Example 1 with Permission
use of java.security.Permission in project elasticsearch by elastic.
the class BootstrapForTesting method getPluginPermissions.
/**
* we don't know which codesources belong to which plugin, so just remove the permission from key codebases
* like core, test-framework, etc. this way tests fail if accesscontroller blocks are missing.
*/
@SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
static Map<String, Policy> getPluginPermissions() throws Exception {
List<URL> pluginPolicies = Collections.list(BootstrapForTesting.class.getClassLoader().getResources(PluginInfo.ES_PLUGIN_POLICY));
if (pluginPolicies.isEmpty()) {
return Collections.emptyMap();
}
// compute classpath minus obvious places, all other jars will get the permission.
Set<URL> codebases = new HashSet<>(Arrays.asList(parseClassPathWithSymlinks()));
Set<URL> excluded = new HashSet<>(Arrays.asList(// es core
Bootstrap.class.getProtectionDomain().getCodeSource().getLocation(), // es test framework
BootstrapForTesting.class.getProtectionDomain().getCodeSource().getLocation(), // lucene test framework
LuceneTestCase.class.getProtectionDomain().getCodeSource().getLocation(), // randomized runner
RandomizedRunner.class.getProtectionDomain().getCodeSource().getLocation(), // junit library
Assert.class.getProtectionDomain().getCodeSource().getLocation()));
codebases.removeAll(excluded);
// parse each policy file, with codebase substitution from the classpath
final List<Policy> policies = new ArrayList<>();
for (URL policyFile : pluginPolicies) {
policies.add(Security.readPolicy(policyFile, codebases.toArray(new URL[codebases.size()])));
}
// consult each policy file for those codebases
Map<String, Policy> map = new HashMap<>();
for (URL url : codebases) {
map.put(url.getFile(), new Policy() {
@Override
public boolean implies(ProtectionDomain domain, Permission permission) {
// implements union
for (Policy p : policies) {
if (p.implies(domain, permission)) {
return true;
}
}
return false;
}
});
}
return Collections.unmodifiableMap(map);
}
Also used :
Policy(java.security.Policy)
ProtectionDomain(java.security.ProtectionDomain)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
URL(java.net.URL)
FilePermission(java.io.FilePermission)
SocketPermission(java.net.SocketPermission)
Permission(java.security.Permission)
HashSet(java.util.HashSet)
SuppressForbidden(org.elasticsearch.common.SuppressForbidden)
Example 2 with Permission
use of java.security.Permission in project elasticsearch by elastic.
the class PluginSecurityTests method testFormatUnresolvedPermission.
/** Test that we can format an unresolved permission properly */
public void testFormatUnresolvedPermission() throws Exception {
assumeTrue("test cannot run with security manager enabled", System.getSecurityManager() == null);
Path scratch = createTempDir();
Path testFile = this.getDataPath("security/unresolved-plugin-security.policy");
PermissionCollection actual = PluginSecurity.parsePermissions(Terminal.DEFAULT, testFile, scratch);
List<Permission> permissions = Collections.list(actual.elements());
assertEquals(1, permissions.size());
assertEquals("org.fake.FakePermission fakeName", PluginSecurity.formatPermission(permissions.get(0)));
}
Also used :
Path(java.nio.file.Path)
PermissionCollection(java.security.PermissionCollection)
Permission(java.security.Permission)
Example 3 with Permission
use of java.security.Permission in project elasticsearch by elastic.
the class ESPolicyUnitTests method testNullCodeSource.
/**
* Test policy with null codesource.
* <p>
* This can happen when restricting privileges with doPrivileged,
* even though ProtectionDomain's ctor javadocs might make you think
* that the policy won't be consulted.
*/
public void testNullCodeSource() throws Exception {
assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
// create a policy with AllPermission
Permission all = new AllPermission();
PermissionCollection allCollection = all.newPermissionCollection();
allCollection.add(all);
ESPolicy policy = new ESPolicy(allCollection, Collections.emptyMap(), true);
// restrict ourselves to NoPermission
PermissionCollection noPermissions = new Permissions();
assertFalse(policy.implies(new ProtectionDomain(null, noPermissions), new FilePermission("foo", "read")));
}
Also used :
PermissionCollection(java.security.PermissionCollection)
ProtectionDomain(java.security.ProtectionDomain)
Permission(java.security.Permission)
FilePermission(java.io.FilePermission)
SocketPermission(java.net.SocketPermission)
AllPermission(java.security.AllPermission)
Permissions(java.security.Permissions)
AllPermission(java.security.AllPermission)
FilePermission(java.io.FilePermission)
Example 4 with Permission
use of java.security.Permission in project hadoop by apache.
the class TestDFSShell method testPut.
@Test(timeout = 30000)
public void testPut() throws IOException {
// remove left over crc files:
new File(TEST_ROOT_DIR, ".f1.crc").delete();
new File(TEST_ROOT_DIR, ".f2.crc").delete();
final File f1 = createLocalFile(new File(TEST_ROOT_DIR, "f1"));
final File f2 = createLocalFile(new File(TEST_ROOT_DIR, "f2"));
final Path root = mkdir(dfs, new Path("/testPut"));
final Path dst = new Path(root, "dst");
show("begin");
final Thread copy2ndFileThread = new Thread() {
@Override
public void run() {
try {
show("copy local " + f2 + " to remote " + dst);
dfs.copyFromLocalFile(false, false, new Path(f2.getPath()), dst);
} catch (IOException ioe) {
show("good " + StringUtils.stringifyException(ioe));
return;
}
//should not be here, must got IOException
assertTrue(false);
}
};
//use SecurityManager to pause the copying of f1 and begin copying f2
SecurityManager sm = System.getSecurityManager();
System.out.println("SecurityManager = " + sm);
System.setSecurityManager(new SecurityManager() {
private boolean firstTime = true;
@Override
public void checkPermission(Permission perm) {
if (firstTime) {
Thread t = Thread.currentThread();
if (!t.toString().contains("DataNode")) {
String s = "" + Arrays.asList(t.getStackTrace());
if (s.contains("FileUtil.copyContent")) {
//pause at FileUtil.copyContent
firstTime = false;
copy2ndFileThread.start();
try {
Thread.sleep(5000);
} catch (InterruptedException e) {
}
}
}
}
}
});
show("copy local " + f1 + " to remote " + dst);
dfs.copyFromLocalFile(false, false, new Path(f1.getPath()), dst);
show("done");
try {
copy2ndFileThread.join();
} catch (InterruptedException e) {
}
System.setSecurityManager(sm);
// copy multiple files to destination directory
final Path destmultiple = mkdir(dfs, new Path(root, "putmultiple"));
Path[] srcs = new Path[2];
srcs[0] = new Path(f1.getPath());
srcs[1] = new Path(f2.getPath());
dfs.copyFromLocalFile(false, false, srcs, destmultiple);
srcs[0] = new Path(destmultiple, "f1");
srcs[1] = new Path(destmultiple, "f2");
assertTrue(dfs.exists(srcs[0]));
assertTrue(dfs.exists(srcs[1]));
// move multiple files to destination directory
final Path destmultiple2 = mkdir(dfs, new Path(root, "movemultiple"));
srcs[0] = new Path(f1.getPath());
srcs[1] = new Path(f2.getPath());
dfs.moveFromLocalFile(srcs, destmultiple2);
assertFalse(f1.exists());
assertFalse(f2.exists());
srcs[0] = new Path(destmultiple2, "f1");
srcs[1] = new Path(destmultiple2, "f2");
assertTrue(dfs.exists(srcs[0]));
assertTrue(dfs.exists(srcs[1]));
f1.delete();
f2.delete();
}
Also used :
FsPermission(org.apache.hadoop.fs.permission.FsPermission)
Permission(java.security.Permission)
StringContains.containsString(org.hamcrest.core.StringContains.containsString)
SequenceFile(org.apache.hadoop.io.SequenceFile)
Test(org.junit.Test)
Example 5 with Permission
use of java.security.Permission in project joda-time by JodaOrg.
the class TestDateTimeZone method testZoneInfoProviderResourceLoading.
public void testZoneInfoProviderResourceLoading() {
final Set<String> ids = new HashSet<String>(DateTimeZone.getAvailableIDs());
ids.remove(DateTimeZone.getDefault().getID());
final String id = ids.toArray(new String[ids.size()])[new Random().nextInt(ids.size())];
try {
Policy.setPolicy(new Policy() {
@Override
public PermissionCollection getPermissions(CodeSource codesource) {
Permissions p = new Permissions();
// enable everything
p.add(new AllPermission());
return p;
}
@Override
public void refresh() {
}
@Override
public boolean implies(ProtectionDomain domain, Permission permission) {
return !(permission instanceof FilePermission) && !permission.getName().contains(id);
}
});
System.setSecurityManager(new SecurityManager());
// will throw IllegalArgumentException if the resource can
// not be loaded
final DateTimeZone zone = DateTimeZone.forID(id);
assertNotNull(zone);
} finally {
System.setSecurityManager(null);
Policy.setPolicy(ALLOW);
}
}
Also used :
Policy(java.security.Policy)
PermissionCollection(java.security.PermissionCollection)
ProtectionDomain(java.security.ProtectionDomain)
CodeSource(java.security.CodeSource)
FilePermission(java.io.FilePermission)
Random(java.util.Random)
Permissions(java.security.Permissions)
AllPermission(java.security.AllPermission)
FilePermission(java.io.FilePermission)
Permission(java.security.Permission)
AllPermission(java.security.AllPermission)
HashSet(java.util.HashSet)
Aggregations
Permission (java.security.Permission)236
Test (org.junit.Test)55
PermissionCollection (java.security.PermissionCollection)39
FilePermission (java.io.FilePermission)38
Permissions (java.security.Permissions)31
ProtectionDomain (java.security.ProtectionDomain)27
IOException (java.io.IOException)20
AllPermission (java.security.AllPermission)20
QuickTest (com.hazelcast.test.annotation.QuickTest)17
File (java.io.File)17
URL (java.net.URL)16
AccessControlException (java.security.AccessControlException)14
Principal (java.security.Principal)14
PropertyPermission (java.util.PropertyPermission)14
Policy (java.security.Policy)13
MBeanPermission (javax.management.MBeanPermission)13
AccessControlContext (java.security.AccessControlContext)12
CodeSource (java.security.CodeSource)11
SecurityPermission (java.security.SecurityPermission)11
ArrayList (java.util.ArrayList)10
