use of java.security.ProtectionDomain in project Payara by payara.
the class SecurityAccessValidator method validateInjection.
private boolean validateInjection(ActiveDescriptor<?> candidate, Injectee injectee, Permission p) {
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Injectee =" + injectee + ", permission= " + p);
}
// If this is an Inject, get the protection domain of the injectee
Class<?> injecteeClass = injectee.getInjecteeClass();
ProtectionDomain pd = getCallerProtDomain(injecteeClass);
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Protection domain code src= " + pd.getCodeSource());
}
if (!pd.implies(p)) {
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("permission check failed for " + injectee + ", to get perm " + p + ", for candidate " + candidate);
}
throw new AccessControlException(localStrings.getLocalString("sec.validate.injection.deny", "Access denied for injectee {0} to get permission {1}.", injectee, p));
} else {
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("permission check success for " + injectee + " to get " + candidate);
}
}
return true;
}
use of java.security.ProtectionDomain in project Payara by payara.
the class SecurityAccessValidator method checkPerm.
private boolean checkPerm(Permission p, Class caller) {
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Checked perm for = " + p);
}
try {
if (caller != null) {
ProtectionDomain pd = this.getCallerProtDomain(caller);
pd.implies(p);
} else
AccessController.checkPermission(p);
} catch (SecurityException e) {
LOG.warning(localStrings.getLocalString("sec.validate.lookup.deny", "Check Permission failed in lookup for permission = {0}", p));
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Check Permission failed, perm= " + p + ", message = " + e.getMessage());
}
throw e;
}
return true;
}
use of java.security.ProtectionDomain in project Payara by payara.
the class ProviderSubClassImplGenerator method generateAndDefineClass.
public <T> Class<T> generateAndDefineClass(final Class<T> providerClazz, String invokerId) {
int id = counter.incrementAndGet();
String providerClassName = providerClazz.getName().replace('.', '/');
String generatedClassName = providerClassName + invokerId + "_" + id;
byte[] provClassData = null;
try {
InputStream is = providerClazz.getClassLoader().getResourceAsStream(providerClassName + ".class");
int sz = is.available();
provClassData = new byte[sz];
int index = 0;
while (index < sz) {
int r = is.read(provClassData, index, sz - index);
if (r > 0) {
index += r;
}
}
} catch (Exception ex) {
return null;
}
ClassReader cr = new ClassReader(provClassData);
ClassWriter cw = new ClassWriter(ClassWriter.COMPUTE_FRAMES + ClassWriter.COMPUTE_MAXS);
byte[] classData = null;
ProbeProviderSubClassGenerator sgen = new ProbeProviderSubClassGenerator(cw, invokerId, "_" + id);
cr.accept(sgen, 0);
classData = cw.toByteArray();
ProtectionDomain pd = providerClazz.getProtectionDomain();
SubClassLoader scl = createSubClassLoader(providerClazz);
if (scl == null)
return null;
try {
String gcName = scl.defineClass(generatedClassName, classData, pd);
if (logger.isLoggable(Level.FINE))
logger.fine("**** DEFINE CLASS SUCCEEDED for " + gcName + "," + generatedClassName);
return (Class<T>) scl.loadClass(gcName);
} catch (Throwable ex) {
ex.printStackTrace();
}
return null;
}
use of java.security.ProtectionDomain in project dubbo by alibaba.
the class ReflectUtils method getCodeBase.
public static String getCodeBase(Class<?> cls) {
if (cls == null)
return null;
ProtectionDomain domain = cls.getProtectionDomain();
if (domain == null)
return null;
CodeSource source = domain.getCodeSource();
if (source == null)
return null;
URL location = source.getLocation();
if (location == null)
return null;
return location.getFile();
}
use of java.security.ProtectionDomain in project jdk8u_jdk by JetBrains.
the class SubjectDomainCombiner method combine.
/**
* Update the relevant ProtectionDomains with the Principals
* from the {@code Subject} associated with this
* {@code SubjectDomainCombiner}.
*
* <p> A new {@code ProtectionDomain} instance is created
* for each {@code ProtectionDomain} in the
* <i>currentDomains</i> array. Each new {@code ProtectionDomain}
* instance is created using the {@code CodeSource},
* {@code Permission}s and {@code ClassLoader}
* from the corresponding {@code ProtectionDomain} in
* <i>currentDomains</i>, as well as with the Principals from
* the {@code Subject} associated with this
* {@code SubjectDomainCombiner}.
*
* <p> All of the newly instantiated ProtectionDomains are
* combined into a new array. The ProtectionDomains from the
* <i>assignedDomains</i> array are appended to this new array,
* and the result is returned.
*
* <p> Note that optimizations such as the removal of duplicate
* ProtectionDomains may have occurred.
* In addition, caching of ProtectionDomains may be permitted.
*
* <p>
*
* @param currentDomains the ProtectionDomains associated with the
* current execution Thread, up to the most recent
* privileged {@code ProtectionDomain}.
* The ProtectionDomains are are listed in order of execution,
* with the most recently executing {@code ProtectionDomain}
* residing at the beginning of the array. This parameter may
* be {@code null} if the current execution Thread
* has no associated ProtectionDomains.<p>
*
* @param assignedDomains the ProtectionDomains inherited from the
* parent Thread, or the ProtectionDomains from the
* privileged <i>context</i>, if a call to
* AccessController.doPrivileged(..., <i>context</i>)
* had occurred This parameter may be {@code null}
* if there were no ProtectionDomains inherited from the
* parent Thread, or from the privileged <i>context</i>.
*
* @return a new array consisting of the updated ProtectionDomains,
* or {@code null}.
*/
public ProtectionDomain[] combine(ProtectionDomain[] currentDomains, ProtectionDomain[] assignedDomains) {
if (debug != null) {
if (subject == null) {
debug.println("null subject");
} else {
final Subject s = subject;
AccessController.doPrivileged(new java.security.PrivilegedAction<Void>() {
public Void run() {
debug.println(s.toString());
return null;
}
});
}
printInputDomains(currentDomains, assignedDomains);
}
if (currentDomains == null || currentDomains.length == 0) {
return assignedDomains;
}
// optimize currentDomains
//
// No need to optimize assignedDomains because it should
// have been previously optimized (when it was set).
currentDomains = optimize(currentDomains);
if (debug != null) {
debug.println("after optimize");
printInputDomains(currentDomains, assignedDomains);
}
if (currentDomains == null && assignedDomains == null) {
return null;
}
// their own custom javax.security.auth.Policy implementations
if (useJavaxPolicy) {
return combineJavaxPolicy(currentDomains, assignedDomains);
}
int cLen = (currentDomains == null ? 0 : currentDomains.length);
int aLen = (assignedDomains == null ? 0 : assignedDomains.length);
// the ProtectionDomains for the new AccessControlContext
// that we will return
ProtectionDomain[] newDomains = new ProtectionDomain[cLen + aLen];
boolean allNew = true;
synchronized (cachedPDs) {
if (!subject.isReadOnly() && !subject.getPrincipals().equals(principalSet)) {
// if the Subject was mutated, clear the PD cache
Set<Principal> newSet = subject.getPrincipals();
synchronized (newSet) {
principalSet = new java.util.HashSet<Principal>(newSet);
}
principals = principalSet.toArray(new Principal[principalSet.size()]);
cachedPDs.clear();
if (debug != null) {
debug.println("Subject mutated - clearing cache");
}
}
ProtectionDomain subjectPd;
for (int i = 0; i < cLen; i++) {
ProtectionDomain pd = currentDomains[i];
subjectPd = cachedPDs.getValue(pd);
if (subjectPd == null) {
if (pdAccess.getStaticPermissionsField(pd)) {
// Need to keep static ProtectionDomain objects static
subjectPd = new ProtectionDomain(pd.getCodeSource(), pd.getPermissions());
} else {
subjectPd = new ProtectionDomain(pd.getCodeSource(), pd.getPermissions(), pd.getClassLoader(), principals);
}
cachedPDs.putValue(pd, subjectPd);
} else {
allNew = false;
}
newDomains[i] = subjectPd;
}
}
if (debug != null) {
debug.println("updated current: ");
for (int i = 0; i < cLen; i++) {
debug.println("\tupdated[" + i + "] = " + printDomain(newDomains[i]));
}
}
// now add on the assigned domains
if (aLen > 0) {
System.arraycopy(assignedDomains, 0, newDomains, cLen, aLen);
// optimize the result (cached PDs might exist in assignedDomains)
if (!allNew) {
newDomains = optimize(newDomains);
}
}
if (debug != null) {
if (newDomains == null || newDomains.length == 0) {
debug.println("returning null");
} else {
debug.println("combinedDomains: ");
for (int i = 0; i < newDomains.length; i++) {
debug.println("newDomain " + i + ": " + printDomain(newDomains[i]));
}
}
}
// return the new ProtectionDomains
if (newDomains == null || newDomains.length == 0) {
return null;
} else {
return newDomains;
}
}
Aggregations