Search in sources :

Example 46 with PermissionCollection

use of java.security.PermissionCollection in project Payara by payara.

the class GlobalPolicyUtil method checkRestrictionOfComponentType.

/**
 * Check a permission set against a restriction of a component type
 *
 * @param declaredPC
 * @param type
 * @return
 * @throws SecurityException
 */
public static void checkRestrictionOfComponentType(PermissionCollection declaredPC, CommponentType type) throws SecurityException {
    if (CommponentType.ear == type) {
        checkRestrictionOfEar(declaredPC);
    }
    PermissionCollection restrictedPC = compTypeToEERestrictedMap.get(type);
    checkRestriction(declaredPC, restrictedPC);
}
Also used : PermissionCollection(java.security.PermissionCollection)

Example 47 with PermissionCollection

use of java.security.PermissionCollection in project Payara by payara.

the class GlobalPolicyUtil method checkRestrictionOfEar.

// For ear type, check everything
public static void checkRestrictionOfEar(PermissionCollection declaredPC) throws SecurityException {
    PermissionCollection permissionCollection = compTypeToEERestrictedMap.get(CommponentType.ejb);
    if (permissionCollection != null) {
        GlobalPolicyUtil.checkRestriction(declaredPC, permissionCollection);
    }
    permissionCollection = compTypeToEERestrictedMap.get(CommponentType.war);
    if (permissionCollection != null) {
        GlobalPolicyUtil.checkRestriction(declaredPC, permissionCollection);
    }
    permissionCollection = compTypeToEERestrictedMap.get(CommponentType.rar);
    if (permissionCollection != null) {
        GlobalPolicyUtil.checkRestriction(declaredPC, permissionCollection);
    }
    permissionCollection = compTypeToEERestrictedMap.get(CommponentType.car);
    if (permissionCollection != null) {
        GlobalPolicyUtil.checkRestriction(declaredPC, permissionCollection);
    }
}
Also used : PermissionCollection(java.security.PermissionCollection)

Example 48 with PermissionCollection

use of java.security.PermissionCollection in project Payara by payara.

the class PermissionCache method checkCache.

private boolean checkCache(Permission permissionToCheck, Epoch epoch) {
    // Test-and-set to guard critical section
    rLock.lock();
    try {
        if (loading) {
            return false;
        }
        if (cache != null) {
            // Check permission and return.
            return checkLoadedCache(permissionToCheck, epoch);
        }
    } finally {
        rLock.unlock();
    }
    wLock.lock();
    if (loading) {
        // Another thread started the load
        // release the writelock and return
        wLock.unlock();
        return false;
    }
    if (cache != null) {
        // another thread loaded the cache
        // get readlock inside writelock.
        // check permission and return
        rLock.lock();
        wLock.unlock();
        try {
            // check permission and return
            return checkLoadedCache(permissionToCheck, epoch);
        } finally {
            rLock.unlock();
        }
    }
    // Set the load indicators so that readers will bypass the cache until it is loaded
    // release the writelock and return
    cache = null;
    loading = true;
    wLock.unlock();
    // cache will be null if we proceed past this point
    // NO LOCKS ARE HELD AT THIS POINT
    Permissions nextCache = new Permissions();
    boolean setPc = false;
    String oldpcID = null;
    try {
        oldpcID = PolicyContext.getContextID();
        if (pcID == null || !pcID.equals(oldpcID)) {
            setPc = true;
        }
    } catch (Exception ex) {
        _logger.log(SEVERE, "JACC: Unexpected security exception on access decision", ex);
        return false;
    }
    PermissionCollection pc = null;
    try {
        if (setPc) {
            setPolicyContextID(pcID);
        }
        pc = policy.getPermissions(codesource);
    } catch (Exception ex) {
        _logger.log(SEVERE, "JACC: Unexpected security exception on access decision", ex);
        return false;
    } finally {
        if (setPc) {
            try {
                setPolicyContextID(oldpcID);
            } catch (Exception ex) {
                _logger.log(SEVERE, "JACC: Unexpected security exception on access decision", ex);
                return false;
            }
        }
    }
    // Force resolution of unresolved permissions so that we can filter out all but the permissions
    // that are supposed to be in the cache.
    resolvePermissions(pc, permissionToCheck);
    for (Permission i : list(pc.elements())) {
        if (i.equals(allPermission)) {
            nextCache.add(i);
        } else {
            boolean classMatch = true;
            if (this.classes != null) {
                classMatch = false;
                Class iClazz = i.getClass();
                for (int j = 0; j < this.classes.length; j++) {
                    if (this.classes[j].equals(iClazz)) {
                        classMatch = true;
                        break;
                    }
                }
            }
            if (classMatch) {
                if (this.name != null) {
                    String iName = i.getName();
                    if (iName != null && this.name.equals(iName)) {
                        nextCache.add(i);
                    }
                } else {
                    nextCache.add(i);
                }
            }
        }
    }
    // Get the writelock to mark cache as loaded
    wLock.lock();
    cache = nextCache;
    loading = false;
    try {
        // Get readlock inside writelock.
        rLock.lock();
        wLock.unlock();
        // check permission and return
        return checkLoadedCache(permissionToCheck, epoch);
    } finally {
        rLock.unlock();
    }
}
Also used : PermissionCollection(java.security.PermissionCollection) Permissions(java.security.Permissions) AllPermission(java.security.AllPermission) Permission(java.security.Permission) PrivilegedActionException(java.security.PrivilegedActionException)

Example 49 with PermissionCollection

use of java.security.PermissionCollection in project jetty.project by eclipse.

the class WebAppClassLoader method getPermissions.

/* ------------------------------------------------------------ */
@Override
public PermissionCollection getPermissions(CodeSource cs) {
    PermissionCollection permissions = _context.getPermissions();
    PermissionCollection pc = (permissions == null) ? super.getPermissions(cs) : permissions;
    return pc;
}
Also used : PermissionCollection(java.security.PermissionCollection)

Example 50 with PermissionCollection

use of java.security.PermissionCollection in project elasticsearch by elastic.

the class PluginSecurity method readPolicy.

/**
     * Reads plugin policy, prints/confirms exceptions
     */
static void readPolicy(Path file, Terminal terminal, Environment environment, boolean batch) throws IOException {
    PermissionCollection permissions = parsePermissions(terminal, file, environment.tmpFile());
    List<Permission> requested = Collections.list(permissions.elements());
    if (requested.isEmpty()) {
        terminal.println(Verbosity.VERBOSE, "plugin has a policy file with no additional permissions");
        return;
    }
    // sort permissions in a reasonable order
    Collections.sort(requested, new Comparator<Permission>() {

        @Override
        public int compare(Permission o1, Permission o2) {
            int cmp = o1.getClass().getName().compareTo(o2.getClass().getName());
            if (cmp == 0) {
                String name1 = o1.getName();
                String name2 = o2.getName();
                if (name1 == null) {
                    name1 = "";
                }
                if (name2 == null) {
                    name2 = "";
                }
                cmp = name1.compareTo(name2);
                if (cmp == 0) {
                    String actions1 = o1.getActions();
                    String actions2 = o2.getActions();
                    if (actions1 == null) {
                        actions1 = "";
                    }
                    if (actions2 == null) {
                        actions2 = "";
                    }
                    cmp = actions1.compareTo(actions2);
                }
            }
            return cmp;
        }
    });
    terminal.println(Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
    terminal.println(Verbosity.NORMAL, "@     WARNING: plugin requires additional permissions     @");
    terminal.println(Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
    // print all permissions:
    for (Permission permission : requested) {
        terminal.println(Verbosity.NORMAL, "* " + formatPermission(permission));
    }
    terminal.println(Verbosity.NORMAL, "See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html");
    terminal.println(Verbosity.NORMAL, "for descriptions of what these permissions allow and the associated risks.");
    if (!batch) {
        terminal.println(Verbosity.NORMAL, "");
        String text = terminal.readText("Continue with installation? [y/N]");
        if (!text.equalsIgnoreCase("y")) {
            throw new RuntimeException("installation aborted by user");
        }
    }
}
Also used : PermissionCollection(java.security.PermissionCollection) UnresolvedPermission(java.security.UnresolvedPermission) Permission(java.security.Permission)

Aggregations

PermissionCollection (java.security.PermissionCollection)107 Permission (java.security.Permission)39 Permissions (java.security.Permissions)29 CodeSource (java.security.CodeSource)25 FilePermission (java.io.FilePermission)20 ProtectionDomain (java.security.ProtectionDomain)19 AllPermission (java.security.AllPermission)16 Policy (java.security.Policy)15 URL (java.net.URL)14 File (java.io.File)10 IOException (java.io.IOException)10 Certificate (java.security.cert.Certificate)8 AccessControlContext (java.security.AccessControlContext)7 PropertyPermission (java.util.PropertyPermission)7 Test (org.junit.Test)7 SocketPermission (java.net.SocketPermission)6 Method (java.lang.reflect.Method)5 Principal (java.security.Principal)5 PrivilegedActionException (java.security.PrivilegedActionException)5 URLClassLoader (java.net.URLClassLoader)4