use of java.security.Permission in project elasticsearch by elastic.
the class BootstrapForTesting method getPluginPermissions.
/**
* we don't know which codesources belong to which plugin, so just remove the permission from key codebases
* like core, test-framework, etc. this way tests fail if accesscontroller blocks are missing.
*/
@SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
static Map<String, Policy> getPluginPermissions() throws Exception {
List<URL> pluginPolicies = Collections.list(BootstrapForTesting.class.getClassLoader().getResources(PluginInfo.ES_PLUGIN_POLICY));
if (pluginPolicies.isEmpty()) {
return Collections.emptyMap();
}
// compute classpath minus obvious places, all other jars will get the permission.
Set<URL> codebases = new HashSet<>(Arrays.asList(parseClassPathWithSymlinks()));
Set<URL> excluded = new HashSet<>(Arrays.asList(// es core
Bootstrap.class.getProtectionDomain().getCodeSource().getLocation(), // es test framework
BootstrapForTesting.class.getProtectionDomain().getCodeSource().getLocation(), // lucene test framework
LuceneTestCase.class.getProtectionDomain().getCodeSource().getLocation(), // randomized runner
RandomizedRunner.class.getProtectionDomain().getCodeSource().getLocation(), // junit library
Assert.class.getProtectionDomain().getCodeSource().getLocation()));
codebases.removeAll(excluded);
// parse each policy file, with codebase substitution from the classpath
final List<Policy> policies = new ArrayList<>();
for (URL policyFile : pluginPolicies) {
policies.add(Security.readPolicy(policyFile, codebases.toArray(new URL[codebases.size()])));
}
// consult each policy file for those codebases
Map<String, Policy> map = new HashMap<>();
for (URL url : codebases) {
map.put(url.getFile(), new Policy() {
@Override
public boolean implies(ProtectionDomain domain, Permission permission) {
// implements union
for (Policy p : policies) {
if (p.implies(domain, permission)) {
return true;
}
}
return false;
}
});
}
return Collections.unmodifiableMap(map);
}
use of java.security.Permission in project elasticsearch by elastic.
the class PluginSecurityTests method testFormatUnresolvedPermission.
/** Test that we can format an unresolved permission properly */
public void testFormatUnresolvedPermission() throws Exception {
assumeTrue("test cannot run with security manager enabled", System.getSecurityManager() == null);
Path scratch = createTempDir();
Path testFile = this.getDataPath("security/unresolved-plugin-security.policy");
PermissionCollection actual = PluginSecurity.parsePermissions(Terminal.DEFAULT, testFile, scratch);
List<Permission> permissions = Collections.list(actual.elements());
assertEquals(1, permissions.size());
assertEquals("org.fake.FakePermission fakeName", PluginSecurity.formatPermission(permissions.get(0)));
}
use of java.security.Permission in project elasticsearch by elastic.
the class ESPolicyUnitTests method testNullCodeSource.
/**
* Test policy with null codesource.
* <p>
* This can happen when restricting privileges with doPrivileged,
* even though ProtectionDomain's ctor javadocs might make you think
* that the policy won't be consulted.
*/
public void testNullCodeSource() throws Exception {
assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
// create a policy with AllPermission
Permission all = new AllPermission();
PermissionCollection allCollection = all.newPermissionCollection();
allCollection.add(all);
ESPolicy policy = new ESPolicy(allCollection, Collections.emptyMap(), true);
// restrict ourselves to NoPermission
PermissionCollection noPermissions = new Permissions();
assertFalse(policy.implies(new ProtectionDomain(null, noPermissions), new FilePermission("foo", "read")));
}
use of java.security.Permission in project hadoop by apache.
the class TestDFSShell method testPut.
@Test(timeout = 30000)
public void testPut() throws IOException {
// remove left over crc files:
new File(TEST_ROOT_DIR, ".f1.crc").delete();
new File(TEST_ROOT_DIR, ".f2.crc").delete();
final File f1 = createLocalFile(new File(TEST_ROOT_DIR, "f1"));
final File f2 = createLocalFile(new File(TEST_ROOT_DIR, "f2"));
final Path root = mkdir(dfs, new Path("/testPut"));
final Path dst = new Path(root, "dst");
show("begin");
final Thread copy2ndFileThread = new Thread() {
@Override
public void run() {
try {
show("copy local " + f2 + " to remote " + dst);
dfs.copyFromLocalFile(false, false, new Path(f2.getPath()), dst);
} catch (IOException ioe) {
show("good " + StringUtils.stringifyException(ioe));
return;
}
//should not be here, must got IOException
assertTrue(false);
}
};
//use SecurityManager to pause the copying of f1 and begin copying f2
SecurityManager sm = System.getSecurityManager();
System.out.println("SecurityManager = " + sm);
System.setSecurityManager(new SecurityManager() {
private boolean firstTime = true;
@Override
public void checkPermission(Permission perm) {
if (firstTime) {
Thread t = Thread.currentThread();
if (!t.toString().contains("DataNode")) {
String s = "" + Arrays.asList(t.getStackTrace());
if (s.contains("FileUtil.copyContent")) {
//pause at FileUtil.copyContent
firstTime = false;
copy2ndFileThread.start();
try {
Thread.sleep(5000);
} catch (InterruptedException e) {
}
}
}
}
}
});
show("copy local " + f1 + " to remote " + dst);
dfs.copyFromLocalFile(false, false, new Path(f1.getPath()), dst);
show("done");
try {
copy2ndFileThread.join();
} catch (InterruptedException e) {
}
System.setSecurityManager(sm);
// copy multiple files to destination directory
final Path destmultiple = mkdir(dfs, new Path(root, "putmultiple"));
Path[] srcs = new Path[2];
srcs[0] = new Path(f1.getPath());
srcs[1] = new Path(f2.getPath());
dfs.copyFromLocalFile(false, false, srcs, destmultiple);
srcs[0] = new Path(destmultiple, "f1");
srcs[1] = new Path(destmultiple, "f2");
assertTrue(dfs.exists(srcs[0]));
assertTrue(dfs.exists(srcs[1]));
// move multiple files to destination directory
final Path destmultiple2 = mkdir(dfs, new Path(root, "movemultiple"));
srcs[0] = new Path(f1.getPath());
srcs[1] = new Path(f2.getPath());
dfs.moveFromLocalFile(srcs, destmultiple2);
assertFalse(f1.exists());
assertFalse(f2.exists());
srcs[0] = new Path(destmultiple2, "f1");
srcs[1] = new Path(destmultiple2, "f2");
assertTrue(dfs.exists(srcs[0]));
assertTrue(dfs.exists(srcs[1]));
f1.delete();
f2.delete();
}
use of java.security.Permission in project joda-time by JodaOrg.
the class TestDateTimeZone method testZoneInfoProviderResourceLoading.
public void testZoneInfoProviderResourceLoading() {
final Set<String> ids = new HashSet<String>(DateTimeZone.getAvailableIDs());
ids.remove(DateTimeZone.getDefault().getID());
final String id = ids.toArray(new String[ids.size()])[new Random().nextInt(ids.size())];
try {
Policy.setPolicy(new Policy() {
@Override
public PermissionCollection getPermissions(CodeSource codesource) {
Permissions p = new Permissions();
// enable everything
p.add(new AllPermission());
return p;
}
@Override
public void refresh() {
}
@Override
public boolean implies(ProtectionDomain domain, Permission permission) {
return !(permission instanceof FilePermission) && !permission.getName().contains(id);
}
});
System.setSecurityManager(new SecurityManager());
// will throw IllegalArgumentException if the resource can
// not be loaded
final DateTimeZone zone = DateTimeZone.forID(id);
assertNotNull(zone);
} finally {
System.setSecurityManager(null);
Policy.setPolicy(ALLOW);
}
}
Aggregations