Example 31 with PermissionCollection
use of java.security.PermissionCollection in project jdk8u_jdk by JetBrains.
the class AppContextCreator method getPermissions.
/**
* Returns the permissions for the given codesource object.
* The implementation of this method first calls super.getPermissions,
* to get the permissions
* granted by the super class, and then adds additional permissions
* based on the URL of the codesource.
* <p>
* If the protocol is "file"
* and the path specifies a file, permission is granted to read all files
* and (recursively) all files and subdirectories contained in
* that directory. This is so applets with a codebase of
* file:/blah/some.jar can read in file:/blah/, which is needed to
* be backward compatible. We also add permission to connect back to
* the "localhost".
*
* @param codesource the codesource
* @throws NullPointerException if {@code codesource} is {@code null}.
* @return the permissions granted to the codesource
*/
protected PermissionCollection getPermissions(CodeSource codesource) {
final PermissionCollection perms = super.getPermissions(codesource);
URL url = codesource.getLocation();
String path = null;
Permission p;
try {
p = url.openConnection().getPermission();
} catch (java.io.IOException ioe) {
p = null;
}
if (p instanceof FilePermission) {
path = p.getName();
} else if ((p == null) && (url.getProtocol().equals("file"))) {
path = url.getFile().replace('/', File.separatorChar);
path = ParseUtil.decode(path);
}
if (path != null) {
final String rawPath = path;
if (!path.endsWith(File.separator)) {
int endIndex = path.lastIndexOf(File.separatorChar);
if (endIndex != -1) {
path = path.substring(0, endIndex + 1) + "-";
perms.add(new FilePermission(path, SecurityConstants.FILE_READ_ACTION));
}
}
final File f = new File(rawPath);
final boolean isDirectory = f.isDirectory();
// that ends with .jar or .zip
if (allowRecursiveDirectoryRead && (isDirectory || rawPath.toLowerCase().endsWith(".jar") || rawPath.toLowerCase().endsWith(".zip"))) {
Permission bperm;
try {
bperm = base.openConnection().getPermission();
} catch (java.io.IOException ioe) {
bperm = null;
}
if (bperm instanceof FilePermission) {
String bpath = bperm.getName();
if (bpath.endsWith(File.separator)) {
bpath += "-";
}
perms.add(new FilePermission(bpath, SecurityConstants.FILE_READ_ACTION));
} else if ((bperm == null) && (base.getProtocol().equals("file"))) {
String bpath = base.getFile().replace('/', File.separatorChar);
bpath = ParseUtil.decode(bpath);
if (bpath.endsWith(File.separator)) {
bpath += "-";
}
perms.add(new FilePermission(bpath, SecurityConstants.FILE_READ_ACTION));
}
}
}
return perms;
}
Also used :
PermissionCollection(java.security.PermissionCollection)
FilePermission(java.io.FilePermission)
SocketPermission(java.net.SocketPermission)
Permission(java.security.Permission)
IOException(java.io.IOException)
FilePermission(java.io.FilePermission)
File(java.io.File)
URL(java.net.URL)
Example 32 with PermissionCollection
use of java.security.PermissionCollection in project tomcat by apache.
the class WebappClassLoaderBase method getPermissions.
/**
* Get the Permissions for a CodeSource. If this instance
* of WebappClassLoaderBase is for a web application context,
* add read FilePermission for the appropriate resources.
*
* @param codeSource where the code was loaded from
* @return PermissionCollection for CodeSource
*/
@Override
protected PermissionCollection getPermissions(CodeSource codeSource) {
String codeUrl = codeSource.getLocation().toString();
PermissionCollection pc;
if ((pc = loaderPC.get(codeUrl)) == null) {
pc = super.getPermissions(codeSource);
if (pc != null) {
Iterator<Permission> perms = permissionList.iterator();
while (perms.hasNext()) {
Permission p = perms.next();
pc.add(p);
}
loaderPC.put(codeUrl, pc);
}
}
return (pc);
}
Also used :
PermissionCollection(java.security.PermissionCollection)
FilePermission(java.io.FilePermission)
Permission(java.security.Permission)
Example 33 with PermissionCollection
use of java.security.PermissionCollection in project tomcat by apache.
the class WebappClassLoaderBase method check.
@Override
public boolean check(Permission permission) {
if (!Globals.IS_SECURITY_ENABLED) {
return true;
}
Policy currentPolicy = Policy.getPolicy();
if (currentPolicy != null) {
URL contextRootUrl = resources.getResource("/").getCodeBase();
CodeSource cs = new CodeSource(contextRootUrl, (Certificate[]) null);
PermissionCollection pc = currentPolicy.getPermissions(cs);
if (pc.implies(permission)) {
return true;
}
}
return false;
}
Also used :
Policy(java.security.Policy)
PermissionCollection(java.security.PermissionCollection)
CodeSource(java.security.CodeSource)
URL(java.net.URL)
Certificate(java.security.cert.Certificate)
Example 34 with PermissionCollection
use of java.security.PermissionCollection in project jetty.project by eclipse.
the class WebAppClassLoader method getPermissions.
/* ------------------------------------------------------------ */
@Override
public PermissionCollection getPermissions(CodeSource cs) {
PermissionCollection permissions = _context.getPermissions();
PermissionCollection pc = (permissions == null) ? super.getPermissions(cs) : permissions;
return pc;
}
Also used :
PermissionCollection(java.security.PermissionCollection)
Example 35 with PermissionCollection
use of java.security.PermissionCollection in project elasticsearch by elastic.
the class PluginSecurity method readPolicy.
/**
* Reads plugin policy, prints/confirms exceptions
*/
static void readPolicy(Path file, Terminal terminal, Environment environment, boolean batch) throws IOException {
PermissionCollection permissions = parsePermissions(terminal, file, environment.tmpFile());
List<Permission> requested = Collections.list(permissions.elements());
if (requested.isEmpty()) {
terminal.println(Verbosity.VERBOSE, "plugin has a policy file with no additional permissions");
return;
}
// sort permissions in a reasonable order
Collections.sort(requested, new Comparator<Permission>() {
@Override
public int compare(Permission o1, Permission o2) {
int cmp = o1.getClass().getName().compareTo(o2.getClass().getName());
if (cmp == 0) {
String name1 = o1.getName();
String name2 = o2.getName();
if (name1 == null) {
name1 = "";
}
if (name2 == null) {
name2 = "";
}
cmp = name1.compareTo(name2);
if (cmp == 0) {
String actions1 = o1.getActions();
String actions2 = o2.getActions();
if (actions1 == null) {
actions1 = "";
}
if (actions2 == null) {
actions2 = "";
}
cmp = actions1.compareTo(actions2);
}
}
return cmp;
}
});
terminal.println(Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
terminal.println(Verbosity.NORMAL, "@ WARNING: plugin requires additional permissions @");
terminal.println(Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
// print all permissions:
for (Permission permission : requested) {
terminal.println(Verbosity.NORMAL, "* " + formatPermission(permission));
}
terminal.println(Verbosity.NORMAL, "See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html");
terminal.println(Verbosity.NORMAL, "for descriptions of what these permissions allow and the associated risks.");
if (!batch) {
terminal.println(Verbosity.NORMAL, "");
String text = terminal.readText("Continue with installation? [y/N]");
if (!text.equalsIgnoreCase("y")) {
throw new RuntimeException("installation aborted by user");
}
}
}
Also used :
PermissionCollection(java.security.PermissionCollection)
UnresolvedPermission(java.security.UnresolvedPermission)
Permission(java.security.Permission)
Aggregations
PermissionCollection (java.security.PermissionCollection)64
Permission (java.security.Permission)21
Permissions (java.security.Permissions)19
CodeSource (java.security.CodeSource)12
ProtectionDomain (java.security.ProtectionDomain)12
FilePermission (java.io.FilePermission)11
Policy (java.security.Policy)9
AllPermission (java.security.AllPermission)8
URL (java.net.URL)7
File (java.io.File)6
IOException (java.io.IOException)5
SocketPermission (java.net.SocketPermission)5
Path (java.nio.file.Path)4
AccessControlContext (java.security.AccessControlContext)4
Principal (java.security.Principal)4
Certificate (java.security.cert.Certificate)4
Enumeration (java.util.Enumeration)4
Test (org.junit.Test)4
UnresolvedPermission (java.security.UnresolvedPermission)3
ArrayList (java.util.ArrayList)3
