Search in sources :

Example 71 with ProtectionDomain

use of java.security.ProtectionDomain in project Payara by payara.

the class SecurityAccessValidator method validateInjection.

private boolean validateInjection(ActiveDescriptor<?> candidate, Injectee injectee, Permission p) {
    if (LOG.isLoggable(Level.FINE)) {
        LOG.fine("Injectee =" + injectee + ", permission= " + p);
    }
    // If this is an Inject, get the protection domain of the injectee
    Class<?> injecteeClass = injectee.getInjecteeClass();
    ProtectionDomain pd = getCallerProtDomain(injecteeClass);
    if (LOG.isLoggable(Level.FINE)) {
        LOG.fine("Protection domain code src= " + pd.getCodeSource());
    }
    if (!pd.implies(p)) {
        if (LOG.isLoggable(Level.FINE)) {
            LOG.fine("permission check failed for " + injectee + ", to get perm " + p + ", for candidate " + candidate);
        }
        throw new AccessControlException(localStrings.getLocalString("sec.validate.injection.deny", "Access denied for injectee {0} to get permission {1}.", injectee, p));
    } else {
        if (LOG.isLoggable(Level.FINE)) {
            LOG.fine("permission check success for " + injectee + " to get " + candidate);
        }
    }
    return true;
}
Also used : ProtectionDomain(java.security.ProtectionDomain) AccessControlException(java.security.AccessControlException)

Example 72 with ProtectionDomain

use of java.security.ProtectionDomain in project Payara by payara.

the class SecurityAccessValidator method checkPerm.

private boolean checkPerm(Permission p, Class caller) {
    if (LOG.isLoggable(Level.FINE)) {
        LOG.fine("Checked perm for = " + p);
    }
    try {
        if (caller != null) {
            ProtectionDomain pd = this.getCallerProtDomain(caller);
            pd.implies(p);
        } else
            AccessController.checkPermission(p);
    } catch (SecurityException e) {
        LOG.warning(localStrings.getLocalString("sec.validate.lookup.deny", "Check Permission failed in lookup for permission = {0}", p));
        if (LOG.isLoggable(Level.FINE)) {
            LOG.fine("Check Permission failed, perm= " + p + ", message = " + e.getMessage());
        }
        throw e;
    }
    return true;
}
Also used : ProtectionDomain(java.security.ProtectionDomain)

Example 73 with ProtectionDomain

use of java.security.ProtectionDomain in project Payara by payara.

the class ProviderSubClassImplGenerator method generateAndDefineClass.

public <T> Class<T> generateAndDefineClass(final Class<T> providerClazz, String invokerId) {
    int id = counter.incrementAndGet();
    String providerClassName = providerClazz.getName().replace('.', '/');
    String generatedClassName = providerClassName + invokerId + "_" + id;
    byte[] provClassData = null;
    try {
        InputStream is = providerClazz.getClassLoader().getResourceAsStream(providerClassName + ".class");
        int sz = is.available();
        provClassData = new byte[sz];
        int index = 0;
        while (index < sz) {
            int r = is.read(provClassData, index, sz - index);
            if (r > 0) {
                index += r;
            }
        }
    } catch (Exception ex) {
        return null;
    }
    ClassReader cr = new ClassReader(provClassData);
    ClassWriter cw = new ClassWriter(ClassWriter.COMPUTE_FRAMES + ClassWriter.COMPUTE_MAXS);
    byte[] classData = null;
    ProbeProviderSubClassGenerator sgen = new ProbeProviderSubClassGenerator(cw, invokerId, "_" + id);
    cr.accept(sgen, 0);
    classData = cw.toByteArray();
    ProtectionDomain pd = providerClazz.getProtectionDomain();
    SubClassLoader scl = createSubClassLoader(providerClazz);
    if (scl == null)
        return null;
    try {
        String gcName = scl.defineClass(generatedClassName, classData, pd);
        if (logger.isLoggable(Level.FINE))
            logger.fine("**** DEFINE CLASS SUCCEEDED for " + gcName + "," + generatedClassName);
        return (Class<T>) scl.loadClass(gcName);
    } catch (Throwable ex) {
        ex.printStackTrace();
    }
    return null;
}
Also used : ProtectionDomain(java.security.ProtectionDomain) InputStream(java.io.InputStream)

Example 74 with ProtectionDomain

use of java.security.ProtectionDomain in project dubbo by alibaba.

the class ReflectUtils method getCodeBase.

public static String getCodeBase(Class<?> cls) {
    if (cls == null)
        return null;
    ProtectionDomain domain = cls.getProtectionDomain();
    if (domain == null)
        return null;
    CodeSource source = domain.getCodeSource();
    if (source == null)
        return null;
    URL location = source.getLocation();
    if (location == null)
        return null;
    return location.getFile();
}
Also used : ProtectionDomain(java.security.ProtectionDomain) CodeSource(java.security.CodeSource) URL(java.net.URL)

Example 75 with ProtectionDomain

use of java.security.ProtectionDomain in project jdk8u_jdk by JetBrains.

the class SubjectDomainCombiner method combine.

/**
     * Update the relevant ProtectionDomains with the Principals
     * from the {@code Subject} associated with this
     * {@code SubjectDomainCombiner}.
     *
     * <p> A new {@code ProtectionDomain} instance is created
     * for each {@code ProtectionDomain} in the
     * <i>currentDomains</i> array.  Each new {@code ProtectionDomain}
     * instance is created using the {@code CodeSource},
     * {@code Permission}s and {@code ClassLoader}
     * from the corresponding {@code ProtectionDomain} in
     * <i>currentDomains</i>, as well as with the Principals from
     * the {@code Subject} associated with this
     * {@code SubjectDomainCombiner}.
     *
     * <p> All of the newly instantiated ProtectionDomains are
     * combined into a new array.  The ProtectionDomains from the
     * <i>assignedDomains</i> array are appended to this new array,
     * and the result is returned.
     *
     * <p> Note that optimizations such as the removal of duplicate
     * ProtectionDomains may have occurred.
     * In addition, caching of ProtectionDomains may be permitted.
     *
     * <p>
     *
     * @param currentDomains the ProtectionDomains associated with the
     *          current execution Thread, up to the most recent
     *          privileged {@code ProtectionDomain}.
     *          The ProtectionDomains are are listed in order of execution,
     *          with the most recently executing {@code ProtectionDomain}
     *          residing at the beginning of the array. This parameter may
     *          be {@code null} if the current execution Thread
     *          has no associated ProtectionDomains.<p>
     *
     * @param assignedDomains the ProtectionDomains inherited from the
     *          parent Thread, or the ProtectionDomains from the
     *          privileged <i>context</i>, if a call to
     *          AccessController.doPrivileged(..., <i>context</i>)
     *          had occurred  This parameter may be {@code null}
     *          if there were no ProtectionDomains inherited from the
     *          parent Thread, or from the privileged <i>context</i>.
     *
     * @return a new array consisting of the updated ProtectionDomains,
     *          or {@code null}.
     */
public ProtectionDomain[] combine(ProtectionDomain[] currentDomains, ProtectionDomain[] assignedDomains) {
    if (debug != null) {
        if (subject == null) {
            debug.println("null subject");
        } else {
            final Subject s = subject;
            AccessController.doPrivileged(new java.security.PrivilegedAction<Void>() {

                public Void run() {
                    debug.println(s.toString());
                    return null;
                }
            });
        }
        printInputDomains(currentDomains, assignedDomains);
    }
    if (currentDomains == null || currentDomains.length == 0) {
        return assignedDomains;
    }
    // optimize currentDomains
    //
    // No need to optimize assignedDomains because it should
    // have been previously optimized (when it was set).
    currentDomains = optimize(currentDomains);
    if (debug != null) {
        debug.println("after optimize");
        printInputDomains(currentDomains, assignedDomains);
    }
    if (currentDomains == null && assignedDomains == null) {
        return null;
    }
    // their own custom javax.security.auth.Policy implementations
    if (useJavaxPolicy) {
        return combineJavaxPolicy(currentDomains, assignedDomains);
    }
    int cLen = (currentDomains == null ? 0 : currentDomains.length);
    int aLen = (assignedDomains == null ? 0 : assignedDomains.length);
    // the ProtectionDomains for the new AccessControlContext
    // that we will return
    ProtectionDomain[] newDomains = new ProtectionDomain[cLen + aLen];
    boolean allNew = true;
    synchronized (cachedPDs) {
        if (!subject.isReadOnly() && !subject.getPrincipals().equals(principalSet)) {
            // if the Subject was mutated, clear the PD cache
            Set<Principal> newSet = subject.getPrincipals();
            synchronized (newSet) {
                principalSet = new java.util.HashSet<Principal>(newSet);
            }
            principals = principalSet.toArray(new Principal[principalSet.size()]);
            cachedPDs.clear();
            if (debug != null) {
                debug.println("Subject mutated - clearing cache");
            }
        }
        ProtectionDomain subjectPd;
        for (int i = 0; i < cLen; i++) {
            ProtectionDomain pd = currentDomains[i];
            subjectPd = cachedPDs.getValue(pd);
            if (subjectPd == null) {
                if (pdAccess.getStaticPermissionsField(pd)) {
                    // Need to keep static ProtectionDomain objects static
                    subjectPd = new ProtectionDomain(pd.getCodeSource(), pd.getPermissions());
                } else {
                    subjectPd = new ProtectionDomain(pd.getCodeSource(), pd.getPermissions(), pd.getClassLoader(), principals);
                }
                cachedPDs.putValue(pd, subjectPd);
            } else {
                allNew = false;
            }
            newDomains[i] = subjectPd;
        }
    }
    if (debug != null) {
        debug.println("updated current: ");
        for (int i = 0; i < cLen; i++) {
            debug.println("\tupdated[" + i + "] = " + printDomain(newDomains[i]));
        }
    }
    // now add on the assigned domains
    if (aLen > 0) {
        System.arraycopy(assignedDomains, 0, newDomains, cLen, aLen);
        // optimize the result (cached PDs might exist in assignedDomains)
        if (!allNew) {
            newDomains = optimize(newDomains);
        }
    }
    if (debug != null) {
        if (newDomains == null || newDomains.length == 0) {
            debug.println("returning null");
        } else {
            debug.println("combinedDomains: ");
            for (int i = 0; i < newDomains.length; i++) {
                debug.println("newDomain " + i + ": " + printDomain(newDomains[i]));
            }
        }
    }
    // return the new ProtectionDomains
    if (newDomains == null || newDomains.length == 0) {
        return null;
    } else {
        return newDomains;
    }
}
Also used : ProtectionDomain(java.security.ProtectionDomain) Principal(java.security.Principal)

Aggregations

ProtectionDomain (java.security.ProtectionDomain)148 InstrumentClass (com.navercorp.pinpoint.bootstrap.instrument.InstrumentClass)44 Instrumentor (com.navercorp.pinpoint.bootstrap.instrument.Instrumentor)44 TransformCallback (com.navercorp.pinpoint.bootstrap.instrument.transformer.TransformCallback)42 CodeSource (java.security.CodeSource)39 InstrumentException (com.navercorp.pinpoint.bootstrap.instrument.InstrumentException)28 AccessControlContext (java.security.AccessControlContext)24 Permissions (java.security.Permissions)22 InstrumentMethod (com.navercorp.pinpoint.bootstrap.instrument.InstrumentMethod)20 Permission (java.security.Permission)17 URL (java.net.URL)16 Policy (java.security.Policy)16 Test (org.junit.Test)16 File (java.io.File)12 PermissionCollection (java.security.PermissionCollection)12 IOException (java.io.IOException)11 Method (java.lang.reflect.Method)8 URI (java.net.URI)8 HashSet (java.util.HashSet)8 Principal (java.security.Principal)7