Example 76 with Permission
use of java.security.Permission in project guava by google.
the class ClassPathTest method doTestExistsThrowsSecurityException.
private void doTestExistsThrowsSecurityException() throws IOException, URISyntaxException {
File file = null;
// In Java 9, Logger may read the TZ database. Only disallow reading the class path URLs.
final PermissionCollection readClassPathFiles = new FilePermission("", "read").newPermissionCollection();
for (URL url : ClassPath.parseJavaClassPath()) {
if (url.getProtocol().equalsIgnoreCase("file")) {
file = new File(url.toURI());
readClassPathFiles.add(new FilePermission(file.getAbsolutePath(), "read"));
}
}
assertThat(file).isNotNull();
SecurityManager disallowFilesSecurityManager = new SecurityManager() {
@Override
public void checkPermission(Permission p) {
if (readClassPathFiles.implies(p)) {
throw new SecurityException("Disallowed: " + p);
}
}
};
System.setSecurityManager(disallowFilesSecurityManager);
try {
file.exists();
fail("Did not get expected SecurityException");
} catch (SecurityException expected) {
}
ClassPath classPath = ClassPath.from(getClass().getClassLoader());
// ClassPath may contain resources from the boot class loader; just not from the class path.
for (ResourceInfo resource : classPath.getResources()) {
assertThat(resource.getResourceName()).doesNotContain("com/google/common/reflect/");
}
}
Also used :
PermissionCollection(java.security.PermissionCollection)
ResourceInfo(com.google.common.reflect.ClassPath.ResourceInfo)
FilePermission(java.io.FilePermission)
Permission(java.security.Permission)
Files.createFile(java.nio.file.Files.createFile)
File(java.io.File)
FilePermission(java.io.FilePermission)
URL(java.net.URL)
Example 77 with Permission
use of java.security.Permission in project guava by google.
the class AbstractFutureInnocuousThreadTest method setUp.
@Override
protected void setUp() throws Exception {
// Load the "normal" copy of SettableFuture and related classes.
SettableFuture<?> unused = SettableFuture.create();
// Hack to load AbstractFuture et. al. in a new classloader so that it tries to re-read the
// cancellation-cause system property. This allows us to test what happens if reading the
// property is forbidden and then continue running tests normally in one jvm without resorting
// to even crazier hacks to reset static final boolean fields.
final String concurrentPackage = SettableFuture.class.getPackage().getName();
classReloader = new URLClassLoader(ClassPathUtil.getClassPathUrls()) {
@GuardedBy("loadedClasses")
final Map<String, Class<?>> loadedClasses = new HashMap<>();
@Override
public Class<?> loadClass(String name) throws ClassNotFoundException {
if (name.startsWith(concurrentPackage) && // Use other classloader for ListenableFuture, so that the objects can interact
!ListenableFuture.class.getName().equals(name)) {
synchronized (loadedClasses) {
Class<?> toReturn = loadedClasses.get(name);
if (toReturn == null) {
toReturn = super.findClass(name);
loadedClasses.put(name, toReturn);
}
return toReturn;
}
}
return super.loadClass(name);
}
};
oldClassLoader = Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(classReloader);
oldSecurityManager = System.getSecurityManager();
/*
* TODO(cpovirk): Why couldn't I get this to work with PermissionCollection and implies(), as
* used by ClassPathTest?
*/
final PropertyPermission readSystemProperty = new PropertyPermission("guava.concurrent.generate_cancellation_cause", "read");
SecurityManager disallowPropertySecurityManager = new SecurityManager() {
@Override
public void checkPermission(Permission p) {
if (readSystemProperty.equals(p)) {
throw new SecurityException("Disallowed: " + p);
}
}
};
System.setSecurityManager(disallowPropertySecurityManager);
settableFutureClass = classReloader.loadClass(SettableFuture.class.getName());
/*
* We must keep the SecurityManager installed during the test body: It affects what kind of
* threads ForkJoinPool.commonPool() creates.
*/
}
Also used :
GuardedBy(javax.annotation.concurrent.GuardedBy)
HashMap(java.util.HashMap)
PropertyPermission(java.util.PropertyPermission)
URLClassLoader(java.net.URLClassLoader)
Permission(java.security.Permission)
PropertyPermission(java.util.PropertyPermission)
Example 78 with Permission
use of java.security.Permission in project hazelcast by hazelcast.
the class HazelcastReaders method localOrRemoteListSupplier.
public static ProcessorMetaSupplier localOrRemoteListSupplier(String name, ClientConfig clientConfig) {
String clientXml = asXmlString(clientConfig);
Permission permission = PermissionsUtil.listReadPermission(clientXml, name);
return forceTotalParallelismOne(ProcessorSupplier.of(SecuredFunctions.readListProcessorFn(name, clientXml)), name, permission);
}
Also used :
CachePermission(com.hazelcast.security.permission.CachePermission)
Permission(java.security.Permission)
MapPermission(com.hazelcast.security.permission.MapPermission)
ImdgUtil.asXmlString(com.hazelcast.jet.impl.util.ImdgUtil.asXmlString)
Example 79 with Permission
use of java.security.Permission in project hazelcast by hazelcast.
the class PermissionsUtil method checkPermission.
public static void checkPermission(SecuredFunction function, ProcessorMetaSupplier.Context context) {
if (context instanceof Contexts.MetaSupplierCtx) {
Contexts.MetaSupplierCtx metaSupplierCtx = (Contexts.MetaSupplierCtx) context;
List<Permission> permissions = function.permissions();
SecurityContext securityContext = metaSupplierCtx.nodeEngine().getNode().securityContext;
Subject subject = metaSupplierCtx.subject();
if (securityContext != null && permissions != null && !permissions.isEmpty() && subject != null) {
permissions.forEach(permission -> {
if (permission != null) {
securityContext.checkPermission(subject, permission);
}
});
}
}
}
Also used :
Permission(java.security.Permission)
ListPermission(com.hazelcast.security.permission.ListPermission)
CachePermission(com.hazelcast.security.permission.CachePermission)
MapPermission(com.hazelcast.security.permission.MapPermission)
Contexts(com.hazelcast.jet.impl.execution.init.Contexts)
Subject(javax.security.auth.Subject)
Example 80 with Permission
use of java.security.Permission in project hazelcast by hazelcast.
the class ClusterPermissionCollection method compact.
public void compact() {
if (isReadOnly()) {
throw new SecurityException("ClusterPermissionCollection is read-only!");
}
final Iterator<Permission> iter = perms.iterator();
while (iter.hasNext()) {
final Permission perm = iter.next();
boolean implies = false;
for (Permission p : perms) {
if (p != perm && p.implies(perm)) {
implies = true;
break;
}
}
if (implies) {
iter.remove();
}
}
setReadOnly();
}
Also used :
Permission(java.security.Permission)
Aggregations
Permission (java.security.Permission)236
Test (org.junit.Test)55
PermissionCollection (java.security.PermissionCollection)39
FilePermission (java.io.FilePermission)38
Permissions (java.security.Permissions)31
ProtectionDomain (java.security.ProtectionDomain)27
IOException (java.io.IOException)20
AllPermission (java.security.AllPermission)20
QuickTest (com.hazelcast.test.annotation.QuickTest)17
File (java.io.File)17
URL (java.net.URL)16
AccessControlException (java.security.AccessControlException)14
Principal (java.security.Principal)14
PropertyPermission (java.util.PropertyPermission)14
Policy (java.security.Policy)13
MBeanPermission (javax.management.MBeanPermission)13
AccessControlContext (java.security.AccessControlContext)12
CodeSource (java.security.CodeSource)11
SecurityPermission (java.security.SecurityPermission)11
ArrayList (java.util.ArrayList)10
