use of java.security.Permissions in project spring-framework by spring-projects.
the class CallbacksSecurityTests method setUp.
@Before
public void setUp() throws Exception {
final ProtectionDomain empty = new ProtectionDomain(null, new Permissions());
provider = new SecurityContextProvider() {
private final AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] { empty });
@Override
public AccessControlContext getAccessControlContext() {
return acc;
}
};
DefaultResourceLoader drl = new DefaultResourceLoader();
Resource config = drl.getResource("/org/springframework/beans/factory/support/security/callbacks.xml");
beanFactory = new DefaultListableBeanFactory();
new XmlBeanDefinitionReader(beanFactory).loadBeanDefinitions(config);
beanFactory.setSecurityContextProvider(provider);
}
use of java.security.Permissions in project spring-framework by spring-projects.
the class CallbacksSecurityTests method testTrustedExecution.
@Test
public void testTrustedExecution() throws Exception {
beanFactory.setSecurityContextProvider(null);
Permissions perms = new Permissions();
perms.add(new AuthPermission("getSubject"));
ProtectionDomain pd = new ProtectionDomain(null, perms);
new AccessControlContext(new ProtectionDomain[] { pd });
final Subject subject = new Subject();
subject.getPrincipals().add(new TestPrincipal("user1"));
// request the beans from non-privileged code
Subject.doAsPrivileged(subject, new PrivilegedAction<Object>() {
@Override
public Object run() {
// sanity check
assertEquals("user1", getCurrentSubjectName());
assertEquals(false, NonPrivilegedBean.destroyed);
beanFactory.getBean("trusted-spring-callbacks");
beanFactory.getBean("trusted-custom-init-destroy");
// the factory is a prototype - ask for multiple instances
beanFactory.getBean("trusted-spring-factory");
beanFactory.getBean("trusted-spring-factory");
beanFactory.getBean("trusted-spring-factory");
beanFactory.getBean("trusted-factory-bean");
beanFactory.getBean("trusted-static-factory-method");
beanFactory.getBean("trusted-factory-method");
beanFactory.getBean("trusted-property-injection");
beanFactory.getBean("trusted-working-property-injection");
beanFactory.destroySingletons();
assertEquals(true, NonPrivilegedBean.destroyed);
return null;
}
}, provider.getAccessControlContext());
}
use of java.security.Permissions in project lwjgl by LWJGL.
the class AppletLoader method updateClassPath.
/**
* Edits the ClassPath at runtime to include the jars
* that have just been downloaded and then adds the
* lwjgl natives folder property.
*
* @param path location where applet is stored
* @throws Exception if it fails to add classpath
*/
protected void updateClassPath(final String path) throws Exception {
setState(STATE_UPDATING_CLASSPATH);
percentage = 95;
URL[] urls = new URL[urlList.length];
for (int i = 0; i < urlList.length; i++) {
String file = new File(path, getJarName(urlList[i])).toURI().toString();
// fix JVM bug where ! is not escaped
file = file.replace("!", "%21");
urls[i] = new URL(file);
}
// get AppletLoader certificates
final Certificate[] certs = getCurrentCertificates();
// detect if we are running on a mac and save result as boolean
String osName = System.getProperty("os.name");
final boolean isMacOS = (osName.startsWith("Mac") || osName.startsWith("Darwin"));
// add downloaded jars to the classpath with required permissions
classLoader = new URLClassLoader(urls) {
protected PermissionCollection getPermissions(CodeSource codesource) {
PermissionCollection perms = null;
try {
// no permissions
perms = new Permissions();
// if certificates match the AppletLoader certificates then we should be all set
if (certificatesMatch(certs, codesource.getCertificates())) {
perms.add(new AllPermission());
return perms;
}
String host = getCodeBase().getHost();
if (host != null && (host.length() > 0)) {
// add permission for downloaded jars to access host they were from
perms.add(new SocketPermission(host, "connect,accept"));
} else if ("file".equals(codesource.getLocation().getProtocol())) {
// if running locally add file permission
String path = codesource.getLocation().getFile().replace('/', File.separatorChar);
perms.add(new FilePermission(path, "read"));
}
} catch (Exception e) {
e.printStackTrace();
}
return perms;
}
// allow non lwjgl native to be found from cache directory
protected String findLibrary(String libname) {
String libPath = path + "natives" + File.separator + LWJGLUtil.mapLibraryName(libname);
if (new File(libPath).exists()) {
return libPath;
}
return super.findLibrary(libname);
}
};
debug_sleep(2000);
// unload natives loaded by a previous instance of this lwjgl applet
unloadNatives(path);
// add natives files path to native class path
System.setProperty("org.lwjgl.librarypath", path + "natives");
// Make sure jinput knows about the new path too
System.setProperty("net.java.games.input.librarypath", path + "natives");
// set the library path, useful for non lwjgl natives
System.setProperty("java.library.path", path + "natives");
// mark natives as loaded
natives_loaded = true;
}
use of java.security.Permissions in project bytecode-viewer by Konloch.
the class ClassNodeLoader method getPermissions.
/**
* @return This class loader's permissions
*/
private Permissions getPermissions() {
Permissions permissions = new Permissions();
permissions.add(new AllPermission());
return permissions;
}
use of java.security.Permissions in project jdk8u_jdk by JetBrains.
the class LoaderHandler method getClassAnnotation.
/**
* Returns the class annotation (representing the location for
* a class) that RMI will use to annotate the call stream when
* marshalling objects of the given class.
*/
public static String getClassAnnotation(Class<?> cl) {
String name = cl.getName();
/*
* Class objects for arrays of primitive types never need an
* annotation, because they never need to be (or can be) downloaded.
*
* REMIND: should we (not) be annotating classes that are in
* "java.*" packages?
*/
int nameLength = name.length();
if (nameLength > 0 && name.charAt(0) == '[') {
// skip past all '[' characters (see bugid 4211906)
int i = 1;
while (nameLength > i && name.charAt(i) == '[') {
i++;
}
if (nameLength > i && name.charAt(i) != 'L') {
return null;
}
}
/*
* Get the class's class loader. If it is null, the system class
* loader, an ancestor of the base class loader (such as the loader
* for installed extensions), return the value of the
* "java.rmi.server.codebase" property.
*/
ClassLoader loader = cl.getClassLoader();
if (loader == null || codebaseLoaders.containsKey(loader)) {
return codebaseProperty;
}
/*
* Get the codebase URL path for the class loader, if it supports
* such a notion (i.e., if it is a URLClassLoader or subclass).
*/
String annotation = null;
if (loader instanceof Loader) {
/*
* If the class loader is one of our RMI class loaders, we have
* already computed the class annotation string, and no
* permissions are required to know the URLs.
*/
annotation = ((Loader) loader).getClassAnnotation();
} else if (loader instanceof URLClassLoader) {
try {
URL[] urls = ((URLClassLoader) loader).getURLs();
if (urls != null) {
/*
* If the class loader is not one of our RMI class loaders,
* we must verify that the current access control context
* has permission to know all of these URLs.
*/
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
Permissions perms = new Permissions();
for (int i = 0; i < urls.length; i++) {
Permission p = urls[i].openConnection().getPermission();
if (p != null) {
if (!perms.implies(p)) {
sm.checkPermission(p);
perms.add(p);
}
}
}
}
annotation = urlsToPath(urls);
}
} catch (SecurityException | IOException e) {
/*
* SecurityException: If access was denied to the knowledge of
* the class loader's URLs, fall back to the default behavior.
*
* IOException: This shouldn't happen, although it is declared
* to be thrown by openConnection() and getPermission(). If it
* does happen, forget about this class loader's URLs and
* fall back to the default behavior.
*/
}
}
if (annotation != null) {
return annotation;
} else {
// REMIND: does this make sense??
return codebaseProperty;
}
}
Aggregations