Search in sources :

Example 41 with ProtectionDomain

use of java.security.ProtectionDomain in project jdk8u_jdk by JetBrains.

the class PreserveCombinerTest method main.

public static void main(String[] args) throws Exception {
    final DomainCombiner dc = new DomainCombiner() {

        @Override
        public ProtectionDomain[] combine(ProtectionDomain[] currentDomains, ProtectionDomain[] assignedDomains) {
            // basically a no-op
            return currentDomains;
        }
    };
    // Get an instance of the saved ACC
    AccessControlContext saved = AccessController.getContext();
    // Simulate the stack ACC with a DomainCombiner attached
    AccessControlContext stack = new AccessControlContext(AccessController.getContext(), dc);
    // Now try to run JavaSecurityAccess.doIntersectionPrivilege() and assert
    // whether the DomainCombiner from the stack ACC is preserved
    boolean ret = SharedSecrets.getJavaSecurityAccess().doIntersectionPrivilege(new PrivilegedAction<Boolean>() {

        @Override
        public Boolean run() {
            return dc == AccessController.getContext().getDomainCombiner();
        }
    }, stack, saved);
    if (!ret) {
        System.exit(1);
    }
}
Also used : ProtectionDomain(java.security.ProtectionDomain) DomainCombiner(java.security.DomainCombiner) AccessControlContext(java.security.AccessControlContext)

Example 42 with ProtectionDomain

use of java.security.ProtectionDomain in project jdk8u_jdk by JetBrains.

the class TestLogConfigurationDeadLock method main.

/**
     * This test will run both with and without a security manager.
     *
     * The test starts a number of threads that will call
     *     LogManager.readConfiguration() concurrently (ReadConf), then starts
     *     a number of threads that will create new loggers concurrently
     *     (AddLogger), and then two additional threads: one (Stopper) that
     *     will stop the test after 4secs (TIME ms), and one DeadlockDetector
     *     that will attempt to detect deadlocks.
     * If after 4secs no deadlock was detected and no exception was thrown
     * then the test is considered a success and passes.
     *
     * This procedure is done twice: once without a security manager and once
     * again with a security manager - which means the test takes ~8secs to
     * run.
     *
     * Note that 8sec may not be enough to detect issues if there are some.
     * This is a best effort test.
     *
     * @param args the command line arguments
     */
public static void main(String[] args) throws Exception {
    // test without security
    System.out.println("No security");
    test();
    // test with security
    System.out.println("\nWith security");
    Policy.setPolicy(new Policy() {

        @Override
        public boolean implies(ProtectionDomain domain, Permission permission) {
            if (super.implies(domain, permission))
                return true;
            // all permissions
            return true;
        }
    });
    System.setSecurityManager(new SecurityManager());
    test();
}
Also used : Policy(java.security.Policy) ProtectionDomain(java.security.ProtectionDomain) Permission(java.security.Permission)

Example 43 with ProtectionDomain

use of java.security.ProtectionDomain in project jdk8u_jdk by JetBrains.

the class TestLogConfigurationDeadLockWithConf method main.

/**
     * This test will run both with and without a security manager.
     *
     * The test starts a number of threads that will call
     *     LogManager.readConfiguration() concurrently (ReadConf), then starts
     *     a number of threads that will create new loggers concurrently
     *     (AddLogger), and then two additional threads: one (Stopper) that
     *     will stop the test after 4secs (TIME ms), and one DeadlockDetector
     *     that will attempt to detect deadlocks.
     * If after 4secs no deadlock was detected and no exception was thrown
     * then the test is considered a success and passes.
     *
     * This procedure is done twice: once without a security manager and once
     * again with a security manager - which means the test takes ~8secs to
     * run.
     *
     * Note that 8sec may not be enough to detect issues if there are some.
     * This is a best effort test.
     *
     * @param args the command line arguments
     * @throws java.lang.Exception if the test fails.
     */
public static void main(String[] args) throws Exception {
    File config = new File(System.getProperty("test.src", "."), "deadlockconf.properties");
    if (!config.canRead()) {
        System.err.println("Can't read config file: test cannot execute.");
        System.err.println("Please check your test environment: ");
        System.err.println("\t -Dtest.src=" + System.getProperty("test.src", "."));
        System.err.println("\t config file is: " + config.getAbsolutePath());
        throw new RuntimeException("Can't read config file: " + config.getAbsolutePath());
    }
    System.setProperty("java.util.logging.config.file", config.getAbsolutePath());
    // test without security
    System.out.println("No security");
    test();
    // test with security
    System.out.println("\nWith security");
    Policy.setPolicy(new Policy() {

        @Override
        public boolean implies(ProtectionDomain domain, Permission permission) {
            if (super.implies(domain, permission))
                return true;
            // all permissions
            return true;
        }
    });
    System.setSecurityManager(new SecurityManager());
    test();
}
Also used : Policy(java.security.Policy) ProtectionDomain(java.security.ProtectionDomain) Permission(java.security.Permission) File(java.io.File)

Example 44 with ProtectionDomain

use of java.security.ProtectionDomain in project wildfly by wildfly.

the class AuthorizationInterceptor method processInvocation.

@Override
public Object processInvocation(InterceptorContext context) throws Exception {
    final Component component = context.getPrivateData(Component.class);
    if (component instanceof EJBComponent == false) {
        throw EjbLogger.ROOT_LOGGER.unexpectedComponent(component, EJBComponent.class);
    }
    final Method invokedMethod = context.getMethod();
    final ComponentView componentView = context.getPrivateData(ComponentView.class);
    final String viewClassOfInvokedMethod = componentView.getViewClass().getName();
    // shouldn't really happen if the interceptor was setup correctly. But let's be safe and do a check
    if (!this.viewClassName.equals(viewClassOfInvokedMethod) || !this.viewMethod.equals(invokedMethod)) {
        throw EjbLogger.ROOT_LOGGER.failProcessInvocation(this.getClass().getName(), invokedMethod, viewClassOfInvokedMethod, viewMethod, viewClassName);
    }
    final EJBComponent ejbComponent = (EJBComponent) component;
    final ServerSecurityManager securityManager = ejbComponent.getSecurityManager();
    final MethodInterfaceType methodIntfType = this.getMethodInterfaceType(componentView.getPrivateData(MethodIntf.class));
    // set the JACC contextID before calling the security manager.
    final String previousContextID = setContextID(this.contextID);
    try {
        if (WildFlySecurityManager.isChecking()) {
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {

                    @Override
                    public ProtectionDomain run() {
                        if (!securityManager.authorize(ejbComponent.getComponentName(), componentView.getProxyClass().getProtectionDomain().getCodeSource(), methodIntfType.name(), AuthorizationInterceptor.this.viewMethod, AuthorizationInterceptor.this.getMethodRolesAsPrincipals(), AuthorizationInterceptor.this.contextID)) {
                            throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(invokedMethod, ejbComponent.getComponentName());
                        }
                        return null;
                    }
                });
            } catch (PrivilegedActionException e) {
                throw e.getException();
            }
        } else {
            if (!securityManager.authorize(ejbComponent.getComponentName(), componentView.getProxyClass().getProtectionDomain().getCodeSource(), methodIntfType.name(), this.viewMethod, this.getMethodRolesAsPrincipals(), this.contextID)) {
                throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(invokedMethod, ejbComponent.getComponentName());
            }
        }
        // successful authorization, let the invocation proceed
        return context.proceed();
    } finally {
        // reset the previous JACC contextID.
        setContextID(previousContextID);
    }
}
Also used : ProtectionDomain(java.security.ProtectionDomain) PrivilegedActionException(java.security.PrivilegedActionException) Method(java.lang.reflect.Method) EJBComponent(org.jboss.as.ejb3.component.EJBComponent) MethodIntf(org.jboss.as.ejb3.component.MethodIntf) ComponentView(org.jboss.as.ee.component.ComponentView) ServerSecurityManager(org.jboss.as.core.security.ServerSecurityManager) EJBComponent(org.jboss.as.ejb3.component.EJBComponent) Component(org.jboss.as.ee.component.Component) MethodInterfaceType(org.jboss.metadata.ejb.spec.MethodInterfaceType)

Example 45 with ProtectionDomain

use of java.security.ProtectionDomain in project intellij-community by JetBrains.

the class SystemClassLoaderAction method getDefaultDomain.

/*
     * returns (and initializes) the default domain.
     */
private synchronized ProtectionDomain getDefaultDomain() {
    if (defaultDomain == null) {
        CodeSource cs = new CodeSource(null, null);
        defaultDomain = new ProtectionDomain(cs, null, this, null);
    }
    return defaultDomain;
}
Also used : ProtectionDomain(java.security.ProtectionDomain) CodeSource(java.security.CodeSource)

Aggregations

ProtectionDomain (java.security.ProtectionDomain)148 InstrumentClass (com.navercorp.pinpoint.bootstrap.instrument.InstrumentClass)44 Instrumentor (com.navercorp.pinpoint.bootstrap.instrument.Instrumentor)44 TransformCallback (com.navercorp.pinpoint.bootstrap.instrument.transformer.TransformCallback)42 CodeSource (java.security.CodeSource)39 InstrumentException (com.navercorp.pinpoint.bootstrap.instrument.InstrumentException)28 AccessControlContext (java.security.AccessControlContext)24 Permissions (java.security.Permissions)22 InstrumentMethod (com.navercorp.pinpoint.bootstrap.instrument.InstrumentMethod)20 Permission (java.security.Permission)17 URL (java.net.URL)16 Policy (java.security.Policy)16 Test (org.junit.Test)16 File (java.io.File)12 PermissionCollection (java.security.PermissionCollection)12 IOException (java.io.IOException)11 Method (java.lang.reflect.Method)8 URI (java.net.URI)8 HashSet (java.util.HashSet)8 Principal (java.security.Principal)7