use of java.security.PermissionCollection in project Payara by payara.
the class PermissionsUtil method getEEPolicyPermissions.
private static PermissionCollection getEEPolicyPermissions(URL fileUrl) throws IOException {
// System.out.println("Loading policy from " + fileUrl);
PolicyFile pf = new PolicyFile(fileUrl);
CodeSource cs = new CodeSource(new URL(SMGlobalPolicyUtil.CLIENT_TYPE_CODESOURCE), (Certificate[]) null);
PermissionCollection pc = pf.getPermissions(cs);
return pc;
}
use of java.security.PermissionCollection in project rt.equinox.framework by eclipse.
the class AdminPermissionTests method testAdminPermission.
public void testAdminPermission() {
AdminPermission p1 = new AdminPermission();
// $NON-NLS-1$ //$NON-NLS-2$
AdminPermission p2 = new AdminPermission("*", "*");
// $NON-NLS-1$ //$NON-NLS-2$
Permission op = new PropertyPermission("java.home", "read");
shouldImply(p1, p2);
shouldImply(p1, p1);
shouldNotImply(p1, op);
shouldEqual(p1, p2);
shouldNotEqual(p1, op);
PermissionCollection pc = p1.newPermissionCollection();
checkEnumeration(pc.elements(), true);
shouldNotImply(pc, p1);
shouldAdd(pc, p1);
shouldAdd(pc, p2);
shouldNotAdd(pc, op);
pc.setReadOnly();
shouldNotAdd(pc, new AdminPermission());
shouldImply(pc, p1);
shouldImply(pc, p2);
shouldNotImply(pc, op);
checkEnumeration(pc.elements(), false);
testSerialization(p1);
testSerialization(p2);
}
use of java.security.PermissionCollection in project jdk8u_jdk by JetBrains.
the class AppContextCreator method getPermissions.
/**
* Returns the permissions for the given codesource object.
* The implementation of this method first calls super.getPermissions,
* to get the permissions
* granted by the super class, and then adds additional permissions
* based on the URL of the codesource.
* <p>
* If the protocol is "file"
* and the path specifies a file, permission is granted to read all files
* and (recursively) all files and subdirectories contained in
* that directory. This is so applets with a codebase of
* file:/blah/some.jar can read in file:/blah/, which is needed to
* be backward compatible. We also add permission to connect back to
* the "localhost".
*
* @param codesource the codesource
* @throws NullPointerException if {@code codesource} is {@code null}.
* @return the permissions granted to the codesource
*/
protected PermissionCollection getPermissions(CodeSource codesource) {
final PermissionCollection perms = super.getPermissions(codesource);
URL url = codesource.getLocation();
String path = null;
Permission p;
try {
p = url.openConnection().getPermission();
} catch (java.io.IOException ioe) {
p = null;
}
if (p instanceof FilePermission) {
path = p.getName();
} else if ((p == null) && (url.getProtocol().equals("file"))) {
path = url.getFile().replace('/', File.separatorChar);
path = ParseUtil.decode(path);
}
if (path != null) {
final String rawPath = path;
if (!path.endsWith(File.separator)) {
int endIndex = path.lastIndexOf(File.separatorChar);
if (endIndex != -1) {
path = path.substring(0, endIndex + 1) + "-";
perms.add(new FilePermission(path, SecurityConstants.FILE_READ_ACTION));
}
}
final File f = new File(rawPath);
final boolean isDirectory = f.isDirectory();
// that ends with .jar or .zip
if (allowRecursiveDirectoryRead && (isDirectory || rawPath.toLowerCase().endsWith(".jar") || rawPath.toLowerCase().endsWith(".zip"))) {
Permission bperm;
try {
bperm = base.openConnection().getPermission();
} catch (java.io.IOException ioe) {
bperm = null;
}
if (bperm instanceof FilePermission) {
String bpath = bperm.getName();
if (bpath.endsWith(File.separator)) {
bpath += "-";
}
perms.add(new FilePermission(bpath, SecurityConstants.FILE_READ_ACTION));
} else if ((bperm == null) && (base.getProtocol().equals("file"))) {
String bpath = base.getFile().replace('/', File.separatorChar);
bpath = ParseUtil.decode(bpath);
if (bpath.endsWith(File.separator)) {
bpath += "-";
}
perms.add(new FilePermission(bpath, SecurityConstants.FILE_READ_ACTION));
}
}
}
return perms;
}
use of java.security.PermissionCollection in project freeplane by freeplane.
the class MyGroovyClassLoader method getPermissions.
@Override
protected PermissionCollection getPermissions(CodeSource codeSource) {
PermissionCollection perms = new Permissions();
perms.setReadOnly();
return perms;
}
use of java.security.PermissionCollection in project derby by apache.
the class SystemPrivilegesPermissionTest method testSystemPermissionSerialization.
/**
* Test serialization and deserialization of SystemPermission objects.
*/
private void testSystemPermissionSerialization() throws IOException {
// serialize and deserialize.
for (String name : VALID_SYSPERM_NAMES) {
for (String action : VALID_SYSPERM_ACTIONS) {
// Actions are case-insensitive, so test both lower-case
// and upper-case.
SystemPermission pl = new SystemPermission(name, action.toLowerCase(Locale.US));
SystemPermission pu = new SystemPermission(name, action.toUpperCase(Locale.US));
assertEquals(pl, serializeDeserialize(pl, null));
assertEquals(pu, serializeDeserialize(pu, null));
}
}
// A permission can specify multiple actions ...
SystemPermission sp = new SystemPermission("server", "control,monitor,shutdown");
assertEquals(sp, serializeDeserialize(sp, null));
// ... but only a single name, so this should fail.
// (Did not fail before DERBY-3476.)
serializeDeserialize(createSyspermNoCheck("server,jmx", "control"), IllegalArgumentException.class);
// Invalid and duplicate actions should be ignored.
sp = serializeDeserialize(createSyspermNoCheck(VALID_SYSPERM_NAMES[0], "control,invalid,control,,shutdown"), null);
// The next assert failed before DERBY-3476.
assertEquals("control,shutdown", sp.getActions());
// Empty action is allowed.
sp = new SystemPermission(VALID_SYSPERM_NAMES[0], "");
assertEquals(sp, serializeDeserialize(sp, null));
// Name is case-sensitive, so this should fail.
// (Did not fail before DERBY-3476.)
serializeDeserialize(createSyspermNoCheck(VALID_SYSPERM_NAMES[0].toUpperCase(Locale.US), VALID_SYSPERM_ACTIONS[0]), IllegalArgumentException.class);
// Empty name is not allowed.
serializeDeserialize(createSyspermNoCheck("", VALID_SYSPERM_ACTIONS[0]), IllegalArgumentException.class);
// Null name is not allowed.
serializeDeserialize(createSyspermNoCheck(null, VALID_SYSPERM_ACTIONS[0]), NullPointerException.class);
// Null action is not allowed.
// (Did not fail before DERBY-3476.)
serializeDeserialize(createSyspermNoCheck(VALID_SYSPERM_NAMES[0], null), NullPointerException.class);
// Test serialization of SystemPermission collections.
// Serialization should work on empty collection.
PermissionCollection collection = sp.newPermissionCollection();
PermissionCollection readCollection = serializeDeserialize(collection, null);
assertFalse(readCollection.elements().hasMoreElements());
// Serialization should work on non-empty collection.
sp = new SystemPermission(VALID_SYSPERM_NAMES[0], VALID_SYSPERM_ACTIONS[0]);
collection = sp.newPermissionCollection();
collection.add(sp);
readCollection = serializeDeserialize(collection, null);
assertEquals(Arrays.asList(sp), Collections.list(readCollection.elements()));
// Deserialization should fail if the collection contains a
// permission with invalid name.
collection.add(createSyspermNoCheck("invalid_name", "control"));
serializeDeserialize(collection, IllegalArgumentException.class);
// Deserialization should fail if the collection contains a
// permission that is not a SystemPermission.
collection = sp.newPermissionCollection();
HashMap<String, Permission> permissions = new HashMap<String, Permission>();
permissions.put("engine", new AllPermission());
setField(collection.getClass(), "permissions", collection, permissions);
serializeDeserialize(collection, ClassCastException.class);
}
Aggregations