Example 6 with PermissionCollection
use of java.security.PermissionCollection in project elasticsearch by elastic.
the class PluginSecurityTests method testFormatUnresolvedPermission.
/** Test that we can format an unresolved permission properly */
public void testFormatUnresolvedPermission() throws Exception {
assumeTrue("test cannot run with security manager enabled", System.getSecurityManager() == null);
Path scratch = createTempDir();
Path testFile = this.getDataPath("security/unresolved-plugin-security.policy");
PermissionCollection actual = PluginSecurity.parsePermissions(Terminal.DEFAULT, testFile, scratch);
List<Permission> permissions = Collections.list(actual.elements());
assertEquals(1, permissions.size());
assertEquals("org.fake.FakePermission fakeName", PluginSecurity.formatPermission(permissions.get(0)));
}
Also used :
Path(java.nio.file.Path)
PermissionCollection(java.security.PermissionCollection)
Permission(java.security.Permission)
Example 7 with PermissionCollection
use of java.security.PermissionCollection in project elasticsearch by elastic.
the class ESPolicyTests method testRestrictPrivileges.
/**
* test restricting privileges to no permissions actually works
*/
public void testRestrictPrivileges() {
assumeTrue("test requires security manager", System.getSecurityManager() != null);
try {
System.getProperty("user.home");
} catch (SecurityException e) {
fail("this test needs to be fixed: user.home not available by policy");
}
PermissionCollection noPermissions = new Permissions();
AccessControlContext noPermissionsAcc = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, noPermissions) });
try {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
System.getProperty("user.home");
fail("access should have been denied");
return null;
}
}, noPermissionsAcc);
} catch (SecurityException expected) {
// expected exception
}
}
Also used :
PermissionCollection(java.security.PermissionCollection)
ProtectionDomain(java.security.ProtectionDomain)
AccessControlContext(java.security.AccessControlContext)
Permissions(java.security.Permissions)
Example 8 with PermissionCollection
use of java.security.PermissionCollection in project javaee7-samples by javaee-samples.
the class SubjectServlet method doGet.
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
if (subject != null) {
response.getWriter().print("Obtained subject from context.\n");
// Get the permissions associated with the Subject we obtained
PermissionCollection permissionCollection = getPermissionCollection(subject);
// Resolve any potentially unresolved permissions
permissionCollection.implies(new WebRoleRefPermission("", "nothing"));
// Filter just the roles from all the permissions, which may include things like
// java.net.SocketPermission, java.io.FilePermission, and obtain the actual role names.
Set<String> roles = filterRoles(request, permissionCollection);
for (String role : roles) {
response.getWriter().print("User has role " + role + "\n");
}
}
} catch (PolicyContextException e) {
e.printStackTrace(response.getWriter());
}
}
Also used :
PermissionCollection(java.security.PermissionCollection)
WebRoleRefPermission(javax.security.jacc.WebRoleRefPermission)
PolicyContextException(javax.security.jacc.PolicyContextException)
Subject(javax.security.auth.Subject)
Example 9 with PermissionCollection
use of java.security.PermissionCollection in project XobotOS by xamarin.
the class URLClassLoader method getPermissions.
/**
* Gets all permissions for the specified {@code codesource}. First, this
* method retrieves the permissions from the system policy. If the protocol
* is "file:/" then a new permission, {@code FilePermission}, granting the
* read permission to the file is added to the permission collection.
* Otherwise, connecting to and accepting connections from the URL is
* granted.
*
* @param codesource
* the code source object whose permissions have to be known.
* @return the list of permissions according to the code source object.
*/
@Override
protected PermissionCollection getPermissions(final CodeSource codesource) {
PermissionCollection pc = super.getPermissions(codesource);
URL u = codesource.getLocation();
if (u.getProtocol().equals("jar")) {
try {
// Create a URL for the resource the jar refers to
u = ((JarURLConnection) u.openConnection()).getJarFileURL();
} catch (IOException e) {
// This should never occur. If it does continue using the jar
// URL
}
}
if (u.getProtocol().equals("file")) {
String path = u.getFile();
String host = u.getHost();
if (host != null && host.length() > 0) {
path = "//" + host + path;
}
if (File.separatorChar != '/') {
path = path.replace('/', File.separatorChar);
}
if (isDirectory(u)) {
pc.add(new FilePermission(path + "-", "read"));
} else {
pc.add(new FilePermission(path, "read"));
}
} else {
String host = u.getHost();
if (host.length() == 0) {
host = "localhost";
}
pc.add(new SocketPermission(host, "connect, accept"));
}
return pc;
}
Also used :
PermissionCollection(java.security.PermissionCollection)
IOException(java.io.IOException)
FilePermission(java.io.FilePermission)
Example 10 with PermissionCollection
use of java.security.PermissionCollection in project jdk8u_jdk by JetBrains.
the class JarURL method main.
public static void main(String[] args) throws Exception {
String userDir = System.getProperty("user.dir");
String jarURL = "jar:file:" + userDir + File.separator + "foo.jar!/";
URL codeSourceURL = new URL(jarURL);
CodeSource cs = new CodeSource(codeSourceURL, new Certificate[0]);
PermissionCollection perms = Policy.getPolicy().getPermissions(cs);
if (!perms.implies(new AllPermission()))
throw new Exception("FAILED: " + codeSourceURL + " not granted AllPermission");
}
Also used :
PermissionCollection(java.security.PermissionCollection)
AllPermission(java.security.AllPermission)
CodeSource(java.security.CodeSource)
URL(java.net.URL)
Aggregations
PermissionCollection (java.security.PermissionCollection)45
Permissions (java.security.Permissions)16
Permission (java.security.Permission)14
FilePermission (java.io.FilePermission)11
ProtectionDomain (java.security.ProtectionDomain)11
CodeSource (java.security.CodeSource)9
Policy (java.security.Policy)9
AllPermission (java.security.AllPermission)6
IOException (java.io.IOException)5
SocketPermission (java.net.SocketPermission)5
URL (java.net.URL)5
File (java.io.File)4
Path (java.nio.file.Path)4
AccessControlContext (java.security.AccessControlContext)4
Principal (java.security.Principal)3
ArrayList (java.util.ArrayList)3
Enumeration (java.util.Enumeration)3
Test (org.junit.Test)3
UnresolvedPermission (java.security.UnresolvedPermission)2
Certificate (java.security.cert.Certificate)2
