Java Code Examples for java.security.PermissionCollection#add()
The following examples show how to use
java.security.PermissionCollection#add() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: WebappClassLoaderBase.java From tomcatsrc with Apache License 2.0 | 6 votes |
|
/**
* Get the Permissions for a CodeSource. If this instance
* of WebappClassLoaderBase is for a web application context,
* add read FilePermission or JndiPermissions for the base
* directory (if unpacked),
* the context URL, and jar file resources.
*
* @param codeSource where the code was loaded from
* @return PermissionCollection for CodeSource
*/
@Override
protected PermissionCollection getPermissions(CodeSource codeSource) {
String codeUrl = codeSource.getLocation().toString();
PermissionCollection pc;
if ((pc = loaderPC.get(codeUrl)) == null) {
pc = super.getPermissions(codeSource);
if (pc != null) {
Iterator<Permission> perms = permissionList.iterator();
while (perms.hasNext()) {
Permission p = perms.next();
pc.add(p);
}
loaderPC.put(codeUrl,pc);
}
}
return (pc);
}
Example 2
| Source File: DynamicClassLoader.java From baratine with GNU General Public License v2.0 | 6 votes |
|
/**
* Returns the permission collection for the given code source.
*/
@Override
protected PermissionCollection getPermissions(CodeSource codeSource)
{
PermissionCollection perms = super.getPermissions(codeSource);
ArrayList<Permission> permissions = _permissions;
int size = permissions != null ? permissions.size() : 0;
for (int i = 0; i < size; i++) {
Permission permission = permissions.get(i);
perms.add(permission);
}
return perms;
}
Example 3
| Source File: Launcher.java From java-n-IDE-for-Android with Apache License 2.0 | 5 votes |
|
/**
* allow any classes loaded from classpath to exit the VM.
*/
protected PermissionCollection getPermissions(CodeSource codesource)
{
PermissionCollection perms = super.getPermissions(codesource);
perms.add(new RuntimePermission("exitVM"));
return perms;
}
Example 4
| Source File: BasicPolicyConfiguration.java From tomee with Apache License 2.0 | 5 votes |
|
public void addToRole(final String roleName, final Permission permission) throws PolicyContextException {
if (state != OPEN) {
throw new UnsupportedOperationException("Not in an open state");
}
PermissionCollection permissions = rolePermissionsMap.get(roleName);
if (permissions == null) {
permissions = new DelegatePermissionCollection();
rolePermissionsMap.put(roleName, permissions);
}
permissions.add(permission);
}
Example 5
| Source File: JaccPermissionsBuilder.java From tomee with Apache License 2.0 | 5 votes |
|
/**
* Removes permissions from <code>toBeChecked</code> that are implied by
* <code>permission</code>.
*
* @param toBeChecked the permissions that are to be checked and possibly culled
* @param permission the permission that is to be used for culling
* @return the culled set of permissions that are not implied by <code>permission</code>
*/
private PermissionCollection cullPermissions(final PermissionCollection toBeChecked, final Permission permission) {
final PermissionCollection result = DelegatePermissionCollection.getPermissionCollection();
for (final Enumeration e = toBeChecked.elements(); e.hasMoreElements(); ) {
final Permission test = (Permission) e.nextElement();
if (!permission.implies(test)) {
result.add(test);
}
}
return result;
}
Example 6
| Source File: Launcher.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
/**
* allow any classes loaded from classpath to exit the VM.
*/
protected PermissionCollection getPermissions(CodeSource codesource)
{
PermissionCollection perms = super.getPermissions(codesource);
perms.add(new RuntimePermission("exitVM"));
return perms;
}
Example 7
| Source File: Launcher.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* allow any classes loaded from classpath to exit the VM.
*/
protected PermissionCollection getPermissions(CodeSource codesource)
{
PermissionCollection perms = super.getPermissions(codesource);
perms.add(new RuntimePermission("exitVM"));
return perms;
}
Example 8
| Source File: RegistryImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Generates an AccessControlContext with minimal permissions.
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
private static AccessControlContext getAccessControlContext(int port) {
// begin with permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new java.security.PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource = new CodeSource(null,
(java.security.cert.Certificate[]) null);
Policy p = java.security.Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
/*
* Anyone can connect to the registry and the registry can connect
* to and possibly download stubs from anywhere. Downloaded stubs and
* related classes themselves are more tightly limited by RMI.
*/
perms.add(new SocketPermission("*", "connect,accept"));
perms.add(new SocketPermission("localhost:"+port, "listen,accept"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
perms.add(new FilePermission("<<ALL FILES>>", "read"));
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(
new CodeSource(null,
(java.security.cert.Certificate[]) null), perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
Example 9
| Source File: RegistryImpl.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Generates an AccessControlContext with minimal permissions.
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
private static AccessControlContext getAccessControlContext(int port) {
// begin with permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new java.security.PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource = new CodeSource(null,
(java.security.cert.Certificate[]) null);
Policy p = java.security.Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
/*
* Anyone can connect to the registry and the registry can connect
* to and possibly download stubs from anywhere. Downloaded stubs and
* related classes themselves are more tightly limited by RMI.
*/
perms.add(new SocketPermission("*", "connect,accept"));
perms.add(new SocketPermission("localhost:"+port, "listen,accept"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
perms.add(new FilePermission("<<ALL FILES>>", "read"));
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(
new CodeSource(null,
(java.security.cert.Certificate[]) null), perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
Example 10
| Source File: ClassLoaders.java From Bytecoder with Apache License 2.0 | 4 votes |
|
@Override
protected PermissionCollection getPermissions(CodeSource cs) {
PermissionCollection perms = super.getPermissions(cs);
perms.add(new RuntimePermission("exitVM"));
return perms;
}
Example 11
| Source File: MethodUtil.java From Bytecoder with Apache License 2.0 | 4 votes |
|
protected PermissionCollection getPermissions(CodeSource codesource)
{
PermissionCollection perms = super.getPermissions(codesource);
perms.add(new AllPermission());
return perms;
}
Example 12
| Source File: ClientsPolicy.java From scheduling with GNU Affero General Public License v3.0 | 4 votes |
|
@Override
public PermissionCollection getPermissions(final ProtectionDomain domain) {
try {
readLock.lock();
PermissionCollection permissions = new Permissions();
// Look up permissions
Principal[] principals = domain.getPrincipals();
boolean identityPrincipal = false;
if (principals != null) {
for (Principal principal : principals) {
if (principal instanceof IdentityPrincipal) {
identityPrincipal = true;
PermissionCollection pc = original.getPermissions(domain);
if (pc != null) {
Permission permission = new PrincipalPermission((IdentityPrincipal) principal);
// always adding identity permission
permissions.add(permission);
if (debug) {
// WARNING cannot use log4j as it may lead to recursive permission check
System.out.println(principal + " has " + permission);
}
for (Enumeration<Permission> en = pc.elements(); en.hasMoreElements();) {
permission = en.nextElement();
// all "non standard" permissions like ClientPermissions are not presented in
// boot class path, so they were not correctly resolved at JVM start up time
if (permission instanceof UnresolvedPermission) {
permission = resolvePermission((UnresolvedPermission) permission);
if (permission == null)
continue;
}
// we grant java.security.AllPermissions to everyone in the security.java.policy
// here we exclude it from IdentityPrincipal
//
// For IdentityPrincipal org.ow2.proactive.permissions.AllPermissions must be used
if (!permission.getClass().isAssignableFrom(AllPermission.class)) {
if (debug) {
// WARNING cannot use log4j as it may lead to recursive permission check
System.out.println(principal + " has " + permission);
}
permissions.add(permission);
}
}
}
}
}
}
if (!identityPrincipal) {
return original.getPermissions(domain);
}
return permissions;
} finally {
readLock.unlock();
}
}
Example 13
| Source File: AutoJCE.java From HeavenMS with GNU Affero General Public License v3.0 | 4 votes |
|
/**
* Credits: ntoskrnl of StackOverflow
* http://stackoverflow.com/questions/1179672/
*/
public static byte removeCryptographyRestrictions(){
if(!isRestrictedCryptography()){
//System.out.println("Cryptography restrictions removal not needed");
return 0;
}
try{
/*
* Do the following, but with reflection to bypass access checks:
*
* JceSecurity.isRestricted = false;
* JceSecurity.defaultPolicy.perms.clear();
* JceSecurity.defaultPolicy.add(CryptoAllPermission.INSTANCE);
*/
final Class<?> jceSecurity = Class.forName("javax.crypto.JceSecurity");
final Class<?> cryptoPermissions = Class.forName("javax.crypto.CryptoPermissions");
final Class<?> cryptoAllPermission = Class.forName("javax.crypto.CryptoAllPermission");
final Field isRestrictedField = jceSecurity.getDeclaredField("isRestricted");// was set to final in Java 8 Update 112. Requires you to remove the final modifier.
Field modifiersField = Field.class.getDeclaredField("modifiers");
modifiersField.setAccessible(true);
modifiersField.setInt(isRestrictedField, isRestrictedField.getModifiers() & ~Modifier.FINAL);
isRestrictedField.setAccessible(true);
isRestrictedField.set(null, false);
final Field defaultPolicyField = jceSecurity.getDeclaredField("defaultPolicy");
defaultPolicyField.setAccessible(true);
final PermissionCollection defaultPolicy = (PermissionCollection) defaultPolicyField.get(null);
final Field perms = cryptoPermissions.getDeclaredField("perms");
perms.setAccessible(true);
((Map<?, ?>) perms.get(defaultPolicy)).clear();
final Field instance = cryptoAllPermission.getDeclaredField("INSTANCE");
instance.setAccessible(true);
defaultPolicy.add((Permission) instance.get(null));
//System.out.println("Successfully removed cryptography restrictions");
return 1;
}catch(final Exception e){
e.printStackTrace();
System.err.println("Failed to remove cryptography restrictions");
return -1;
}
}
Example 14
| Source File: MethodUtil.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
|
protected PermissionCollection getPermissions(CodeSource codesource)
{
PermissionCollection perms = super.getPermissions(codesource);
perms.add(new AllPermission());
return perms;
}
Example 15
| Source File: MethodUtil.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
protected PermissionCollection getPermissions(CodeSource codesource) {
PermissionCollection perms = super.getPermissions(codesource);
perms.add(new AllPermission());
return perms;
}
Example 16
| Source File: MethodUtil.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
|
protected PermissionCollection getPermissions(CodeSource codesource)
{
PermissionCollection perms = super.getPermissions(codesource);
perms.add(new AllPermission());
return perms;
}
Example 17
| Source File: ExitVM.java From hottub with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[]args) throws Exception {
RuntimePermission newWildcard = new RuntimePermission("exitVM.*");
RuntimePermission oldWildcard = new RuntimePermission("exitVM");
RuntimePermission other = new RuntimePermission("exitVM.23");
System.out.println("Testing RuntimePermission(\"exitVM.*\")");
System.out.println(" testing getName()");
if (!newWildcard.getName().equals("exitVM.*")) {
throw new Exception
("expected: exitVM.* received:" + newWildcard.getName());
}
System.out.println
(" testing equals(new RuntimePermission(\"exitVM.*\"))");
if (!newWildcard.equals(new RuntimePermission("exitVM.*"))) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing equals(new RuntimePermission(\"exitVM.23\"))");
if (newWildcard.equals(other)) {
throw new Exception("expected false, received true");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM.23\"))");
if (!newWildcard.implies(other)) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM.*\"))");
if (!newWildcard.implies(new RuntimePermission("exitVM.*"))) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM\"))");
if (!newWildcard.implies(oldWildcard)) {
throw new Exception("expected true, received false");
}
System.out.println("Testing RuntimePermission(\"exitVM\")");
System.out.println
(" testing implies(new RuntimePermission(\"exitVM.*\"))");
if (!oldWildcard.implies(newWildcard)) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM\"))");
if (!oldWildcard.implies(new RuntimePermission("exitVM"))) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM.23\"))");
if (!oldWildcard.implies(other)) {
throw new Exception("expected true, received false");
}
// now test permission collections
System.out.println("Testing PermissionCollection containing " +
"RuntimePermission(\"exitVM.*\")");
PermissionCollection newPC = newWildcard.newPermissionCollection();
newPC.add(newWildcard);
System.out.println
(" testing implies(new RuntimePermission(\"exitVM.23\"))");
if (!newPC.implies(other)) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM.*\"))");
if (!newPC.implies(new RuntimePermission("exitVM.*"))) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM\"))");
if (!newPC.implies(oldWildcard)) {
throw new Exception("expected true, received false");
}
System.out.println("Testing PermissionCollection containing " +
"RuntimePermission(\"exitVM\")");
PermissionCollection oldPC = oldWildcard.newPermissionCollection();
oldPC.add(oldWildcard);
System.out.println
(" testing implies(new RuntimePermission(\"exitVM.23\"))");
if (!oldPC.implies(other)) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM.*\"))");
if (!oldPC.implies(new RuntimePermission("exitVM.*"))) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM\"))");
if (!oldPC.implies(oldWildcard)) {
throw new Exception("expected true, received false");
}
}
Example 18
| Source File: MethodUtil.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
|
protected PermissionCollection getPermissions(CodeSource codesource)
{
PermissionCollection perms = super.getPermissions(codesource);
perms.add(new AllPermission());
return perms;
}
Example 19
| Source File: ExitVM.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[]args) throws Exception {
RuntimePermission newWildcard = new RuntimePermission("exitVM.*");
RuntimePermission oldWildcard = new RuntimePermission("exitVM");
RuntimePermission other = new RuntimePermission("exitVM.23");
System.out.println("Testing RuntimePermission(\"exitVM.*\")");
System.out.println(" testing getName()");
if (!newWildcard.getName().equals("exitVM.*")) {
throw new Exception
("expected: exitVM.* received:" + newWildcard.getName());
}
System.out.println
(" testing equals(new RuntimePermission(\"exitVM.*\"))");
if (!newWildcard.equals(new RuntimePermission("exitVM.*"))) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing equals(new RuntimePermission(\"exitVM.23\"))");
if (newWildcard.equals(other)) {
throw new Exception("expected false, received true");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM.23\"))");
if (!newWildcard.implies(other)) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM.*\"))");
if (!newWildcard.implies(new RuntimePermission("exitVM.*"))) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM\"))");
if (!newWildcard.implies(oldWildcard)) {
throw new Exception("expected true, received false");
}
System.out.println("Testing RuntimePermission(\"exitVM\")");
System.out.println
(" testing implies(new RuntimePermission(\"exitVM.*\"))");
if (!oldWildcard.implies(newWildcard)) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM\"))");
if (!oldWildcard.implies(new RuntimePermission("exitVM"))) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM.23\"))");
if (!oldWildcard.implies(other)) {
throw new Exception("expected true, received false");
}
// now test permission collections
System.out.println("Testing PermissionCollection containing " +
"RuntimePermission(\"exitVM.*\")");
PermissionCollection newPC = newWildcard.newPermissionCollection();
newPC.add(newWildcard);
System.out.println
(" testing implies(new RuntimePermission(\"exitVM.23\"))");
if (!newPC.implies(other)) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM.*\"))");
if (!newPC.implies(new RuntimePermission("exitVM.*"))) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM\"))");
if (!newPC.implies(oldWildcard)) {
throw new Exception("expected true, received false");
}
System.out.println("Testing PermissionCollection containing " +
"RuntimePermission(\"exitVM\")");
PermissionCollection oldPC = oldWildcard.newPermissionCollection();
oldPC.add(oldWildcard);
System.out.println
(" testing implies(new RuntimePermission(\"exitVM.23\"))");
if (!oldPC.implies(other)) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM.*\"))");
if (!oldPC.implies(new RuntimePermission("exitVM.*"))) {
throw new Exception("expected true, received false");
}
System.out.println
(" testing implies(new RuntimePermission(\"exitVM\"))");
if (!oldPC.implies(oldWildcard)) {
throw new Exception("expected true, received false");
}
}
Example 20
| Source File: JaccPermissionsBuilder.java From tomee with Apache License 2.0 | 3 votes |
|
/**
* Generate all the possible permissions for a bean's interface.
*
* Method permissions are defined in the deployment descriptor as a binary
* relation from the set of security roles to the set of methods of the
* home, component, and/or web service endpoint interfaces of session and
* entity beans, including all their superinterfaces (including the methods
* of the <code>EJBHome</code> and <code>EJBObject</code> interfaces and/or
* <code>EJBLocalHome</code> and <code>EJBLocalObject</code> interfaces).
*
* @param permissions the permission set to be extended
* @param ejbName the name of the EJB
* @param methodInterface the EJB method interface
* @param clazz clazz
* @throws OpenEJBException in case a class could not be found
*/
public void addPossibleEjbMethodPermissions(final PermissionCollection permissions,
final String ejbName,
final String methodInterface,
final Class clazz) throws OpenEJBException {
if (clazz == null) {
return;
}
for (final Method method : clazz.getMethods()) {
final String methodIface = "LocalBean".equals(methodInterface) || "LocalBeanHome".equals(methodInterface) ? null : methodInterface;
permissions.add(new EJBMethodPermission(ejbName, methodIface, method));
}
}
