Example 61 with PermissionCollection
use of java.security.PermissionCollection in project jdk8u_jdk by JetBrains.
the class SocketPermissionTest method setupSecurityManager.
@BeforeMethod
public void setupSecurityManager() throws Exception {
// All permissions, a specific ACC will be used to when testing
// with a reduced permission set.
Policy.setPolicy(new Policy() {
final PermissionCollection perms = new Permissions();
{
perms.add(new java.security.AllPermission());
}
public PermissionCollection getPermissions(ProtectionDomain domain) {
return perms;
}
public PermissionCollection getPermissions(CodeSource codesource) {
return perms;
}
public boolean implies(ProtectionDomain domain, Permission perm) {
return perms.implies(perm);
}
});
System.setSecurityManager(new SecurityManager());
}
Also used :
Policy(java.security.Policy)
PermissionCollection(java.security.PermissionCollection)
ProtectionDomain(java.security.ProtectionDomain)
Permissions(java.security.Permissions)
Permission(java.security.Permission)
SocketPermission(java.net.SocketPermission)
CodeSource(java.security.CodeSource)
BeforeMethod(org.testng.annotations.BeforeMethod)
Example 62 with PermissionCollection
use of java.security.PermissionCollection in project jdk8u_jdk by JetBrains.
the class FactoryURLClassLoader method getPermissions.
/**
* Returns the permissions for the given codesource object.
* The implementation of this method first calls super.getPermissions
* and then adds permissions based on the URL of the codesource.
* <p>
* If the protocol of this URL is "jar", then the permission granted
* is based on the permission that is required by the URL of the Jar
* file.
* <p>
* If the protocol is "file" and there is an authority component, then
* permission to connect to and accept connections from that authority
* may be granted. If the protocol is "file"
* and the path specifies a file, then permission to read that
* file is granted. If protocol is "file" and the path is
* a directory, permission is granted to read all files
* and (recursively) all files and subdirectories contained in
* that directory.
* <p>
* If the protocol is not "file", then permission
* to connect to and accept connections from the URL's host is granted.
* @param codesource the codesource
* @exception NullPointerException if {@code codesource} is {@code null}.
* @return the permissions granted to the codesource
*/
protected PermissionCollection getPermissions(CodeSource codesource) {
PermissionCollection perms = super.getPermissions(codesource);
URL url = codesource.getLocation();
Permission p;
URLConnection urlConnection;
try {
urlConnection = url.openConnection();
p = urlConnection.getPermission();
} catch (java.io.IOException ioe) {
p = null;
urlConnection = null;
}
if (p instanceof FilePermission) {
// if the permission has a separator char on the end,
// it means the codebase is a directory, and we need
// to add an additional permission to read recursively
String path = p.getName();
if (path.endsWith(File.separator)) {
path += "-";
p = new FilePermission(path, SecurityConstants.FILE_READ_ACTION);
}
} else if ((p == null) && (url.getProtocol().equals("file"))) {
String path = url.getFile().replace('/', File.separatorChar);
path = ParseUtil.decode(path);
if (path.endsWith(File.separator))
path += "-";
p = new FilePermission(path, SecurityConstants.FILE_READ_ACTION);
} else {
/**
* Not loading from a 'file:' URL so we want to give the class
* permission to connect to and accept from the remote host
* after we've made sure the host is the correct one and is valid.
*/
URL locUrl = url;
if (urlConnection instanceof JarURLConnection) {
locUrl = ((JarURLConnection) urlConnection).getJarFileURL();
}
String host = locUrl.getHost();
if (host != null && (host.length() > 0))
p = new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION);
}
if (p != null) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
final Permission fp = p;
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() throws SecurityException {
sm.checkPermission(fp);
return null;
}
}, acc);
}
perms.add(p);
}
return perms;
}
Also used :
PermissionCollection(java.security.PermissionCollection)
IOException(java.io.IOException)
FilePermission(java.io.FilePermission)
FilePermission(java.io.FilePermission)
Permission(java.security.Permission)
Example 63 with PermissionCollection
use of java.security.PermissionCollection in project felix by apache.
the class Permissions method implies.
/**
* @param target
* the permission to be implied
* @param bundle
* if not null then allow implicit permissions like file access
* to local data area
* @return true if the permission is implied by this permissions object.
*/
public boolean implies(Permission target, final Bundle bundle) {
if (m_allPermission) {
return true;
}
Class targetClass = target.getClass();
cleanUp(m_queue, m_cache);
if ((bundle != null) && targetClass == FilePermission.class) {
for (int i = 0; i < m_permissionInfos.length; i++) {
if (m_permissionInfos[i].getType().equals(FilePermission.class.getName())) {
String postfix = "";
String name = m_permissionInfos[i].getName();
if (!"<<ALL FILES>>".equals(name)) {
if (name.endsWith("*") || name.endsWith("-")) {
postfix = name.substring(name.length() - 1);
name = name.substring(0, name.length() - 1);
}
if (!(new File(name)).isAbsolute()) {
BundleContext context = (BundleContext) AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
return bundle.getBundleContext();
}
});
if (context == null) {
break;
}
name = m_action.getAbsolutePath(new File(context.getDataFile(""), name));
}
if (postfix.length() > 0) {
if ((name.length() > 0) && !name.endsWith("/")) {
name += "/" + postfix;
} else {
name += postfix;
}
}
}
Permission source = createPermission(new PermissionInfo(FilePermission.class.getName(), name, m_permissionInfos[i].getActions()), targetClass);
if (source.implies(target)) {
return true;
}
}
}
return false;
}
Object current = m_stack.get();
if (current == null) {
m_stack.set(targetClass);
} else {
if (current instanceof HashSet) {
if (((HashSet) current).contains(targetClass)) {
return false;
}
((HashSet) current).add(targetClass);
} else {
if (current == targetClass) {
return false;
}
HashSet frame = new HashSet();
frame.add(current);
frame.add(targetClass);
m_stack.set(frame);
current = frame;
}
}
try {
SoftReference collectionEntry = null;
PermissionCollection collection = null;
synchronized (m_cache) {
collectionEntry = (SoftReference) m_cache.get(targetClass);
}
if (collectionEntry != null) {
collection = (PermissionCollection) collectionEntry.get();
}
if (collection == null) {
collection = target.newPermissionCollection();
if (collection == null) {
collection = new DefaultPermissionCollection();
}
for (int i = 0; i < m_permissionInfos.length; i++) {
PermissionInfo permissionInfo = m_permissionInfos[i];
String infoType = permissionInfo.getType();
String permissionType = targetClass.getName();
if (infoType.equals(permissionType)) {
Permission permission = createPermission(permissionInfo, targetClass);
if (permission != null) {
collection.add(permission);
}
}
}
synchronized (m_cache) {
m_cache.put(new Entry(target.getClass(), m_queue), new SoftReference(collection));
}
}
return collection.implies(target);
} finally {
if (current == null) {
m_stack.set(null);
} else {
((HashSet) current).remove(targetClass);
if (((HashSet) current).isEmpty()) {
m_stack.set(null);
}
}
}
}
Also used :
PermissionCollection(java.security.PermissionCollection)
FilePermission(java.io.FilePermission)
PermissionInfo(org.osgi.service.permissionadmin.PermissionInfo)
SoftReference(java.lang.ref.SoftReference)
PrivilegedAction(java.security.PrivilegedAction)
AllPermission(java.security.AllPermission)
FilePermission(java.io.FilePermission)
AdminPermission(org.osgi.framework.AdminPermission)
Permission(java.security.Permission)
File(java.io.File)
BundleContext(org.osgi.framework.BundleContext)
HashSet(java.util.HashSet)
Example 64 with PermissionCollection
use of java.security.PermissionCollection in project Payara by payara.
the class PermissionCache method checkCache.
private boolean checkCache(Permission p, Epoch e) {
// test-and-set to guard critical section
rLock.lock();
try {
if (loading) {
return false;
} else if (cache != null) {
// check permission and return
return checkLoadedCache(p, e);
}
} finally {
rLock.unlock();
}
wLock.lock();
if (loading) {
// another thread started the load
// release the writelock and return
wLock.unlock();
return false;
} else if (cache != null) {
// another thread loaded the cache
// get readlock inside writelock.
// check permission and return
rLock.lock();
wLock.unlock();
try {
// check permission and return
return checkLoadedCache(p, e);
} finally {
rLock.unlock();
}
} else {
// set the load indicators so that readers will
// bypass the cache until it is loaded
// release the writelock and return
cache = null;
loading = true;
wLock.unlock();
}
// cache will be null if we proceed past this point
// NO LOCKS ARE HELD AT THIS POINT
Permissions nextCache = new Permissions();
boolean setPc = false;
String oldpcID = null;
try {
oldpcID = PolicyContext.getContextID();
if (this.pcID == null || !this.pcID.equals(oldpcID)) {
setPc = true;
}
} catch (Exception ex) {
_logger.log(Level.SEVERE, "JACC: Unexpected security exception on access decision", ex);
return false;
}
PermissionCollection pc = null;
try {
if (setPc) {
setPolicyContextID(this.pcID);
}
pc = policy.getPermissions(this.codesource);
} catch (Exception ex) {
_logger.log(Level.SEVERE, "JACC: Unexpected security exception on access decision", ex);
return false;
} finally {
if (setPc) {
try {
setPolicyContextID(oldpcID);
} catch (Exception ex) {
_logger.log(Level.SEVERE, "JACC: Unexpected security exception on access decision", ex);
return false;
}
}
}
// force resolution of unresolved permissions
// so that we can filter out all but the permissions
// that are supposed to be in the cache.
resolvePermissions(pc, p);
Enumeration granted = pc.elements();
while (granted.hasMoreElements()) {
Permission i = (Permission) granted.nextElement();
if (i.equals(allPermission)) {
nextCache.add(i);
} else {
boolean classMatch = true;
if (this.classes != null) {
classMatch = false;
Class iClazz = i.getClass();
for (int j = 0; j < this.classes.length; j++) {
if (this.classes[j].equals(iClazz)) {
classMatch = true;
break;
}
}
}
if (classMatch) {
if (this.name != null) {
String iName = i.getName();
if (iName != null && this.name.equals(iName)) {
nextCache.add(i);
}
} else {
nextCache.add(i);
}
}
}
}
// get the writelock to mark cache as loaded
wLock.lock();
cache = nextCache;
loading = false;
try {
// get readlock inside writelock.
rLock.lock();
wLock.unlock();
// check permission and return
return checkLoadedCache(p, e);
} finally {
rLock.unlock();
}
}
Also used :
PermissionCollection(java.security.PermissionCollection)
Enumeration(java.util.Enumeration)
Permissions(java.security.Permissions)
AllPermission(java.security.AllPermission)
Permission(java.security.Permission)
PrivilegedActionException(java.security.PrivilegedActionException)
Example 65 with PermissionCollection
use of java.security.PermissionCollection in project Payara by payara.
the class ModuleEEPermissionsProcessor method convertEEPermissionPaths.
// conver the path for permissions
private void convertEEPermissionPaths() throws MalformedURLException {
// get server suppled default policy
PermissionCollection defWarPc = SMGlobalPolicyUtil.getEECompGrantededPerms(type);
// revise the filepermission's path
eePc = processPermisssonsForPath(defWarPc, context);
if (logger.isLoggable(Level.FINE)) {
logger.fine("Revised permissions = " + eePc);
}
}
Also used :
PermissionCollection(java.security.PermissionCollection)
Aggregations
PermissionCollection (java.security.PermissionCollection)107
Permission (java.security.Permission)39
Permissions (java.security.Permissions)29
CodeSource (java.security.CodeSource)25
FilePermission (java.io.FilePermission)20
ProtectionDomain (java.security.ProtectionDomain)19
AllPermission (java.security.AllPermission)16
Policy (java.security.Policy)15
URL (java.net.URL)14
File (java.io.File)10
IOException (java.io.IOException)10
Certificate (java.security.cert.Certificate)8
AccessControlContext (java.security.AccessControlContext)7
PropertyPermission (java.util.PropertyPermission)7
Test (org.junit.Test)7
SocketPermission (java.net.SocketPermission)6
Method (java.lang.reflect.Method)5
Principal (java.security.Principal)5
PrivilegedActionException (java.security.PrivilegedActionException)5
URLClassLoader (java.net.URLClassLoader)4
