use of java.security.PermissionCollection in project Payara by payara.
the class GlobalPolicyUtil method checkRestrictionOfComponentType.
/**
* Check a permission set against a restriction of a component type
*
* @param declaredPC
* @param type
* @return
* @throws SecurityException
*/
public static void checkRestrictionOfComponentType(PermissionCollection declaredPC, CommponentType type) throws SecurityException {
if (CommponentType.ear == type) {
checkRestrictionOfEar(declaredPC);
}
PermissionCollection restrictedPC = compTypeToEERestrictedMap.get(type);
checkRestriction(declaredPC, restrictedPC);
}
use of java.security.PermissionCollection in project Payara by payara.
the class GlobalPolicyUtil method checkRestrictionOfEar.
// For ear type, check everything
public static void checkRestrictionOfEar(PermissionCollection declaredPC) throws SecurityException {
PermissionCollection permissionCollection = compTypeToEERestrictedMap.get(CommponentType.ejb);
if (permissionCollection != null) {
GlobalPolicyUtil.checkRestriction(declaredPC, permissionCollection);
}
permissionCollection = compTypeToEERestrictedMap.get(CommponentType.war);
if (permissionCollection != null) {
GlobalPolicyUtil.checkRestriction(declaredPC, permissionCollection);
}
permissionCollection = compTypeToEERestrictedMap.get(CommponentType.rar);
if (permissionCollection != null) {
GlobalPolicyUtil.checkRestriction(declaredPC, permissionCollection);
}
permissionCollection = compTypeToEERestrictedMap.get(CommponentType.car);
if (permissionCollection != null) {
GlobalPolicyUtil.checkRestriction(declaredPC, permissionCollection);
}
}
use of java.security.PermissionCollection in project Payara by payara.
the class PermissionCache method checkCache.
private boolean checkCache(Permission permissionToCheck, Epoch epoch) {
// Test-and-set to guard critical section
rLock.lock();
try {
if (loading) {
return false;
}
if (cache != null) {
// Check permission and return.
return checkLoadedCache(permissionToCheck, epoch);
}
} finally {
rLock.unlock();
}
wLock.lock();
if (loading) {
// Another thread started the load
// release the writelock and return
wLock.unlock();
return false;
}
if (cache != null) {
// another thread loaded the cache
// get readlock inside writelock.
// check permission and return
rLock.lock();
wLock.unlock();
try {
// check permission and return
return checkLoadedCache(permissionToCheck, epoch);
} finally {
rLock.unlock();
}
}
// Set the load indicators so that readers will bypass the cache until it is loaded
// release the writelock and return
cache = null;
loading = true;
wLock.unlock();
// cache will be null if we proceed past this point
// NO LOCKS ARE HELD AT THIS POINT
Permissions nextCache = new Permissions();
boolean setPc = false;
String oldpcID = null;
try {
oldpcID = PolicyContext.getContextID();
if (pcID == null || !pcID.equals(oldpcID)) {
setPc = true;
}
} catch (Exception ex) {
_logger.log(SEVERE, "JACC: Unexpected security exception on access decision", ex);
return false;
}
PermissionCollection pc = null;
try {
if (setPc) {
setPolicyContextID(pcID);
}
pc = policy.getPermissions(codesource);
} catch (Exception ex) {
_logger.log(SEVERE, "JACC: Unexpected security exception on access decision", ex);
return false;
} finally {
if (setPc) {
try {
setPolicyContextID(oldpcID);
} catch (Exception ex) {
_logger.log(SEVERE, "JACC: Unexpected security exception on access decision", ex);
return false;
}
}
}
// Force resolution of unresolved permissions so that we can filter out all but the permissions
// that are supposed to be in the cache.
resolvePermissions(pc, permissionToCheck);
for (Permission i : list(pc.elements())) {
if (i.equals(allPermission)) {
nextCache.add(i);
} else {
boolean classMatch = true;
if (this.classes != null) {
classMatch = false;
Class iClazz = i.getClass();
for (int j = 0; j < this.classes.length; j++) {
if (this.classes[j].equals(iClazz)) {
classMatch = true;
break;
}
}
}
if (classMatch) {
if (this.name != null) {
String iName = i.getName();
if (iName != null && this.name.equals(iName)) {
nextCache.add(i);
}
} else {
nextCache.add(i);
}
}
}
}
// Get the writelock to mark cache as loaded
wLock.lock();
cache = nextCache;
loading = false;
try {
// Get readlock inside writelock.
rLock.lock();
wLock.unlock();
// check permission and return
return checkLoadedCache(permissionToCheck, epoch);
} finally {
rLock.unlock();
}
}
use of java.security.PermissionCollection in project jetty.project by eclipse.
the class WebAppClassLoader method getPermissions.
/* ------------------------------------------------------------ */
@Override
public PermissionCollection getPermissions(CodeSource cs) {
PermissionCollection permissions = _context.getPermissions();
PermissionCollection pc = (permissions == null) ? super.getPermissions(cs) : permissions;
return pc;
}
use of java.security.PermissionCollection in project elasticsearch by elastic.
the class PluginSecurity method readPolicy.
/**
* Reads plugin policy, prints/confirms exceptions
*/
static void readPolicy(Path file, Terminal terminal, Environment environment, boolean batch) throws IOException {
PermissionCollection permissions = parsePermissions(terminal, file, environment.tmpFile());
List<Permission> requested = Collections.list(permissions.elements());
if (requested.isEmpty()) {
terminal.println(Verbosity.VERBOSE, "plugin has a policy file with no additional permissions");
return;
}
// sort permissions in a reasonable order
Collections.sort(requested, new Comparator<Permission>() {
@Override
public int compare(Permission o1, Permission o2) {
int cmp = o1.getClass().getName().compareTo(o2.getClass().getName());
if (cmp == 0) {
String name1 = o1.getName();
String name2 = o2.getName();
if (name1 == null) {
name1 = "";
}
if (name2 == null) {
name2 = "";
}
cmp = name1.compareTo(name2);
if (cmp == 0) {
String actions1 = o1.getActions();
String actions2 = o2.getActions();
if (actions1 == null) {
actions1 = "";
}
if (actions2 == null) {
actions2 = "";
}
cmp = actions1.compareTo(actions2);
}
}
return cmp;
}
});
terminal.println(Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
terminal.println(Verbosity.NORMAL, "@ WARNING: plugin requires additional permissions @");
terminal.println(Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
// print all permissions:
for (Permission permission : requested) {
terminal.println(Verbosity.NORMAL, "* " + formatPermission(permission));
}
terminal.println(Verbosity.NORMAL, "See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html");
terminal.println(Verbosity.NORMAL, "for descriptions of what these permissions allow and the associated risks.");
if (!batch) {
terminal.println(Verbosity.NORMAL, "");
String text = terminal.readText("Continue with installation? [y/N]");
if (!text.equalsIgnoreCase("y")) {
throw new RuntimeException("installation aborted by user");
}
}
}
Aggregations