Examples with Permissions java.security.Permissions used on opensource projects

Example 6 with Permissions

use of java.security.Permissions in project elasticsearch by elastic.

the class ESPolicyTests method testRestrictPrivileges.

/** 
     * test restricting privileges to no permissions actually works
     */
public void testRestrictPrivileges() {
    assumeTrue("test requires security manager", System.getSecurityManager() != null);
    try {
        System.getProperty("user.home");
    } catch (SecurityException e) {
        fail("this test needs to be fixed: user.home not available by policy");
    }
    PermissionCollection noPermissions = new Permissions();
    AccessControlContext noPermissionsAcc = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, noPermissions) });
    try {
        AccessController.doPrivileged(new PrivilegedAction<Void>() {

            public Void run() {
                System.getProperty("user.home");
                fail("access should have been denied");
                return null;
            }
        }, noPermissionsAcc);
    } catch (SecurityException expected) {
    // expected exception
    }
}

Example 7 with Permissions

use of java.security.Permissions in project elasticsearch by elastic.

the class ESPolicyUnitTests method testNullCodeSource.

/**
     * Test policy with null codesource.
     * <p>
     * This can happen when restricting privileges with doPrivileged,
     * even though ProtectionDomain's ctor javadocs might make you think
     * that the policy won't be consulted.
     */
public void testNullCodeSource() throws Exception {
    assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
    // create a policy with AllPermission
    Permission all = new AllPermission();
    PermissionCollection allCollection = all.newPermissionCollection();
    allCollection.add(all);
    ESPolicy policy = new ESPolicy(allCollection, Collections.emptyMap(), true);
    // restrict ourselves to NoPermission
    PermissionCollection noPermissions = new Permissions();
    assertFalse(policy.implies(new ProtectionDomain(null, noPermissions), new FilePermission("foo", "read")));
}

Example 8 with Permissions

use of java.security.Permissions in project elasticsearch by elastic.

the class ESPolicyUnitTests method testNullLocation.

/**
     * test with null location
     * <p>
     * its unclear when/if this happens, see https://bugs.openjdk.java.net/browse/JDK-8129972
     */
public void testNullLocation() throws Exception {
    assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
    PermissionCollection noPermissions = new Permissions();
    ESPolicy policy = new ESPolicy(noPermissions, Collections.emptyMap(), true);
    assertFalse(policy.implies(new ProtectionDomain(new CodeSource(null, (Certificate[]) null), noPermissions), new FilePermission("foo", "read")));
}

Example 9 with Permissions

use of java.security.Permissions in project joda-time by JodaOrg.

the class TestDateTimeZone method testZoneInfoProviderResourceLoading.

public void testZoneInfoProviderResourceLoading() {
    final Set<String> ids = new HashSet<String>(DateTimeZone.getAvailableIDs());
    ids.remove(DateTimeZone.getDefault().getID());
    final String id = ids.toArray(new String[ids.size()])[new Random().nextInt(ids.size())];
    try {
        Policy.setPolicy(new Policy() {

            @Override
            public PermissionCollection getPermissions(CodeSource codesource) {
                Permissions p = new Permissions();
                // enable everything
                p.add(new AllPermission());
                return p;
            }

            @Override
            public void refresh() {
            }

            @Override
            public boolean implies(ProtectionDomain domain, Permission permission) {
                return !(permission instanceof FilePermission) && !permission.getName().contains(id);
            }
        });
        System.setSecurityManager(new SecurityManager());
        // will throw IllegalArgumentException if the resource can
        // not be loaded
        final DateTimeZone zone = DateTimeZone.forID(id);
        assertNotNull(zone);
    } finally {
        System.setSecurityManager(null);
        Policy.setPolicy(ALLOW);
    }
}

Example 10 with Permissions

use of java.security.Permissions in project jdk8u_jdk by JetBrains.

the class ContextInsulation method main.

public static void main(String[] args) throws Exception {
    /*
         * If we delay setting the security manager until after the service
         * configuration file has been installed, then this test still
         * functions properly, but the -Djava.security.debug output is
         * lacking, so to ease debugging, we'll set it early-- at the cost
         * of having to specify the policy even when running standalone.
         */
    TestLibrary.suggestSecurityManager(null);
    ServiceConfiguration.installServiceConfigurationFile();
    /*
         * Execute use of RMIClassLoader within an AccessControlContext
         * that has a protection domain with no permissions, to make sure
         * that RMIClassLoader can still properly initialize itself.
         */
    CodeSource codesource = new CodeSource(null, (Certificate[]) null);
    Permissions perms = null;
    ProtectionDomain pd = new ProtectionDomain(codesource, perms);
    AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] { pd });
    java.security.AccessController.doPrivileged(new java.security.PrivilegedExceptionAction() {

        public Object run() throws Exception {
            TestProvider.exerciseTestProvider(TestProvider2.loadClassReturn, TestProvider2.loadProxyClassReturn, TestProvider2.getClassLoaderReturn, TestProvider2.getClassAnnotationReturn, TestProvider2.invocations);
            return null;
        }
    }, acc);
}