use of java.security.ProtectionDomain in project lucene-solr by apache.
the class LuceneTestCase method runWithRestrictedPermissions.
/**
* Runs a code part with restricted permissions (be sure to add all required permissions,
* because it would start with empty permissions). You cannot grant more permissions than
* our policy file allows, but you may restrict writing to several dirs...
* <p><em>Note:</em> This assumes a {@link SecurityManager} enabled, otherwise it
* stops test execution. If enabled, it needs the following {@link SecurityPermission}:
* {@code "createAccessControlContext"}
*/
public static <T> T runWithRestrictedPermissions(PrivilegedExceptionAction<T> action, Permission... permissions) throws Exception {
assumeTrue("runWithRestrictedPermissions requires a SecurityManager enabled", System.getSecurityManager() != null);
// be sure to have required permission, otherwise doPrivileged runs with *no* permissions:
AccessController.checkPermission(new SecurityPermission("createAccessControlContext"));
final PermissionCollection perms = new Permissions();
Arrays.stream(permissions).forEach(perms::add);
final AccessControlContext ctx = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
try {
return AccessController.doPrivileged(action, ctx);
} catch (PrivilegedActionException e) {
throw e.getException();
}
}
use of java.security.ProtectionDomain in project lucene-solr by apache.
the class MemClassLoader method loadFromRuntimeLibs.
private synchronized Class<?> loadFromRuntimeLibs(String name) throws ClassNotFoundException {
Class result = classCache.get(name);
if (result != null)
return result;
AtomicReference<String> jarName = new AtomicReference<>();
ByteBuffer buf = null;
try {
buf = getByteBuffer(name, jarName);
} catch (Exception e) {
throw new ClassNotFoundException("class could not be loaded " + name, e);
}
if (buf == null)
throw new ClassNotFoundException("Class not found :" + name);
ProtectionDomain defaultDomain = null;
//using the default protection domain, with no permissions
try {
defaultDomain = new ProtectionDomain(new CodeSource(new URL("http://localhost/.system/blob/" + jarName.get()), (Certificate[]) null), null);
} catch (MalformedURLException mue) {
throw new ClassNotFoundException("Unexpected exception ", mue);
//should not happen
}
log.info("Defining_class {} from runtime jar {} ", name, jarName);
result = defineClass(name, buf.array(), buf.arrayOffset(), buf.limit(), defaultDomain);
classCache.put(name, result);
return result;
}
use of java.security.ProtectionDomain in project wildfly by wildfly.
the class SecurityHelper method getSecurityContextForJNDILookup.
private static AccessControlContext getSecurityContextForJNDILookup(Collection<JndiPermission> jndiPermissions) {
CodeSource src = new CodeSource(null, (Certificate[]) null);
Permissions perms = new Permissions();
for (JndiPermission p : jndiPermissions) {
perms.add(p);
}
ProtectionDomain domain = new ProtectionDomain(src, perms);
AccessControlContext ctx = new AccessControlContext(new ProtectionDomain[] { domain });
return ctx;
}
use of java.security.ProtectionDomain in project wildfly by wildfly.
the class SecurityHelper method runWithSecurityManager.
public static <T> T runWithSecurityManager(final Callable<T> action, final AccessControlContext securityContext) throws Exception {
Policy previousPolicy = Policy.getPolicy();
SecurityManager previousSM = System.getSecurityManager();
//let's be a bit brutal here and just allow any code do anything by default for the time this method executes.
Policy.setPolicy(new Policy() {
@Override
public boolean implies(ProtectionDomain domain, Permission permission) {
return true;
}
});
//with our new totally unsecure policy, let's install a new security manager
System.setSecurityManager(new SecurityManager());
try {
//run the code to test with limited privs defined by the securityContext
return AccessController.doPrivileged(new PrivilegedExceptionAction<T>() {
@Override
public T run() throws Exception {
return action.call();
}
}, securityContext);
} catch (PrivilegedActionException e) {
throw e.getException();
} finally {
//and reset back the previous security settings
System.setSecurityManager(previousSM);
Policy.setPolicy(previousPolicy);
}
}
use of java.security.ProtectionDomain in project spring-framework by spring-projects.
the class ReflectiveLoadTimeWeaverTests method testCtorWithClassLoaderThatDoesNotExposeAGetThrowawayClassLoaderMethodIsOkay.
@Test
public void testCtorWithClassLoaderThatDoesNotExposeAGetThrowawayClassLoaderMethodIsOkay() {
JustAddTransformerClassLoader classLoader = new JustAddTransformerClassLoader();
ReflectiveLoadTimeWeaver weaver = new ReflectiveLoadTimeWeaver(classLoader);
weaver.addTransformer(new ClassFileTransformer() {
@Override
public byte[] transform(ClassLoader loader, String className, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) {
return "CAFEDEAD".getBytes();
}
});
assertEquals(1, classLoader.getNumTimesGetThrowawayClassLoaderCalled());
}
Aggregations