use of java.security.Permission in project tomcat70 by apache.
the class WebappClassLoaderBase method getPermissions.
/**
* Get the Permissions for a CodeSource. If this instance
* of WebappClassLoaderBase is for a web application context,
* add read FilePermission or JndiPermissions for the base
* directory (if unpacked),
* the context URL, and jar file resources.
*
* @param codeSource where the code was loaded from
* @return PermissionCollection for CodeSource
*/
@Override
protected PermissionCollection getPermissions(CodeSource codeSource) {
String codeUrl = codeSource.getLocation().toString();
PermissionCollection pc;
if ((pc = loaderPC.get(codeUrl)) == null) {
pc = super.getPermissions(codeSource);
if (pc != null) {
Iterator<Permission> perms = permissionList.iterator();
while (perms.hasNext()) {
Permission p = perms.next();
pc.add(p);
}
loaderPC.put(codeUrl, pc);
}
}
return (pc);
}
use of java.security.Permission in project tomcat70 by apache.
the class HostConfig method isDeployThisXML.
private boolean isDeployThisXML(File docBase, ContextName cn) {
boolean deployThisXML = isDeployXML();
if (Globals.IS_SECURITY_ENABLED && !deployThisXML) {
// When running under a SecurityManager, deployXML may be overridden
// on a per Context basis by the granting of a specific permission
Policy currentPolicy = Policy.getPolicy();
if (currentPolicy != null) {
URL contextRootUrl;
try {
contextRootUrl = docBase.toURI().toURL();
CodeSource cs = new CodeSource(contextRootUrl, (Certificate[]) null);
PermissionCollection pc = currentPolicy.getPermissions(cs);
Permission p = new DeployXmlPermission(cn.getBaseName());
if (pc.implies(p)) {
deployThisXML = true;
}
} catch (MalformedURLException e) {
// Should never happen
log.warn("hostConfig.docBaseUrlInvalid", e);
}
}
}
return deployThisXML;
}
use of java.security.Permission in project tomcat70 by apache.
the class ClassLoaderLogManager method readConfiguration.
/**
* Read configuration for the specified classloader.
*
* @param classLoader
* @throws IOException Error
*/
protected synchronized void readConfiguration(ClassLoader classLoader) throws IOException {
InputStream is = null;
// only look in the local repositories to avoid redefining loggers 20 times
try {
if (classLoader instanceof URLClassLoader) {
URL logConfig = ((URLClassLoader) classLoader).findResource("logging.properties");
if (null != logConfig) {
if (Boolean.getBoolean(DEBUG_PROPERTY))
System.err.println(getClass().getName() + ".readConfiguration(): " + "Found logging.properties at " + logConfig);
is = classLoader.getResourceAsStream("logging.properties");
} else {
if (Boolean.getBoolean(DEBUG_PROPERTY))
System.err.println(getClass().getName() + ".readConfiguration(): " + "Found no logging.properties");
}
}
} catch (AccessControlException ace) {
// No permission to configure logging in context
// Log and carry on
ClassLoaderLogInfo info = classLoaderLoggers.get(ClassLoader.getSystemClassLoader());
if (info != null) {
Logger log = info.loggers.get("");
if (log != null) {
Permission perm = ace.getPermission();
if (perm instanceof FilePermission && perm.getActions().equals("read")) {
log.warning("Reading " + perm.getName() + " is not permitted. See \"per context logging\" in the default catalina.policy file.");
} else {
log.warning("Reading logging.properties is not permitted in some context. See \"per context logging\" in the default catalina.policy file.");
log.warning("Original error was: " + ace.getMessage());
}
}
}
}
if ((is == null) && (classLoader == ClassLoader.getSystemClassLoader())) {
String configFileStr = System.getProperty("java.util.logging.config.file");
if (configFileStr != null) {
try {
is = new FileInputStream(replace(configFileStr));
} catch (IOException e) {
System.err.println("Configuration error");
e.printStackTrace();
}
}
// Try the default JVM configuration
if (is == null) {
File defaultFile = new File(new File(System.getProperty("java.home"), isJava9 ? "conf" : "lib"), "logging.properties");
try {
is = new FileInputStream(defaultFile);
} catch (IOException e) {
System.err.println("Configuration error");
e.printStackTrace();
}
}
}
Logger localRootLogger = new RootLogger();
if (is == null) {
// Retrieve the root logger of the parent classloader instead
ClassLoader current = classLoader.getParent();
ClassLoaderLogInfo info = null;
while (current != null && info == null) {
info = getClassLoaderInfo(current);
current = current.getParent();
}
if (info != null) {
localRootLogger.setParent(info.rootNode.logger);
}
}
ClassLoaderLogInfo info = new ClassLoaderLogInfo(new LogNode(null, localRootLogger));
classLoaderLoggers.put(classLoader, info);
if (is != null) {
readConfiguration(is, classLoader);
}
try {
// Use a ThreadLocal to work around
// https://bugs.openjdk.java.net/browse/JDK-8195096
addingLocalRootLogger.set(Boolean.TRUE);
addLogger(localRootLogger);
} finally {
addingLocalRootLogger.set(Boolean.FALSE);
}
}
use of java.security.Permission in project logging-log4j2 by apache.
the class ThrowableProxyTest method testLogStackTraceWithClassLoaderThatWithCauseSecurityException.
@Test
public void testLogStackTraceWithClassLoaderThatWithCauseSecurityException() throws Exception {
final SecurityManager sm = System.getSecurityManager();
try {
System.setSecurityManager(new SecurityManager() {
@Override
public void checkPermission(final Permission perm) {
if (perm instanceof RuntimePermission) {
// deny access to the classloader to trigger the security exception
if ("getClassLoader".equals(perm.getName())) {
throw new SecurityException(perm.toString());
}
}
}
});
final String algorithm = "AES/CBC/PKCS5Padding";
final Cipher ec = Cipher.getInstance(algorithm);
// initialization vector
final byte[] bytes = new byte[16];
final SecureRandom secureRandom = new SecureRandom();
secureRandom.nextBytes(bytes);
final KeyGenerator generator = KeyGenerator.getInstance("AES");
generator.init(128);
final IvParameterSpec algorithmParameterSpec = new IvParameterSpec(bytes);
ec.init(Cipher.ENCRYPT_MODE, generator.generateKey(), algorithmParameterSpec, secureRandom);
final byte[] raw = new byte[0];
final byte[] encrypted = ec.doFinal(raw);
final Cipher dc = Cipher.getInstance(algorithm);
dc.init(Cipher.DECRYPT_MODE, generator.generateKey(), algorithmParameterSpec, secureRandom);
final BadPaddingException e = assertThrows(BadPaddingException.class, () -> dc.doFinal(encrypted));
assertDoesNotThrow(() -> new ThrowableProxy(e));
} finally {
// restore the existing security manager
System.setSecurityManager(sm);
}
}
use of java.security.Permission in project symja_android_library by axkr.
the class L4MLogger method initialize.
/**
* Default initialization, checking for applet in sandbox.
*/
protected void initialize() {
String loggerName = getName();
boolean runningSandbox = false;
// check if we are running in an applet sandbox
SecurityManager sm = System.getSecurityManager();
if (null != sm) {
try {
Permission perm = new java.util.logging.LoggingPermission("control", "");
sm.checkPermission(perm);
} catch (SecurityException e) {
System.out.println("L4M Logger runs in sandbox");
runningSandbox = true;
}
}
if (!runningSandbox) {
// do not use parent handlers but our own
setUseParentHandlers(false);
// and add the Lab4inf handler to our logger
addHandler(new Lab4InfHandler());
// register with the LogManager
}
LogManager manager = LogManager.getLogManager();
Logger aLogger = manager.getLogger(loggerName);
if (manager.getLogger(loggerName) == null) {
if (!LogManager.getLogManager().addLogger(this)) {
System.err.println("failed to add " + this);
throw new RuntimeException("addding L4MLogger failed");
}
} else {
String msg;
msg = format("allready registered %s by %s", loggerName, aLogger);
aLogger.warning(msg);
msg = format("could not register me: %s", this);
aLogger.warning(msg);
}
setLevel(Level.WARNING);
}
Aggregations