Example 26 with Permissions
use of java.security.Permissions in project spring-framework by spring-projects.
the class CallbacksSecurityTests method setUp.
@Before
public void setUp() throws Exception {
final ProtectionDomain empty = new ProtectionDomain(null, new Permissions());
provider = new SecurityContextProvider() {
private final AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] { empty });
@Override
public AccessControlContext getAccessControlContext() {
return acc;
}
};
DefaultResourceLoader drl = new DefaultResourceLoader();
Resource config = drl.getResource("/org/springframework/beans/factory/support/security/callbacks.xml");
beanFactory = new DefaultListableBeanFactory();
new XmlBeanDefinitionReader(beanFactory).loadBeanDefinitions(config);
beanFactory.setSecurityContextProvider(provider);
}
Also used :
SecurityContextProvider(org.springframework.beans.factory.support.SecurityContextProvider)
ProtectionDomain(java.security.ProtectionDomain)
AccessControlContext(java.security.AccessControlContext)
XmlBeanDefinitionReader(org.springframework.beans.factory.xml.XmlBeanDefinitionReader)
Permissions(java.security.Permissions)
Resource(org.springframework.core.io.Resource)
DefaultListableBeanFactory(org.springframework.beans.factory.support.DefaultListableBeanFactory)
DefaultResourceLoader(org.springframework.core.io.DefaultResourceLoader)
Before(org.junit.Before)
Example 27 with Permissions
use of java.security.Permissions in project spring-framework by spring-projects.
the class CallbacksSecurityTests method testTrustedExecution.
@Test
public void testTrustedExecution() throws Exception {
beanFactory.setSecurityContextProvider(null);
Permissions perms = new Permissions();
perms.add(new AuthPermission("getSubject"));
ProtectionDomain pd = new ProtectionDomain(null, perms);
new AccessControlContext(new ProtectionDomain[] { pd });
final Subject subject = new Subject();
subject.getPrincipals().add(new TestPrincipal("user1"));
// request the beans from non-privileged code
Subject.doAsPrivileged(subject, new PrivilegedAction<Object>() {
@Override
public Object run() {
// sanity check
assertEquals("user1", getCurrentSubjectName());
assertEquals(false, NonPrivilegedBean.destroyed);
beanFactory.getBean("trusted-spring-callbacks");
beanFactory.getBean("trusted-custom-init-destroy");
// the factory is a prototype - ask for multiple instances
beanFactory.getBean("trusted-spring-factory");
beanFactory.getBean("trusted-spring-factory");
beanFactory.getBean("trusted-spring-factory");
beanFactory.getBean("trusted-factory-bean");
beanFactory.getBean("trusted-static-factory-method");
beanFactory.getBean("trusted-factory-method");
beanFactory.getBean("trusted-property-injection");
beanFactory.getBean("trusted-working-property-injection");
beanFactory.destroySingletons();
assertEquals(true, NonPrivilegedBean.destroyed);
return null;
}
}, provider.getAccessControlContext());
}
Also used :
ProtectionDomain(java.security.ProtectionDomain)
AccessControlContext(java.security.AccessControlContext)
AuthPermission(javax.security.auth.AuthPermission)
Permissions(java.security.Permissions)
Subject(javax.security.auth.Subject)
Test(org.junit.Test)
Example 28 with Permissions
use of java.security.Permissions in project lwjgl by LWJGL.
the class AppletLoader method updateClassPath.
/**
* Edits the ClassPath at runtime to include the jars
* that have just been downloaded and then adds the
* lwjgl natives folder property.
*
* @param path location where applet is stored
* @throws Exception if it fails to add classpath
*/
protected void updateClassPath(final String path) throws Exception {
setState(STATE_UPDATING_CLASSPATH);
percentage = 95;
URL[] urls = new URL[urlList.length];
for (int i = 0; i < urlList.length; i++) {
String file = new File(path, getJarName(urlList[i])).toURI().toString();
// fix JVM bug where ! is not escaped
file = file.replace("!", "%21");
urls[i] = new URL(file);
}
// get AppletLoader certificates
final Certificate[] certs = getCurrentCertificates();
// detect if we are running on a mac and save result as boolean
String osName = System.getProperty("os.name");
final boolean isMacOS = (osName.startsWith("Mac") || osName.startsWith("Darwin"));
// add downloaded jars to the classpath with required permissions
classLoader = new URLClassLoader(urls) {
protected PermissionCollection getPermissions(CodeSource codesource) {
PermissionCollection perms = null;
try {
// no permissions
perms = new Permissions();
// if certificates match the AppletLoader certificates then we should be all set
if (certificatesMatch(certs, codesource.getCertificates())) {
perms.add(new AllPermission());
return perms;
}
String host = getCodeBase().getHost();
if (host != null && (host.length() > 0)) {
// add permission for downloaded jars to access host they were from
perms.add(new SocketPermission(host, "connect,accept"));
} else if ("file".equals(codesource.getLocation().getProtocol())) {
// if running locally add file permission
String path = codesource.getLocation().getFile().replace('/', File.separatorChar);
perms.add(new FilePermission(path, "read"));
}
} catch (Exception e) {
e.printStackTrace();
}
return perms;
}
// allow non lwjgl native to be found from cache directory
protected String findLibrary(String libname) {
String libPath = path + "natives" + File.separator + LWJGLUtil.mapLibraryName(libname);
if (new File(libPath).exists()) {
return libPath;
}
return super.findLibrary(libname);
}
};
debug_sleep(2000);
// unload natives loaded by a previous instance of this lwjgl applet
unloadNatives(path);
// add natives files path to native class path
System.setProperty("org.lwjgl.librarypath", path + "natives");
// Make sure jinput knows about the new path too
System.setProperty("net.java.games.input.librarypath", path + "natives");
// set the library path, useful for non lwjgl natives
System.setProperty("java.library.path", path + "natives");
// mark natives as loaded
natives_loaded = true;
}
Also used :
PermissionCollection(java.security.PermissionCollection)
SocketPermission(java.net.SocketPermission)
CodeSource(java.security.CodeSource)
FilePermission(java.io.FilePermission)
URL(java.net.URL)
AccessControlException(java.security.AccessControlException)
IOException(java.io.IOException)
URLClassLoader(java.net.URLClassLoader)
Permissions(java.security.Permissions)
AllPermission(java.security.AllPermission)
JarFile(java.util.jar.JarFile)
ZipFile(java.util.zip.ZipFile)
File(java.io.File)
Certificate(java.security.cert.Certificate)
Example 29 with Permissions
use of java.security.Permissions in project bytecode-viewer by Konloch.
the class ClassNodeLoader method getPermissions.
/**
* @return This class loader's permissions
*/
private Permissions getPermissions() {
Permissions permissions = new Permissions();
permissions.add(new AllPermission());
return permissions;
}
Also used :
Permissions(java.security.Permissions)
AllPermission(java.security.AllPermission)
Example 30 with Permissions
use of java.security.Permissions in project jdk8u_jdk by JetBrains.
the class LoaderHandler method getClassAnnotation.
/**
* Returns the class annotation (representing the location for
* a class) that RMI will use to annotate the call stream when
* marshalling objects of the given class.
*/
public static String getClassAnnotation(Class<?> cl) {
String name = cl.getName();
/*
* Class objects for arrays of primitive types never need an
* annotation, because they never need to be (or can be) downloaded.
*
* REMIND: should we (not) be annotating classes that are in
* "java.*" packages?
*/
int nameLength = name.length();
if (nameLength > 0 && name.charAt(0) == '[') {
// skip past all '[' characters (see bugid 4211906)
int i = 1;
while (nameLength > i && name.charAt(i) == '[') {
i++;
}
if (nameLength > i && name.charAt(i) != 'L') {
return null;
}
}
/*
* Get the class's class loader. If it is null, the system class
* loader, an ancestor of the base class loader (such as the loader
* for installed extensions), return the value of the
* "java.rmi.server.codebase" property.
*/
ClassLoader loader = cl.getClassLoader();
if (loader == null || codebaseLoaders.containsKey(loader)) {
return codebaseProperty;
}
/*
* Get the codebase URL path for the class loader, if it supports
* such a notion (i.e., if it is a URLClassLoader or subclass).
*/
String annotation = null;
if (loader instanceof Loader) {
/*
* If the class loader is one of our RMI class loaders, we have
* already computed the class annotation string, and no
* permissions are required to know the URLs.
*/
annotation = ((Loader) loader).getClassAnnotation();
} else if (loader instanceof URLClassLoader) {
try {
URL[] urls = ((URLClassLoader) loader).getURLs();
if (urls != null) {
/*
* If the class loader is not one of our RMI class loaders,
* we must verify that the current access control context
* has permission to know all of these URLs.
*/
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
Permissions perms = new Permissions();
for (int i = 0; i < urls.length; i++) {
Permission p = urls[i].openConnection().getPermission();
if (p != null) {
if (!perms.implies(p)) {
sm.checkPermission(p);
perms.add(p);
}
}
}
}
annotation = urlsToPath(urls);
}
} catch (SecurityException | IOException e) {
/*
* SecurityException: If access was denied to the knowledge of
* the class loader's URLs, fall back to the default behavior.
*
* IOException: This shouldn't happen, although it is declared
* to be thrown by openConnection() and getPermission(). If it
* does happen, forget about this class loader's URLs and
* fall back to the default behavior.
*/
}
}
if (annotation != null) {
return annotation;
} else {
// REMIND: does this make sense??
return codebaseProperty;
}
}
Also used :
URLClassLoader(java.net.URLClassLoader)
Permissions(java.security.Permissions)
FilePermission(java.io.FilePermission)
SocketPermission(java.net.SocketPermission)
Permission(java.security.Permission)
URLClassLoader(java.net.URLClassLoader)
URLClassLoader(java.net.URLClassLoader)
Aggregations
Permissions (java.security.Permissions)35
ProtectionDomain (java.security.ProtectionDomain)21
PermissionCollection (java.security.PermissionCollection)16
AccessControlContext (java.security.AccessControlContext)13
Permission (java.security.Permission)11
FilePermission (java.io.FilePermission)10
CodeSource (java.security.CodeSource)10
SocketPermission (java.net.SocketPermission)7
Path (java.nio.file.Path)6
Policy (java.security.Policy)6
AllPermission (java.security.AllPermission)5
Certificate (java.security.cert.Certificate)5
URLClassLoader (java.net.URLClassLoader)4
File (java.io.File)3
IOException (java.io.IOException)3
SecurityPermission (java.security.SecurityPermission)2
UnresolvedPermission (java.security.UnresolvedPermission)2
ArrayList (java.util.ArrayList)2
Settings (org.elasticsearch.common.settings.Settings)2
Environment (org.elasticsearch.env.Environment)2
