Example 36 with AllPermission
use of java.security.AllPermission in project openj9 by eclipse.
the class Test_J9VMInternalsImpl method test_checkPackageAccess.
@Test
public void test_checkPackageAccess() throws Throwable {
final String className = getClass().getName();
System.setSecurityManager(new SecurityManager());
try {
/*
* these tests are not dependent on the ClassLoader behaviour
*/
try {
@SuppressWarnings("rawtypes") Class // $NON-NLS-1$
cl = Class.forName(className + "$SuperclassRestricted");
Assert.fail(// $NON-NLS-1$
"FAILED: successfully loaded " + cl + // $NON-NLS-1$
" with restricted superclass");
} catch (SecurityException e) {
/* intentionally empty */
}
try {
@SuppressWarnings("rawtypes") Class // $NON-NLS-1$
cl = Class.forName(className + "$InterfaceRestricted");
Assert.fail(// $NON-NLS-1$
"FAILED: successfully loaded " + cl + // $NON-NLS-1$
" with restricted interface");
} catch (SecurityException e) {
/* intentionally empty */
}
} finally {
System.setSecurityManager(null);
}
/*
* special ClassLoader that changes behavior every time the
* $NCDFEHelper class load is attempted
*/
ClassLoader loader1 = new URLClassLoader(new URL[] { getClass().getProtectionDomain().getCodeSource().getLocation() }, null) {
int behaviorLoadingNCDFEHelper = 2;
@Override
@SuppressWarnings({ "rawtypes", "unchecked" })
public Class findClass(String name) throws ClassNotFoundException {
Class result;
if (name.startsWith(ORG_TESTNG)) {
result = Class.forName(name, true, ClassLoader.getSystemClassLoader());
} else {
if (name.equals(className + "$NCDFEHelper") && behaviorLoadingNCDFEHelper > 0) {
// $NON-NLS-1$
// $NON-NLS-1$
logger.debug("Trying to load NCDFEHelper");
behaviorLoadingNCDFEHelper--;
if (behaviorLoadingNCDFEHelper == 1) {
throw new OutOfMemoryError();
}
throw new LinkageError();
}
result = super.findClass(name);
}
return result;
}
};
/*
* run the $TestNCDFE test
*/
@SuppressWarnings("rawtypes") Class // $NON-NLS-1$
cl1 = Class.forName(className + "$TestNCDFE", true, loader1);
Object testInstance1 = cl1.newInstance();
@SuppressWarnings("unchecked") Method // $NON-NLS-1$
testMethod1 = cl1.getMethod("runTest1");
testMethod1.invoke(testInstance1);
/*
* Create a ClassLoader with AllPermission so classes loaded by this loader
* are not restricted by the default permissions of the application ClassLoader.
*/
ClassLoader privilegedLoader = new URLClassLoader(new URL[] { getClass().getProtectionDomain().getCodeSource().getLocation() }, null) {
@SuppressWarnings({ "rawtypes", "unchecked" })
@Override
public Class findClass(String name) throws ClassNotFoundException {
Class result;
if (name.startsWith(ORG_TESTNG)) {
result = Class.forName(name, true, ClassLoader.getSystemClassLoader());
} else {
if (!name.startsWith(className + TEST_RESTRICTED)) {
throw new ClassNotFoundException(name);
}
result = super.findClass(name);
}
return result;
}
@Override
public PermissionCollection getPermissions(CodeSource csource) {
PermissionCollection permCollection = super.getPermissions(csource);
/*
* Allow AllPermission so we can use this classloader
* to define a custom SecurityManager.
*/
permCollection.add(new AllPermission());
return permCollection;
}
};
/*
* These tests are dependent on the ClassLoader behaviour.
* The default application ClassLoader checks package access of the classes being loaded.
* Other ClassLoaders don't have this behaviour
* and depend on the VM to do the check. We wish to test the VM behavior.
*/
@SuppressWarnings("rawtypes") Class cl2 = Class.forName(className + TEST_RESTRICTED, true, privilegedLoader);
Object testInstance2 = cl2.newInstance();
@SuppressWarnings("unchecked") Method // $NON-NLS-1$
testMethod2 = cl2.getMethod("runTest2", String.class);
testMethod2.invoke(testInstance2, className);
}
Also used :
PermissionCollection(java.security.PermissionCollection)
Method(java.lang.reflect.Method)
CodeSource(java.security.CodeSource)
URLClassLoader(java.net.URLClassLoader)
URLClassLoader(java.net.URLClassLoader)
AllPermission(java.security.AllPermission)
Test(org.testng.annotations.Test)
Example 37 with AllPermission
use of java.security.AllPermission in project graal by oracle.
the class HostAdapterClassLoader method createGeneratedProtectionDomain.
private static ProtectionDomain createGeneratedProtectionDomain() {
/*
* Generated classes need to have AllPermission. Since we require the "createClassLoader"
* RuntimePermission, we can create a class loader that'll load new classes with any
* permissions. Our generated classes are just delegating adapters, so having AllPermission
* can't cause anything wrong; the effective set of permissions for the executing script
* functions will still be limited by the permissions of the caller and the permissions of
* the script.
*/
final Permissions permissions = new Permissions();
permissions.add(new AllPermission());
return new ProtectionDomain(new CodeSource(null, (CodeSigner[]) null), permissions);
}
Also used :
ProtectionDomain(java.security.ProtectionDomain)
Permissions(java.security.Permissions)
AllPermission(java.security.AllPermission)
CodeSource(java.security.CodeSource)
Example 38 with AllPermission
use of java.security.AllPermission in project derby by apache.
the class SystemPrivilegesPermissionTest method testSystemPermissionSerialization.
/**
* Test serialization and deserialization of SystemPermission objects.
*/
private void testSystemPermissionSerialization() throws IOException {
// serialize and deserialize.
for (String name : VALID_SYSPERM_NAMES) {
for (String action : VALID_SYSPERM_ACTIONS) {
// Actions are case-insensitive, so test both lower-case
// and upper-case.
SystemPermission pl = new SystemPermission(name, action.toLowerCase(Locale.US));
SystemPermission pu = new SystemPermission(name, action.toUpperCase(Locale.US));
assertEquals(pl, serializeDeserialize(pl, null));
assertEquals(pu, serializeDeserialize(pu, null));
}
}
// A permission can specify multiple actions ...
SystemPermission sp = new SystemPermission("server", "control,monitor,shutdown");
assertEquals(sp, serializeDeserialize(sp, null));
// ... but only a single name, so this should fail.
// (Did not fail before DERBY-3476.)
serializeDeserialize(createSyspermNoCheck("server,jmx", "control"), IllegalArgumentException.class);
// Invalid and duplicate actions should be ignored.
sp = serializeDeserialize(createSyspermNoCheck(VALID_SYSPERM_NAMES[0], "control,invalid,control,,shutdown"), null);
// The next assert failed before DERBY-3476.
assertEquals("control,shutdown", sp.getActions());
// Empty action is allowed.
sp = new SystemPermission(VALID_SYSPERM_NAMES[0], "");
assertEquals(sp, serializeDeserialize(sp, null));
// Name is case-sensitive, so this should fail.
// (Did not fail before DERBY-3476.)
serializeDeserialize(createSyspermNoCheck(VALID_SYSPERM_NAMES[0].toUpperCase(Locale.US), VALID_SYSPERM_ACTIONS[0]), IllegalArgumentException.class);
// Empty name is not allowed.
serializeDeserialize(createSyspermNoCheck("", VALID_SYSPERM_ACTIONS[0]), IllegalArgumentException.class);
// Null name is not allowed.
serializeDeserialize(createSyspermNoCheck(null, VALID_SYSPERM_ACTIONS[0]), NullPointerException.class);
// Null action is not allowed.
// (Did not fail before DERBY-3476.)
serializeDeserialize(createSyspermNoCheck(VALID_SYSPERM_NAMES[0], null), NullPointerException.class);
// Test serialization of SystemPermission collections.
// Serialization should work on empty collection.
PermissionCollection collection = sp.newPermissionCollection();
PermissionCollection readCollection = serializeDeserialize(collection, null);
assertFalse(readCollection.elements().hasMoreElements());
// Serialization should work on non-empty collection.
sp = new SystemPermission(VALID_SYSPERM_NAMES[0], VALID_SYSPERM_ACTIONS[0]);
collection = sp.newPermissionCollection();
collection.add(sp);
readCollection = serializeDeserialize(collection, null);
assertEquals(Arrays.asList(sp), Collections.list(readCollection.elements()));
// Deserialization should fail if the collection contains a
// permission with invalid name.
collection.add(createSyspermNoCheck("invalid_name", "control"));
serializeDeserialize(collection, IllegalArgumentException.class);
// Deserialization should fail if the collection contains a
// permission that is not a SystemPermission.
collection = sp.newPermissionCollection();
HashMap<String, Permission> permissions = new HashMap<String, Permission>();
permissions.put("engine", new AllPermission());
setField(collection.getClass(), "permissions", collection, permissions);
serializeDeserialize(collection, ClassCastException.class);
}
Also used :
SystemPermission(org.apache.derby.shared.common.security.SystemPermission)
PermissionCollection(java.security.PermissionCollection)
HashMap(java.util.HashMap)
SystemPermission(org.apache.derby.shared.common.security.SystemPermission)
AllPermission(java.security.AllPermission)
DatabasePermission(org.apache.derby.security.DatabasePermission)
Permission(java.security.Permission)
AllPermission(java.security.AllPermission)
Aggregations
AllPermission (java.security.AllPermission)38
PermissionCollection (java.security.PermissionCollection)14
Permissions (java.security.Permissions)14
Permission (java.security.Permission)9
Policy (java.security.Policy)8
CodeSource (java.security.CodeSource)6
File (java.io.File)5
FilePermission (java.io.FilePermission)5
ProtectionDomain (java.security.ProtectionDomain)5
Test (org.junit.Test)5
Deployment (org.jboss.arquillian.container.test.api.Deployment)3
JavaArchive (org.jboss.shrinkwrap.api.spec.JavaArchive)3
InetSocketAddress (java.net.InetSocketAddress)2
SocketPermission (java.net.SocketPermission)2
URL (java.net.URL)2
URLClassLoader (java.net.URLClassLoader)2
PrivilegedActionException (java.security.PrivilegedActionException)2
LocalDate (java.time.LocalDate)2
Date (java.util.Date)2
AtomicInteger (java.util.concurrent.atomic.AtomicInteger)2
