Search in sources :

Example 26 with Permissions

use of java.security.Permissions in project spring-framework by spring-projects.

the class CallbacksSecurityTests method setUp.

@Before
public void setUp() throws Exception {
    final ProtectionDomain empty = new ProtectionDomain(null, new Permissions());
    provider = new SecurityContextProvider() {

        private final AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] { empty });

        @Override
        public AccessControlContext getAccessControlContext() {
            return acc;
        }
    };
    DefaultResourceLoader drl = new DefaultResourceLoader();
    Resource config = drl.getResource("/org/springframework/beans/factory/support/security/callbacks.xml");
    beanFactory = new DefaultListableBeanFactory();
    new XmlBeanDefinitionReader(beanFactory).loadBeanDefinitions(config);
    beanFactory.setSecurityContextProvider(provider);
}
Also used : SecurityContextProvider(org.springframework.beans.factory.support.SecurityContextProvider) ProtectionDomain(java.security.ProtectionDomain) AccessControlContext(java.security.AccessControlContext) XmlBeanDefinitionReader(org.springframework.beans.factory.xml.XmlBeanDefinitionReader) Permissions(java.security.Permissions) Resource(org.springframework.core.io.Resource) DefaultListableBeanFactory(org.springframework.beans.factory.support.DefaultListableBeanFactory) DefaultResourceLoader(org.springframework.core.io.DefaultResourceLoader) Before(org.junit.Before)

Example 27 with Permissions

use of java.security.Permissions in project spring-framework by spring-projects.

the class CallbacksSecurityTests method testTrustedExecution.

@Test
public void testTrustedExecution() throws Exception {
    beanFactory.setSecurityContextProvider(null);
    Permissions perms = new Permissions();
    perms.add(new AuthPermission("getSubject"));
    ProtectionDomain pd = new ProtectionDomain(null, perms);
    new AccessControlContext(new ProtectionDomain[] { pd });
    final Subject subject = new Subject();
    subject.getPrincipals().add(new TestPrincipal("user1"));
    // request the beans from non-privileged code
    Subject.doAsPrivileged(subject, new PrivilegedAction<Object>() {

        @Override
        public Object run() {
            // sanity check
            assertEquals("user1", getCurrentSubjectName());
            assertEquals(false, NonPrivilegedBean.destroyed);
            beanFactory.getBean("trusted-spring-callbacks");
            beanFactory.getBean("trusted-custom-init-destroy");
            // the factory is a prototype - ask for multiple instances
            beanFactory.getBean("trusted-spring-factory");
            beanFactory.getBean("trusted-spring-factory");
            beanFactory.getBean("trusted-spring-factory");
            beanFactory.getBean("trusted-factory-bean");
            beanFactory.getBean("trusted-static-factory-method");
            beanFactory.getBean("trusted-factory-method");
            beanFactory.getBean("trusted-property-injection");
            beanFactory.getBean("trusted-working-property-injection");
            beanFactory.destroySingletons();
            assertEquals(true, NonPrivilegedBean.destroyed);
            return null;
        }
    }, provider.getAccessControlContext());
}
Also used : ProtectionDomain(java.security.ProtectionDomain) AccessControlContext(java.security.AccessControlContext) AuthPermission(javax.security.auth.AuthPermission) Permissions(java.security.Permissions) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 28 with Permissions

use of java.security.Permissions in project lwjgl by LWJGL.

the class AppletLoader method updateClassPath.

/**
	 * Edits the ClassPath at runtime to include the jars
	 * that have just been downloaded and then adds the
	 * lwjgl natives folder property.
	 *
	 * @param path location where applet is stored
	 * @throws Exception if it fails to add classpath
	 */
protected void updateClassPath(final String path) throws Exception {
    setState(STATE_UPDATING_CLASSPATH);
    percentage = 95;
    URL[] urls = new URL[urlList.length];
    for (int i = 0; i < urlList.length; i++) {
        String file = new File(path, getJarName(urlList[i])).toURI().toString();
        // fix JVM bug where ! is not escaped
        file = file.replace("!", "%21");
        urls[i] = new URL(file);
    }
    // get AppletLoader certificates
    final Certificate[] certs = getCurrentCertificates();
    // detect if we are running on a mac and save result as boolean
    String osName = System.getProperty("os.name");
    final boolean isMacOS = (osName.startsWith("Mac") || osName.startsWith("Darwin"));
    // add downloaded jars to the classpath with required permissions
    classLoader = new URLClassLoader(urls) {

        protected PermissionCollection getPermissions(CodeSource codesource) {
            PermissionCollection perms = null;
            try {
                // no permissions
                perms = new Permissions();
                // if certificates match the AppletLoader certificates then we should be all set
                if (certificatesMatch(certs, codesource.getCertificates())) {
                    perms.add(new AllPermission());
                    return perms;
                }
                String host = getCodeBase().getHost();
                if (host != null && (host.length() > 0)) {
                    // add permission for downloaded jars to access host they were from
                    perms.add(new SocketPermission(host, "connect,accept"));
                } else if ("file".equals(codesource.getLocation().getProtocol())) {
                    // if running locally add file permission
                    String path = codesource.getLocation().getFile().replace('/', File.separatorChar);
                    perms.add(new FilePermission(path, "read"));
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
            return perms;
        }

        // allow non lwjgl native to be found from cache directory
        protected String findLibrary(String libname) {
            String libPath = path + "natives" + File.separator + LWJGLUtil.mapLibraryName(libname);
            if (new File(libPath).exists()) {
                return libPath;
            }
            return super.findLibrary(libname);
        }
    };
    debug_sleep(2000);
    // unload natives loaded by a previous instance of this lwjgl applet
    unloadNatives(path);
    // add natives files path to native class path
    System.setProperty("org.lwjgl.librarypath", path + "natives");
    // Make sure jinput knows about the new path too
    System.setProperty("net.java.games.input.librarypath", path + "natives");
    // set the library path, useful for non lwjgl natives
    System.setProperty("java.library.path", path + "natives");
    // mark natives as loaded
    natives_loaded = true;
}
Also used : PermissionCollection(java.security.PermissionCollection) SocketPermission(java.net.SocketPermission) CodeSource(java.security.CodeSource) FilePermission(java.io.FilePermission) URL(java.net.URL) AccessControlException(java.security.AccessControlException) IOException(java.io.IOException) URLClassLoader(java.net.URLClassLoader) Permissions(java.security.Permissions) AllPermission(java.security.AllPermission) JarFile(java.util.jar.JarFile) ZipFile(java.util.zip.ZipFile) File(java.io.File) Certificate(java.security.cert.Certificate)

Example 29 with Permissions

use of java.security.Permissions in project bytecode-viewer by Konloch.

the class ClassNodeLoader method getPermissions.

/**
	 * @return This class loader's permissions
	 */
private Permissions getPermissions() {
    Permissions permissions = new Permissions();
    permissions.add(new AllPermission());
    return permissions;
}
Also used : Permissions(java.security.Permissions) AllPermission(java.security.AllPermission)

Example 30 with Permissions

use of java.security.Permissions in project jdk8u_jdk by JetBrains.

the class LoaderHandler method getClassAnnotation.

/**
     * Returns the class annotation (representing the location for
     * a class) that RMI will use to annotate the call stream when
     * marshalling objects of the given class.
     */
public static String getClassAnnotation(Class<?> cl) {
    String name = cl.getName();
    /*
         * Class objects for arrays of primitive types never need an
         * annotation, because they never need to be (or can be) downloaded.
         *
         * REMIND: should we (not) be annotating classes that are in
         * "java.*" packages?
         */
    int nameLength = name.length();
    if (nameLength > 0 && name.charAt(0) == '[') {
        // skip past all '[' characters (see bugid 4211906)
        int i = 1;
        while (nameLength > i && name.charAt(i) == '[') {
            i++;
        }
        if (nameLength > i && name.charAt(i) != 'L') {
            return null;
        }
    }
    /*
         * Get the class's class loader.  If it is null, the system class
         * loader, an ancestor of the base class loader (such as the loader
         * for installed extensions), return the value of the
         * "java.rmi.server.codebase" property.
         */
    ClassLoader loader = cl.getClassLoader();
    if (loader == null || codebaseLoaders.containsKey(loader)) {
        return codebaseProperty;
    }
    /*
         * Get the codebase URL path for the class loader, if it supports
         * such a notion (i.e., if it is a URLClassLoader or subclass).
         */
    String annotation = null;
    if (loader instanceof Loader) {
        /*
             * If the class loader is one of our RMI class loaders, we have
             * already computed the class annotation string, and no
             * permissions are required to know the URLs.
             */
        annotation = ((Loader) loader).getClassAnnotation();
    } else if (loader instanceof URLClassLoader) {
        try {
            URL[] urls = ((URLClassLoader) loader).getURLs();
            if (urls != null) {
                /*
                     * If the class loader is not one of our RMI class loaders,
                     * we must verify that the current access control context
                     * has permission to know all of these URLs.
                     */
                SecurityManager sm = System.getSecurityManager();
                if (sm != null) {
                    Permissions perms = new Permissions();
                    for (int i = 0; i < urls.length; i++) {
                        Permission p = urls[i].openConnection().getPermission();
                        if (p != null) {
                            if (!perms.implies(p)) {
                                sm.checkPermission(p);
                                perms.add(p);
                            }
                        }
                    }
                }
                annotation = urlsToPath(urls);
            }
        } catch (SecurityException | IOException e) {
        /*
                 * SecurityException: If access was denied to the knowledge of
                 * the class loader's URLs, fall back to the default behavior.
                 *
                 * IOException: This shouldn't happen, although it is declared
                 * to be thrown by openConnection() and getPermission().  If it
                 * does happen, forget about this class loader's URLs and
                 * fall back to the default behavior.
                 */
        }
    }
    if (annotation != null) {
        return annotation;
    } else {
        // REMIND: does this make sense??
        return codebaseProperty;
    }
}
Also used : URLClassLoader(java.net.URLClassLoader) Permissions(java.security.Permissions) FilePermission(java.io.FilePermission) SocketPermission(java.net.SocketPermission) Permission(java.security.Permission) URLClassLoader(java.net.URLClassLoader) URLClassLoader(java.net.URLClassLoader)

Aggregations

Permissions (java.security.Permissions)35 ProtectionDomain (java.security.ProtectionDomain)21 PermissionCollection (java.security.PermissionCollection)16 AccessControlContext (java.security.AccessControlContext)13 Permission (java.security.Permission)11 FilePermission (java.io.FilePermission)10 CodeSource (java.security.CodeSource)10 SocketPermission (java.net.SocketPermission)7 Path (java.nio.file.Path)6 Policy (java.security.Policy)6 AllPermission (java.security.AllPermission)5 Certificate (java.security.cert.Certificate)5 URLClassLoader (java.net.URLClassLoader)4 File (java.io.File)3 IOException (java.io.IOException)3 SecurityPermission (java.security.SecurityPermission)2 UnresolvedPermission (java.security.UnresolvedPermission)2 ArrayList (java.util.ArrayList)2 Settings (org.elasticsearch.common.settings.Settings)2 Environment (org.elasticsearch.env.Environment)2