Examples with Permissions java.security.Permissions used on opensource projects

Search in sources :

Example 16 with Permissions

use of java.security.Permissions in project jdk8u_jdk by JetBrains.

the class SubjectDomainCombiner method combineJavaxPolicy.

/**
     * Use the javax.security.auth.Policy implementation
     */
private ProtectionDomain[] combineJavaxPolicy(ProtectionDomain[] currentDomains, ProtectionDomain[] assignedDomains) {
    if (!allowCaching) {
        java.security.AccessController.doPrivileged(new PrivilegedAction<Void>() {

            @SuppressWarnings("deprecation")
            public Void run() {
                // Call refresh only caching is disallowed
                javax.security.auth.Policy.getPolicy().refresh();
                return null;
            }
        });
    }
    int cLen = (currentDomains == null ? 0 : currentDomains.length);
    int aLen = (assignedDomains == null ? 0 : assignedDomains.length);
    // the ProtectionDomains for the new AccessControlContext
    // that we will return
    ProtectionDomain[] newDomains = new ProtectionDomain[cLen + aLen];
    synchronized (cachedPDs) {
        if (!subject.isReadOnly() && !subject.getPrincipals().equals(principalSet)) {
            // if the Subject was mutated, clear the PD cache
            Set<Principal> newSet = subject.getPrincipals();
            synchronized (newSet) {
                principalSet = new java.util.HashSet<Principal>(newSet);
            }
            principals = principalSet.toArray(new Principal[principalSet.size()]);
            cachedPDs.clear();
            if (debug != null) {
                debug.println("Subject mutated - clearing cache");
            }
        }
        for (int i = 0; i < cLen; i++) {
            ProtectionDomain pd = currentDomains[i];
            ProtectionDomain subjectPd = cachedPDs.getValue(pd);
            if (subjectPd == null) {
                if (pdAccess.getStaticPermissionsField(pd)) {
                    // keep static ProtectionDomain objects static
                    subjectPd = new ProtectionDomain(pd.getCodeSource(), pd.getPermissions());
                } else {
                    // XXX
                    // we must first add the original permissions.
                    // that way when we later add the new JAAS permissions,
                    // any unresolved JAAS-related permissions will
                    // automatically get resolved.
                    // get the original perms
                    Permissions perms = new Permissions();
                    PermissionCollection coll = pd.getPermissions();
                    java.util.Enumeration<Permission> e;
                    if (coll != null) {
                        synchronized (coll) {
                            e = coll.elements();
                            while (e.hasMoreElements()) {
                                Permission newPerm = e.nextElement();
                                perms.add(newPerm);
                            }
                        }
                    }
                    // get perms from the policy
                    final java.security.CodeSource finalCs = pd.getCodeSource();
                    final Subject finalS = subject;
                    PermissionCollection newPerms = java.security.AccessController.doPrivileged(new PrivilegedAction<PermissionCollection>() {

                        @SuppressWarnings("deprecation")
                        public PermissionCollection run() {
                            return javax.security.auth.Policy.getPolicy().getPermissions(finalS, finalCs);
                        }
                    });
                    // avoiding duplicates
                    synchronized (newPerms) {
                        e = newPerms.elements();
                        while (e.hasMoreElements()) {
                            Permission newPerm = e.nextElement();
                            if (!perms.implies(newPerm)) {
                                perms.add(newPerm);
                                if (debug != null)
                                    debug.println("Adding perm " + newPerm + "\n");
                            }
                        }
                    }
                    subjectPd = new ProtectionDomain(finalCs, perms, pd.getClassLoader(), principals);
                }
                if (allowCaching)
                    cachedPDs.putValue(pd, subjectPd);
            }
            newDomains[i] = subjectPd;
        }
    }
    if (debug != null) {
        debug.println("updated current: ");
        for (int i = 0; i < cLen; i++) {
            debug.println("\tupdated[" + i + "] = " + newDomains[i]);
        }
    }
    // now add on the assigned domains
    if (aLen > 0) {
        System.arraycopy(assignedDomains, 0, newDomains, cLen, aLen);
    }
    if (debug != null) {
        if (newDomains == null || newDomains.length == 0) {
            debug.println("returning null");
        } else {
            debug.println("combinedDomains: ");
            for (int i = 0; i < newDomains.length; i++) {
                debug.println("newDomain " + i + ": " + newDomains[i].toString());
            }
        }
    }
    // return the new ProtectionDomains
    if (newDomains == null || newDomains.length == 0) {
        return null;
    } else {
        return newDomains;
    }
}
Also used : ProtectionDomain(java.security.ProtectionDomain) PermissionCollection(java.security.PermissionCollection) Permissions(java.security.Permissions) Permission(java.security.Permission) Principal(java.security.Principal)

Example 17 with Permissions

use of java.security.Permissions in project jdk8u_jdk by JetBrains.

the class LoaderHandler method getLoaderAccessControlContext.

/**
     * Return the access control context that a loader for the given
     * codebase URL path should execute with.
     */
private static AccessControlContext getLoaderAccessControlContext(URL[] urls) {
    /*
         * The approach used here is taken from the similar method
         * getAccessControlContext() in the sun.applet.AppletPanel class.
         */
    // begin with permissions granted to all code in current policy
    PermissionCollection perms = java.security.AccessController.doPrivileged(new java.security.PrivilegedAction<PermissionCollection>() {

        public PermissionCollection run() {
            CodeSource codesource = new CodeSource(null, (java.security.cert.Certificate[]) null);
            Policy p = java.security.Policy.getPolicy();
            if (p != null) {
                return p.getPermissions(codesource);
            } else {
                return new Permissions();
            }
        }
    });
    // createClassLoader permission needed to create loader in context
    perms.add(new RuntimePermission("createClassLoader"));
    // add permissions to read any "java.*" property
    perms.add(new java.util.PropertyPermission("java.*", "read"));
    // add permissions reuiqred to load from codebase URL path
    addPermissionsForURLs(urls, perms, true);
    /*
         * Create an AccessControlContext that consists of a single
         * protection domain with only the permissions calculated above.
         */
    ProtectionDomain pd = new ProtectionDomain(new CodeSource((urls.length > 0 ? urls[0] : null), (java.security.cert.Certificate[]) null), perms);
    return new AccessControlContext(new ProtectionDomain[] { pd });
}
Also used : Policy(java.security.Policy) PermissionCollection(java.security.PermissionCollection) ProtectionDomain(java.security.ProtectionDomain) CodeSource(java.security.CodeSource) AccessControlContext(java.security.AccessControlContext) Permissions(java.security.Permissions)

Example 18 with Permissions

use of java.security.Permissions in project jdk8u_jdk by JetBrains.

the class PolicyPermissions method init.

private synchronized void init() {
    if (notInit) {
        if (perms == null) {
            perms = new Permissions();
        }
        if (additionalPerms != null) {
            Enumeration<Permission> e = additionalPerms.elements();
            while (e.hasMoreElements()) {
                perms.add(e.nextElement());
            }
            additionalPerms = null;
        }
        policy.getPermissions(perms, codesource);
        notInit = false;
    }
}
Also used : Permissions(java.security.Permissions) UnresolvedPermission(java.security.UnresolvedPermission) PrivateCredentialPermission(javax.security.auth.PrivateCredentialPermission) Permission(java.security.Permission)

Example 19 with Permissions

use of java.security.Permissions in project stanbol by apache.

the class Main method main.

/**
     * @param args
     */
public static void main(String[] args) {
    String home = System.getProperties().getProperty(SLING_HOME);
    if (home == null) {
        home = new File(DEFAULT_STANBOL_HOME).getAbsolutePath();
        System.setProperty(SLING_HOME, home);
    }
    //else do not override user configured values
    List<String> argsList = new ArrayList<String>(Arrays.asList(args));
    if (argsList.contains(PRINTHELPARG)) {
        doHelp();
        System.exit(0);
    }
    if (argsList.contains(NOSECURITYARG)) {
        argsList.remove(NOSECURITYARG);
    } else {
        args = argsList.toArray(new String[argsList.size()]);
        Policy.setPolicy(new Policy() {

            @Override
            public PermissionCollection getPermissions(ProtectionDomain domain) {
                PermissionCollection result = new Permissions();
                result.add(new AllPermission());
                return result;
            }
        });
        System.setSecurityManager(new SecurityManager());
    }
    //now use the standard Apache Sling launcher to do the job
    org.apache.sling.launchpad.app.Main.main(argsList.toArray(new String[argsList.size()]));
}
Also used : Policy(java.security.Policy) ProtectionDomain(java.security.ProtectionDomain) PermissionCollection(java.security.PermissionCollection) ArrayList(java.util.ArrayList) Permissions(java.security.Permissions) AllPermission(java.security.AllPermission) File(java.io.File)

Example 20 with Permissions

use of java.security.Permissions in project elasticsearch by elastic.

the class PluginSecurity method parsePermissions.

/**
     * Parses plugin policy into a set of permissions
     */
static PermissionCollection parsePermissions(Terminal terminal, Path file, Path tmpDir) throws IOException {
    // create a zero byte file for "comparison"
    // this is necessary because the default policy impl automatically grants two permissions:
    // 1. permission to exitVM (which we ignore)
    // 2. read permission to the code itself (e.g. jar file of the code)
    Path emptyPolicyFile = Files.createTempFile(tmpDir, "empty", "tmp");
    final Policy emptyPolicy;
    try {
        emptyPolicy = Policy.getInstance("JavaPolicy", new URIParameter(emptyPolicyFile.toUri()));
    } catch (NoSuchAlgorithmException e) {
        throw new RuntimeException(e);
    }
    IOUtils.rm(emptyPolicyFile);
    // parse the plugin's policy file into a set of permissions
    final Policy policy;
    try {
        policy = Policy.getInstance("JavaPolicy", new URIParameter(file.toUri()));
    } catch (NoSuchAlgorithmException e) {
        throw new RuntimeException(e);
    }
    PermissionCollection permissions = policy.getPermissions(PluginSecurity.class.getProtectionDomain());
    // this method is supported with the specific implementation we use, but just check for safety.
    if (permissions == Policy.UNSUPPORTED_EMPTY_COLLECTION) {
        throw new UnsupportedOperationException("JavaPolicy implementation does not support retrieving permissions");
    }
    PermissionCollection actualPermissions = new Permissions();
    for (Permission permission : Collections.list(permissions.elements())) {
        if (!emptyPolicy.implies(PluginSecurity.class.getProtectionDomain(), permission)) {
            actualPermissions.add(permission);
        }
    }
    actualPermissions.setReadOnly();
    return actualPermissions;
}
Also used : Path(java.nio.file.Path) Policy(java.security.Policy) PermissionCollection(java.security.PermissionCollection) URIParameter(java.security.URIParameter) Permissions(java.security.Permissions) UnresolvedPermission(java.security.UnresolvedPermission) Permission(java.security.Permission) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Aggregations

Permissions (java.security.Permissions)35 ProtectionDomain (java.security.ProtectionDomain)21 PermissionCollection (java.security.PermissionCollection)16 AccessControlContext (java.security.AccessControlContext)13 Permission (java.security.Permission)11 FilePermission (java.io.FilePermission)10 CodeSource (java.security.CodeSource)10 SocketPermission (java.net.SocketPermission)7 Path (java.nio.file.Path)6 Policy (java.security.Policy)6 AllPermission (java.security.AllPermission)5 Certificate (java.security.cert.Certificate)5 URLClassLoader (java.net.URLClassLoader)4 File (java.io.File)3 IOException (java.io.IOException)3 SecurityPermission (java.security.SecurityPermission)2 UnresolvedPermission (java.security.UnresolvedPermission)2 ArrayList (java.util.ArrayList)2 Settings (org.elasticsearch.common.settings.Settings)2 Environment (org.elasticsearch.env.Environment)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial