use of java.security.Permissions in project jdk8u_jdk by JetBrains.
the class RegistryImpl method getAccessControlContext.
/**
* Generates an AccessControlContext with minimal permissions.
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
private static AccessControlContext getAccessControlContext(int port) {
// begin with permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(new java.security.PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource = new CodeSource(null, (java.security.cert.Certificate[]) null);
Policy p = java.security.Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
/*
* Anyone can connect to the registry and the registry can connect
* to and possibly download stubs from anywhere. Downloaded stubs and
* related classes themselves are more tightly limited by RMI.
*/
perms.add(new SocketPermission("*", "connect,accept"));
perms.add(new SocketPermission("localhost:" + port, "listen,accept"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
perms.add(new FilePermission("<<ALL FILES>>", "read"));
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(new CodeSource(null, (java.security.cert.Certificate[]) null), perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
use of java.security.Permissions in project jdk8u_jdk by JetBrains.
the class PathPermissions method init.
private synchronized void init() {
if (perms != null)
return;
perms = new Permissions();
// this is needed to be able to create the classloader itself!
perms.add(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);
// add permission to read any "java.*" property
perms.add(new java.util.PropertyPermission("java.*", SecurityConstants.PROPERTY_READ_ACTION));
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
for (int i = 0; i < path.length; i++) {
File f = path[i];
String path;
try {
path = f.getCanonicalPath();
} catch (IOException ioe) {
path = f.getAbsolutePath();
}
if (i == 0) {
codeBase = Launcher.getFileURL(new File(path));
}
if (f.isDirectory()) {
if (path.endsWith(File.separator)) {
perms.add(new FilePermission(path + "-", SecurityConstants.FILE_READ_ACTION));
} else {
perms.add(new FilePermission(path + File.separator + "-", SecurityConstants.FILE_READ_ACTION));
}
} else {
int endIndex = path.lastIndexOf(File.separatorChar);
if (endIndex != -1) {
path = path.substring(0, endIndex + 1) + "-";
perms.add(new FilePermission(path, SecurityConstants.FILE_READ_ACTION));
} else {
// XXX?
}
}
}
return null;
}
});
}
use of java.security.Permissions in project jdk8u_jdk by JetBrains.
the class SocketPermissionTest method setupSecurityManager.
@BeforeMethod
public void setupSecurityManager() throws Exception {
// All permissions, a specific ACC will be used to when testing
// with a reduced permission set.
Policy.setPolicy(new Policy() {
final PermissionCollection perms = new Permissions();
{
perms.add(new java.security.AllPermission());
}
public PermissionCollection getPermissions(ProtectionDomain domain) {
return perms;
}
public PermissionCollection getPermissions(CodeSource codesource) {
return perms;
}
public boolean implies(ProtectionDomain domain, Permission perm) {
return perms.implies(perm);
}
});
System.setSecurityManager(new SecurityManager());
}
use of java.security.Permissions in project jdk8u_jdk by JetBrains.
the class SocketPermissionTest method getAccessControlContext.
private static AccessControlContext getAccessControlContext(Permission... ps) {
Permissions perms = new Permissions();
for (Permission p : ps) {
perms.add(p);
}
/*
*Create an AccessControlContext that consist a single protection domain
* with only the permissions calculated above
*/
ProtectionDomain pd = new ProtectionDomain(null, perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
use of java.security.Permissions in project stanbol by apache.
the class UserAwarePolicy method getUserPermissionsFromSystemGraph.
/**
* Returns the permissions of the specified user according to the entries in
* the sytemGraph.
*
* @param user
* @return
* @throws java.lang.IllegalArgumentException
* @throws java.lang.SecurityException
*/
private PermissionCollection getUserPermissionsFromSystemGraph(final Principal user) throws IllegalArgumentException, SecurityException, UserUnregisteredException {
final PermissionCollection result = new Permissions();
AccessController.doPrivileged(new PrivilegedAction<Object>() {
@Override
public Object run() {
logger.debug("Get permissions for user " + user.getName());
List<String> permissions = getAllPermissionsOfAUserByName(user.getName());
for (String permissionStr : permissions) {
logger.debug("Add permission {}", permissionStr);
Permission perm = permissionMap.get(permissionStr);
// <code>Permission</code> object is not in the map.
if (perm == null) {
try {
perm = PermissionParser.getPermission(permissionStr, getClass().getClassLoader());
} catch (IllegalArgumentException e) {
logger.error("parsing " + permissionStr, e);
continue;
} catch (RuntimeException e) {
logger.error("instantiating " + permissionStr, e);
continue;
}
}
result.add(perm);
}
return null;
}
});
return result;
}
Aggregations