use of java.security.ProtectionDomain in project jdk8u_jdk by JetBrains.
the class LoaderHandler method getLoaderAccessControlContext.
/**
* Return the access control context that a loader for the given
* codebase URL path should execute with.
*/
private static AccessControlContext getLoaderAccessControlContext(URL[] urls) {
/*
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
// begin with permissions granted to all code in current policy
PermissionCollection perms = java.security.AccessController.doPrivileged(new java.security.PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource = new CodeSource(null, (java.security.cert.Certificate[]) null);
Policy p = java.security.Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
// createClassLoader permission needed to create loader in context
perms.add(new RuntimePermission("createClassLoader"));
// add permissions to read any "java.*" property
perms.add(new java.util.PropertyPermission("java.*", "read"));
// add permissions reuiqred to load from codebase URL path
addPermissionsForURLs(urls, perms, true);
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(new CodeSource((urls.length > 0 ? urls[0] : null), (java.security.cert.Certificate[]) null), perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
use of java.security.ProtectionDomain in project jdk8u_jdk by JetBrains.
the class RMIConnectionImpl method withPermissions.
private static AccessControlContext withPermissions(Permission... perms) {
Permissions col = new Permissions();
for (Permission thePerm : perms) {
col.add(thePerm);
}
final ProtectionDomain pd = new ProtectionDomain(null, col);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
use of java.security.ProtectionDomain in project jdk8u_jdk by JetBrains.
the class SubjectDomainCombiner method combineJavaxPolicy.
/**
* Use the javax.security.auth.Policy implementation
*/
private ProtectionDomain[] combineJavaxPolicy(ProtectionDomain[] currentDomains, ProtectionDomain[] assignedDomains) {
if (!allowCaching) {
java.security.AccessController.doPrivileged(new PrivilegedAction<Void>() {
@SuppressWarnings("deprecation")
public Void run() {
// Call refresh only caching is disallowed
javax.security.auth.Policy.getPolicy().refresh();
return null;
}
});
}
int cLen = (currentDomains == null ? 0 : currentDomains.length);
int aLen = (assignedDomains == null ? 0 : assignedDomains.length);
// the ProtectionDomains for the new AccessControlContext
// that we will return
ProtectionDomain[] newDomains = new ProtectionDomain[cLen + aLen];
synchronized (cachedPDs) {
if (!subject.isReadOnly() && !subject.getPrincipals().equals(principalSet)) {
// if the Subject was mutated, clear the PD cache
Set<Principal> newSet = subject.getPrincipals();
synchronized (newSet) {
principalSet = new java.util.HashSet<Principal>(newSet);
}
principals = principalSet.toArray(new Principal[principalSet.size()]);
cachedPDs.clear();
if (debug != null) {
debug.println("Subject mutated - clearing cache");
}
}
for (int i = 0; i < cLen; i++) {
ProtectionDomain pd = currentDomains[i];
ProtectionDomain subjectPd = cachedPDs.getValue(pd);
if (subjectPd == null) {
if (pdAccess.getStaticPermissionsField(pd)) {
// keep static ProtectionDomain objects static
subjectPd = new ProtectionDomain(pd.getCodeSource(), pd.getPermissions());
} else {
// XXX
// we must first add the original permissions.
// that way when we later add the new JAAS permissions,
// any unresolved JAAS-related permissions will
// automatically get resolved.
// get the original perms
Permissions perms = new Permissions();
PermissionCollection coll = pd.getPermissions();
java.util.Enumeration<Permission> e;
if (coll != null) {
synchronized (coll) {
e = coll.elements();
while (e.hasMoreElements()) {
Permission newPerm = e.nextElement();
perms.add(newPerm);
}
}
}
// get perms from the policy
final java.security.CodeSource finalCs = pd.getCodeSource();
final Subject finalS = subject;
PermissionCollection newPerms = java.security.AccessController.doPrivileged(new PrivilegedAction<PermissionCollection>() {
@SuppressWarnings("deprecation")
public PermissionCollection run() {
return javax.security.auth.Policy.getPolicy().getPermissions(finalS, finalCs);
}
});
// avoiding duplicates
synchronized (newPerms) {
e = newPerms.elements();
while (e.hasMoreElements()) {
Permission newPerm = e.nextElement();
if (!perms.implies(newPerm)) {
perms.add(newPerm);
if (debug != null)
debug.println("Adding perm " + newPerm + "\n");
}
}
}
subjectPd = new ProtectionDomain(finalCs, perms, pd.getClassLoader(), principals);
}
if (allowCaching)
cachedPDs.putValue(pd, subjectPd);
}
newDomains[i] = subjectPd;
}
}
if (debug != null) {
debug.println("updated current: ");
for (int i = 0; i < cLen; i++) {
debug.println("\tupdated[" + i + "] = " + newDomains[i]);
}
}
// now add on the assigned domains
if (aLen > 0) {
System.arraycopy(assignedDomains, 0, newDomains, cLen, aLen);
}
if (debug != null) {
if (newDomains == null || newDomains.length == 0) {
debug.println("returning null");
} else {
debug.println("combinedDomains: ");
for (int i = 0; i < newDomains.length; i++) {
debug.println("newDomain " + i + ": " + newDomains[i].toString());
}
}
}
// return the new ProtectionDomains
if (newDomains == null || newDomains.length == 0) {
return null;
} else {
return newDomains;
}
}
use of java.security.ProtectionDomain in project jdk8u_jdk by JetBrains.
the class SubjectDomainCombiner method optimize.
private static ProtectionDomain[] optimize(ProtectionDomain[] domains) {
if (domains == null || domains.length == 0)
return null;
ProtectionDomain[] optimized = new ProtectionDomain[domains.length];
ProtectionDomain pd;
int num = 0;
for (int i = 0; i < domains.length; i++) {
// skip System Domains
if ((pd = domains[i]) != null) {
// remove duplicates
boolean found = false;
for (int j = 0; j < num && !found; j++) {
found = (optimized[j] == pd);
}
if (!found) {
optimized[num++] = pd;
}
}
}
// resize the array if necessary
if (num > 0 && num < domains.length) {
ProtectionDomain[] downSize = new ProtectionDomain[num];
System.arraycopy(optimized, 0, downSize, 0, downSize.length);
optimized = downSize;
}
return ((num == 0 || optimized.length == 0) ? null : optimized);
}
use of java.security.ProtectionDomain in project jdk8u_jdk by JetBrains.
the class DefaultMBeanServerInterceptor method checkMBeanTrustPermission.
private static void checkMBeanTrustPermission(final Class<?> theClass) throws SecurityException {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
Permission perm = new MBeanTrustPermission("register");
PrivilegedAction<ProtectionDomain> act = new PrivilegedAction<ProtectionDomain>() {
public ProtectionDomain run() {
return theClass.getProtectionDomain();
}
};
ProtectionDomain pd = AccessController.doPrivileged(act);
AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] { pd });
sm.checkPermission(perm, acc);
}
}
Aggregations