Example 21 with CodeSource
use of java.security.CodeSource in project gradle by gradle.
the class DefaultScriptCompilationHandler method compileScript.
private void compileScript(final ScriptSource source, ClassLoader classLoader, CompilerConfiguration configuration, File metadataDir, final CompileOperation<?> extractingTransformer, final Action<? super ClassNode> customVerifier) {
final Transformer transformer = extractingTransformer != null ? extractingTransformer.getTransformer() : null;
logger.info("Compiling {} using {}.", source.getDisplayName(), transformer != null ? transformer.getClass().getSimpleName() : "no transformer");
final EmptyScriptDetector emptyScriptDetector = new EmptyScriptDetector();
final PackageStatementDetector packageDetector = new PackageStatementDetector();
GroovyClassLoader groovyClassLoader = new GroovyClassLoader(classLoader, configuration, false) {
@Override
protected CompilationUnit createCompilationUnit(CompilerConfiguration compilerConfiguration, CodeSource codeSource) {
CompilationUnit compilationUnit = new CustomCompilationUnit(compilerConfiguration, codeSource, customVerifier, this);
if (transformer != null) {
transformer.register(compilationUnit);
}
compilationUnit.addPhaseOperation(packageDetector, Phases.CANONICALIZATION);
compilationUnit.addPhaseOperation(emptyScriptDetector, Phases.CANONICALIZATION);
return compilationUnit;
}
};
groovyClassLoader.setResourceLoader(NO_OP_GROOVY_RESOURCE_LOADER);
String scriptText = source.getResource().getText();
String scriptName = source.getClassName();
GroovyCodeSource codeSource = new GroovyCodeSource(scriptText == null ? "" : scriptText, scriptName, "/groovy/script");
try {
try {
groovyClassLoader.parseClass(codeSource, false);
} catch (MultipleCompilationErrorsException e) {
wrapCompilationFailure(source, e);
} catch (CompilationFailedException e) {
throw new GradleException(String.format("Could not compile %s.", source.getDisplayName()), e);
}
if (packageDetector.hasPackageStatement) {
throw new UnsupportedOperationException(String.format("%s should not contain a package statement.", StringUtils.capitalize(source.getDisplayName())));
}
serializeMetadata(source, extractingTransformer, metadataDir, emptyScriptDetector.isEmptyScript(), emptyScriptDetector.getHasMethods());
} finally {
ClassLoaderUtils.tryClose(groovyClassLoader);
}
}
Also used :
CompilationUnit(org.codehaus.groovy.control.CompilationUnit)
Transformer(org.gradle.groovy.scripts.Transformer)
CompilationFailedException(org.codehaus.groovy.control.CompilationFailedException)
GroovyCodeSource(groovy.lang.GroovyCodeSource)
CodeSource(java.security.CodeSource)
GroovyClassLoader(groovy.lang.GroovyClassLoader)
GroovyCodeSource(groovy.lang.GroovyCodeSource)
GradleException(org.gradle.api.GradleException)
CompilerConfiguration(org.codehaus.groovy.control.CompilerConfiguration)
MultipleCompilationErrorsException(org.codehaus.groovy.control.MultipleCompilationErrorsException)
Example 22 with CodeSource
use of java.security.CodeSource in project hibernate-orm by hibernate.
the class StandardJaccServiceImpl method doPermissionCheckInContext.
private void doPermissionCheckInContext(PermissionCheckEntityInformation entityInformation, PermissibleAction action) {
final Policy policy = Policy.getPolicy();
final Principal[] principals = getCallerPrincipals();
final CodeSource codeSource = entityInformation.getEntity().getClass().getProtectionDomain().getCodeSource();
final ProtectionDomain pd = new ProtectionDomain(codeSource, null, null, principals);
// the action is known as 'method name' in JACC
final EJBMethodPermission jaccPermission = new EJBMethodPermission(entityInformation.getEntityName(), action.getImpliedActions()[0], null, null);
if (!policy.implies(pd, jaccPermission)) {
throw new SecurityException(String.format("JACC denied permission to [%s.%s] for [%s]", entityInformation.getEntityName(), action.getImpliedActions()[0], join(principals)));
}
}
Also used :
Policy(java.security.Policy)
ProtectionDomain(java.security.ProtectionDomain)
CodeSource(java.security.CodeSource)
EJBMethodPermission(javax.security.jacc.EJBMethodPermission)
Principal(java.security.Principal)
Example 23 with CodeSource
use of java.security.CodeSource in project jaggery by wso2.
the class RhinoURISecurityDomain method getCodeSource.
public CodeSource getCodeSource() throws ScriptException {
if (codeSource != null) {
return codeSource;
}
try {
URL url = new URI(scriptURI).toURL();
codeSource = new CodeSource(url, (Certificate[]) null);
return codeSource;
} catch (MalformedURLException e) {
throw new ScriptException(e);
} catch (URISyntaxException e) {
throw new ScriptException(e);
}
}
Also used :
ScriptException(org.jaggeryjs.scriptengine.exceptions.ScriptException)
MalformedURLException(java.net.MalformedURLException)
URISyntaxException(java.net.URISyntaxException)
CodeSource(java.security.CodeSource)
URI(java.net.URI)
URL(java.net.URL)
Example 24 with CodeSource
use of java.security.CodeSource in project jdk8u_jdk by JetBrains.
the class JarURL method main.
public static void main(String[] args) throws Exception {
String userDir = System.getProperty("user.dir");
String jarURL = "jar:file:" + userDir + File.separator + "foo.jar!/";
URL codeSourceURL = new URL(jarURL);
CodeSource cs = new CodeSource(codeSourceURL, new Certificate[0]);
PermissionCollection perms = Policy.getPolicy().getPermissions(cs);
if (!perms.implies(new AllPermission()))
throw new Exception("FAILED: " + codeSourceURL + " not granted AllPermission");
}
Also used :
PermissionCollection(java.security.PermissionCollection)
AllPermission(java.security.AllPermission)
CodeSource(java.security.CodeSource)
URL(java.net.URL)
Example 25 with CodeSource
use of java.security.CodeSource in project jdk8u_jdk by JetBrains.
the class ContextInsulation method main.
public static void main(String[] args) throws Exception {
/*
* If we delay setting the security manager until after the service
* configuration file has been installed, then this test still
* functions properly, but the -Djava.security.debug output is
* lacking, so to ease debugging, we'll set it early-- at the cost
* of having to specify the policy even when running standalone.
*/
TestLibrary.suggestSecurityManager(null);
ServiceConfiguration.installServiceConfigurationFile();
/*
* Execute use of RMIClassLoader within an AccessControlContext
* that has a protection domain with no permissions, to make sure
* that RMIClassLoader can still properly initialize itself.
*/
CodeSource codesource = new CodeSource(null, (Certificate[]) null);
Permissions perms = null;
ProtectionDomain pd = new ProtectionDomain(codesource, perms);
AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] { pd });
java.security.AccessController.doPrivileged(new java.security.PrivilegedExceptionAction() {
public Object run() throws Exception {
TestProvider.exerciseTestProvider(TestProvider2.loadClassReturn, TestProvider2.loadProxyClassReturn, TestProvider2.getClassLoaderReturn, TestProvider2.getClassAnnotationReturn, TestProvider2.invocations);
return null;
}
}, acc);
}
Also used :
ProtectionDomain(java.security.ProtectionDomain)
AccessControlContext(java.security.AccessControlContext)
Permissions(java.security.Permissions)
CodeSource(java.security.CodeSource)
Certificate(java.security.cert.Certificate)
Aggregations
CodeSource (java.security.CodeSource)85
URL (java.net.URL)43
ProtectionDomain (java.security.ProtectionDomain)29
File (java.io.File)24
IOException (java.io.IOException)16
Certificate (java.security.cert.Certificate)14
URISyntaxException (java.net.URISyntaxException)10
Permissions (java.security.Permissions)10
Policy (java.security.Policy)10
JarFile (java.util.jar.JarFile)10
PermissionCollection (java.security.PermissionCollection)9
URI (java.net.URI)8
FilePermission (java.io.FilePermission)7
MalformedURLException (java.net.MalformedURLException)5
AccessControlContext (java.security.AccessControlContext)5
URLClassLoader (java.net.URLClassLoader)4
GroovyClassLoader (groovy.lang.GroovyClassLoader)3
JarURLConnection (java.net.JarURLConnection)3
SocketPermission (java.net.SocketPermission)3
Path (java.nio.file.Path)3
