) || "NT AUTHORITY\\SYSTEM".equals(entry.principal().getName())) {
continue;
}
it.remove();
}
AclEntry entry = AclEntry.newBuilder().setType(AclEntryType.ALLOW).setPrincipal(owner).setPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.WRITE_DATA, AclEntryPermission.APPEND_DATA, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.WRITE_NAMED_ATTRS, AclEntryPermission.EXECUTE, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.WRITE_ATTRIBUTES, AclEntryPermission.DELETE, AclEntryPermission.READ_ACL, AclEntryPermission.SYNCHRONIZE).build();
acl.add(entry);
view.setAcl(acl);
}
use of java.nio.file.attribute.AclEntry in project che by eclipse.
the class WindowsSshScript method protectPrivateKeyFile.
@Override
protected void protectPrivateKeyFile(File sshKey) throws ServerException {
try {
AclFileAttributeView attributes = Files.getFileAttributeView(sshKey.toPath(), AclFileAttributeView.class);
AclEntry.Builder builder = AclEntry.newBuilder();
builder.setType(ALLOW);
String ownerName = System.getProperty(OWNER_NAME_PROPERTY);
UserPrincipal userPrincipal = FileSystems.getDefault().getUserPrincipalLookupService().lookupPrincipalByName(ownerName);
builder.setPrincipal(userPrincipal);
builder.setPermissions(READ_DATA, APPEND_DATA, READ_NAMED_ATTRS, READ_ATTRIBUTES, DELETE, READ_ACL, SYNCHRONIZE);
AclEntry entry = builder.build();
List<AclEntry> aclEntryList = new ArrayList<>();
aclEntryList.add(entry);
attributes.setAcl(aclEntryList);
} catch (IOException e) {
throw new ServerException("Failed to set file permissions");
}
}
Aggregations