Example 21 with AccessControlException
use of java.security.AccessControlException in project karaf by apache.
the class ShutdownSocketThread method run.
public void run() {
try {
while (true) {
// Wait for the next connection
Socket socket = null;
InputStream stream = null;
long acceptStartTime = System.currentTimeMillis();
try {
socket = shutdownSocket.accept();
// Ten seconds
socket.setSoTimeout(10 * 1000);
stream = socket.getInputStream();
} catch (SocketTimeoutException ste) {
// This should never happen but bug 3325 suggests that it does
LOG.log(Level.WARNING, "Karaf shutdown socket: " + "The socket listening for the shutdown command experienced " + "an unexpected timeout " + "[" + (System.currentTimeMillis() - acceptStartTime) + "] milliseconds " + "after the call to accept(). Is this an instance of bug 3325?", ste);
continue;
} catch (AccessControlException ace) {
LOG.log(Level.WARNING, "Karaf shutdown socket: security exception: " + ace.getMessage(), ace);
continue;
} catch (IOException e) {
LOG.log(Level.SEVERE, "Karaf shutdown socket: accept: ", e);
System.exit(1);
}
// Read a set of characters from the socket
StringBuilder command = new StringBuilder();
// Cut off to avoid DoS attack
int expected = 1024;
while (expected < shutdown.length()) {
if (random == null) {
random = new Random();
}
expected += (random.nextInt() % 1024);
}
while (expected > 0) {
int ch;
try {
ch = stream.read();
} catch (IOException e) {
LOG.log(Level.WARNING, "Karaf shutdown socket: read: ", e);
ch = -1;
}
if (ch < 32) {
// Control character or EOF terminates loop
break;
}
command.append((char) ch);
expected--;
}
// Close the socket now that we are done with it
try {
socket.close();
} catch (IOException e) {
// Ignore
}
// Match against our command string
boolean match = command.toString().equals(shutdown);
if (match) {
LOG.log(Level.INFO, "Karaf shutdown socket: received shutdown command. Stopping framework...");
framework.stop();
break;
} else {
if (!command.toString().isEmpty()) {
LOG.log(Level.WARNING, "Karaf shutdown socket: Invalid command '" + command.toString() + "' received");
}
}
}
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
shutdownSocket.close();
} catch (IOException e) {
// Ignore
}
}
}
Also used :
SocketTimeoutException(java.net.SocketTimeoutException)
Random(java.util.Random)
InputStream(java.io.InputStream)
AccessControlException(java.security.AccessControlException)
IOException(java.io.IOException)
ServerSocket(java.net.ServerSocket)
Socket(java.net.Socket)
SocketTimeoutException(java.net.SocketTimeoutException)
AccessControlException(java.security.AccessControlException)
IOException(java.io.IOException)
Example 22 with AccessControlException
use of java.security.AccessControlException in project jena by apache.
the class LocatorFile method open.
/** Open anything that looks a bit like a file name */
@Override
public TypedInputStream open(String filenameIRI) {
String fn = toFileName(filenameIRI);
if (fn == null)
return null;
try {
if (!exists$(fn)) {
if (StreamManager.logAllLookups && log.isTraceEnabled())
log.trace("Not found: " + filenameIRI + thisDirLogStr);
return null;
}
} catch (AccessControlException e) {
log.warn("Security problem testing for file", e);
return null;
}
try {
InputStream in = IO.openFileEx(fn);
if (StreamManager.logAllLookups && log.isTraceEnabled())
log.trace("Found: " + filenameIRI + thisDirLogStr);
ContentType ct = RDFLanguages.guessContentType(filenameIRI);
return new TypedInputStream(in, ct, filenameIRI);
} catch (IOException ioEx) {
// Includes FileNotFoundException
// We already tested whether the file exists or not.
log.warn("File unreadable (but exists): " + fn + " Exception: " + ioEx.getMessage());
return null;
}
}
Also used :
ContentType(org.apache.jena.atlas.web.ContentType)
TypedInputStream(org.apache.jena.atlas.web.TypedInputStream)
InputStream(java.io.InputStream)
AccessControlException(java.security.AccessControlException)
IOException(java.io.IOException)
TypedInputStream(org.apache.jena.atlas.web.TypedInputStream)
Example 23 with AccessControlException
use of java.security.AccessControlException in project wildfly by wildfly.
the class WritableServiceBasedNamingStoreTestCase method testPermissions.
/**
* Binds an entry and then do lookups with several permissions
* @throws Exception
*/
@Test
public void testPermissions() throws Exception {
final NamingContext namingContext = new NamingContext(store, null);
final String name = "a/b";
final Object value = new Object();
ArrayList<JndiPermission> permissions = new ArrayList<JndiPermission>();
// simple bind test, note that permission must have absolute path
WritableServiceBasedNamingStore.pushOwner(OWNER_FOO);
try {
permissions.add(new JndiPermission(store.getBaseName() + "/" + name, "bind,list,listBindings"));
store.bind(new CompositeName(name), value);
} finally {
WritableServiceBasedNamingStore.popOwner();
}
// all of these lookup should work
permissions.set(0, new JndiPermission(store.getBaseName() + "/" + name, JndiPermission.ACTION_LOOKUP));
assertEquals(value, testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name));
permissions.set(0, new JndiPermission(store.getBaseName() + "/-", JndiPermission.ACTION_LOOKUP));
assertEquals(value, testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name));
permissions.set(0, new JndiPermission(store.getBaseName() + "/a/*", JndiPermission.ACTION_LOOKUP));
assertEquals(value, testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name));
permissions.set(0, new JndiPermission(store.getBaseName() + "/a/-", JndiPermission.ACTION_LOOKUP));
assertEquals(value, testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name));
permissions.set(0, new JndiPermission("<<ALL BINDINGS>>", JndiPermission.ACTION_LOOKUP));
assertEquals(value, testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name));
permissions.set(0, new JndiPermission(store.getBaseName() + "/" + name, JndiPermission.ACTION_LOOKUP));
assertEquals(value, testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, store.getBaseName() + "/" + name));
NamingContext aNamingContext = (NamingContext) namingContext.lookup("a");
permissions.set(0, new JndiPermission(store.getBaseName() + "/" + name, JndiPermission.ACTION_LOOKUP));
assertEquals(value, testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, aNamingContext, "b"));
// this lookup should not work, no permission
try {
testActionWithPermission(JndiPermission.ACTION_LOOKUP, Collections.<JndiPermission>emptyList(), namingContext, name);
fail("Should have failed due to missing permission");
} catch (AccessControlException e) {
}
// a permission which only allows entries in store.getBaseName()
try {
permissions.set(0, new JndiPermission(store.getBaseName() + "/*", JndiPermission.ACTION_LOOKUP));
testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name);
fail("Should have failed due to missing permission");
} catch (AccessControlException e) {
}
// permissions which are not absolute paths (do not include store base name, i.e. java:)
try {
permissions.set(0, new JndiPermission(name, JndiPermission.ACTION_LOOKUP));
testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name);
fail("Should have failed due to missing permission");
} catch (AccessControlException e) {
}
if (!"java:".equals(store.getBaseName().toString())) {
try {
permissions.set(0, new JndiPermission("/" + name, JndiPermission.ACTION_LOOKUP));
testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name);
fail("Should have failed due to missing permission");
} catch (AccessControlException e) {
}
try {
permissions.set(0, new JndiPermission("/-", JndiPermission.ACTION_LOOKUP));
testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name);
fail("Should have failed due to missing permission");
} catch (AccessControlException e) {
}
}
}
Also used :
ArrayList(java.util.ArrayList)
CompositeName(javax.naming.CompositeName)
AccessControlException(java.security.AccessControlException)
JndiPermission(org.wildfly.naming.java.permission.JndiPermission)
Test(org.junit.Test)
Example 24 with AccessControlException
use of java.security.AccessControlException in project sling by apache.
the class SlingRequestProcessorImpl method doProcessRequest.
/**
* This method is directly called by the Sling main servlet.
*/
public void doProcessRequest(final HttpServletRequest servletRequest, final HttpServletResponse servletResponse, final ResourceResolver resourceResolver) throws IOException {
// setting the Sling request and response
final RequestData requestData = new RequestData(this, servletRequest, servletResponse);
final SlingHttpServletRequest request = requestData.getSlingRequest();
final SlingHttpServletResponse response = requestData.getSlingResponse();
// record the request for the web console display
RequestHistoryConsolePlugin.recordRequest(request);
try {
final ServletResolver sr = this.servletResolver;
// check that we have all required services
if (resourceResolver == null) {
throw new UnavailableException("ResourceResolver");
} else if (sr == null) {
throw new UnavailableException("ServletResolver");
}
// initialize the request data - resolve resource and servlet
Resource resource = requestData.initResource(resourceResolver);
requestData.initServlet(resource, sr);
FilterHandle[] filters = filterManager.getFilters(FilterChainType.REQUEST);
if (filters != null) {
FilterChain processor = new RequestSlingFilterChain(this, filters);
request.getRequestProgressTracker().log("Applying " + FilterChainType.REQUEST + "filters");
processor.doFilter(request, response);
} else {
// no filters, directly call resource level filters and servlet
processComponent(request, response, FilterChainType.COMPONENT);
}
} catch (final SlingHttpServletResponseImpl.WriterAlreadyClosedException wace) {
log.error("Writer has already been closed.", wace);
} catch (ResourceNotFoundException rnfe) {
// send this exception as a 404 status
log.info("service: Resource {} not found", rnfe.getResource());
handleError(HttpServletResponse.SC_NOT_FOUND, rnfe.getMessage(), request, response);
} catch (final SlingException se) {
// we assume, that this is the name of the causing servlet
if (requestData.getActiveServletName() != null) {
request.setAttribute(ERROR_SERVLET_NAME, requestData.getActiveServletName());
}
// send this exception as is (albeit unwrapping and wrapped
// exception.
Throwable t = se;
while (t instanceof SlingException && t.getCause() != null) {
t = t.getCause();
}
log.error("service: Uncaught SlingException", t);
handleError(t, request, response);
} catch (AccessControlException ace) {
// SLING-319 if anything goes wrong, send 403/FORBIDDEN
log.info("service: Authenticated user {} does not have enough rights to executed requested action", request.getRemoteUser());
handleError(HttpServletResponse.SC_FORBIDDEN, null, request, response);
} catch (UnavailableException ue) {
// exception is thrown before the SlingHttpServletRequest/Response
// is properly set up due to missing dependencies. In this case
// we must not use the Sling error handling infrastructure but
// just return a 503 status response handled by the servlet
// container environment
final int status = HttpServletResponse.SC_SERVICE_UNAVAILABLE;
final String errorMessage = ue.getMessage() + " service missing, cannot service requests";
log.error("{} , sending status {}", errorMessage, status);
servletResponse.sendError(status, errorMessage);
} catch (IOException ioe) {
// forward IOException up the call chain to properly handle it
throw ioe;
} catch (Throwable t) {
// we assume, that this is the name of the causing servlet
if (requestData.getActiveServletName() != null) {
request.setAttribute(ERROR_SERVLET_NAME, requestData.getActiveServletName());
}
log.error("service: Uncaught Throwable", t);
handleError(t, request, response);
} finally {
if (mbean != null) {
mbean.addRequestData(requestData);
}
}
}
Also used :
SlingHttpServletResponse(org.apache.sling.api.SlingHttpServletResponse)
FilterHandle(org.apache.sling.engine.impl.filter.FilterHandle)
RequestSlingFilterChain(org.apache.sling.engine.impl.filter.RequestSlingFilterChain)
SlingComponentFilterChain(org.apache.sling.engine.impl.filter.SlingComponentFilterChain)
FilterChain(javax.servlet.FilterChain)
AbstractSlingFilterChain(org.apache.sling.engine.impl.filter.AbstractSlingFilterChain)
UnavailableException(javax.servlet.UnavailableException)
Resource(org.apache.sling.api.resource.Resource)
AccessControlException(java.security.AccessControlException)
IOException(java.io.IOException)
SlingHttpServletRequest(org.apache.sling.api.SlingHttpServletRequest)
RequestSlingFilterChain(org.apache.sling.engine.impl.filter.RequestSlingFilterChain)
ServletResolver(org.apache.sling.api.servlets.ServletResolver)
RequestData(org.apache.sling.engine.impl.request.RequestData)
SlingException(org.apache.sling.api.SlingException)
ResourceNotFoundException(org.apache.sling.api.resource.ResourceNotFoundException)
Example 25 with AccessControlException
use of java.security.AccessControlException in project spring-framework by spring-projects.
the class ApplicationContextExpressionTests method systemPropertiesSecurityManager.
@Test
public void systemPropertiesSecurityManager() {
GenericApplicationContext ac = new GenericApplicationContext();
AnnotationConfigUtils.registerAnnotationConfigProcessors(ac);
GenericBeanDefinition bd = new GenericBeanDefinition();
bd.setBeanClass(TestBean.class);
bd.getPropertyValues().add("country", "#{systemProperties.country}");
ac.registerBeanDefinition("tb", bd);
SecurityManager oldSecurityManager = System.getSecurityManager();
try {
System.setProperty("country", "NL");
SecurityManager securityManager = new SecurityManager() {
@Override
public void checkPropertiesAccess() {
throw new AccessControlException("Not Allowed");
}
@Override
public void checkPermission(Permission perm) {
// allow everything else
}
};
System.setSecurityManager(securityManager);
ac.refresh();
TestBean tb = ac.getBean("tb", TestBean.class);
assertEquals("NL", tb.getCountry());
} finally {
System.setSecurityManager(oldSecurityManager);
System.getProperties().remove("country");
}
}
Also used :
GenericBeanDefinition(org.springframework.beans.factory.support.GenericBeanDefinition)
GenericApplicationContext(org.springframework.context.support.GenericApplicationContext)
TestBean(org.springframework.tests.sample.beans.TestBean)
Permission(java.security.Permission)
AccessControlException(java.security.AccessControlException)
Test(org.junit.Test)
Aggregations
AccessControlException (java.security.AccessControlException)69
IOException (java.io.IOException)24
Test (org.junit.Test)12
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)10
Permission (java.security.Permission)8
ApplicationId (org.apache.hadoop.yarn.api.records.ApplicationId)8
InputStream (java.io.InputStream)7
YarnException (org.apache.hadoop.yarn.exceptions.YarnException)7
File (java.io.File)5
PropertyPermission (java.util.PropertyPermission)5
ApplicationNotFoundException (org.apache.hadoop.yarn.exceptions.ApplicationNotFoundException)5
FileNotFoundException (java.io.FileNotFoundException)4
UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)4
HashSet (java.util.HashSet)4
RMApp (org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)4
ServerSocket (java.net.ServerSocket)3
Socket (java.net.Socket)3
URISyntaxException (java.net.URISyntaxException)3
UnsafeCharArrayWriter (jetbrick.template.utils.UnsafeCharArrayWriter)3
FileSystem (org.apache.hadoop.fs.FileSystem)3
