Search in sources :

Example 41 with PermissionCollection

use of java.security.PermissionCollection in project jdk8u_jdk by JetBrains.

the class SocketPermissionTest method setupSecurityManager.

@BeforeMethod
public void setupSecurityManager() throws Exception {
    // All permissions, a specific ACC will be used to when testing
    // with a reduced permission set.
    Policy.setPolicy(new Policy() {

        final PermissionCollection perms = new Permissions();

        {
            perms.add(new java.security.AllPermission());
        }

        public PermissionCollection getPermissions(ProtectionDomain domain) {
            return perms;
        }

        public PermissionCollection getPermissions(CodeSource codesource) {
            return perms;
        }

        public boolean implies(ProtectionDomain domain, Permission perm) {
            return perms.implies(perm);
        }
    });
    System.setSecurityManager(new SecurityManager());
}
Also used : Policy(java.security.Policy) PermissionCollection(java.security.PermissionCollection) ProtectionDomain(java.security.ProtectionDomain) Permissions(java.security.Permissions) Permission(java.security.Permission) SocketPermission(java.net.SocketPermission) CodeSource(java.security.CodeSource) BeforeMethod(org.testng.annotations.BeforeMethod)

Example 42 with PermissionCollection

use of java.security.PermissionCollection in project tomee by apache.

the class JaccPermissionsBuilder method build.

public PolicyContext build(final EjbJarInfo ejbJar, final HashMap<String, BeanContext> deployments) throws OpenEJBException {
    final List<MethodPermissionInfo> normalized = new ArrayList<MethodPermissionInfo>();
    List<MethodPermissionInfo> perms = ejbJar.methodPermissions;
    for (final MethodInfo info : ejbJar.excludeList) {
        final MethodPermissionInfo perm = new MethodPermissionInfo();
        perm.excluded = true;
        perm.methods.add(info);
        perms.add(perm);
    }
    perms = MethodInfoUtil.normalizeMethodPermissionInfos(perms);
    for (final BeanContext beanContext : deployments.values()) {
        final Map<Method, MethodAttributeInfo> attributes = resolveAttributes(perms, beanContext);
        if (log.isDebugEnabled()) {
            for (final Map.Entry<Method, MethodAttributeInfo> entry : attributes.entrySet()) {
                final Method method = entry.getKey();
                final MethodPermissionInfo value = (MethodPermissionInfo) entry.getValue();
                log.debug("Security Attribute: " + method + " -- " + MethodInfoUtil.toString(value));
            }
        }
        for (final Map.Entry<Method, MethodAttributeInfo> entry : attributes.entrySet()) {
            final Method method = entry.getKey();
            final MethodPermissionInfo a = (MethodPermissionInfo) entry.getValue();
            final MethodPermissionInfo b = new MethodPermissionInfo();
            b.excluded = a.excluded;
            b.unchecked = a.unchecked;
            b.roleNames.addAll(a.roleNames);
            final MethodInfo am = a.methods.get(0);
            final MethodInfo bm = new MethodInfo();
            bm.ejbName = beanContext.getEjbName();
            bm.ejbDeploymentId = String.valueOf(beanContext.getDeploymentID());
            bm.methodIntf = am.methodIntf;
            bm.className = method.getDeclaringClass().getName();
            bm.methodName = method.getName();
            bm.methodParams = new ArrayList<String>();
            for (final Class<?> type : method.getParameterTypes()) {
                bm.methodParams.add(type.getName());
            }
            b.methods.add(bm);
            normalized.add(b);
        }
    }
    ejbJar.methodPermissions.clear();
    ejbJar.methodPermissions.addAll(normalized);
    ejbJar.excludeList.clear();
    final PolicyContext policyContext = new PolicyContext(ejbJar.moduleUri.toString());
    for (final EnterpriseBeanInfo enterpriseBean : ejbJar.enterpriseBeans) {
        final BeanContext beanContext = deployments.get(enterpriseBean.ejbDeploymentId);
        final PermissionCollection permissions = DelegatePermissionCollection.getPermissionCollection();
        final String ejbName = enterpriseBean.ejbName;
        for (final InterfaceType type : InterfaceType.values()) {
            if (type == InterfaceType.UNKNOWN) {
                continue;
            }
            for (final Class interfce : beanContext.getInterfaces(type)) {
                addPossibleEjbMethodPermissions(permissions, ejbName, type.getSpecName(), interfce);
            }
        }
        addPossibleEjbMethodPermissions(permissions, ejbName, null, beanContext.getBeanClass());
        addDeclaredEjbPermissions(ejbJar, enterpriseBean, null, permissions, policyContext);
    }
    return policyContext;
}
Also used : PermissionCollection(java.security.PermissionCollection) ArrayList(java.util.ArrayList) Method(java.lang.reflect.Method) BeanContext(org.apache.openejb.BeanContext) InterfaceType(org.apache.openejb.InterfaceType) HashMap(java.util.HashMap) Map(java.util.Map)

Example 43 with PermissionCollection

use of java.security.PermissionCollection in project tomee by apache.

the class JaccPermissionsBuilder method addDeclaredEjbPermissions.

private void addDeclaredEjbPermissions(final EjbJarInfo ejbJar, final EnterpriseBeanInfo beanInfo, final String defaultRole, PermissionCollection notAssigned, final PolicyContext policyContext) throws OpenEJBException {
    final PermissionCollection uncheckedPermissions = policyContext.getUncheckedPermissions();
    final PermissionCollection excludedPermissions = policyContext.getExcludedPermissions();
    final Map<String, PermissionCollection> rolePermissions = policyContext.getRolePermissions();
    final String ejbName = beanInfo.ejbName;
    /**
         * JACC v1.0 section 3.1.5.1
         */
    for (final MethodPermissionInfo methodPermission : ejbJar.methodPermissions) {
        final List<String> roleNames = methodPermission.roleNames;
        final boolean unchecked = methodPermission.unchecked;
        final boolean excluded = methodPermission.excluded;
        for (final MethodInfo method : methodPermission.methods) {
            if (!ejbName.equals(method.ejbName)) {
                continue;
            }
            // method name
            String methodName = method.methodName;
            if ("*".equals(methodName)) {
                // jacc uses null instead of *
                methodName = null;
            }
            // method interface
            final String methodIntf = method.methodIntf;
            // method parameters
            final String[] methodParams;
            if (method.methodParams != null) {
                final List<String> paramList = method.methodParams;
                methodParams = paramList.toArray(new String[paramList.size()]);
            } else {
                methodParams = null;
            }
            // create the permission object
            final EJBMethodPermission permission = new EJBMethodPermission(ejbName, methodName, methodIntf, methodParams);
            notAssigned = cullPermissions(notAssigned, permission);
            // if this is unchecked, mark it as unchecked; otherwise assign the roles
            if (unchecked) {
                uncheckedPermissions.add(permission);
            } else if (excluded) {
                /**
                     * JACC v1.0 section 3.1.5.2
                     */
                excludedPermissions.add(permission);
            } else {
                for (final String roleName : roleNames) {
                    PermissionCollection permissions = rolePermissions.get(roleName);
                    if (permissions == null) {
                        permissions = DelegatePermissionCollection.getPermissionCollection();
                        rolePermissions.put(roleName, permissions);
                    }
                    permissions.add(permission);
                }
            }
        }
    }
    /**
         * JACC v1.0 section 3.1.5.3
         */
    for (final SecurityRoleReferenceInfo securityRoleRef : beanInfo.securityRoleReferences) {
        if (securityRoleRef.roleLink == null) {
            throw new OpenEJBException("Missing role-link");
        }
        final String roleLink = securityRoleRef.roleLink;
        PermissionCollection roleLinks = rolePermissions.get(roleLink);
        if (roleLinks == null) {
            roleLinks = DelegatePermissionCollection.getPermissionCollection();
            rolePermissions.put(roleLink, roleLinks);
        }
        roleLinks.add(new EJBRoleRefPermission(ejbName, securityRoleRef.roleName));
    }
    /**
         * EJB v2.1 section 21.3.2
         * <p/>
         * It is possible that some methods are not assigned to any security
         * roles nor contained in the <code>exclude-list</code> element. In
         * this case, it is the responsibility of the Deployer to assign method
         * permissions for all of the unspecified methods, either by assigning
         * them to security roles, or by marking them as <code>unchecked</code>.
         */
    PermissionCollection permissions;
    if (defaultRole == null) {
        permissions = uncheckedPermissions;
    } else {
        permissions = rolePermissions.get(defaultRole);
        if (permissions == null) {
            permissions = DelegatePermissionCollection.getPermissionCollection();
            rolePermissions.put(defaultRole, permissions);
        }
    }
    final Enumeration e = notAssigned.elements();
    while (e.hasMoreElements()) {
        final Permission p = (Permission) e.nextElement();
        permissions.add(p);
    }
}
Also used : PermissionCollection(java.security.PermissionCollection) OpenEJBException(org.apache.openejb.OpenEJBException) Enumeration(java.util.Enumeration) EJBMethodPermission(javax.security.jacc.EJBMethodPermission) EJBRoleRefPermission(javax.security.jacc.EJBRoleRefPermission) EJBMethodPermission(javax.security.jacc.EJBMethodPermission) EJBRoleRefPermission(javax.security.jacc.EJBRoleRefPermission) Permission(java.security.Permission)

Example 44 with PermissionCollection

use of java.security.PermissionCollection in project tomee by apache.

the class BasicPolicyConfiguration method addToRole.

public void addToRole(final String roleName, final Permission permission) throws PolicyContextException {
    if (state != OPEN) {
        throw new UnsupportedOperationException("Not in an open state");
    }
    PermissionCollection permissions = rolePermissionsMap.get(roleName);
    if (permissions == null) {
        permissions = new DelegatePermissionCollection();
        rolePermissionsMap.put(roleName, permissions);
    }
    permissions.add(permission);
}
Also used : DelegatePermissionCollection(org.apache.openejb.assembler.classic.DelegatePermissionCollection) PermissionCollection(java.security.PermissionCollection) DelegatePermissionCollection(org.apache.openejb.assembler.classic.DelegatePermissionCollection)

Example 45 with PermissionCollection

use of java.security.PermissionCollection in project stanbol by apache.

the class UserAwarePolicy method getUserPermissionsFromSystemGraph.

/**
	 * Returns the permissions of the specified user according to the entries in
	 * the sytemGraph.
	 * 
	 * @param user
	 * @return
	 * @throws java.lang.IllegalArgumentException
	 * @throws java.lang.SecurityException
	 */
private PermissionCollection getUserPermissionsFromSystemGraph(final Principal user) throws IllegalArgumentException, SecurityException, UserUnregisteredException {
    final PermissionCollection result = new Permissions();
    AccessController.doPrivileged(new PrivilegedAction<Object>() {

        @Override
        public Object run() {
            logger.debug("Get permissions for user " + user.getName());
            List<String> permissions = getAllPermissionsOfAUserByName(user.getName());
            for (String permissionStr : permissions) {
                logger.debug("Add permission {}", permissionStr);
                Permission perm = permissionMap.get(permissionStr);
                // <code>Permission</code> object is not in the map.
                if (perm == null) {
                    try {
                        perm = PermissionParser.getPermission(permissionStr, getClass().getClassLoader());
                    } catch (IllegalArgumentException e) {
                        logger.error("parsing " + permissionStr, e);
                        continue;
                    } catch (RuntimeException e) {
                        logger.error("instantiating " + permissionStr, e);
                        continue;
                    }
                }
                result.add(perm);
            }
            return null;
        }
    });
    return result;
}
Also used : PermissionCollection(java.security.PermissionCollection) Permissions(java.security.Permissions) Permission(java.security.Permission) ArrayList(java.util.ArrayList) List(java.util.List)

Aggregations

PermissionCollection (java.security.PermissionCollection)45 Permissions (java.security.Permissions)16 Permission (java.security.Permission)14 FilePermission (java.io.FilePermission)11 ProtectionDomain (java.security.ProtectionDomain)11 CodeSource (java.security.CodeSource)9 Policy (java.security.Policy)9 AllPermission (java.security.AllPermission)6 IOException (java.io.IOException)5 SocketPermission (java.net.SocketPermission)5 URL (java.net.URL)5 File (java.io.File)4 Path (java.nio.file.Path)4 AccessControlContext (java.security.AccessControlContext)4 Principal (java.security.Principal)3 ArrayList (java.util.ArrayList)3 Enumeration (java.util.Enumeration)3 Test (org.junit.Test)3 UnresolvedPermission (java.security.UnresolvedPermission)2 Certificate (java.security.cert.Certificate)2