Example 96 with Permission
use of java.security.Permission in project jop by jop-devel.
the class MainRunner method main.
public static void main(String[] args) {
if (args.length < 1) {
System.out.println("Usage: MainRunner <mainclass> [<options>]");
System.exit(1);
}
final String clsName = args[0].substring(args[0].lastIndexOf(".") + 1);
try {
Class cls = Class.forName(args[0]);
Method main = cls.getMethod("main", new Class[] { String[].class });
Cmdline cmdline = new Cmdline(clsName);
System.out.print("Arguments: " + clsName);
for (int i = 1; i < args.length; i++) {
System.out.print(" " + args[i]);
}
System.out.println();
while (true) {
String[] cmdArgs = cmdline.readInput();
if (cmdline.isExit(cmdArgs)) {
return;
}
List<String> argList = new ArrayList<String>(args.length);
argList.addAll(Arrays.asList(Arrays.copyOfRange(args, 1, args.length)));
argList.addAll(Arrays.asList(cmdArgs));
String[] mainArgs = argList.toArray(new String[argList.size()]);
System.setSecurityManager(new SecurityManager() {
@Override
public void checkPermission(Permission perm) {
}
@Override
public void checkPermission(Permission perm, Object context) {
}
@Override
public void checkExit(int status) {
throw new SecurityException(clsName + " exited with " + status);
}
});
try {
main.invoke(null, new Object[] { mainArgs });
} catch (Exception e) {
System.err.flush();
if (e.getCause() instanceof SecurityException) {
System.out.println(e.getCause().getMessage());
} else {
e.printStackTrace();
}
} finally {
System.setSecurityManager(null);
}
// cleanup for next invoke
System.out.flush();
System.err.flush();
AppInfo.getSingleton().clear(true);
LogConfig.stopLogger();
}
} catch (ClassNotFoundException e) {
System.out.println("Main class '" + args[0] + "' not found: " + e.getMessage());
System.exit(1);
} catch (NoSuchMethodException e) {
System.out.println("Main method in class '" + args[0] + "' not found: " + e.getMessage());
System.exit(1);
}
}
Also used :
ArrayList(java.util.ArrayList)
Method(java.lang.reflect.Method)
Permission(java.security.Permission)
Cmdline(com.jopdesign.common.misc.Cmdline)
Example 97 with Permission
use of java.security.Permission in project tomcat by apache.
the class HostConfig method isDeployThisXML.
private boolean isDeployThisXML(File docBase, ContextName cn) {
boolean deployThisXML = isDeployXML();
if (Globals.IS_SECURITY_ENABLED && !deployThisXML) {
// When running under a SecurityManager, deployXML may be overridden
// on a per Context basis by the granting of a specific permission
Policy currentPolicy = Policy.getPolicy();
if (currentPolicy != null) {
URL contextRootUrl;
try {
contextRootUrl = docBase.toURI().toURL();
CodeSource cs = new CodeSource(contextRootUrl, (Certificate[]) null);
PermissionCollection pc = currentPolicy.getPermissions(cs);
Permission p = new DeployXmlPermission(cn.getBaseName());
if (pc.implies(p)) {
deployThisXML = true;
}
} catch (MalformedURLException e) {
// Should never happen
log.warn(sm.getString("hostConfig.docBaseUrlInvalid"), e);
}
}
}
return deployThisXML;
}
Also used :
Policy(java.security.Policy)
PermissionCollection(java.security.PermissionCollection)
MalformedURLException(java.net.MalformedURLException)
Permission(java.security.Permission)
DeployXmlPermission(org.apache.catalina.security.DeployXmlPermission)
CodeSource(java.security.CodeSource)
DeployXmlPermission(org.apache.catalina.security.DeployXmlPermission)
URL(java.net.URL)
Certificate(java.security.cert.Certificate)
Example 98 with Permission
use of java.security.Permission in project Payara by payara.
the class SecurityAccessPermissionCollection method readObject.
/**
* readObject is called to restore the state of the
* SecurityAccessPermissionCollection from a stream.
*/
private void readObject(java.io.ObjectInputStream in) throws IOException, ClassNotFoundException {
// Don't call defaultReadObject()
// Read in serialized fields
ObjectInputStream.GetField gfields = in.readFields();
// Get permissions
Hashtable<String, Permission> permissions = (Hashtable<String, Permission>) gfields.get("permissions", null);
perms = new HashMap<String, Permission>(permissions.size() * 2);
perms.putAll(permissions);
// Get all_allowed
all_allowed = gfields.get("all_allowed", false);
// Get permClass
permClass = (Class) gfields.get("permClass", null);
if (permClass == null) {
// set permClass
Enumeration<Permission> e = permissions.elements();
if (e.hasMoreElements()) {
Permission p = e.nextElement();
permClass = p.getClass();
}
}
}
Also used :
Hashtable(java.util.Hashtable)
BasicPermission(java.security.BasicPermission)
Permission(java.security.Permission)
ObjectInputStream(java.io.ObjectInputStream)
Example 99 with Permission
use of java.security.Permission in project Payara by payara.
the class SecurityAccessValidator method validateLookup.
private boolean validateLookup(ActiveDescriptor<?> candidate, Injectee injectee) {
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Lookup candiate =" + candidate + ", injectee= " + injectee);
}
if (!candidate.isReified()) {
// not yet really injected yet, so not to check perm
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Lookup candiate is not reified yet");
}
return true;
} else {
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Lookup candiate is reified, candidate = " + candidate);
}
}
Set<String> contracts = candidate.getAdvertisedContracts();
if (contracts == null)
return true;
Map<String, List<String>> md = candidate.getMetadata();
if (LOG.isLoggable(Level.FINE)) {
Iterator<Map.Entry<String, List<String>>> itr = md.entrySet().iterator();
while (itr.hasNext()) {
Map.Entry<String, List<String>> entry = itr.next();
String k = entry.getKey();
for (String v : entry.getValue()) {
LOG.fine("$$ key= " + k + ", value= " + v);
}
}
}
Permission perm = null;
List<String> names = md.get(Secure.NAME);
if (names == null || names.isEmpty()) {
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Perm name is empty, will use default value");
}
// the 'Secure' annotation did not specify a accessPermissionName, use default accessPermissionName name
perm = getAccessPermision(Secure.DEFAULT_PERM_NAME, null);
} else {
String permName = names.get(0);
perm = getAccessPermision(permName, null);
}
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("The permission to be protected = " + perm);
}
boolean check_result = false;
if (injectee == null) {
// lookup style check
Class caller = getServiceLookupCaller();
check_result = checkPerm(perm, caller);
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Lookup, checked perm for = " + perm + ", result= " + check_result);
}
} else {
// injection style check
check_result = validateInjection(candidate, injectee, perm);
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Injection, checked perm for = " + perm + ", result= " + check_result);
}
}
return check_result;
}Example 100 with Permission
use of java.security.Permission in project Payara by payara.
the class SecurePermTest method testEquals1.
@Test
public void testEquals1() {
Permission p1 = new SecureServiceAccessPermission("a/b/c", "read,write");
Permission p2 = new SecureServiceAccessPermission("a/b/c/", "read,write");
Assert.assertFalse(p1.equals(p2));
Assert.assertFalse(p1.implies(p2));
}
Also used :
Permission(java.security.Permission)
Test(org.junit.Test)
Aggregations
Permission (java.security.Permission)236
Test (org.junit.Test)55
PermissionCollection (java.security.PermissionCollection)39
FilePermission (java.io.FilePermission)38
Permissions (java.security.Permissions)31
ProtectionDomain (java.security.ProtectionDomain)27
IOException (java.io.IOException)20
AllPermission (java.security.AllPermission)20
QuickTest (com.hazelcast.test.annotation.QuickTest)17
File (java.io.File)17
URL (java.net.URL)16
AccessControlException (java.security.AccessControlException)14
Principal (java.security.Principal)14
PropertyPermission (java.util.PropertyPermission)14
Policy (java.security.Policy)13
MBeanPermission (javax.management.MBeanPermission)13
AccessControlContext (java.security.AccessControlContext)12
CodeSource (java.security.CodeSource)11
SecurityPermission (java.security.SecurityPermission)11
ArrayList (java.util.ArrayList)10
