Search in sources :

Example 66 with ProtectionDomain

use of java.security.ProtectionDomain in project Payara by payara.

the class ASMClassWriter method defineClass.

public String defineClass(Class similarClass, byte[] classBytes) throws Exception {
    String generatedClassName = "org.glassfish.admin.rest.resources.generatedASM.";
    generatedClassName = generatedClassName + className;
    byte[] byteContent = getByteClass();
    ProtectionDomain pd = similarClass.getProtectionDomain();
    java.lang.reflect.Method jm = null;
    for (java.lang.reflect.Method jm2 : ClassLoader.class.getDeclaredMethods()) {
        if (jm2.getName().equals("defineClass") && jm2.getParameterTypes().length == 5) {
            jm = jm2;
            break;
        }
    }
    if (jm == null) {
        // should never happen, makes findbug happy
        throw new RuntimeException("cannot find method called defineclass...");
    }
    final java.lang.reflect.Method clM = jm;
    try {
        java.security.AccessController.doPrivileged(new java.security.PrivilegedExceptionAction() {

            public java.lang.Object run() throws Exception {
                if (!clM.isAccessible()) {
                    clM.setAccessible(true);
                }
                return null;
            }
        });
        RestLogging.restLogger.log(Level.FINEST, "Loading bytecode for {0}", generatedClassName);
        clM.invoke(similarClass.getClassLoader(), /*Thread.currentThread().getContextClassLoader()*/
        generatedClassName, byteContent, 0, byteContent.length, pd);
        try {
            similarClass.getClassLoader().loadClass(generatedClassName);
        } catch (ClassNotFoundException cnfEx) {
            throw new RuntimeException(cnfEx);
        }
        return generatedClassName;
    } catch (Exception ex) {
        throw new RuntimeException(ex);
    }
}
Also used : ProtectionDomain(java.security.ProtectionDomain) IOException(java.io.IOException)

Example 67 with ProtectionDomain

use of java.security.ProtectionDomain in project Payara by payara.

the class EJBSecurityManager method authorize.

/**
 * This method is called by the EJB container to decide whether or not
 * a method specified in the Invocation should be allowed.
 *
 * @param compInv invocation object that contains all the details of the
 *                invocation.
 * @return A boolean value indicating if the client should be allowed
 *         to invoke the EJB.
 */
public boolean authorize(ComponentInvocation compInv) {
    if (!(compInv instanceof EjbInvocation)) {
        return false;
    }
    // FIXME: Param type should be EjbInvocation
    EjbInvocation inv = (EjbInvocation) compInv;
    if (inv.getAuth() != null) {
        return inv.getAuth().booleanValue();
    }
    boolean ret = false;
    CachedPermission cp = null;
    Permission ejbmp = null;
    if (inv.invocationInfo == null || inv.invocationInfo.cachedPermission == null) {
        ejbmp = new EJBMethodPermission(ejbName, inv.getMethodInterface(), inv.method);
        cp = new CachedPermissionImpl(uncheckedMethodPermissionCache, ejbmp);
        if (inv.invocationInfo != null) {
            inv.invocationInfo.cachedPermission = cp;
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("JACC: permission initialized in InvocationInfo: EJBMethodPermission (Name) = " + ejbmp.getName() + " (Action) = " + ejbmp.getActions());
            }
        }
    } else {
        cp = inv.invocationInfo.cachedPermission;
        ejbmp = cp.getPermission();
    }
    String caller = null;
    SecurityContext sc = null;
    pcHandlerImpl.getHandlerData().setInvocation(inv);
    ret = cp.checkPermission();
    if (!ret) {
        sc = SecurityContext.getCurrent();
        Set principalSet = sc.getPrincipalSet();
        ProtectionDomain prdm = getCachedProtectionDomain(principalSet, true);
        try {
            // set the policy context in the TLS.
            String oldContextId = setPolicyContext(this.contextId);
            try {
                ret = policy.implies(prdm, ejbmp);
            } catch (SecurityException se) {
                _logger.log(Level.SEVERE, "jacc_access_exception", se);
                ret = false;
            } catch (Throwable t) {
                _logger.log(Level.SEVERE, "jacc_access_exception", t);
                ret = false;
            } finally {
                resetPolicyContext(oldContextId, this.contextId);
            }
        } catch (Throwable t) {
            _logger.log(Level.SEVERE, "jacc_policy_context_exception", t);
            ret = false;
        }
    }
    inv.setAuth((ret) ? Boolean.TRUE : Boolean.FALSE);
    if (auditManager.isAuditOn()) {
        if (sc == null) {
            sc = SecurityContext.getCurrent();
        }
        caller = sc.getCallerPrincipal().getName();
        auditManager.ejbInvocation(caller, ejbName, inv.method.toString(), ret);
    }
    if (ret && inv.isWebService && !inv.isPreInvokeDone()) {
        preInvoke(inv);
    }
    if (_logger.isLoggable(Level.FINE)) {
        _logger.fine("JACC: Access Control Decision Result: " + ret + " EJBMethodPermission (Name) = " + ejbmp.getName() + " (Action) = " + ejbmp.getActions() + " (Caller) = " + caller);
    }
    return ret;
}
Also used : ProtectionDomain(java.security.ProtectionDomain) EjbInvocation(com.sun.ejb.EjbInvocation) CachedPermission(com.sun.enterprise.security.ee.CachedPermission) CachedPermissionImpl(com.sun.enterprise.security.ee.CachedPermissionImpl) Set(java.util.Set) HashSet(java.util.HashSet) EJBMethodPermission(javax.security.jacc.EJBMethodPermission) EJBRoleRefPermission(javax.security.jacc.EJBRoleRefPermission) Permission(java.security.Permission) MethodPermission(com.sun.enterprise.deployment.MethodPermission) CachedPermission(com.sun.enterprise.security.ee.CachedPermission) SecurityContext(com.sun.enterprise.security.SecurityContext) EJBMethodPermission(javax.security.jacc.EJBMethodPermission)

Example 68 with ProtectionDomain

use of java.security.ProtectionDomain in project Payara by payara.

the class PayaraMicroLauncher method getBootClass.

/**
 * Boot method via Micro.getInstance()
 * @return
 * @throws InstantiationException
 * @throws IllegalAccessException
 * @throws ClassNotFoundException
 * @throws Exception
 */
public static PayaraMicroBoot getBootClass() throws InstantiationException, IllegalAccessException, ClassNotFoundException, Exception {
    if (bootInstance == null) {
        if (mainBoot) {
            Class<?> mainClass = Thread.currentThread().getContextClassLoader().loadClass("fish.payara.micro.impl.PayaraMicroImpl");
            Method instanceMethod = mainClass.getDeclaredMethod("getInstance");
            bootInstance = (PayaraMicroBoot) instanceMethod.invoke(null);
        } else {
            PayaraMicroLauncher launcher = new PayaraMicroLauncher();
            // set system property for our jar file
            ProtectionDomain protectionDomain = PayaraMicroLauncher.class.getProtectionDomain();
            CodeSource codeSource = protectionDomain.getCodeSource();
            URI location = (codeSource == null ? null : codeSource.getLocation().toURI());
            System.setProperty(MICRO_JAR_PROPERTY, location.toString());
            ClassLoader loader = launcher.createClassLoader(launcher.getClassPathArchives());
            fish.payara.micro.boot.loader.jar.JarFile.registerUrlProtocolHandler();
            Thread.currentThread().setContextClassLoader(loader);
            Class<?> mainClass = Thread.currentThread().getContextClassLoader().loadClass("fish.payara.micro.impl.PayaraMicroImpl");
            Method instanceMethod = mainClass.getDeclaredMethod("getInstance");
            bootInstance = (PayaraMicroBoot) instanceMethod.invoke(null);
        }
    }
    return bootInstance;
}
Also used : ProtectionDomain(java.security.ProtectionDomain) Method(java.lang.reflect.Method) CodeSource(java.security.CodeSource) URI(java.net.URI)

Example 69 with ProtectionDomain

use of java.security.ProtectionDomain in project Payara by payara.

the class PayaraMicroLauncher method main.

/**
 * Boot method via java -jar
 * @param args
 * @throws Exception
 */
public static void main(String[] args) throws Exception {
    PayaraMicroLauncher launcher = new PayaraMicroLauncher();
    // set system property for our jar file
    ProtectionDomain protectionDomain = PayaraMicroLauncher.class.getProtectionDomain();
    CodeSource codeSource = protectionDomain.getCodeSource();
    URI location = (codeSource == null ? null : codeSource.getLocation().toURI());
    System.setProperty(MICRO_JAR_PROPERTY, location.toString());
    mainBoot = true;
    launcher.launch(args);
}
Also used : ProtectionDomain(java.security.ProtectionDomain) CodeSource(java.security.CodeSource) URI(java.net.URI)

Example 70 with ProtectionDomain

use of java.security.ProtectionDomain in project Payara by payara.

the class ASURLClassLoader method findClassData.

/**
 * This method is responsible for locating the url from the class bytes
 * have to be read and reading the bytes. It does not actually define
 * the Class object.
 * <p>
 * To preclude a race condition on checking 'doneCalled', as well as transient errors
 * if done() is called while running, this method is 'synchronized'.
 *
 * @param name class name in java.lang.Object format
 * @return class bytes as well protection domain information
 * @throws ClassNotFoundException
 */
protected synchronized ClassData findClassData(String name) throws ClassNotFoundException {
    if (doneCalled) {
        _logger.log(Level.WARNING, CULoggerInfo.getString(CULoggerInfo.findClassAfterDone, name, this.toString()), new Throwable());
        throw new ClassNotFoundException(name);
    }
    String nf = (String) notFoundClasses.get(name);
    if (nf != null && nf.equals(name)) {
        throw new ClassNotFoundException(name);
    }
    // search thru the JARs for a file of the form java/lang/Object.class
    String entryName = name.replace('.', '/') + ".class";
    int i = 0;
    for (URLEntry u : this.urlSet) {
        if (!u.hasItem(entryName)) {
            i++;
            continue;
        }
        byte[] result = loadClassData0(u, entryName);
        if (result != null) {
            if (System.getSecurityManager() == null)
                return new ClassData(result, u.pd);
            else {
                // recreate the pd to include the declared permissions
                CodeSource cs = u.pd.getCodeSource();
                PermissionCollection pc = this.getPermissions(cs);
                ProtectionDomain pdWithPemissions = new ProtectionDomain(u.pd.getCodeSource(), pc, u.pd.getClassLoader(), u.pd.getPrincipals());
                return new ClassData(result, pdWithPemissions);
            }
        }
        i++;
    }
    // add to the not found classes list
    notFoundClasses.put(name, name);
    throw new ClassNotFoundException(name);
}
Also used : PermissionCollection(java.security.PermissionCollection) ProtectionDomain(java.security.ProtectionDomain) CodeSource(java.security.CodeSource)

Aggregations

ProtectionDomain (java.security.ProtectionDomain)148 InstrumentClass (com.navercorp.pinpoint.bootstrap.instrument.InstrumentClass)44 Instrumentor (com.navercorp.pinpoint.bootstrap.instrument.Instrumentor)44 TransformCallback (com.navercorp.pinpoint.bootstrap.instrument.transformer.TransformCallback)42 CodeSource (java.security.CodeSource)39 InstrumentException (com.navercorp.pinpoint.bootstrap.instrument.InstrumentException)28 AccessControlContext (java.security.AccessControlContext)24 Permissions (java.security.Permissions)22 InstrumentMethod (com.navercorp.pinpoint.bootstrap.instrument.InstrumentMethod)20 Permission (java.security.Permission)17 URL (java.net.URL)16 Policy (java.security.Policy)16 Test (org.junit.Test)16 File (java.io.File)12 PermissionCollection (java.security.PermissionCollection)12 IOException (java.io.IOException)11 Method (java.lang.reflect.Method)8 URI (java.net.URI)8 HashSet (java.util.HashSet)8 Principal (java.security.Principal)7