Example 56 with PermissionCollection
use of java.security.PermissionCollection in project OpenAM by OpenRock.
the class ISPolicy method getPermissions.
/**
* Evaluates the global policy and returns a
* <code>PermissionCollection</code> object specifying the set of
* permissions allowed for Principals associated with the specified code
* source. Here we always return the <code>PermissionCollection</code>
* after adding the<code>ISPermission</code> object into it, so that policy
* determination is also based on OpenAM's policies.
*
* @param codesource the <code>CodeSource</code> associated with the caller.
* This encapsulates the original location of the code (where the code
* came from) and the public key(s) of its signer.This parameter may
* be null.
* @return the Collection of permissions allowed for the code
* from <code>codesource</code> according to the policy.
*
* @exception java.lang.SecurityException if the current thread does not
* have permission to call <code>getPermissions</code> on the policy object.
*/
public PermissionCollection getPermissions(CodeSource codesource) {
debug.message("ISPolicy:: Calling getPermissions");
if (debug.messageEnabled()) {
debug.message("ISPolicy:: codesource's URL=" + codesource.getLocation().toString());
}
PermissionCollection pc;
pc = defaultPolicy.getPermissions(codesource);
// add the ISPermission into the PermissionCollection
// returned by the default policy.
pc.add(new ISPermission(codesource));
if (debug.messageEnabled()) {
debug.message("ISPolicy:getPermissions::pc.elements()");
for (Enumeration e = pc.elements(); e.hasMoreElements(); ) {
debug.message(e.nextElement().toString() + "\n");
}
}
return pc;
}
Also used :
PermissionCollection(java.security.PermissionCollection)
Enumeration(java.util.Enumeration)
Example 57 with PermissionCollection
use of java.security.PermissionCollection in project OpenAM by OpenRock.
the class ISPolicy method getPermissions.
/**
* Evaluates the global policy and returns a
* <code>PermissionCollection</code> object specifying the set of
* permissions allowed for Principals associated with the enclosed
* set of classes. Here we always return the
* <code>PermissionCollection</code> after
* adding the<code>ISPermission</code> object into it, so that policy
* determination is also based on OpenAM's policies.
*
* @param protectionDomain the protection domain which encapsulates the
* characteristics of a domain, which encloses the set of classes
* whose instances are granted the permissions when being executed
* on behalf of the given set of Principals.
*
* @return the Collection of permissions allowed for the protection
* domain according to the policy.
*
* @exception java.lang.SecurityException if the current thread does not
* have permission to call <code>getPermissions</code> on the policy object.
*/
public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
debug.message("ISPolicy:: Calling getPermissions");
if (debug.messageEnabled()) {
debug.message("ISPolicy:: protectionDomain=" + protectionDomain.toString());
}
PermissionCollection pc;
pc = defaultPolicy.getPermissions(protectionDomain);
// add the ISPermission into the PermissionCollection
// returned by the default policy.
pc.add(new ISPermission(protectionDomain));
if (debug.messageEnabled()) {
debug.message("ISPolicy:getPermissions::pc.elements()");
for (Enumeration e = pc.elements(); e.hasMoreElements(); ) {
debug.message(e.nextElement().toString() + "\n");
}
}
return pc;
}
Also used :
PermissionCollection(java.security.PermissionCollection)
Enumeration(java.util.Enumeration)
Example 58 with PermissionCollection
use of java.security.PermissionCollection in project robovm by robovm.
the class URLClassLoader method getPermissions.
/**
* Gets all permissions for the specified {@code codesource}. First, this
* method retrieves the permissions from the system policy. If the protocol
* is "file:/" then a new permission, {@code FilePermission}, granting the
* read permission to the file is added to the permission collection.
* Otherwise, connecting to and accepting connections from the URL is
* granted.
*
* @param codesource
* the code source object whose permissions have to be known.
* @return the list of permissions according to the code source object.
*/
@Override
protected PermissionCollection getPermissions(final CodeSource codesource) {
PermissionCollection pc = super.getPermissions(codesource);
URL u = codesource.getLocation();
if (u.getProtocol().equals("jar")) {
try {
// Create a URL for the resource the jar refers to
u = ((JarURLConnection) u.openConnection()).getJarFileURL();
} catch (IOException e) {
// This should never occur. If it does continue using the jar
// URL
}
}
if (u.getProtocol().equals("file")) {
String path = u.getFile();
String host = u.getHost();
if (host != null && host.length() > 0) {
path = "//" + host + path;
}
if (File.separatorChar != '/') {
path = path.replace('/', File.separatorChar);
}
if (isDirectory(u)) {
pc.add(new FilePermission(path + "-", "read"));
} else {
pc.add(new FilePermission(path, "read"));
}
} else {
String host = u.getHost();
if (host.length() == 0) {
host = "localhost";
}
pc.add(new SocketPermission(host, "connect, accept"));
}
return pc;
}
Also used :
PermissionCollection(java.security.PermissionCollection)
IOException(java.io.IOException)
FilePermission(java.io.FilePermission)
Example 59 with PermissionCollection
use of java.security.PermissionCollection in project jdk8u_jdk by JetBrains.
the class ExitVM method main.
public static void main(String[] args) throws Exception {
RuntimePermission newWildcard = new RuntimePermission("exitVM.*");
RuntimePermission oldWildcard = new RuntimePermission("exitVM");
RuntimePermission other = new RuntimePermission("exitVM.23");
System.out.println("Testing RuntimePermission(\"exitVM.*\")");
System.out.println(" testing getName()");
if (!newWildcard.getName().equals("exitVM.*")) {
throw new Exception("expected: exitVM.* received:" + newWildcard.getName());
}
System.out.println(" testing equals(new RuntimePermission(\"exitVM.*\"))");
if (!newWildcard.equals(new RuntimePermission("exitVM.*"))) {
throw new Exception("expected true, received false");
}
System.out.println(" testing equals(new RuntimePermission(\"exitVM.23\"))");
if (newWildcard.equals(other)) {
throw new Exception("expected false, received true");
}
System.out.println(" testing implies(new RuntimePermission(\"exitVM.23\"))");
if (!newWildcard.implies(other)) {
throw new Exception("expected true, received false");
}
System.out.println(" testing implies(new RuntimePermission(\"exitVM.*\"))");
if (!newWildcard.implies(new RuntimePermission("exitVM.*"))) {
throw new Exception("expected true, received false");
}
System.out.println(" testing implies(new RuntimePermission(\"exitVM\"))");
if (!newWildcard.implies(oldWildcard)) {
throw new Exception("expected true, received false");
}
System.out.println("Testing RuntimePermission(\"exitVM\")");
System.out.println(" testing implies(new RuntimePermission(\"exitVM.*\"))");
if (!oldWildcard.implies(newWildcard)) {
throw new Exception("expected true, received false");
}
System.out.println(" testing implies(new RuntimePermission(\"exitVM\"))");
if (!oldWildcard.implies(new RuntimePermission("exitVM"))) {
throw new Exception("expected true, received false");
}
System.out.println(" testing implies(new RuntimePermission(\"exitVM.23\"))");
if (!oldWildcard.implies(other)) {
throw new Exception("expected true, received false");
}
// now test permission collections
System.out.println("Testing PermissionCollection containing " + "RuntimePermission(\"exitVM.*\")");
PermissionCollection newPC = newWildcard.newPermissionCollection();
newPC.add(newWildcard);
System.out.println(" testing implies(new RuntimePermission(\"exitVM.23\"))");
if (!newPC.implies(other)) {
throw new Exception("expected true, received false");
}
System.out.println(" testing implies(new RuntimePermission(\"exitVM.*\"))");
if (!newPC.implies(new RuntimePermission("exitVM.*"))) {
throw new Exception("expected true, received false");
}
System.out.println(" testing implies(new RuntimePermission(\"exitVM\"))");
if (!newPC.implies(oldWildcard)) {
throw new Exception("expected true, received false");
}
System.out.println("Testing PermissionCollection containing " + "RuntimePermission(\"exitVM\")");
PermissionCollection oldPC = oldWildcard.newPermissionCollection();
oldPC.add(oldWildcard);
System.out.println(" testing implies(new RuntimePermission(\"exitVM.23\"))");
if (!oldPC.implies(other)) {
throw new Exception("expected true, received false");
}
System.out.println(" testing implies(new RuntimePermission(\"exitVM.*\"))");
if (!oldPC.implies(new RuntimePermission("exitVM.*"))) {
throw new Exception("expected true, received false");
}
System.out.println(" testing implies(new RuntimePermission(\"exitVM\"))");
if (!oldPC.implies(oldWildcard)) {
throw new Exception("expected true, received false");
}
}
Also used :
PermissionCollection(java.security.PermissionCollection)
Example 60 with PermissionCollection
use of java.security.PermissionCollection in project jdk8u_jdk by JetBrains.
the class RegistryImpl method getAccessControlContext.
/**
* Generates an AccessControlContext with minimal permissions.
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
private static AccessControlContext getAccessControlContext(int port) {
// begin with permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(new java.security.PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource = new CodeSource(null, (java.security.cert.Certificate[]) null);
Policy p = java.security.Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
/*
* Anyone can connect to the registry and the registry can connect
* to and possibly download stubs from anywhere. Downloaded stubs and
* related classes themselves are more tightly limited by RMI.
*/
perms.add(new SocketPermission("*", "connect,accept"));
perms.add(new SocketPermission("localhost:" + port, "listen,accept"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
perms.add(new FilePermission("<<ALL FILES>>", "read"));
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(new CodeSource(null, (java.security.cert.Certificate[]) null), perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
Also used :
Policy(java.security.Policy)
PermissionCollection(java.security.PermissionCollection)
ProtectionDomain(java.security.ProtectionDomain)
CodeSource(java.security.CodeSource)
FilePermission(java.io.FilePermission)
AccessControlContext(java.security.AccessControlContext)
Permissions(java.security.Permissions)
Aggregations
PermissionCollection (java.security.PermissionCollection)107
Permission (java.security.Permission)39
Permissions (java.security.Permissions)29
CodeSource (java.security.CodeSource)25
FilePermission (java.io.FilePermission)20
ProtectionDomain (java.security.ProtectionDomain)19
AllPermission (java.security.AllPermission)16
Policy (java.security.Policy)15
URL (java.net.URL)14
File (java.io.File)10
IOException (java.io.IOException)10
Certificate (java.security.cert.Certificate)8
AccessControlContext (java.security.AccessControlContext)7
PropertyPermission (java.util.PropertyPermission)7
Test (org.junit.Test)7
SocketPermission (java.net.SocketPermission)6
Method (java.lang.reflect.Method)5
Principal (java.security.Principal)5
PrivilegedActionException (java.security.PrivilegedActionException)5
URLClassLoader (java.net.URLClassLoader)4
