use of java.security.Permission in project jspwiki by apache.
the class AuthorizationManagerTest method testRoleAcl.
@Test
public void testRoleAcl() throws Exception {
// Create test page & attachment
String src = "[{ALLOW edit Authenticated}] ";
m_engine.saveText("Test", src);
WikiPage p = m_engine.getPage("Test");
Permission view = PermissionFactory.getPagePermission(p, "view");
Permission edit = PermissionFactory.getPagePermission(p, "edit");
// Create session with authenticated user 'Alice', who can read & edit
WikiSession session;
session = WikiSessionTest.authenticatedSession(m_engine, Users.ALICE, Users.ALICE_PASS);
Assert.assertTrue("Alice view Test", m_auth.checkPermission(session, view));
Assert.assertTrue("Alice edit Test", m_auth.checkPermission(session, edit));
// Create session with asserted user 'Bob', who can't read or edit (not in ACL)
session = WikiSessionTest.assertedSession(m_engine, Users.BOB);
Assert.assertFalse("Bob !view Test", m_auth.checkPermission(session, view));
Assert.assertFalse("Bob !edit Test", m_auth.checkPermission(session, edit));
// Cleanup
try {
m_engine.deletePage("Test");
} catch (ProviderException e) {
Assert.assertTrue(false);
}
}
use of java.security.Permission in project derby by apache.
the class EmbedConnection method checkDatabaseCreatePrivileges.
/**
* Checks that a user has the system privileges to create a database.
* To perform this check the following policy grants are required
* <ul>
* <li> to run the encapsulated test:
* permission javax.security.auth.AuthPermission "doAsPrivileged";
* <li> to resolve relative path names:
* permission java.util.PropertyPermission "user.dir", "read";
* <li> to canonicalize path names:
* permission java.io.FilePermission "...", "read";
* </ul>
* or a SQLException will be raised detailing the cause.
* <p>
* In addition, for the test to succeed
* <ul>
* <li> the given user needs to be covered by a grant:
* principal org.apache.derby.authentication.SystemPrincipal "..." {}
* <li> that lists a permission covering the database location:
* permission org.apache.derby.security.DatabasePermission "directory:...", "create";
* </ul>
* or it will fail with a SQLException detailing the cause.
*
* @param user The user to be checked for database create privileges
* @param dbname the name of the database to create
* @throws SQLException if the privileges check fails
*/
private void checkDatabaseCreatePrivileges(String user, String dbname) throws SQLException {
// approve action if not running under a security manager
if (System.getSecurityManager() == null) {
return;
}
if (dbname == null) {
throw new NullPointerException("dbname can't be null");
}
// the check
try {
// raises IOException if dbname is non-canonicalizable
final String url = (DatabasePermission.URL_PROTOCOL_DIRECTORY + stripSubSubProtocolPrefix(dbname));
final Permission dp = new DatabasePermission(url, DatabasePermission.CREATE);
factory.checkSystemPrivileges(user, dp);
} catch (AccessControlException ace) {
throw newSQLException(SQLState.AUTH_DATABASE_CREATE_MISSING_PERMISSION, user, dbname, ace);
} catch (IOException ioe) {
throw newSQLException(SQLState.AUTH_DATABASE_CREATE_EXCEPTION, dbname, // overloaded method
(Object) ioe);
} catch (Exception e) {
throw newSQLException(SQLState.AUTH_DATABASE_CREATE_EXCEPTION, dbname, // overloaded method
(Object) e);
}
}
use of java.security.Permission in project derby by apache.
the class InternalDriver method checkShutdownPrivileges.
/**
* Checks for shutdown System Privileges.
*
* To perform this check the following policy grant is required
* <ul>
* <li> to run the encapsulated test:
* permission javax.security.auth.AuthPermission "doAsPrivileged";
* </ul>
* or a SQLException will be raised detailing the cause.
* <p>
* In addition, for the test to succeed
* <ul>
* <li> the given user needs to be covered by a grant:
* principal org.apache.derby.authentication.SystemPrincipal "..." {}
* <li> that lists a shutdown permission:
* permission org.apache.derby.shared.common.security.SystemPermission "shutdown";
* </ul>
* or it will fail with a SQLException detailing the cause.
*
* @param user The user to be checked for shutdown privileges
* @throws SQLException if the privileges check fails
*/
private void checkShutdownPrivileges(String user) throws SQLException {
// approve action if not running under a security manager
if (System.getSecurityManager() == null) {
return;
}
// the check
try {
final Permission sp = new SystemPermission(SystemPermission.ENGINE, SystemPermission.SHUTDOWN);
checkSystemPrivileges(user, sp);
} catch (AccessControlException ace) {
throw Util.generateCsSQLException(SQLState.AUTH_SHUTDOWN_MISSING_PERMISSION, user, // overloaded method
(Object) ace);
} catch (Exception e) {
throw Util.generateCsSQLException(SQLState.AUTH_SHUTDOWN_MISSING_PERMISSION, user, // overloaded method
(Object) e);
}
}
use of java.security.Permission in project ant by apache.
the class JUnitReportTest method testWithSecurityManagerAndJDKFactory.
@Test
public void testWithSecurityManagerAndJDKFactory() throws Exception {
ClassLoader orig = Thread.currentThread().getContextClassLoader();
try {
Thread.currentThread().setContextClassLoader(new ClassLoader(ClassLoader.getSystemClassLoader().getParent()) {
public InputStream getResourceAsStream(String name) {
if (name.startsWith("META-INF/services/")) {
// work around JAXP #6723276 in JDK 6
return new ByteArrayInputStream(new byte[0]);
}
return super.getResourceAsStream(name);
}
});
System.setSecurityManager(new SecurityManager() {
public void checkPermission(Permission perm) {
}
});
buildRule.executeTarget("testWithStyleFromClasspath");
commonIndexFileAssertions();
} finally {
System.setSecurityManager(null);
Thread.currentThread().setContextClassLoader(orig);
}
}
use of java.security.Permission in project ant by apache.
the class TraXLiaisonTest method testXalan2RedirectViaJDKFactory.
@Test
public void testXalan2RedirectViaJDKFactory() throws Exception {
try {
getClass().getClassLoader().loadClass("org.apache.xalan.lib.Redirect");
} catch (Exception exc) {
Assume.assumeNoException("xalan redirect is not on the classpath", exc);
}
try {
String factoryName = TransformerFactory.newInstance().getClass().getName();
Assume.assumeFalse("TraxFactory is Xalan", "org.apache.xalan.processor.TransformerFactoryImpl".equals(factoryName));
} catch (TransformerFactoryConfigurationError exc) {
throw new RuntimeException(exc);
}
File xsl = getFile("/taskdefs/optional/xalan-redirect-in.xsl");
liaison.setStylesheet(xsl);
((TraXLiaison) liaison).setFeature("http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions", true);
File out = new File("xalan2-redirect-out-dummy.tmp");
File in = getFile("/taskdefs/optional/xsltliaison-in.xsl");
ClassLoader orig = Thread.currentThread().getContextClassLoader();
try {
liaison.addParam("xalan-version", "2");
// Use the JRE's Xerces, not lib/optional/xerces.jar:
Thread.currentThread().setContextClassLoader(new ClassLoader(ClassLoader.getSystemClassLoader().getParent()) {
public InputStream getResourceAsStream(String name) {
if (name.startsWith("META-INF/services/")) {
// work around JAXP #6723276 in JDK 6
return new ByteArrayInputStream(new byte[0]);
}
return super.getResourceAsStream(name);
}
});
// Tickle #52382:
System.setSecurityManager(new SecurityManager() {
public void checkPermission(Permission perm) {
}
});
liaison.transform(in, out);
} finally {
out.delete();
Thread.currentThread().setContextClassLoader(orig);
System.setSecurityManager(null);
}
}
Aggregations