Java Code Examples for java.security.Permissions

The following examples show how to use java.security.Permissions. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: spring-analysis-note   Source File: CallbacksSecurityTests.java    License: MIT License 6 votes vote down vote up
@Before
public void setUp() throws Exception {

	final ProtectionDomain empty = new ProtectionDomain(null,
			new Permissions());

	provider = new SecurityContextProvider() {
		private final AccessControlContext acc = new AccessControlContext(
				new ProtectionDomain[] { empty });

		@Override
		public AccessControlContext getAccessControlContext() {
			return acc;
		}
	};

	DefaultResourceLoader drl = new DefaultResourceLoader();
	Resource config = drl
			.getResource("/org/springframework/beans/factory/support/security/callbacks.xml");
	beanFactory = new DefaultListableBeanFactory();
	new XmlBeanDefinitionReader(beanFactory).loadBeanDefinitions(config);
	beanFactory.setSecurityContextProvider(provider);
}
 
Example 2
Permissions getPermissions() {
    if (allowControl.get().get() || allowAccess.get().get() || allowAll.get().get()) {
        PermissionsBuilder builder =  new PermissionsBuilder()
                .addAll(permissions);
        if (allowControl.get().get()) {
            builder.add(CONTROL);
        }
        if (allowAccess.get().get()) {
            builder.add(ACCESS_LOGGER);
            builder.add(ACCESS_LOGGING);
        }
        if (allowAll.get().get()) {
            builder.addAll(allPermissions);
        }
        return builder.toPermissions();
    }
    return permissions;
}
 
Example 3
Source Project: jdk8u-jdk   Source File: FileHandlerPath.java    License: GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    permissions = new Permissions();
    permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
    permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
    permissions.add(new PropertyPermission("user.dir", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example 4
Source Project: jdk1.8-source-analysis   Source File: MBeanInstantiator.java    License: Apache License 2.0 6 votes vote down vote up
private ClassLoader getClassLoader(final ObjectName name) {
    if(clr == null){
        return null;
    }
    // Restrict to getClassLoader permission only
    Permissions permissions = new Permissions();
    permissions.add(new MBeanPermission("*", null, name, "getClassLoader"));
    ProtectionDomain protectionDomain = new ProtectionDomain(null, permissions);
    ProtectionDomain[] domains = {protectionDomain};
    AccessControlContext ctx = new AccessControlContext(domains);
    ClassLoader loader = AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
        public ClassLoader run() {
            return clr.getClassLoader(name);
        }
    }, ctx);
    return loader;
}
 
Example 5
/**
 */
@Override
public PermissionCollection getPermissions(CodeSource cs) {
  if (null==cs) {
    // Not a code source for a bundle, delegate to the default policy
    return defaultPolicy.getPermissions(cs);
  }

  final URL u = cs.getLocation();
  if (u != null && BundleURLStreamHandler.PROTOCOL.equals(u.getProtocol())) {
    try {
      final Long id = new Long(BundleURLStreamHandler.getId(u.getHost()));
      //return getPermissions(id);
      final PermissionCollection pc = ph.getPermissionCollection(id);
      if (pc != null) {
        return copy(pc);
      }
    } catch (final NumberFormatException ignore) { }
    return new Permissions();
  } else {
    return defaultPolicy.getPermissions(cs);
  }
}
 
Example 6
public static void main(String... args) throws Exception {
    if (args.length > 0 && args[0].equals("sm")) {
        PermissionCollection perms = new Permissions();
        perms.add(new RuntimePermission("getStackWalkerWithClassReference"));
        Policy.setPolicy(new Policy() {
            @Override
            public boolean implies(ProtectionDomain domain, Permission p) {
                return perms.implies(p);
            }
        });
        System.setSecurityManager(new SecurityManager());
    }
    new GetCallerClassTest(StackWalker.getInstance(), true).test();
    new GetCallerClassTest(StackWalker.getInstance(RETAIN_CLASS_REFERENCE), false).test();
    new GetCallerClassTest(StackWalker.getInstance(EnumSet.of(RETAIN_CLASS_REFERENCE,
                                                              SHOW_HIDDEN_FRAMES)), false).test();
}
 
Example 7
Source Project: jdk8u60   Source File: FileHandlerPath.java    License: GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    permissions = new Permissions();
    permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
    permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
    permissions.add(new PropertyPermission("user.dir", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example 8
Source Project: TencentKona-8   Source File: LoaderHandler.java    License: GNU General Public License v2.0 6 votes vote down vote up
private Loader(URL[] urls, ClassLoader parent) {
    super(urls, parent);
    this.parent = parent;

    /*
     * Precompute the permissions required to access the loader.
     */
    permissions = new Permissions();
    addPermissionsForURLs(urls, permissions, false);

    /*
     * Caching the value of class annotation string here assumes
     * that the protected method addURL() is never called on this
     * class loader.
     */
    annotation = urlsToPath(urls);
}
 
Example 9
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example 10
Source Project: openjdk-jdk9   Source File: Activation.java    License: GNU General Public License v2.0 6 votes vote down vote up
private static PermissionCollection getExecPermissions() {
    /*
     * The approach used here is taken from the similar method
     * getLoaderAccessControlContext() in the class
     * sun.rmi.server.LoaderHandler.
     */

    // obtain permissions granted to all code in current policy
    PermissionCollection perms = AccessController.doPrivileged(
        new PrivilegedAction<PermissionCollection>() {
            public PermissionCollection run() {
                CodeSource codesource =
                    new CodeSource(null, (Certificate[]) null);
                Policy p = Policy.getPolicy();
                if (p != null) {
                    return p.getPermissions(codesource);
                } else {
                    return new Permissions();
                }
            }
        });

    return perms;
}
 
Example 11
Source Project: java-technology-stack   Source File: CallbacksSecurityTests.java    License: MIT License 6 votes vote down vote up
@Before
public void setUp() throws Exception {

	final ProtectionDomain empty = new ProtectionDomain(null,
			new Permissions());

	provider = new SecurityContextProvider() {
		private final AccessControlContext acc = new AccessControlContext(
				new ProtectionDomain[] { empty });

		@Override
		public AccessControlContext getAccessControlContext() {
			return acc;
		}
	};

	DefaultResourceLoader drl = new DefaultResourceLoader();
	Resource config = drl
			.getResource("/org/springframework/beans/factory/support/security/callbacks.xml");
	beanFactory = new DefaultListableBeanFactory();
	new XmlBeanDefinitionReader(beanFactory).loadBeanDefinitions(config);
	beanFactory.setSecurityContextProvider(provider);
}
 
Example 12
public SimplePolicy(ThreadLocal<AtomicBoolean> allowControl,
        ThreadLocal<AtomicBoolean> allowAccess,
        ThreadLocal<AtomicBoolean> allowAll) {
    this.allowControl = allowControl;
    this.allowAccess = allowAccess;
    this.allowAll = allowAll;
    permissions = new Permissions();
    allPermissions = new PermissionsBuilder()
            .add(new java.security.AllPermission())
            .toPermissions();
}
 
Example 13
@Override
protected PermissionCollection getPermissions(CodeSource codesource) {
    final Permissions permCollection = new Permissions();
    for (final Permission perm : SCRIPT_PERMISSIONS) {
        permCollection.add(perm);
    }
    return permCollection;
}
 
Example 14
public SimplePolicy(TestCase test) {
    permissions = new Permissions();
    if (test != TestCase.PERMISSION) {
        permissions.add(new LoggingPermission("control", null));
    }
    // required for calling Locale.setDefault in the test.
    permissions.add(new PropertyPermission("user.language", "write"));
}
 
Example 15
Source Project: hottub   Source File: SocketPermissionTest.java    License: GNU General Public License v2.0 5 votes vote down vote up
private static AccessControlContext getAccessControlContext(Permission... ps) {
    Permissions perms = new Permissions();
    for (Permission p : ps) {
        perms.add(p);
    }
    /*
     *Create an AccessControlContext that consist a single protection domain
     * with only the permissions calculated above
     */
    ProtectionDomain pd = new ProtectionDomain(null, perms);
    return new AccessControlContext(new ProtectionDomain[]{pd});
}
 
Example 16
Source Project: groovy   Source File: SecurityTest.java    License: Apache License 2.0 5 votes vote down vote up
public void setUp() {
    forbidden = new Permissions();
    forbidden.add(new ReflectPermission("suppressAccessChecks"));
    restrictiveSecurityManager = new SecurityManager() {

        @Override
        public void checkPermission(Permission perm) {
            if (forbidden.implies(perm))
                throw new AccessControlException(perm.getName());
        }
    };
}
 
Example 17
Source Project: Bytecoder   Source File: ForkJoinPool.java    License: Apache License 2.0 5 votes vote down vote up
static AccessControlContext contextWithPermissions(Permission ... perms) {
    Permissions permissions = new Permissions();
    for (Permission perm : perms)
        permissions.add(perm);
    return new AccessControlContext(
        new ProtectionDomain[] { new ProtectionDomain(null, permissions) });
}
 
Example 18
public static void main(String[] args) throws Exception {

        /*
         * If we delay setting the security manager until after the service
         * configuration file has been installed, then this test still
         * functions properly, but the -Djava.security.debug output is
         * lacking, so to ease debugging, we'll set it early-- at the cost
         * of having to specify the policy even when running standalone.
         */
        TestLibrary.suggestSecurityManager(null);

        ServiceConfiguration.installServiceConfigurationFile();

        /*
         * Execute use of RMIClassLoader within an AccessControlContext
         * that has a protection domain with no permissions, to make sure
         * that RMIClassLoader can still properly initialize itself.
         */
        CodeSource codesource = new CodeSource(null, (Certificate[]) null);
        Permissions perms = null;
        ProtectionDomain pd = new ProtectionDomain(codesource, perms);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });

        java.security.AccessController.doPrivileged(
        new java.security.PrivilegedExceptionAction() {
            public Object run() throws Exception {
                TestProvider.exerciseTestProvider(
                    TestProvider2.loadClassReturn,
                    TestProvider2.loadProxyClassReturn,
                    TestProvider2.getClassLoaderReturn,
                    TestProvider2.getClassAnnotationReturn,
                    TestProvider2.invocations);
                return null;
            }
        }, acc);
    }
 
Example 19
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;
    // we don't actually need any permission to create our
    // FileHandlers because we're passing invalid parameters
    // which will make the creation fail...
    permissions = new Permissions();
    permissions.add(new RuntimePermission("accessClassInPackage.sun.misc"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());

}
 
Example 20
private static ProtectionDomain createMinimalPermissionDomain() {
    // Generated classes need to have at least the permission to access Nashorn runtime and runtime.linker packages.
    final Permissions permissions = new Permissions();
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.objects"));
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime"));
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime.linker"));
    return new ProtectionDomain(new CodeSource(null, (CodeSigner[])null), permissions);
}
 
Example 21
Source Project: hottub   Source File: RMIConnectionImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
private static AccessControlContext withPermissions(Permission ... perms){
    Permissions col = new Permissions();

    for (Permission thePerm : perms ) {
        col.add(thePerm);
    }

    final ProtectionDomain pd = new ProtectionDomain(null, col);
    return new AccessControlContext( new ProtectionDomain[] { pd });
}
 
Example 22
private static ProtectionDomain createMinimalPermissionDomain() {
    // Generated classes need to have at least the permission to access Nashorn runtime and runtime.linker packages.
    final Permissions permissions = new Permissions();
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.objects"));
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime"));
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime.linker"));
    return new ProtectionDomain(new CodeSource(null, (CodeSigner[])null), permissions);
}
 
Example 23
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    // we don't actually need any permission to create our
    // FileHandlers because we're passing invalid parameters
    // which will make the creation fail...
    permissions = new Permissions();

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());

}
 
Example 24
Source Project: openjdk-jdk8u   Source File: NashornLoader.java    License: GNU General Public License v2.0 5 votes vote down vote up
@Override
protected PermissionCollection getPermissions(final CodeSource codesource) {
    final Permissions permCollection = new Permissions();
    for (final Permission perm : SCRIPT_PERMISSIONS) {
        permCollection.add(perm);
    }
    return permCollection;
}
 
Example 25
Source Project: openjdk-8   Source File: ClassAndLoader.java    License: GNU General Public License v2.0 5 votes vote down vote up
static AccessControlContext createPermAccCtxt(final String... permNames) {
    final Permissions perms = new Permissions();
    for (final String permName : permNames) {
        perms.add(new RuntimePermission(permName));
    }
    return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
 
Example 26
public SimplePolicy(ThreadLocal<AtomicBoolean> allowControl, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowControl = allowControl;
    this.allowAll = allowAll;
    permissions = new Permissions();

    // these are used for configuring the test itself...
    controlPermissions = new Permissions();
    controlPermissions.add(LOGGERFINDER_PERMISSION);
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());

}
 
Example 27
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;
    // we don't actually need any permission to create our
    // FileHandlers because we're passing invalid parameters
    // which will make the creation fail...
    permissions = new Permissions();
    permissions.add(new RuntimePermission("accessClassInPackage.sun.misc"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());

}
 
Example 28
public SimplePolicy(TestCase test) {
    permissions = new Permissions();
    if (test != TestCase.PERMISSION) {
        permissions.add(new LoggingPermission("control", null));
    }
    // required for calling Locale.setDefault in the test.
    permissions.add(new PropertyPermission("user.language", "write"));
}
 
Example 29
Source Project: ignite   Source File: AbstractSecurityTest.java    License: Apache License 2.0 5 votes vote down vote up
/** */
protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet,
    Permissions sandboxPerms, boolean isClient) throws Exception {
    return startGrid(getConfiguration(login,
        new TestSecurityPluginProvider(login, "", prmSet, sandboxPerms, globalAuth))
        .setClientMode(isClient));
}
 
Example 30
public static void main(String[] args) throws Exception {

        /*
         * If we delay setting the security manager until after the service
         * configuration file has been installed, then this test still
         * functions properly, but the -Djava.security.debug output is
         * lacking, so to ease debugging, we'll set it early-- at the cost
         * of having to specify the policy even when running standalone.
         */
        TestLibrary.suggestSecurityManager(null);

        ServiceConfiguration.installServiceConfigurationFile();

        /*
         * Execute use of RMIClassLoader within an AccessControlContext
         * that has a protection domain with no permissions, to make sure
         * that RMIClassLoader can still properly initialize itself.
         */
        CodeSource codesource = new CodeSource(null, (Certificate[]) null);
        Permissions perms = null;
        ProtectionDomain pd = new ProtectionDomain(codesource, perms);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });

        java.security.AccessController.doPrivileged(
        new java.security.PrivilegedExceptionAction() {
            public Object run() throws Exception {
                TestProvider.exerciseTestProvider(
                    TestProvider2.loadClassReturn,
                    TestProvider2.loadProxyClassReturn,
                    TestProvider2.getClassLoaderReturn,
                    TestProvider2.getClassAnnotationReturn,
                    TestProvider2.invocations);
                return null;
            }
        }, acc);
    }