Example 26 with AccessControlException
use of java.security.AccessControlException in project wildfly by wildfly.
the class WritableServiceBasedNamingStoreTestCase method testPermissions.
/**
* Binds an entry and then do lookups with several permissions
* @throws Exception
*/
@Test
public void testPermissions() throws Exception {
final NamingContext namingContext = new NamingContext(store, null);
final String name = "a/b";
final Object value = new Object();
ArrayList<JndiPermission> permissions = new ArrayList<JndiPermission>();
// simple bind test, note that permission must have absolute path
WritableServiceBasedNamingStore.pushOwner(OWNER_FOO);
try {
permissions.add(new JndiPermission(store.getBaseName() + "/" + name, "bind,list,listBindings"));
store.bind(new CompositeName(name), value);
} finally {
WritableServiceBasedNamingStore.popOwner();
}
// all of these lookup should work
permissions.set(0, new JndiPermission(store.getBaseName() + "/" + name, JndiPermission.ACTION_LOOKUP));
assertEquals(value, testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name));
permissions.set(0, new JndiPermission(store.getBaseName() + "/-", JndiPermission.ACTION_LOOKUP));
assertEquals(value, testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name));
permissions.set(0, new JndiPermission(store.getBaseName() + "/a/*", JndiPermission.ACTION_LOOKUP));
assertEquals(value, testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name));
permissions.set(0, new JndiPermission(store.getBaseName() + "/a/-", JndiPermission.ACTION_LOOKUP));
assertEquals(value, testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name));
permissions.set(0, new JndiPermission("<<ALL BINDINGS>>", JndiPermission.ACTION_LOOKUP));
assertEquals(value, testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name));
permissions.set(0, new JndiPermission(store.getBaseName() + "/" + name, JndiPermission.ACTION_LOOKUP));
assertEquals(value, testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, store.getBaseName() + "/" + name));
NamingContext aNamingContext = (NamingContext) namingContext.lookup("a");
permissions.set(0, new JndiPermission(store.getBaseName() + "/" + name, JndiPermission.ACTION_LOOKUP));
assertEquals(value, testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, aNamingContext, "b"));
// this lookup should not work, no permission
try {
testActionWithPermission(JndiPermission.ACTION_LOOKUP, Collections.<JndiPermission>emptyList(), namingContext, name);
fail("Should have failed due to missing permission");
} catch (AccessControlException e) {
}
// a permission which only allows entries in store.getBaseName()
try {
permissions.set(0, new JndiPermission(store.getBaseName() + "/*", JndiPermission.ACTION_LOOKUP));
testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name);
fail("Should have failed due to missing permission");
} catch (AccessControlException e) {
}
// permissions which are not absolute paths (do not include store base name, i.e. java:)
try {
permissions.set(0, new JndiPermission(name, JndiPermission.ACTION_LOOKUP));
testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name);
fail("Should have failed due to missing permission");
} catch (AccessControlException e) {
}
if (!"java:".equals(store.getBaseName().toString())) {
try {
permissions.set(0, new JndiPermission("/" + name, JndiPermission.ACTION_LOOKUP));
testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name);
fail("Should have failed due to missing permission");
} catch (AccessControlException e) {
}
try {
permissions.set(0, new JndiPermission("/-", JndiPermission.ACTION_LOOKUP));
testActionWithPermission(JndiPermission.ACTION_LOOKUP, permissions, namingContext, name);
fail("Should have failed due to missing permission");
} catch (AccessControlException e) {
}
}
}
Also used :
ArrayList(java.util.ArrayList)
CompositeName(javax.naming.CompositeName)
AccessControlException(java.security.AccessControlException)
JndiPermission(org.wildfly.naming.java.permission.JndiPermission)
Test(org.junit.Test)
Example 27 with AccessControlException
use of java.security.AccessControlException in project wildfly by wildfly.
the class EarModulesPPTestCase method checkPropertyEjb.
/**
* Checks access to a system property on the server using EJB.
*
* @param moduleName
* @param propertyName
* @param exceptionExpected
* @param expectedValue
* @throws Exception
*/
private void checkPropertyEjb(final String moduleName, final String propertyName, final boolean exceptionExpected, final String expectedValue) throws Exception {
LOGGER.debug("Checking if '" + propertyName + "' property is available");
ReadSystemPropertyRemote bean = lookupEjb(moduleName, EJBAPP_BASE_NAME + moduleName, ReadSystemPropertyBean.class.getSimpleName(), ReadSystemPropertyRemote.class);
assertNotNull(bean);
Exception ex = null;
String propertyValue = null;
try {
propertyValue = bean.readSystemProperty(propertyName);
} catch (Exception e) {
ex = e;
}
if (ex instanceof EJBException && ex.getCause() instanceof AccessControlException) {
assertTrue("AccessControlException came, but it was not expected", exceptionExpected);
} else if (ex != null) {
throw ex;
} else if (exceptionExpected) {
fail("AccessControlException was expected");
}
if (ex == null && expectedValue != null) {
assertEquals("System property value doesn't match the expected one.", expectedValue, propertyValue);
}
}
Also used :
ReadSystemPropertyRemote(org.jboss.as.testsuite.integration.secman.ejbs.ReadSystemPropertyRemote)
ReadSystemPropertyBean(org.jboss.as.testsuite.integration.secman.ejbs.ReadSystemPropertyBean)
AccessControlException(java.security.AccessControlException)
EJBException(javax.ejb.EJBException)
NamingException(javax.naming.NamingException)
EJBException(javax.ejb.EJBException)
AccessControlException(java.security.AccessControlException)
Example 28 with AccessControlException
use of java.security.AccessControlException in project wildfly by wildfly.
the class LimitedModulePermissionsTestCase method testReadJavaHome.
/**
* Test which reads system property without Permission.
*/
@Test
public void testReadJavaHome() {
try {
CheckJSMUtils.getSystemProperty("java.home");
fail("Access should be denied");
} catch (AccessControlException e) {
Permission expectedPerm = new PropertyPermission("java.home", "read");
assertEquals("Permission type doesn't match", expectedPerm, e.getPermission());
}
}
Also used :
PropertyPermission(java.util.PropertyPermission)
PropertyPermission(java.util.PropertyPermission)
Permission(java.security.Permission)
AccessControlException(java.security.AccessControlException)
Test(org.junit.Test)
Example 29 with AccessControlException
use of java.security.AccessControlException in project jdk8u_jdk by JetBrains.
the class FileLoginModule method loadPasswordFile.
/*
* Read the password file.
*/
private void loadPasswordFile() throws IOException {
FileInputStream fis;
try {
fis = new FileInputStream(passwordFile);
} catch (SecurityException e) {
if (userSuppliedPasswordFile || hasJavaHomePermission) {
throw e;
} else {
final FilePermission fp = new FilePermission(passwordFileDisplayName, "read");
AccessControlException ace = new AccessControlException("access denied " + fp.toString());
ace.setStackTrace(e.getStackTrace());
throw ace;
}
}
try {
final BufferedInputStream bis = new BufferedInputStream(fis);
try {
userCredentials = new Properties();
userCredentials.load(bis);
} finally {
bis.close();
}
} finally {
fis.close();
}
}
Also used :
BufferedInputStream(java.io.BufferedInputStream)
AccessControlException(java.security.AccessControlException)
Properties(java.util.Properties)
FilePermission(java.io.FilePermission)
FileInputStream(java.io.FileInputStream)
Example 30 with AccessControlException
use of java.security.AccessControlException in project stanbol by apache.
the class BasicAuthentication method writeLoginResponse.
@Override
public boolean writeLoginResponse(HttpServletRequest request, HttpServletResponse response, Throwable cause) throws ServletException, IOException {
if (cause == null || cause instanceof AccessControlException) {
setUnauthorizedResponse(response, "<html><body>unauthorized</body></html>");
return true;
}
if (cause instanceof LoginException) {
LoginException loginException = (LoginException) cause;
String type = loginException.getType();
if (type.equals(LoginException.PASSWORD_NOT_MATCHING)) {
setUnauthorizedResponse(response, "<html><body>Username and password do not match</body></html>");
return true;
}
if (type.equals(LoginException.USER_NOT_EXISTING)) {
setUnauthorizedResponse(response, "<html><body>User does not exist</body></html>");
return true;
}
}
return false;
}
Also used :
AccessControlException(java.security.AccessControlException)
LoginException(org.apache.stanbol.commons.security.auth.LoginException)
Aggregations
AccessControlException (java.security.AccessControlException)62
IOException (java.io.IOException)23
Test (org.junit.Test)12
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)9
ApplicationId (org.apache.hadoop.yarn.api.records.ApplicationId)8
YarnException (org.apache.hadoop.yarn.exceptions.YarnException)7
File (java.io.File)6
InputStream (java.io.InputStream)6
Permission (java.security.Permission)6
ApplicationNotFoundException (org.apache.hadoop.yarn.exceptions.ApplicationNotFoundException)5
UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)4
HashSet (java.util.HashSet)4
RMApp (org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)4
FileNotFoundException (java.io.FileNotFoundException)3
ArrayList (java.util.ArrayList)3
UnsafeCharArrayWriter (jetbrick.template.utils.UnsafeCharArrayWriter)3
FileSystem (org.apache.hadoop.fs.FileSystem)3
BufferedInputStream (java.io.BufferedInputStream)2
ByteArrayInputStream (java.io.ByteArrayInputStream)2
FileInputStream (java.io.FileInputStream)2
