Example 71 with PermissionCollection
use of java.security.PermissionCollection in project Payara by payara.
the class PermissionsUtil method getEEPolicyPermissions.
private static PermissionCollection getEEPolicyPermissions(URL fileUrl) throws IOException {
// System.out.println("Loading policy from " + fileUrl);
PolicyFile pf = new PolicyFile(fileUrl);
CodeSource cs = new CodeSource(new URL(SMGlobalPolicyUtil.CLIENT_TYPE_CODESOURCE), (Certificate[]) null);
PermissionCollection pc = pf.getPermissions(cs);
return pc;
}
Also used :
PermissionCollection(java.security.PermissionCollection)
PolicyFile(sun.security.provider.PolicyFile)
CodeSource(java.security.CodeSource)
URL(java.net.URL)
Certificate(java.security.cert.Certificate)
Example 72 with PermissionCollection
use of java.security.PermissionCollection in project rt.equinox.framework by eclipse.
the class AdminPermissionTests method testAdminPermission.
public void testAdminPermission() {
AdminPermission p1 = new AdminPermission();
// $NON-NLS-1$ //$NON-NLS-2$
AdminPermission p2 = new AdminPermission("*", "*");
// $NON-NLS-1$ //$NON-NLS-2$
Permission op = new PropertyPermission("java.home", "read");
shouldImply(p1, p2);
shouldImply(p1, p1);
shouldNotImply(p1, op);
shouldEqual(p1, p2);
shouldNotEqual(p1, op);
PermissionCollection pc = p1.newPermissionCollection();
checkEnumeration(pc.elements(), true);
shouldNotImply(pc, p1);
shouldAdd(pc, p1);
shouldAdd(pc, p2);
shouldNotAdd(pc, op);
pc.setReadOnly();
shouldNotAdd(pc, new AdminPermission());
shouldImply(pc, p1);
shouldImply(pc, p2);
shouldNotImply(pc, op);
checkEnumeration(pc.elements(), false);
testSerialization(p1);
testSerialization(p2);
}
Also used :
PermissionCollection(java.security.PermissionCollection)
AdminPermission(org.osgi.framework.AdminPermission)
PropertyPermission(java.util.PropertyPermission)
Permission(java.security.Permission)
AdminPermission(org.osgi.framework.AdminPermission)
PropertyPermission(java.util.PropertyPermission)
Example 73 with PermissionCollection
use of java.security.PermissionCollection in project jdk8u_jdk by JetBrains.
the class AppContextCreator method getPermissions.
/**
* Returns the permissions for the given codesource object.
* The implementation of this method first calls super.getPermissions,
* to get the permissions
* granted by the super class, and then adds additional permissions
* based on the URL of the codesource.
* <p>
* If the protocol is "file"
* and the path specifies a file, permission is granted to read all files
* and (recursively) all files and subdirectories contained in
* that directory. This is so applets with a codebase of
* file:/blah/some.jar can read in file:/blah/, which is needed to
* be backward compatible. We also add permission to connect back to
* the "localhost".
*
* @param codesource the codesource
* @throws NullPointerException if {@code codesource} is {@code null}.
* @return the permissions granted to the codesource
*/
protected PermissionCollection getPermissions(CodeSource codesource) {
final PermissionCollection perms = super.getPermissions(codesource);
URL url = codesource.getLocation();
String path = null;
Permission p;
try {
p = url.openConnection().getPermission();
} catch (java.io.IOException ioe) {
p = null;
}
if (p instanceof FilePermission) {
path = p.getName();
} else if ((p == null) && (url.getProtocol().equals("file"))) {
path = url.getFile().replace('/', File.separatorChar);
path = ParseUtil.decode(path);
}
if (path != null) {
final String rawPath = path;
if (!path.endsWith(File.separator)) {
int endIndex = path.lastIndexOf(File.separatorChar);
if (endIndex != -1) {
path = path.substring(0, endIndex + 1) + "-";
perms.add(new FilePermission(path, SecurityConstants.FILE_READ_ACTION));
}
}
final File f = new File(rawPath);
final boolean isDirectory = f.isDirectory();
// that ends with .jar or .zip
if (allowRecursiveDirectoryRead && (isDirectory || rawPath.toLowerCase().endsWith(".jar") || rawPath.toLowerCase().endsWith(".zip"))) {
Permission bperm;
try {
bperm = base.openConnection().getPermission();
} catch (java.io.IOException ioe) {
bperm = null;
}
if (bperm instanceof FilePermission) {
String bpath = bperm.getName();
if (bpath.endsWith(File.separator)) {
bpath += "-";
}
perms.add(new FilePermission(bpath, SecurityConstants.FILE_READ_ACTION));
} else if ((bperm == null) && (base.getProtocol().equals("file"))) {
String bpath = base.getFile().replace('/', File.separatorChar);
bpath = ParseUtil.decode(bpath);
if (bpath.endsWith(File.separator)) {
bpath += "-";
}
perms.add(new FilePermission(bpath, SecurityConstants.FILE_READ_ACTION));
}
}
}
return perms;
}
Also used :
PermissionCollection(java.security.PermissionCollection)
FilePermission(java.io.FilePermission)
SocketPermission(java.net.SocketPermission)
Permission(java.security.Permission)
IOException(java.io.IOException)
FilePermission(java.io.FilePermission)
File(java.io.File)
URL(java.net.URL)
Example 74 with PermissionCollection
use of java.security.PermissionCollection in project freeplane by freeplane.
the class MyGroovyClassLoader method getPermissions.
@Override
protected PermissionCollection getPermissions(CodeSource codeSource) {
PermissionCollection perms = new Permissions();
perms.setReadOnly();
return perms;
}
Also used :
PermissionCollection(java.security.PermissionCollection)
Permissions(java.security.Permissions)
Example 75 with PermissionCollection
use of java.security.PermissionCollection in project derby by apache.
the class SystemPrivilegesPermissionTest method testSystemPermissionSerialization.
/**
* Test serialization and deserialization of SystemPermission objects.
*/
private void testSystemPermissionSerialization() throws IOException {
// serialize and deserialize.
for (String name : VALID_SYSPERM_NAMES) {
for (String action : VALID_SYSPERM_ACTIONS) {
// Actions are case-insensitive, so test both lower-case
// and upper-case.
SystemPermission pl = new SystemPermission(name, action.toLowerCase(Locale.US));
SystemPermission pu = new SystemPermission(name, action.toUpperCase(Locale.US));
assertEquals(pl, serializeDeserialize(pl, null));
assertEquals(pu, serializeDeserialize(pu, null));
}
}
// A permission can specify multiple actions ...
SystemPermission sp = new SystemPermission("server", "control,monitor,shutdown");
assertEquals(sp, serializeDeserialize(sp, null));
// ... but only a single name, so this should fail.
// (Did not fail before DERBY-3476.)
serializeDeserialize(createSyspermNoCheck("server,jmx", "control"), IllegalArgumentException.class);
// Invalid and duplicate actions should be ignored.
sp = serializeDeserialize(createSyspermNoCheck(VALID_SYSPERM_NAMES[0], "control,invalid,control,,shutdown"), null);
// The next assert failed before DERBY-3476.
assertEquals("control,shutdown", sp.getActions());
// Empty action is allowed.
sp = new SystemPermission(VALID_SYSPERM_NAMES[0], "");
assertEquals(sp, serializeDeserialize(sp, null));
// Name is case-sensitive, so this should fail.
// (Did not fail before DERBY-3476.)
serializeDeserialize(createSyspermNoCheck(VALID_SYSPERM_NAMES[0].toUpperCase(Locale.US), VALID_SYSPERM_ACTIONS[0]), IllegalArgumentException.class);
// Empty name is not allowed.
serializeDeserialize(createSyspermNoCheck("", VALID_SYSPERM_ACTIONS[0]), IllegalArgumentException.class);
// Null name is not allowed.
serializeDeserialize(createSyspermNoCheck(null, VALID_SYSPERM_ACTIONS[0]), NullPointerException.class);
// Null action is not allowed.
// (Did not fail before DERBY-3476.)
serializeDeserialize(createSyspermNoCheck(VALID_SYSPERM_NAMES[0], null), NullPointerException.class);
// Test serialization of SystemPermission collections.
// Serialization should work on empty collection.
PermissionCollection collection = sp.newPermissionCollection();
PermissionCollection readCollection = serializeDeserialize(collection, null);
assertFalse(readCollection.elements().hasMoreElements());
// Serialization should work on non-empty collection.
sp = new SystemPermission(VALID_SYSPERM_NAMES[0], VALID_SYSPERM_ACTIONS[0]);
collection = sp.newPermissionCollection();
collection.add(sp);
readCollection = serializeDeserialize(collection, null);
assertEquals(Arrays.asList(sp), Collections.list(readCollection.elements()));
// Deserialization should fail if the collection contains a
// permission with invalid name.
collection.add(createSyspermNoCheck("invalid_name", "control"));
serializeDeserialize(collection, IllegalArgumentException.class);
// Deserialization should fail if the collection contains a
// permission that is not a SystemPermission.
collection = sp.newPermissionCollection();
HashMap<String, Permission> permissions = new HashMap<String, Permission>();
permissions.put("engine", new AllPermission());
setField(collection.getClass(), "permissions", collection, permissions);
serializeDeserialize(collection, ClassCastException.class);
}
Also used :
SystemPermission(org.apache.derby.shared.common.security.SystemPermission)
PermissionCollection(java.security.PermissionCollection)
HashMap(java.util.HashMap)
SystemPermission(org.apache.derby.shared.common.security.SystemPermission)
AllPermission(java.security.AllPermission)
DatabasePermission(org.apache.derby.security.DatabasePermission)
Permission(java.security.Permission)
AllPermission(java.security.AllPermission)
Aggregations
PermissionCollection (java.security.PermissionCollection)107
Permission (java.security.Permission)39
Permissions (java.security.Permissions)29
CodeSource (java.security.CodeSource)25
FilePermission (java.io.FilePermission)20
ProtectionDomain (java.security.ProtectionDomain)19
AllPermission (java.security.AllPermission)16
Policy (java.security.Policy)15
URL (java.net.URL)14
File (java.io.File)10
IOException (java.io.IOException)10
Certificate (java.security.cert.Certificate)8
AccessControlContext (java.security.AccessControlContext)7
PropertyPermission (java.util.PropertyPermission)7
Test (org.junit.Test)7
SocketPermission (java.net.SocketPermission)6
Method (java.lang.reflect.Method)5
Principal (java.security.Principal)5
PrivilegedActionException (java.security.PrivilegedActionException)5
URLClassLoader (java.net.URLClassLoader)4
