Example 56 with AccessControlException
use of java.security.AccessControlException in project aries by apache.
the class ServiceRegistryContext method lookup.
public Object lookup(Name name) throws NamingException {
Object result;
OsgiName validName = convert(name);
String pathFragment = validName.getSchemePath();
String schemeName = validName.getScheme();
if (validName.hasInterface()) {
if (OsgiName.FRAMEWORK_PATH.equals(pathFragment) && "bundleContext".equals(validName.getServiceName())) {
AdminPermission adminPermission = new AdminPermission(callerContext.getBundle(), AdminPermission.CONTEXT);
try {
AccessController.checkPermission(adminPermission);
return callerContext;
} catch (AccessControlException accessControlException) {
NamingException namingException = new NameNotFoundException(MESSAGES.getMessage("caller.not.priviledged"));
namingException.setRootCause(accessControlException);
throw namingException;
}
} else if ((OsgiName.SERVICE_PATH.equals(pathFragment) && OsgiName.OSGI_SCHEME.equals(schemeName)) || (OsgiName.SERVICES_PATH.equals(pathFragment) && OsgiName.ARIES_SCHEME.equals(schemeName))) {
result = ServiceHelper.getService(callerContext, validName, null, true, env, OsgiName.OSGI_SCHEME.equals(schemeName));
} else if (OsgiName.SERVICE_LIST_PATH.equals(pathFragment)) {
result = new ServiceRegistryListContext(callerContext, env, validName);
} else {
result = null;
}
} else {
result = new ServiceRegistryContext(callerContext, validName, env);
}
if (result == null) {
throw new NameNotFoundException(name.toString());
}
return result;
}
Also used :
AdminPermission(org.osgi.framework.AdminPermission)
NameNotFoundException(javax.naming.NameNotFoundException)
AccessControlException(java.security.AccessControlException)
NamingException(javax.naming.NamingException)
Example 57 with AccessControlException
use of java.security.AccessControlException in project aries by apache.
the class Util method findContextClassloader.
private static ClassLoader findContextClassloader(Bundle consumerBundle, String className, String methodName, Class<?> clsArg) {
BaseActivator activator = BaseActivator.activator;
String requestedClass;
Map<Pair<Integer, String>, String> args;
if (ServiceLoader.class.getName().equals(className) && "load".equals(methodName)) {
requestedClass = clsArg.getName();
args = new HashMap<Pair<Integer, String>, String>();
args.put(new Pair<Integer, String>(0, Class.class.getName()), requestedClass);
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {
sm.checkPermission(new ServicePermission(requestedClass, ServicePermission.GET));
} catch (AccessControlException ace) {
// access denied
activator.log(LogService.LOG_INFO, "No permission to obtain service of type: " + requestedClass);
return null;
}
}
} else {
requestedClass = className;
// only supported on ServiceLoader.load() at the moment
args = null;
}
Collection<Bundle> bundles = new ArrayList<Bundle>(activator.findProviderBundles(requestedClass));
activator.log(LogService.LOG_DEBUG, "Found bundles providing " + requestedClass + ": " + bundles);
Collection<Bundle> allowedBundles = activator.findConsumerRestrictions(consumerBundle, className, methodName, args);
if (allowedBundles != null) {
for (Iterator<Bundle> it = bundles.iterator(); it.hasNext(); ) {
if (!allowedBundles.contains(it.next())) {
it.remove();
}
}
}
switch(bundles.size()) {
case 0:
return null;
case 1:
Bundle bundle = bundles.iterator().next();
return getBundleClassLoader(bundle);
default:
List<ClassLoader> loaders = new ArrayList<ClassLoader>();
for (Bundle b : bundles) {
loaders.add(getBundleClassLoader(b));
}
return new MultiDelegationClassloader(loaders.toArray(new ClassLoader[loaders.size()]));
}
}
Also used :
Bundle(org.osgi.framework.Bundle)
ArrayList(java.util.ArrayList)
AccessControlException(java.security.AccessControlException)
ServicePermission(org.osgi.framework.ServicePermission)
Example 58 with AccessControlException
use of java.security.AccessControlException in project jackrabbit by apache.
the class ImpersonateTest method testImpersonate.
/**
* Tests if <code>Session.impersonate(Credentials)</code> works properly
*/
public void testImpersonate() throws RepositoryException, NotExecutableException {
// impersonate to read-only user
Session session;
try {
session = superuser.impersonate(getHelper().getReadOnlyCredentials());
} catch (LoginException e) {
throw new NotExecutableException("impersonate threw LoginException");
}
try {
// get a path to test the permissions on
String thePath = "";
NodeIterator ni = session.getRootNode().getNodes();
while (ni.hasNext()) {
Node n = ni.nextNode();
if (!n.getPath().equals("/" + jcrSystem)) {
thePath = n.getPath();
break;
}
}
// check that all 4 permissions are granted/denied correctly
session.checkPermission(thePath, "read");
try {
session.checkPermission(thePath + "/" + nodeName1, "add_node");
fail("add_node permission on \"" + thePath + "/" + nodeName1 + "\" granted to read-only Session");
} catch (AccessControlException success) {
// ok
}
try {
session.checkPermission(thePath + "/" + propertyName1, "set_property");
fail("set_property permission on \"" + thePath + "/" + propertyName1 + "\" granted to read-only Session");
} catch (AccessControlException success) {
// ok
}
try {
session.checkPermission(thePath, "remove");
fail("remove permission on \"" + thePath + "\" granted to read-only Session");
} catch (AccessControlException success) {
// ok
}
} finally {
session.logout();
}
}
Also used :
NodeIterator(javax.jcr.NodeIterator)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
Node(javax.jcr.Node)
LoginException(javax.jcr.LoginException)
AccessControlException(java.security.AccessControlException)
Session(javax.jcr.Session)
Example 59 with AccessControlException
use of java.security.AccessControlException in project jackrabbit-oak by apache.
the class CugImporter method handlePropInfo.
//------------------------------------------< ProtectedPropertyImporter >---
@Override
public boolean handlePropInfo(@Nonnull Tree parent, @Nonnull PropInfo protectedPropInfo, @Nonnull PropertyDefinition def) throws RepositoryException {
if (CugUtil.definesCug(parent) && isValid(protectedPropInfo, def) && CugUtil.isSupportedPath(parent.getPath(), supportedPaths)) {
Set<String> principalNames = new HashSet<>();
for (TextValue txtValue : protectedPropInfo.getTextValues()) {
String principalName = txtValue.getString();
Principal principal = principalManager.getPrincipal(principalName);
if (principal == null) {
switch(importBehavior) {
case ImportBehavior.IGNORE:
log.debug("Ignoring unknown principal with name '" + principalName + "'.");
break;
case ImportBehavior.ABORT:
throw new AccessControlException("Unknown principal '" + principalName + "'.");
case ImportBehavior.BESTEFFORT:
log.debug("Importing unknown principal '" + principalName + '\'');
principalNames.add(principalName);
break;
default:
throw new IllegalArgumentException("Invalid import behavior " + importBehavior);
}
} else {
principalNames.add(principalName);
}
}
parent.setProperty(REP_PRINCIPAL_NAMES, principalNames, Type.STRINGS);
return true;
} else {
return false;
}
}
Also used :
TextValue(org.apache.jackrabbit.oak.spi.xml.TextValue)
AccessControlException(java.security.AccessControlException)
Principal(java.security.Principal)
HashSet(java.util.HashSet)
Example 60 with AccessControlException
use of java.security.AccessControlException in project jackrabbit-oak by apache.
the class QueryTest method testJoin.
public void testJoin() throws Exception {
// create a visible node /test/node1
// with an invisible child /test/node1/node2
// with an invisible child /test/node1/node2/node3
Node n = superuser.getNode(path);
Node visible = n.addNode(nodeName1, testNodeType);
allow(visible.getPath(), privilegesFromName(Privilege.JCR_READ));
Node invisible = visible.addNode(nodeName2, testNodeType);
Node invisible2 = invisible.addNode(nodeName3, testNodeType);
deny(invisible.getPath(), privilegesFromName(Privilege.JCR_READ));
deny(invisible2.getPath(), privilegesFromName(Privilege.JCR_READ));
superuser.save();
// test visibility
testSession.refresh(false);
testSession.checkPermission(visible.getPath(), Session.ACTION_READ);
try {
testSession.checkPermission(invisible.getPath(), Session.ACTION_READ);
fail();
} catch (AccessControlException e) {
// expected
}
Node x = testSession.getNode(visible.getPath());
ValueFactory vf = testSession.getValueFactory();
Query q;
QueryResult r;
NodeIterator ni;
// verify we can see the visible node
q = testSession.getWorkspace().getQueryManager().createQuery("select * from [nt:base] where [jcr:path]=$path", Query.JCR_SQL2);
q.bindValue("path", vf.createValue(visible.getPath()));
r = q.execute();
ni = r.getNodes();
assertTrue(ni.hasNext());
x = ni.nextNode();
assertTrue(x.getSession() == testSession);
// verify we cannot see the invisible node
q = testSession.getWorkspace().getQueryManager().createQuery("select * from [nt:base] where [jcr:path]=$path", Query.JCR_SQL2);
q.bindValue("path", vf.createValue(invisible.getPath()));
r = q.execute();
assertFalse(r.getNodes().hasNext());
// the superuser should see both nodes
q = superuser.getWorkspace().getQueryManager().createQuery("select a.* from [nt:base] as a " + "inner join [nt:base] as b on isdescendantnode(b, a) " + "where a.[jcr:path]=$path", Query.JCR_SQL2);
q.bindValue("path", vf.createValue(visible.getPath()));
r = q.execute();
assertTrue(r.getNodes().hasNext());
// but the testSession must not:
// verify we can not deduce existence of the invisible node
// using a join
q = testSession.getWorkspace().getQueryManager().createQuery("select a.* from [nt:base] as a " + "inner join [nt:base] as b on isdescendantnode(b, a) " + "where a.[jcr:path]=$path", Query.JCR_SQL2);
q.bindValue("path", vf.createValue(visible.getPath()));
r = q.execute();
assertFalse(r.getNodes().hasNext());
}
Also used :
NodeIterator(javax.jcr.NodeIterator)
QueryResult(javax.jcr.query.QueryResult)
Query(javax.jcr.query.Query)
Node(javax.jcr.Node)
AccessControlException(java.security.AccessControlException)
ValueFactory(javax.jcr.ValueFactory)
Aggregations
AccessControlException (java.security.AccessControlException)62
IOException (java.io.IOException)23
Test (org.junit.Test)12
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)9
ApplicationId (org.apache.hadoop.yarn.api.records.ApplicationId)8
YarnException (org.apache.hadoop.yarn.exceptions.YarnException)7
File (java.io.File)6
InputStream (java.io.InputStream)6
Permission (java.security.Permission)6
ApplicationNotFoundException (org.apache.hadoop.yarn.exceptions.ApplicationNotFoundException)5
UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)4
HashSet (java.util.HashSet)4
RMApp (org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)4
FileNotFoundException (java.io.FileNotFoundException)3
ArrayList (java.util.ArrayList)3
UnsafeCharArrayWriter (jetbrick.template.utils.UnsafeCharArrayWriter)3
FileSystem (org.apache.hadoop.fs.FileSystem)3
BufferedInputStream (java.io.BufferedInputStream)2
ByteArrayInputStream (java.io.ByteArrayInputStream)2
FileInputStream (java.io.FileInputStream)2
