Example 41 with Permissions
use of java.security.Permissions in project kernel by exoplatform.
the class AbstractSecureCollectionsTest method doActionWithPermissions.
/**
* Run privileged action with given privileges.
*/
protected <T> T doActionWithPermissions(PrivilegedExceptionAction<T> action, Permission... permissions) throws PrivilegedActionException {
Permissions allPermissions = new Permissions();
for (Permission permission : permissions) {
if (permission != null) {
allPermissions.add(permission);
}
}
ProtectionDomain[] protectionDomains = new ProtectionDomain[] { new ProtectionDomain(new CodeSource(getCodeSource(), (java.security.cert.Certificate[]) null), allPermissions) };
return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains));
}
Also used :
ProtectionDomain(java.security.ProtectionDomain)
AccessControlContext(java.security.AccessControlContext)
Permissions(java.security.Permissions)
Permission(java.security.Permission)
CodeSource(java.security.CodeSource)
Example 42 with Permissions
use of java.security.Permissions in project Payara by payara.
the class PermissionCache method checkCache.
private boolean checkCache(Permission p, Epoch e) {
// test-and-set to guard critical section
rLock.lock();
try {
if (loading) {
return false;
} else if (cache != null) {
// check permission and return
return checkLoadedCache(p, e);
}
} finally {
rLock.unlock();
}
wLock.lock();
if (loading) {
// another thread started the load
// release the writelock and return
wLock.unlock();
return false;
} else if (cache != null) {
// another thread loaded the cache
// get readlock inside writelock.
// check permission and return
rLock.lock();
wLock.unlock();
try {
// check permission and return
return checkLoadedCache(p, e);
} finally {
rLock.unlock();
}
} else {
// set the load indicators so that readers will
// bypass the cache until it is loaded
// release the writelock and return
cache = null;
loading = true;
wLock.unlock();
}
// cache will be null if we proceed past this point
// NO LOCKS ARE HELD AT THIS POINT
Permissions nextCache = new Permissions();
boolean setPc = false;
String oldpcID = null;
try {
oldpcID = PolicyContext.getContextID();
if (this.pcID == null || !this.pcID.equals(oldpcID)) {
setPc = true;
}
} catch (Exception ex) {
_logger.log(Level.SEVERE, "JACC: Unexpected security exception on access decision", ex);
return false;
}
PermissionCollection pc = null;
try {
if (setPc) {
setPolicyContextID(this.pcID);
}
pc = policy.getPermissions(this.codesource);
} catch (Exception ex) {
_logger.log(Level.SEVERE, "JACC: Unexpected security exception on access decision", ex);
return false;
} finally {
if (setPc) {
try {
setPolicyContextID(oldpcID);
} catch (Exception ex) {
_logger.log(Level.SEVERE, "JACC: Unexpected security exception on access decision", ex);
return false;
}
}
}
// force resolution of unresolved permissions
// so that we can filter out all but the permissions
// that are supposed to be in the cache.
resolvePermissions(pc, p);
Enumeration granted = pc.elements();
while (granted.hasMoreElements()) {
Permission i = (Permission) granted.nextElement();
if (i.equals(allPermission)) {
nextCache.add(i);
} else {
boolean classMatch = true;
if (this.classes != null) {
classMatch = false;
Class iClazz = i.getClass();
for (int j = 0; j < this.classes.length; j++) {
if (this.classes[j].equals(iClazz)) {
classMatch = true;
break;
}
}
}
if (classMatch) {
if (this.name != null) {
String iName = i.getName();
if (iName != null && this.name.equals(iName)) {
nextCache.add(i);
}
} else {
nextCache.add(i);
}
}
}
}
// get the writelock to mark cache as loaded
wLock.lock();
cache = nextCache;
loading = false;
try {
// get readlock inside writelock.
rLock.lock();
wLock.unlock();
// check permission and return
return checkLoadedCache(p, e);
} finally {
rLock.unlock();
}
}
Also used :
PermissionCollection(java.security.PermissionCollection)
Enumeration(java.util.Enumeration)
Permissions(java.security.Permissions)
AllPermission(java.security.AllPermission)
Permission(java.security.Permission)
PrivilegedActionException(java.security.PrivilegedActionException)
Example 43 with Permissions
use of java.security.Permissions in project Payara by payara.
the class EarEEPermissionsProcessor method combineAllEEPermisssonsForEar.
private PermissionCollection combineAllEEPermisssonsForEar() {
if (compTypeToEEGarntsMap == null)
return null;
Permissions allEEPerms = new Permissions();
addPermissions(allEEPerms, getAdjustedEEPermission(CommponentType.war));
addPermissions(allEEPerms, getAdjustedEEPermission(CommponentType.ejb));
addPermissions(allEEPerms, getAdjustedEEPermission(CommponentType.rar));
// addPermissions(allEEPerms, getAdjustedEEPermission(CommponentType.car));
compTypeToEEGarntsMap.put(CommponentType.ear, allEEPerms);
return allEEPerms;
}
Also used :
Permissions(java.security.Permissions)
Example 44 with Permissions
use of java.security.Permissions in project Payara by payara.
the class EJBSecurityManager method convertEJBMethodPermissions.
/**
* This method converts the dd in two phases.
* Phase 1:
* gets a map representing the methodPermission elements exactly as they
* occured for the ejb in the dd. The map is keyed by method-permission
* element and each method-permission is mapped to a list of method
* elements representing the method elements of the method permision
* element. Each method element is converted to a corresponding
* EJBMethodPermission and added, based on its associated method-permission,
* to the policy configuration object.
* phase 2:
* configures additional EJBMethodPermission policy statements
* for the purpose of optimizing Permissions.implies matching by the
* policy provider. This phase also configures unchecked policy
* statements for any uncovered methods. This method gets the list
* of method descriptors for the ejb from the EjbDescriptor object.
* For each method descriptor, it will get a list of MethodPermission
* objects that signify the method permissions for the Method and
* convert each to a corresponding EJBMethodPermission to be added
* to the policy configuration object.
*
* @param eDescriptor the ejb descriptor for this EJB.
* @param pcid, the policy context identifier.
*/
private static void convertEJBMethodPermissions(EjbDescriptor eDescriptor, String pcid) throws PolicyContextException {
PolicyConfiguration pc = getPolicyFactory().getPolicyConfiguration(pcid, false);
// of PolicyConfigurationFactory
assert pc != null;
String eName = eDescriptor.getName();
Permissions uncheckedPermissions = null;
Permissions excludedPermissions = null;
HashMap rolePermissionsTable = null;
EJBMethodPermission ejbmp = null;
// phase 1
Map mpMap = eDescriptor.getMethodPermissionsFromDD();
if (mpMap != null) {
Iterator mpIt = mpMap.entrySet().iterator();
while (mpIt.hasNext()) {
Map.Entry entry = (Map.Entry) mpIt.next();
MethodPermission mp = (MethodPermission) entry.getKey();
Iterator mdIt = ((ArrayList) entry.getValue()).iterator();
while (mdIt.hasNext()) {
MethodDescriptor md = (MethodDescriptor) mdIt.next();
String mthdName = md.getName();
String mthdIntf = md.getEjbClassSymbol();
String[] mthdParams = md.getStyle() == 3 ? md.getParameterClassNames() : null;
ejbmp = new EJBMethodPermission(eName, mthdName.equals("*") ? null : mthdName, mthdIntf, mthdParams);
rolePermissionsTable = addToRolePermissionsTable(rolePermissionsTable, mp, ejbmp);
uncheckedPermissions = addToUncheckedPermissions(uncheckedPermissions, mp, ejbmp);
excludedPermissions = addToExcludedPermissions(excludedPermissions, mp, ejbmp);
}
}
}
// phase 2 - configures additional perms:
// . to optimize performance of Permissions.implies
// . to cause any uncovered methods to be unchecked
Iterator mdIt = eDescriptor.getMethodDescriptors().iterator();
while (mdIt.hasNext()) {
MethodDescriptor md = (MethodDescriptor) mdIt.next();
Method mthd = md.getMethod(eDescriptor);
String mthdIntf = md.getEjbClassSymbol();
if (mthd == null) {
continue;
}
if (mthdIntf == null || mthdIntf.equals("")) {
_logger.log(Level.SEVERE, "method_descriptor_not_defined", new Object[] { eName, md.getName(), md.getParameterClassNames() });
continue;
}
ejbmp = new EJBMethodPermission(eName, mthdIntf, mthd);
Iterator mpIt = eDescriptor.getMethodPermissionsFor(md).iterator();
while (mpIt.hasNext()) {
MethodPermission mp = (MethodPermission) mpIt.next();
rolePermissionsTable = addToRolePermissionsTable(rolePermissionsTable, mp, ejbmp);
uncheckedPermissions = addToUncheckedPermissions(uncheckedPermissions, mp, ejbmp);
excludedPermissions = addToExcludedPermissions(excludedPermissions, mp, ejbmp);
}
}
if (uncheckedPermissions != null) {
pc.addToUncheckedPolicy(uncheckedPermissions);
}
if (excludedPermissions != null) {
pc.addToExcludedPolicy(excludedPermissions);
}
if (rolePermissionsTable != null) {
Iterator roleIt = rolePermissionsTable.entrySet().iterator();
while (roleIt.hasNext()) {
Map.Entry entry = (Map.Entry) roleIt.next();
pc.addToRole((String) entry.getKey(), (Permissions) entry.getValue());
}
}
}
Also used :
HashMap(java.util.HashMap)
WeakHashMap(java.util.WeakHashMap)
ArrayList(java.util.ArrayList)
Method(java.lang.reflect.Method)
EJBMethodPermission(javax.security.jacc.EJBMethodPermission)
MethodDescriptor(com.sun.enterprise.deployment.MethodDescriptor)
EJBMethodPermission(javax.security.jacc.EJBMethodPermission)
MethodPermission(com.sun.enterprise.deployment.MethodPermission)
Permissions(java.security.Permissions)
Iterator(java.util.Iterator)
PolicyConfiguration(javax.security.jacc.PolicyConfiguration)
Map(java.util.Map)
HashMap(java.util.HashMap)
WeakHashMap(java.util.WeakHashMap)
Example 45 with Permissions
use of java.security.Permissions in project Payara by payara.
the class SimplePolicyConfiguration method getPermissions.
private PermissionCollection getPermissions(PermissionCollection basePerms, PermissionCollection domainPerms, Principal[] principals) throws PolicyContextException, UnsupportedOperationException {
readLock.lock();
try {
assertStateIsInService();
Permissions permissions = null;
boolean hasExcludes = hasExcludedPermissions();
if (basePerms != null) {
for (Enumeration<Permission> e = basePerms.elements(); e.hasMoreElements(); ) {
Permission permission = e.nextElement();
if (!hasExcludes || !permIsExcluded(permission)) {
if (permissions == null) {
permissions = new Permissions();
}
permissions.add(permission);
}
}
}
if (domainPerms != null) {
for (Enumeration<Permission> e = domainPerms.elements(); e.hasMoreElements(); ) {
Permission permission = e.nextElement();
if (!hasExcludes || !permIsExcluded(permission)) {
if (permissions == null) {
permissions = new Permissions();
}
permissions.add(permission);
}
}
}
for (Enumeration<Permission> e = getUncheckedPermissions().elements(); e.hasMoreElements(); ) {
Permission permission = e.nextElement();
if (!hasExcludes || !permIsExcluded(permission)) {
if (permissions == null) {
permissions = new Permissions();
}
permissions.add(permission);
}
}
if (principals.length == 0 || roleTable == null) {
return permissions;
}
for (Role role : roleTable) {
if (role.arePrincipalsInRole(principals)) {
PermissionCollection permissionCollection = role.getPermissions();
for (Enumeration<Permission> e = permissionCollection.elements(); e.hasMoreElements(); ) {
Permission p = (Permission) e.nextElement();
if (!hasExcludes || !permIsExcluded(p)) {
if (permissions == null) {
permissions = new Permissions();
}
permissions.add(p);
}
}
}
}
return permissions;
} catch (UnsupportedOperationException uso) {
throw new PolicyContextException(uso);
} finally {
readLock.unlock();
}
}
Also used :
PermissionCollection(java.security.PermissionCollection)
Permissions(java.security.Permissions)
MBeanPermission(javax.management.MBeanPermission)
EJBRoleRefPermission(javax.security.jacc.EJBRoleRefPermission)
WebResourcePermission(javax.security.jacc.WebResourcePermission)
WebRoleRefPermission(javax.security.jacc.WebRoleRefPermission)
SecurityPermission(java.security.SecurityPermission)
WebUserDataPermission(javax.security.jacc.WebUserDataPermission)
Permission(java.security.Permission)
PolicyContextException(javax.security.jacc.PolicyContextException)
Aggregations
Permissions (java.security.Permissions)46
ProtectionDomain (java.security.ProtectionDomain)22
PermissionCollection (java.security.PermissionCollection)19
Permission (java.security.Permission)18
AccessControlContext (java.security.AccessControlContext)14
FilePermission (java.io.FilePermission)11
CodeSource (java.security.CodeSource)11
SocketPermission (java.net.SocketPermission)7
Path (java.nio.file.Path)6
AllPermission (java.security.AllPermission)6
Policy (java.security.Policy)6
Certificate (java.security.cert.Certificate)5
URLClassLoader (java.net.URLClassLoader)4
File (java.io.File)3
IOException (java.io.IOException)3
SecurityPermission (java.security.SecurityPermission)3
ArrayList (java.util.ArrayList)3
PrivilegedActionException (java.security.PrivilegedActionException)2
UnresolvedPermission (java.security.UnresolvedPermission)2
HashMap (java.util.HashMap)2
