Search in sources :

Example 46 with ProtectionDomain

use of java.security.ProtectionDomain in project lucene-solr by apache.

the class LuceneTestCase method runWithRestrictedPermissions.

/** 
   * Runs a code part with restricted permissions (be sure to add all required permissions,
   * because it would start with empty permissions). You cannot grant more permissions than
   * our policy file allows, but you may restrict writing to several dirs...
   * <p><em>Note:</em> This assumes a {@link SecurityManager} enabled, otherwise it
   * stops test execution. If enabled, it needs the following {@link SecurityPermission}:
   * {@code "createAccessControlContext"}
   */
public static <T> T runWithRestrictedPermissions(PrivilegedExceptionAction<T> action, Permission... permissions) throws Exception {
    assumeTrue("runWithRestrictedPermissions requires a SecurityManager enabled", System.getSecurityManager() != null);
    // be sure to have required permission, otherwise doPrivileged runs with *no* permissions:
    AccessController.checkPermission(new SecurityPermission("createAccessControlContext"));
    final PermissionCollection perms = new Permissions();
    Arrays.stream(permissions).forEach(perms::add);
    final AccessControlContext ctx = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
    try {
        return AccessController.doPrivileged(action, ctx);
    } catch (PrivilegedActionException e) {
        throw e.getException();
    }
}
Also used : PermissionCollection(java.security.PermissionCollection) ProtectionDomain(java.security.ProtectionDomain) AccessControlContext(java.security.AccessControlContext) PrivilegedActionException(java.security.PrivilegedActionException) Permissions(java.security.Permissions) SecurityPermission(java.security.SecurityPermission)

Example 47 with ProtectionDomain

use of java.security.ProtectionDomain in project lucene-solr by apache.

the class MemClassLoader method loadFromRuntimeLibs.

private synchronized Class<?> loadFromRuntimeLibs(String name) throws ClassNotFoundException {
    Class result = classCache.get(name);
    if (result != null)
        return result;
    AtomicReference<String> jarName = new AtomicReference<>();
    ByteBuffer buf = null;
    try {
        buf = getByteBuffer(name, jarName);
    } catch (Exception e) {
        throw new ClassNotFoundException("class could not be loaded " + name, e);
    }
    if (buf == null)
        throw new ClassNotFoundException("Class not found :" + name);
    ProtectionDomain defaultDomain = null;
    //using the default protection domain, with no permissions
    try {
        defaultDomain = new ProtectionDomain(new CodeSource(new URL("http://localhost/.system/blob/" + jarName.get()), (Certificate[]) null), null);
    } catch (MalformedURLException mue) {
        throw new ClassNotFoundException("Unexpected exception ", mue);
    //should not happen
    }
    log.info("Defining_class {} from runtime jar {} ", name, jarName);
    result = defineClass(name, buf.array(), buf.arrayOffset(), buf.limit(), defaultDomain);
    classCache.put(name, result);
    return result;
}
Also used : ProtectionDomain(java.security.ProtectionDomain) MalformedURLException(java.net.MalformedURLException) AtomicReference(java.util.concurrent.atomic.AtomicReference) CodeSource(java.security.CodeSource) ByteBuffer(java.nio.ByteBuffer) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) SolrException(org.apache.solr.common.SolrException) URL(java.net.URL) Certificate(java.security.cert.Certificate)

Example 48 with ProtectionDomain

use of java.security.ProtectionDomain in project wildfly by wildfly.

the class SecurityHelper method getSecurityContextForJNDILookup.

private static AccessControlContext getSecurityContextForJNDILookup(Collection<JndiPermission> jndiPermissions) {
    CodeSource src = new CodeSource(null, (Certificate[]) null);
    Permissions perms = new Permissions();
    for (JndiPermission p : jndiPermissions) {
        perms.add(p);
    }
    ProtectionDomain domain = new ProtectionDomain(src, perms);
    AccessControlContext ctx = new AccessControlContext(new ProtectionDomain[] { domain });
    return ctx;
}
Also used : ProtectionDomain(java.security.ProtectionDomain) AccessControlContext(java.security.AccessControlContext) Permissions(java.security.Permissions) JndiPermission(org.wildfly.naming.java.permission.JndiPermission) CodeSource(java.security.CodeSource) Certificate(java.security.cert.Certificate)

Example 49 with ProtectionDomain

use of java.security.ProtectionDomain in project wildfly by wildfly.

the class SecurityHelper method runWithSecurityManager.

public static <T> T runWithSecurityManager(final Callable<T> action, final AccessControlContext securityContext) throws Exception {
    Policy previousPolicy = Policy.getPolicy();
    SecurityManager previousSM = System.getSecurityManager();
    //let's be a bit brutal here and just allow any code do anything by default for the time this method executes.
    Policy.setPolicy(new Policy() {

        @Override
        public boolean implies(ProtectionDomain domain, Permission permission) {
            return true;
        }
    });
    //with our new totally unsecure policy, let's install a new security manager
    System.setSecurityManager(new SecurityManager());
    try {
        //run the code to test with limited privs defined by the securityContext
        return AccessController.doPrivileged(new PrivilegedExceptionAction<T>() {

            @Override
            public T run() throws Exception {
                return action.call();
            }
        }, securityContext);
    } catch (PrivilegedActionException e) {
        throw e.getException();
    } finally {
        //and reset back the previous security settings
        System.setSecurityManager(previousSM);
        Policy.setPolicy(previousPolicy);
    }
}
Also used : Policy(java.security.Policy) ProtectionDomain(java.security.ProtectionDomain) PrivilegedActionException(java.security.PrivilegedActionException) Permission(java.security.Permission) JndiPermission(org.wildfly.naming.java.permission.JndiPermission) PrivilegedActionException(java.security.PrivilegedActionException) NamingException(javax.naming.NamingException)

Example 50 with ProtectionDomain

use of java.security.ProtectionDomain in project spring-framework by spring-projects.

the class ReflectiveLoadTimeWeaverTests method testCtorWithClassLoaderThatDoesNotExposeAGetThrowawayClassLoaderMethodIsOkay.

@Test
public void testCtorWithClassLoaderThatDoesNotExposeAGetThrowawayClassLoaderMethodIsOkay() {
    JustAddTransformerClassLoader classLoader = new JustAddTransformerClassLoader();
    ReflectiveLoadTimeWeaver weaver = new ReflectiveLoadTimeWeaver(classLoader);
    weaver.addTransformer(new ClassFileTransformer() {

        @Override
        public byte[] transform(ClassLoader loader, String className, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) {
            return "CAFEDEAD".getBytes();
        }
    });
    assertEquals(1, classLoader.getNumTimesGetThrowawayClassLoaderCalled());
}
Also used : ProtectionDomain(java.security.ProtectionDomain) ClassFileTransformer(java.lang.instrument.ClassFileTransformer) Test(org.junit.Test)

Aggregations

ProtectionDomain (java.security.ProtectionDomain)148 InstrumentClass (com.navercorp.pinpoint.bootstrap.instrument.InstrumentClass)44 Instrumentor (com.navercorp.pinpoint.bootstrap.instrument.Instrumentor)44 TransformCallback (com.navercorp.pinpoint.bootstrap.instrument.transformer.TransformCallback)42 CodeSource (java.security.CodeSource)39 InstrumentException (com.navercorp.pinpoint.bootstrap.instrument.InstrumentException)28 AccessControlContext (java.security.AccessControlContext)24 Permissions (java.security.Permissions)22 InstrumentMethod (com.navercorp.pinpoint.bootstrap.instrument.InstrumentMethod)20 Permission (java.security.Permission)17 URL (java.net.URL)16 Policy (java.security.Policy)16 Test (org.junit.Test)16 File (java.io.File)12 PermissionCollection (java.security.PermissionCollection)12 IOException (java.io.IOException)11 Method (java.lang.reflect.Method)8 URI (java.net.URI)8 HashSet (java.util.HashSet)8 Principal (java.security.Principal)7