Search in sources :

Example 56 with Permission

use of java.security.Permission in project jspwiki by apache.

the class AuthorizationManagerTest method testRoleAcl.

@Test
public void testRoleAcl() throws Exception {
    // Create test page & attachment
    String src = "[{ALLOW edit Authenticated}] ";
    m_engine.saveText("Test", src);
    WikiPage p = m_engine.getPage("Test");
    Permission view = PermissionFactory.getPagePermission(p, "view");
    Permission edit = PermissionFactory.getPagePermission(p, "edit");
    // Create session with authenticated user 'Alice', who can read & edit
    WikiSession session;
    session = WikiSessionTest.authenticatedSession(m_engine, Users.ALICE, Users.ALICE_PASS);
    Assert.assertTrue("Alice view Test", m_auth.checkPermission(session, view));
    Assert.assertTrue("Alice edit Test", m_auth.checkPermission(session, edit));
    // Create session with asserted user 'Bob', who can't read or edit (not in ACL)
    session = WikiSessionTest.assertedSession(m_engine, Users.BOB);
    Assert.assertFalse("Bob !view Test", m_auth.checkPermission(session, view));
    Assert.assertFalse("Bob !edit Test", m_auth.checkPermission(session, edit));
    // Cleanup
    try {
        m_engine.deletePage("Test");
    } catch (ProviderException e) {
        Assert.assertTrue(false);
    }
}
Also used : WikiSession(org.apache.wiki.WikiSession) ProviderException(org.apache.wiki.api.exceptions.ProviderException) WikiPage(org.apache.wiki.WikiPage) WikiPermission(org.apache.wiki.auth.permissions.WikiPermission) PagePermission(org.apache.wiki.auth.permissions.PagePermission) AllPermission(org.apache.wiki.auth.permissions.AllPermission) Permission(java.security.Permission) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Example 57 with Permission

use of java.security.Permission in project derby by apache.

the class EmbedConnection method checkDatabaseCreatePrivileges.

/**
 * Checks that a user has the system privileges to create a database.
 * To perform this check the following policy grants are required
 * <ul>
 * <li> to run the encapsulated test:
 *        permission javax.security.auth.AuthPermission "doAsPrivileged";
 * <li> to resolve relative path names:
 *        permission java.util.PropertyPermission "user.dir", "read";
 * <li> to canonicalize path names:
 *        permission java.io.FilePermission "...", "read";
 * </ul>
 * or a SQLException will be raised detailing the cause.
 * <p>
 * In addition, for the test to succeed
 * <ul>
 * <li> the given user needs to be covered by a grant:
 *        principal org.apache.derby.authentication.SystemPrincipal "..." {}
 * <li> that lists a permission covering the database location:
 *        permission org.apache.derby.security.DatabasePermission "directory:...", "create";
 * </ul>
 * or it will fail with a SQLException detailing the cause.
 *
 * @param user The user to be checked for database create privileges
 * @param dbname the name of the database to create
 * @throws SQLException if the privileges check fails
 */
private void checkDatabaseCreatePrivileges(String user, String dbname) throws SQLException {
    // approve action if not running under a security manager
    if (System.getSecurityManager() == null) {
        return;
    }
    if (dbname == null) {
        throw new NullPointerException("dbname can't be null");
    }
    // the check
    try {
        // raises IOException if dbname is non-canonicalizable
        final String url = (DatabasePermission.URL_PROTOCOL_DIRECTORY + stripSubSubProtocolPrefix(dbname));
        final Permission dp = new DatabasePermission(url, DatabasePermission.CREATE);
        factory.checkSystemPrivileges(user, dp);
    } catch (AccessControlException ace) {
        throw newSQLException(SQLState.AUTH_DATABASE_CREATE_MISSING_PERMISSION, user, dbname, ace);
    } catch (IOException ioe) {
        throw newSQLException(SQLState.AUTH_DATABASE_CREATE_EXCEPTION, dbname, // overloaded method
        (Object) ioe);
    } catch (Exception e) {
        throw newSQLException(SQLState.AUTH_DATABASE_CREATE_EXCEPTION, dbname, // overloaded method
        (Object) e);
    }
}
Also used : DatabasePermission(org.apache.derby.security.DatabasePermission) Permission(java.security.Permission) SQLPermission(java.sql.SQLPermission) AccessControlException(java.security.AccessControlException) IOException(java.io.IOException) AccessControlException(java.security.AccessControlException) XAException(javax.transaction.xa.XAException) SQLClientInfoException(java.sql.SQLClientInfoException) SQLException(java.sql.SQLException) StandardException(org.apache.derby.shared.common.error.StandardException) PrivilegedActionException(java.security.PrivilegedActionException) IOException(java.io.IOException) DatabasePermission(org.apache.derby.security.DatabasePermission)

Example 58 with Permission

use of java.security.Permission in project derby by apache.

the class InternalDriver method checkShutdownPrivileges.

/**
 * Checks for shutdown System Privileges.
 *
 * To perform this check the following policy grant is required
 * <ul>
 * <li> to run the encapsulated test:
 *      permission javax.security.auth.AuthPermission "doAsPrivileged";
 * </ul>
 * or a SQLException will be raised detailing the cause.
 * <p>
 * In addition, for the test to succeed
 * <ul>
 * <li> the given user needs to be covered by a grant:
 *      principal org.apache.derby.authentication.SystemPrincipal "..." {}
 * <li> that lists a shutdown permission:
 *      permission org.apache.derby.shared.common.security.SystemPermission "shutdown";
 * </ul>
 * or it will fail with a SQLException detailing the cause.
 *
 * @param user The user to be checked for shutdown privileges
 * @throws SQLException if the privileges check fails
 */
private void checkShutdownPrivileges(String user) throws SQLException {
    // approve action if not running under a security manager
    if (System.getSecurityManager() == null) {
        return;
    }
    // the check
    try {
        final Permission sp = new SystemPermission(SystemPermission.ENGINE, SystemPermission.SHUTDOWN);
        checkSystemPrivileges(user, sp);
    } catch (AccessControlException ace) {
        throw Util.generateCsSQLException(SQLState.AUTH_SHUTDOWN_MISSING_PERMISSION, user, // overloaded method
        (Object) ace);
    } catch (Exception e) {
        throw Util.generateCsSQLException(SQLState.AUTH_SHUTDOWN_MISSING_PERMISSION, user, // overloaded method
        (Object) e);
    }
}
Also used : SystemPermission(org.apache.derby.shared.common.security.SystemPermission) SystemPermission(org.apache.derby.shared.common.security.SystemPermission) Permission(java.security.Permission) AccessControlException(java.security.AccessControlException) SQLFeatureNotSupportedException(java.sql.SQLFeatureNotSupportedException) TimeoutException(java.util.concurrent.TimeoutException) AccessControlException(java.security.AccessControlException) SQLException(java.sql.SQLException) StandardException(org.apache.derby.shared.common.error.StandardException) PrivilegedActionException(java.security.PrivilegedActionException) ExecutionException(java.util.concurrent.ExecutionException)

Example 59 with Permission

use of java.security.Permission in project ant by apache.

the class JUnitReportTest method testWithSecurityManagerAndJDKFactory.

@Test
public void testWithSecurityManagerAndJDKFactory() throws Exception {
    ClassLoader orig = Thread.currentThread().getContextClassLoader();
    try {
        Thread.currentThread().setContextClassLoader(new ClassLoader(ClassLoader.getSystemClassLoader().getParent()) {

            public InputStream getResourceAsStream(String name) {
                if (name.startsWith("META-INF/services/")) {
                    // work around JAXP #6723276 in JDK 6
                    return new ByteArrayInputStream(new byte[0]);
                }
                return super.getResourceAsStream(name);
            }
        });
        System.setSecurityManager(new SecurityManager() {

            public void checkPermission(Permission perm) {
            }
        });
        buildRule.executeTarget("testWithStyleFromClasspath");
        commonIndexFileAssertions();
    } finally {
        System.setSecurityManager(null);
        Thread.currentThread().setContextClassLoader(orig);
    }
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) Permission(java.security.Permission) Test(org.junit.Test)

Example 60 with Permission

use of java.security.Permission in project ant by apache.

the class TraXLiaisonTest method testXalan2RedirectViaJDKFactory.

@Test
public void testXalan2RedirectViaJDKFactory() throws Exception {
    try {
        getClass().getClassLoader().loadClass("org.apache.xalan.lib.Redirect");
    } catch (Exception exc) {
        Assume.assumeNoException("xalan redirect is not on the classpath", exc);
    }
    try {
        String factoryName = TransformerFactory.newInstance().getClass().getName();
        Assume.assumeFalse("TraxFactory is Xalan", "org.apache.xalan.processor.TransformerFactoryImpl".equals(factoryName));
    } catch (TransformerFactoryConfigurationError exc) {
        throw new RuntimeException(exc);
    }
    File xsl = getFile("/taskdefs/optional/xalan-redirect-in.xsl");
    liaison.setStylesheet(xsl);
    ((TraXLiaison) liaison).setFeature("http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions", true);
    File out = new File("xalan2-redirect-out-dummy.tmp");
    File in = getFile("/taskdefs/optional/xsltliaison-in.xsl");
    ClassLoader orig = Thread.currentThread().getContextClassLoader();
    try {
        liaison.addParam("xalan-version", "2");
        // Use the JRE's Xerces, not lib/optional/xerces.jar:
        Thread.currentThread().setContextClassLoader(new ClassLoader(ClassLoader.getSystemClassLoader().getParent()) {

            public InputStream getResourceAsStream(String name) {
                if (name.startsWith("META-INF/services/")) {
                    // work around JAXP #6723276 in JDK 6
                    return new ByteArrayInputStream(new byte[0]);
                }
                return super.getResourceAsStream(name);
            }
        });
        // Tickle #52382:
        System.setSecurityManager(new SecurityManager() {

            public void checkPermission(Permission perm) {
            }
        });
        liaison.transform(in, out);
    } finally {
        out.delete();
        Thread.currentThread().setContextClassLoader(orig);
        System.setSecurityManager(null);
    }
}
Also used : TransformerFactoryConfigurationError(javax.xml.transform.TransformerFactoryConfigurationError) ByteArrayInputStream(java.io.ByteArrayInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) Permission(java.security.Permission) File(java.io.File) BuildException(org.apache.tools.ant.BuildException) Test(org.junit.Test)

Aggregations

Permission (java.security.Permission)236 Test (org.junit.Test)55 PermissionCollection (java.security.PermissionCollection)39 FilePermission (java.io.FilePermission)38 Permissions (java.security.Permissions)31 ProtectionDomain (java.security.ProtectionDomain)27 IOException (java.io.IOException)20 AllPermission (java.security.AllPermission)20 QuickTest (com.hazelcast.test.annotation.QuickTest)17 File (java.io.File)17 URL (java.net.URL)16 AccessControlException (java.security.AccessControlException)14 Principal (java.security.Principal)14 PropertyPermission (java.util.PropertyPermission)14 Policy (java.security.Policy)13 MBeanPermission (javax.management.MBeanPermission)13 AccessControlContext (java.security.AccessControlContext)12 CodeSource (java.security.CodeSource)11 SecurityPermission (java.security.SecurityPermission)11 ArrayList (java.util.ArrayList)10