java.security.Permissions Java Examples

The following examples show how to use java.security.Permissions. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: CallbacksSecurityTests.java    From java-technology-stack with MIT License 6 votes vote down vote up
@Before
public void setUp() throws Exception {

	final ProtectionDomain empty = new ProtectionDomain(null,
			new Permissions());

	provider = new SecurityContextProvider() {
		private final AccessControlContext acc = new AccessControlContext(
				new ProtectionDomain[] { empty });

		@Override
		public AccessControlContext getAccessControlContext() {
			return acc;
		}
	};

	DefaultResourceLoader drl = new DefaultResourceLoader();
	Resource config = drl
			.getResource("/org/springframework/beans/factory/support/security/callbacks.xml");
	beanFactory = new DefaultListableBeanFactory();
	new XmlBeanDefinitionReader(beanFactory).loadBeanDefinitions(config);
	beanFactory.setSecurityContextProvider(provider);
}
 
Example #2
Source File: Activation.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
private static PermissionCollection getExecPermissions() {
    /*
     * The approach used here is taken from the similar method
     * getLoaderAccessControlContext() in the class
     * sun.rmi.server.LoaderHandler.
     */

    // obtain permissions granted to all code in current policy
    PermissionCollection perms = AccessController.doPrivileged(
        new PrivilegedAction<PermissionCollection>() {
            public PermissionCollection run() {
                CodeSource codesource =
                    new CodeSource(null, (Certificate[]) null);
                Policy p = Policy.getPolicy();
                if (p != null) {
                    return p.getPermissions(codesource);
                } else {
                    return new Permissions();
                }
            }
        });

    return perms;
}
 
Example #3
Source File: FieldSetAccessibleTest.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #4
Source File: LoaderHandler.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
private Loader(URL[] urls, ClassLoader parent) {
    super(urls, parent);
    this.parent = parent;

    /*
     * Precompute the permissions required to access the loader.
     */
    permissions = new Permissions();
    addPermissionsForURLs(urls, permissions, false);

    /*
     * Caching the value of class annotation string here assumes
     * that the protected method addURL() is never called on this
     * class loader.
     */
    annotation = urlsToPath(urls);
}
 
Example #5
Source File: FileHandlerPath.java    From jdk8u60 with GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    permissions = new Permissions();
    permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
    permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
    permissions.add(new PropertyPermission("user.dir", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #6
Source File: GetCallerClassTest.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String... args) throws Exception {
    if (args.length > 0 && args[0].equals("sm")) {
        PermissionCollection perms = new Permissions();
        perms.add(new RuntimePermission("getStackWalkerWithClassReference"));
        Policy.setPolicy(new Policy() {
            @Override
            public boolean implies(ProtectionDomain domain, Permission p) {
                return perms.implies(p);
            }
        });
        System.setSecurityManager(new SecurityManager());
    }
    new GetCallerClassTest(StackWalker.getInstance(), true).test();
    new GetCallerClassTest(StackWalker.getInstance(RETAIN_CLASS_REFERENCE), false).test();
    new GetCallerClassTest(StackWalker.getInstance(EnumSet.of(RETAIN_CLASS_REFERENCE,
                                                              SHOW_HIDDEN_FRAMES)), false).test();
}
 
Example #7
Source File: FrameworkPolicy.java    From knopflerfish.org with BSD 3-Clause "New" or "Revised" License 6 votes vote down vote up
/**
 */
@Override
public PermissionCollection getPermissions(CodeSource cs) {
  if (null==cs) {
    // Not a code source for a bundle, delegate to the default policy
    return defaultPolicy.getPermissions(cs);
  }

  final URL u = cs.getLocation();
  if (u != null && BundleURLStreamHandler.PROTOCOL.equals(u.getProtocol())) {
    try {
      final Long id = new Long(BundleURLStreamHandler.getId(u.getHost()));
      //return getPermissions(id);
      final PermissionCollection pc = ph.getPermissionCollection(id);
      if (pc != null) {
        return copy(pc);
      }
    } catch (final NumberFormatException ignore) { }
    return new Permissions();
  } else {
    return defaultPolicy.getPermissions(cs);
  }
}
 
Example #8
Source File: CallbacksSecurityTests.java    From spring-analysis-note with MIT License 6 votes vote down vote up
@Before
public void setUp() throws Exception {

	final ProtectionDomain empty = new ProtectionDomain(null,
			new Permissions());

	provider = new SecurityContextProvider() {
		private final AccessControlContext acc = new AccessControlContext(
				new ProtectionDomain[] { empty });

		@Override
		public AccessControlContext getAccessControlContext() {
			return acc;
		}
	};

	DefaultResourceLoader drl = new DefaultResourceLoader();
	Resource config = drl
			.getResource("/org/springframework/beans/factory/support/security/callbacks.xml");
	beanFactory = new DefaultListableBeanFactory();
	new XmlBeanDefinitionReader(beanFactory).loadBeanDefinitions(config);
	beanFactory.setSecurityContextProvider(provider);
}
 
Example #9
Source File: MBeanInstantiator.java    From jdk1.8-source-analysis with Apache License 2.0 6 votes vote down vote up
private ClassLoader getClassLoader(final ObjectName name) {
    if(clr == null){
        return null;
    }
    // Restrict to getClassLoader permission only
    Permissions permissions = new Permissions();
    permissions.add(new MBeanPermission("*", null, name, "getClassLoader"));
    ProtectionDomain protectionDomain = new ProtectionDomain(null, permissions);
    ProtectionDomain[] domains = {protectionDomain};
    AccessControlContext ctx = new AccessControlContext(domains);
    ClassLoader loader = AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
        public ClassLoader run() {
            return clr.getClassLoader(name);
        }
    }, ctx);
    return loader;
}
 
Example #10
Source File: LoggerBridgeTest.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
Permissions getPermissions() {
    if (allowControl.get().get() || allowAccess.get().get() || allowAll.get().get()) {
        PermissionsBuilder builder =  new PermissionsBuilder()
                .addAll(permissions);
        if (allowControl.get().get()) {
            builder.add(CONTROL);
        }
        if (allowAccess.get().get()) {
            builder.add(ACCESS_LOGGER);
            builder.add(ACCESS_LOGGING);
        }
        if (allowAll.get().get()) {
            builder.addAll(allPermissions);
        }
        return builder.toPermissions();
    }
    return permissions;
}
 
Example #11
Source File: FileHandlerPath.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    permissions = new Permissions();
    permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
    permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
    permissions.add(new PropertyPermission("user.dir", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #12
Source File: SocketPermissionTest.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
private static AccessControlContext getAccessControlContext(Permission... ps) {
    Permissions perms = new Permissions();
    for (Permission p : ps) {
        perms.add(p);
    }
    /*
     *Create an AccessControlContext that consist a single protection domain
     * with only the permissions calculated above
     */
    ProtectionDomain pd = new ProtectionDomain(null, perms);
    return new AccessControlContext(new ProtectionDomain[]{pd});
}
 
Example #13
Source File: ContextInsulation.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        /*
         * If we delay setting the security manager until after the service
         * configuration file has been installed, then this test still
         * functions properly, but the -Djava.security.debug output is
         * lacking, so to ease debugging, we'll set it early-- at the cost
         * of having to specify the policy even when running standalone.
         */
        TestLibrary.suggestSecurityManager(null);

        ServiceConfiguration.installServiceConfigurationFile();

        /*
         * Execute use of RMIClassLoader within an AccessControlContext
         * that has a protection domain with no permissions, to make sure
         * that RMIClassLoader can still properly initialize itself.
         */
        CodeSource codesource = new CodeSource(null, (Certificate[]) null);
        Permissions perms = null;
        ProtectionDomain pd = new ProtectionDomain(codesource, perms);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });

        java.security.AccessController.doPrivileged(
        new java.security.PrivilegedExceptionAction() {
            public Object run() throws Exception {
                TestProvider.exerciseTestProvider(
                    TestProvider2.loadClassReturn,
                    TestProvider2.loadProxyClassReturn,
                    TestProvider2.getClassLoaderReturn,
                    TestProvider2.getClassAnnotationReturn,
                    TestProvider2.invocations);
                return null;
            }
        }, acc);
    }
 
Example #14
Source File: JavaAdapterFactory.java    From jdk8u_nashorn with GNU General Public License v2.0 5 votes vote down vote up
private static ProtectionDomain createMinimalPermissionDomain() {
    // Generated classes need to have at least the permission to access Nashorn runtime and runtime.linker packages.
    final Permissions permissions = new Permissions();
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.objects"));
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime"));
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime.linker"));
    return new ProtectionDomain(new CodeSource(null, (CodeSigner[])null), permissions);
}
 
Example #15
Source File: RMIConnectionImpl.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
private static AccessControlContext withPermissions(Permission ... perms){
    Permissions col = new Permissions();

    for (Permission thePerm : perms ) {
        col.add(thePerm);
    }

    final ProtectionDomain pd = new ProtectionDomain(null, col);
    return new AccessControlContext( new ProtectionDomain[] { pd });
}
 
Example #16
Source File: TestSetResourceBundle.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
public SimplePolicy(TestCase test) {
    permissions = new Permissions();
    if (test != TestCase.PERMISSION) {
        permissions.add(new LoggingPermission("control", null));
    }
    // required for calling Locale.setDefault in the test.
    permissions.add(new PropertyPermission("user.language", "write"));
}
 
Example #17
Source File: JavaAdapterFactory.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
private static ProtectionDomain createMinimalPermissionDomain() {
    // Generated classes need to have at least the permission to access Nashorn runtime and runtime.linker packages.
    final Permissions permissions = new Permissions();
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.objects"));
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime"));
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime.linker"));
    return new ProtectionDomain(new CodeSource(null, (CodeSigner[])null), permissions);
}
 
Example #18
Source File: LogManagerAppContextDeadlock.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;
    // we don't actually need any permission to create our
    // FileHandlers because we're passing invalid parameters
    // which will make the creation fail...
    permissions = new Permissions();
    permissions.add(new RuntimePermission("accessClassInPackage.sun.misc"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());

}
 
Example #19
Source File: ForkJoinPool.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
static AccessControlContext contextWithPermissions(Permission ... perms) {
    Permissions permissions = new Permissions();
    for (Permission perm : perms)
        permissions.add(perm);
    return new AccessControlContext(
        new ProtectionDomain[] { new ProtectionDomain(null, permissions) });
}
 
Example #20
Source File: SecurityTest.java    From groovy with Apache License 2.0 5 votes vote down vote up
public void setUp() {
    forbidden = new Permissions();
    forbidden.add(new ReflectPermission("suppressAccessChecks"));
    restrictiveSecurityManager = new SecurityManager() {

        @Override
        public void checkPermission(Permission perm) {
            if (forbidden.implies(perm))
                throw new AccessControlException(perm.getName());
        }
    };
}
 
Example #21
Source File: NashornLoader.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
@Override
protected PermissionCollection getPermissions(final CodeSource codesource) {
    final Permissions permCollection = new Permissions();
    for (final Permission perm : SCRIPT_PERMISSIONS) {
        permCollection.add(perm);
    }
    return permCollection;
}
 
Example #22
Source File: ClassAndLoader.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
static AccessControlContext createPermAccCtxt(final String... permNames) {
    final Permissions perms = new Permissions();
    for (final String permName : permNames) {
        perms.add(new RuntimePermission(permName));
    }
    return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
 
Example #23
Source File: NashornLoader.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
@Override
protected PermissionCollection getPermissions(CodeSource codesource) {
    final Permissions permCollection = new Permissions();
    for (final Permission perm : SCRIPT_PERMISSIONS) {
        permCollection.add(perm);
    }
    return permCollection;
}
 
Example #24
Source File: DefaultLoggerTest.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public SimplePolicy(ThreadLocal<AtomicBoolean> allowControl, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowControl = allowControl;
    this.allowAll = allowAll;
    permissions = new Permissions();

    // these are used for configuring the test itself...
    controlPermissions = new Permissions();
    controlPermissions.add(LOGGERFINDER_PERMISSION);
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());

}
 
Example #25
Source File: LogManagerAppContextDeadlock.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;
    // we don't actually need any permission to create our
    // FileHandlers because we're passing invalid parameters
    // which will make the creation fail...
    permissions = new Permissions();
    permissions.add(new RuntimePermission("accessClassInPackage.sun.misc"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());

}
 
Example #26
Source File: TestSetResourceBundle.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
public SimplePolicy(TestCase test) {
    permissions = new Permissions();
    if (test != TestCase.PERMISSION) {
        permissions.add(new LoggingPermission("control", null));
    }
    // required for calling Locale.setDefault in the test.
    permissions.add(new PropertyPermission("user.language", "write"));
}
 
Example #27
Source File: AbstractSecurityTest.java    From ignite with Apache License 2.0 5 votes vote down vote up
/** */
protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet,
    Permissions sandboxPerms, boolean isClient) throws Exception {
    return startGrid(getConfiguration(login,
        new TestSecurityPluginProvider(login, "", prmSet, sandboxPerms, globalAuth))
        .setClientMode(isClient));
}
 
Example #28
Source File: ContextInsulation.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        /*
         * If we delay setting the security manager until after the service
         * configuration file has been installed, then this test still
         * functions properly, but the -Djava.security.debug output is
         * lacking, so to ease debugging, we'll set it early-- at the cost
         * of having to specify the policy even when running standalone.
         */
        TestLibrary.suggestSecurityManager(null);

        ServiceConfiguration.installServiceConfigurationFile();

        /*
         * Execute use of RMIClassLoader within an AccessControlContext
         * that has a protection domain with no permissions, to make sure
         * that RMIClassLoader can still properly initialize itself.
         */
        CodeSource codesource = new CodeSource(null, (Certificate[]) null);
        Permissions perms = null;
        ProtectionDomain pd = new ProtectionDomain(codesource, perms);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });

        java.security.AccessController.doPrivileged(
        new java.security.PrivilegedExceptionAction() {
            public Object run() throws Exception {
                TestProvider.exerciseTestProvider(
                    TestProvider2.loadClassReturn,
                    TestProvider2.loadProxyClassReturn,
                    TestProvider2.getClassLoaderReturn,
                    TestProvider2.getClassAnnotationReturn,
                    TestProvider2.invocations);
                return null;
            }
        }, acc);
    }
 
Example #29
Source File: LoggerBridgeTest.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public SimplePolicy(ThreadLocal<AtomicBoolean> allowControl,
        ThreadLocal<AtomicBoolean> allowAccess,
        ThreadLocal<AtomicBoolean> allowAll) {
    this.allowControl = allowControl;
    this.allowAccess = allowAccess;
    this.allowAll = allowAll;
    permissions = new Permissions();
    allPermissions = new PermissionsBuilder()
            .add(new java.security.AllPermission())
            .toPermissions();
}
 
Example #30
Source File: FileHandlerPatternExceptions.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    // we don't actually need any permission to create our
    // FileHandlers because we're passing invalid parameters
    // which will make the creation fail...
    permissions = new Permissions();

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());

}