use of java.security.Permission in project guava by google.
the class ClassPathTest method doTestExistsThrowsSecurityException.
private void doTestExistsThrowsSecurityException() throws IOException, URISyntaxException {
File file = null;
// In Java 9, Logger may read the TZ database. Only disallow reading the class path URLs.
final PermissionCollection readClassPathFiles = new FilePermission("", "read").newPermissionCollection();
for (URL url : ClassPath.parseJavaClassPath()) {
if (url.getProtocol().equalsIgnoreCase("file")) {
file = new File(url.toURI());
readClassPathFiles.add(new FilePermission(file.getAbsolutePath(), "read"));
}
}
assertThat(file).isNotNull();
SecurityManager disallowFilesSecurityManager = new SecurityManager() {
@Override
public void checkPermission(Permission p) {
if (readClassPathFiles.implies(p)) {
throw new SecurityException("Disallowed: " + p);
}
}
};
System.setSecurityManager(disallowFilesSecurityManager);
try {
file.exists();
fail("Did not get expected SecurityException");
} catch (SecurityException expected) {
}
ClassPath classPath = ClassPath.from(getClass().getClassLoader());
// ClassPath may contain resources from the boot class loader; just not from the class path.
for (ResourceInfo resource : classPath.getResources()) {
assertThat(resource.getResourceName()).doesNotContain("com/google/common/reflect/");
}
}
use of java.security.Permission in project guava by google.
the class AbstractFutureInnocuousThreadTest method setUp.
@Override
protected void setUp() throws Exception {
// Load the "normal" copy of SettableFuture and related classes.
SettableFuture<?> unused = SettableFuture.create();
// Hack to load AbstractFuture et. al. in a new classloader so that it tries to re-read the
// cancellation-cause system property. This allows us to test what happens if reading the
// property is forbidden and then continue running tests normally in one jvm without resorting
// to even crazier hacks to reset static final boolean fields.
final String concurrentPackage = SettableFuture.class.getPackage().getName();
classReloader = new URLClassLoader(ClassPathUtil.getClassPathUrls()) {
@GuardedBy("loadedClasses")
final Map<String, Class<?>> loadedClasses = new HashMap<>();
@Override
public Class<?> loadClass(String name) throws ClassNotFoundException {
if (name.startsWith(concurrentPackage) && // Use other classloader for ListenableFuture, so that the objects can interact
!ListenableFuture.class.getName().equals(name)) {
synchronized (loadedClasses) {
Class<?> toReturn = loadedClasses.get(name);
if (toReturn == null) {
toReturn = super.findClass(name);
loadedClasses.put(name, toReturn);
}
return toReturn;
}
}
return super.loadClass(name);
}
};
oldClassLoader = Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(classReloader);
oldSecurityManager = System.getSecurityManager();
/*
* TODO(cpovirk): Why couldn't I get this to work with PermissionCollection and implies(), as
* used by ClassPathTest?
*/
final PropertyPermission readSystemProperty = new PropertyPermission("guava.concurrent.generate_cancellation_cause", "read");
SecurityManager disallowPropertySecurityManager = new SecurityManager() {
@Override
public void checkPermission(Permission p) {
if (readSystemProperty.equals(p)) {
throw new SecurityException("Disallowed: " + p);
}
}
};
System.setSecurityManager(disallowPropertySecurityManager);
settableFutureClass = classReloader.loadClass(SettableFuture.class.getName());
/*
* We must keep the SecurityManager installed during the test body: It affects what kind of
* threads ForkJoinPool.commonPool() creates.
*/
}
use of java.security.Permission in project hazelcast by hazelcast.
the class HazelcastReaders method localOrRemoteListSupplier.
public static ProcessorMetaSupplier localOrRemoteListSupplier(String name, ClientConfig clientConfig) {
String clientXml = asXmlString(clientConfig);
Permission permission = PermissionsUtil.listReadPermission(clientXml, name);
return forceTotalParallelismOne(ProcessorSupplier.of(SecuredFunctions.readListProcessorFn(name, clientXml)), name, permission);
}
use of java.security.Permission in project hazelcast by hazelcast.
the class PermissionsUtil method checkPermission.
public static void checkPermission(SecuredFunction function, ProcessorMetaSupplier.Context context) {
if (context instanceof Contexts.MetaSupplierCtx) {
Contexts.MetaSupplierCtx metaSupplierCtx = (Contexts.MetaSupplierCtx) context;
List<Permission> permissions = function.permissions();
SecurityContext securityContext = metaSupplierCtx.nodeEngine().getNode().securityContext;
Subject subject = metaSupplierCtx.subject();
if (securityContext != null && permissions != null && !permissions.isEmpty() && subject != null) {
permissions.forEach(permission -> {
if (permission != null) {
securityContext.checkPermission(subject, permission);
}
});
}
}
}
use of java.security.Permission in project hazelcast by hazelcast.
the class ClusterPermissionCollection method compact.
public void compact() {
if (isReadOnly()) {
throw new SecurityException("ClusterPermissionCollection is read-only!");
}
final Iterator<Permission> iter = perms.iterator();
while (iter.hasNext()) {
final Permission perm = iter.next();
boolean implies = false;
for (Permission p : perms) {
if (p != perm && p.implies(perm)) {
implies = true;
break;
}
}
if (implies) {
iter.remove();
}
}
setReadOnly();
}
Aggregations