Example 51 with AccessControlException
use of java.security.AccessControlException in project wildfly by wildfly.
the class DenyModulePermissionsTestCase method testReadJavaHome.
/**
* Test which reads a system property.
*/
@Test
public void testReadJavaHome() {
try {
CheckJSMUtils.getSystemProperty("java.home");
fail("Access should be denied");
} catch (AccessControlException e) {
Permission expectedPerm = new PropertyPermission("java.home", "read");
assertEquals("Permission type doesn't match", expectedPerm, e.getPermission());
}
}
Also used :
PropertyPermission(java.util.PropertyPermission)
PropertyPermission(java.util.PropertyPermission)
Permission(java.security.Permission)
AccessControlException(java.security.AccessControlException)
Test(org.junit.Test)
Example 52 with AccessControlException
use of java.security.AccessControlException in project jdk8u_jdk by JetBrains.
the class MarshalInputStream method resolveClass.
/**
* resolveClass is extended to acquire (if present) the location
* from which to load the specified class.
* It will find, load, and return the class.
*/
protected Class<?> resolveClass(ObjectStreamClass classDesc) throws IOException, ClassNotFoundException {
/*
* Always read annotation written by MarshalOutputStream
* describing where to load class from.
*/
Object annotation = readLocation();
String className = classDesc.getName();
/*
* Unless we were told to skip this consideration, choose the
* "default loader" to simulate the default ObjectInputStream
* resolveClass mechanism (that is, choose the first non-null
* loader on the execution stack) to maximize the likelihood of
* type compatibility with calling code. (This consideration
* is skipped during server parameter unmarshalling using the 1.2
* stub protocol, because there would never be a non-null class
* loader on the stack in that situation anyway.)
*/
ClassLoader defaultLoader = skipDefaultResolveClass ? null : latestUserDefinedLoader();
/*
* If the "java.rmi.server.useCodebaseOnly" property was true or
* useCodebaseOnly() was called or the annotation is not a String,
* load from the local loader using the "java.rmi.server.codebase"
* URL. Otherwise, load from a loader using the codebase URL in
* the annotation.
*/
String codebase = null;
if (!useCodebaseOnly && annotation instanceof String) {
codebase = (String) annotation;
}
try {
return RMIClassLoader.loadClass(codebase, className, defaultLoader);
} catch (AccessControlException e) {
return checkSunClass(className, e);
} catch (ClassNotFoundException e) {
/*
* Fix for 4442373: delegate to ObjectInputStream.resolveClass()
* to resolve primitive classes.
*/
try {
if (Character.isLowerCase(className.charAt(0)) && className.indexOf('.') == -1) {
return super.resolveClass(classDesc);
}
} catch (ClassNotFoundException e2) {
}
throw e;
}
}
Also used :
RMIClassLoader(java.rmi.server.RMIClassLoader)
AccessControlException(java.security.AccessControlException)
Example 53 with AccessControlException
use of java.security.AccessControlException in project jdk8u_jdk by JetBrains.
the class FilterWithSecurityManagerTest method testSpecificFilter.
/**
* Test that setting specific filter is checked by security manager.
*/
@Test(dependsOnMethods = { "testGlobalFilter" })
public void testSpecificFilter() throws Exception {
try (ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
ObjectInputStream ois = new ObjectInputStream(bais)) {
ObjectInputFilter.Config.setObjectInputFilter(ois, filter);
Object o = ois.readObject();
} catch (AccessControlException ex) {
assertTrue(setSecurityManager);
assertTrue(ex.getMessage().contains("java.io.SerializablePermission"));
assertTrue(ex.getMessage().contains("serialFilter"));
}
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
AccessControlException(java.security.AccessControlException)
ObjectInputStream(java.io.ObjectInputStream)
Test(org.testng.annotations.Test)
Example 54 with AccessControlException
use of java.security.AccessControlException in project jdk8u_jdk by JetBrains.
the class TestSetResourceBundle method testPermission.
/**
* Test the LoggingPermission("control") is required.
* @param loggerName The logger to use.
*/
public static void testPermission(String loggerName) {
if (System.getSecurityManager() != null) {
throw new Error("Security manager is already set");
}
Policy.setPolicy(new SimplePolicy(TestCase.PERMISSION));
System.setSecurityManager(new SecurityManager());
final ResourceBundle bundle = ResourceBundle.getBundle(LIST_BUNDLE_NAME);
Logger foobar = Logger.getLogger(loggerName);
try {
foobar.setResourceBundle(bundle);
throw new RuntimeException("Permission not checked!");
} catch (AccessControlException x) {
if (x.getPermission() instanceof LoggingPermission) {
if ("control".equals(x.getPermission().getName())) {
System.out.println("Got expected exception: " + x);
return;
}
}
throw new RuntimeException("Unexpected exception: " + x, x);
}
}
Also used :
LoggingPermission(java.util.logging.LoggingPermission)
AccessControlException(java.security.AccessControlException)
ResourceBundle(java.util.ResourceBundle)
Logger(java.util.logging.Logger)
Example 55 with AccessControlException
use of java.security.AccessControlException in project aries by apache.
the class AuthorizationInterceptor method preCall.
public Object preCall(ComponentMetadata cm, Method m, Object... parameters) throws Throwable {
Annotation ann = new SecurityAnotationParser().getEffectiveAnnotation(beanClass, m);
if (ann instanceof PermitAll) {
return null;
}
// Also applies for @DenyAll
String[] rolesAr = new String[] {};
if (ann instanceof RolesAllowed) {
rolesAr = ((RolesAllowed) ann).value();
}
Set<String> roles = new HashSet<String>(Arrays.asList(rolesAr));
AccessControlContext acc = AccessController.getContext();
Subject subject = Subject.getSubject(acc);
if (subject == null) {
throw new AccessControlException("Method call " + m.getDeclaringClass() + "." + m.getName() + " denied. No JAAS login present");
}
Set<Principal> principals = subject.getPrincipals();
for (Principal principal : principals) {
if (roles.contains(principal.getName())) {
LOGGER.debug("Granting access to Method: {} for {}.", m, principal);
return null;
}
}
String msg = String.format("Method call %s.%s denied. Roles allowed are %s. Your principals are %s.", m.getDeclaringClass(), m.getName(), roles, getNames(principals));
throw new AccessControlException(msg);
}
Also used :
AccessControlException(java.security.AccessControlException)
Annotation(java.lang.annotation.Annotation)
Subject(javax.security.auth.Subject)
RolesAllowed(javax.annotation.security.RolesAllowed)
AccessControlContext(java.security.AccessControlContext)
PermitAll(javax.annotation.security.PermitAll)
Principal(java.security.Principal)
HashSet(java.util.HashSet)
Aggregations
AccessControlException (java.security.AccessControlException)62
IOException (java.io.IOException)23
Test (org.junit.Test)12
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)9
ApplicationId (org.apache.hadoop.yarn.api.records.ApplicationId)8
YarnException (org.apache.hadoop.yarn.exceptions.YarnException)7
File (java.io.File)6
InputStream (java.io.InputStream)6
Permission (java.security.Permission)6
ApplicationNotFoundException (org.apache.hadoop.yarn.exceptions.ApplicationNotFoundException)5
UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)4
HashSet (java.util.HashSet)4
RMApp (org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)4
FileNotFoundException (java.io.FileNotFoundException)3
ArrayList (java.util.ArrayList)3
UnsafeCharArrayWriter (jetbrick.template.utils.UnsafeCharArrayWriter)3
FileSystem (org.apache.hadoop.fs.FileSystem)3
BufferedInputStream (java.io.BufferedInputStream)2
ByteArrayInputStream (java.io.ByteArrayInputStream)2
FileInputStream (java.io.FileInputStream)2
