Java Code Examples for java.security.Permissions#add()
The following examples show how to use
java.security.Permissions#add() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: FieldSetAccessibleTest.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
this.allowAll = allowAll;
// Permission needed by the tested code exercised in the test
permissions = new Permissions();
permissions.add(new RuntimePermission("fileSystemProvider"));
permissions.add(new RuntimePermission("createClassLoader"));
permissions.add(new RuntimePermission("closeClassLoader"));
permissions.add(new RuntimePermission("getClassLoader"));
permissions.add(new RuntimePermission("accessDeclaredMembers"));
permissions.add(new ReflectPermission("suppressAccessChecks"));
permissions.add(new PropertyPermission("*", "read"));
permissions.add(new FilePermission("<<ALL FILES>>", "read"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
Example 2
| Source File: FieldSetAccessibleTest.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
this.allowAll = allowAll;
// Permission needed by the tested code exercised in the test
permissions = new Permissions();
permissions.add(new RuntimePermission("fileSystemProvider"));
permissions.add(new RuntimePermission("createClassLoader"));
permissions.add(new RuntimePermission("closeClassLoader"));
permissions.add(new RuntimePermission("getClassLoader"));
permissions.add(new RuntimePermission("accessDeclaredMembers"));
permissions.add(new ReflectPermission("suppressAccessChecks"));
permissions.add(new PropertyPermission("*", "read"));
permissions.add(new FilePermission("<<ALL FILES>>", "read"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
Example 3
| Source File: FieldSetAccessibleTest.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
this.allowAll = allowAll;
// Permission needed by the tested code exercised in the test
permissions = new Permissions();
permissions.add(new RuntimePermission("fileSystemProvider"));
permissions.add(new RuntimePermission("createClassLoader"));
permissions.add(new RuntimePermission("closeClassLoader"));
permissions.add(new RuntimePermission("getClassLoader"));
permissions.add(new RuntimePermission("accessDeclaredMembers"));
permissions.add(new RuntimePermission("accessSystemModules"));
permissions.add(new ReflectPermission("suppressAccessChecks"));
permissions.add(new PropertyPermission("*", "read"));
permissions.add(new FilePermission("<<ALL FILES>>", "read"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
Example 4
| Source File: LogManagerAppContextDeadlock.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
this.allowAll = allowAll;
// we don't actually need any permission to create our
// FileHandlers because we're passing invalid parameters
// which will make the creation fail...
permissions = new Permissions();
permissions.add(new RuntimePermission("accessClassInPackage.sun.misc"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
Example 5
| Source File: LogManagerAppContextDeadlock.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
this.allowAll = allowAll;
// we don't actually need any permission to create our
// FileHandlers because we're passing invalid parameters
// which will make the creation fail...
permissions = new Permissions();
permissions.add(new RuntimePermission("accessClassInPackage.sun.misc"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
Example 6
| Source File: TestSetResourceBundle.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
public SimplePolicy(TestCase test) {
permissions = new Permissions();
if (test != TestCase.PERMISSION) {
permissions.add(new LoggingPermission("control", null));
}
// required for calling Locale.setDefault in the test.
permissions.add(new PropertyPermission("user.language", "write"));
}
Example 7
| Source File: ClassDeclaredFieldsTest.java From native-obfuscator with GNU General Public License v3.0 | 5 votes |
|
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
this.allowAll = allowAll;
// we don't actually need any permission to create our
// FileHandlers because we're passing invalid parameters
// which will make the creation fail...
permissions = new Permissions();
permissions.add(new RuntimePermission("accessDeclaredMembers"));
permissions.add(new ReflectPermission("suppressAccessChecks"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
Example 8
| Source File: RMIConnectionImpl.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
private static AccessControlContext withPermissions(Permission ... perms){
Permissions col = new Permissions();
for (Permission thePerm : perms ) {
col.add(thePerm);
}
final ProtectionDomain pd = new ProtectionDomain(null, col);
return new AccessControlContext( new ProtectionDomain[] { pd });
}
Example 9
| Source File: RMIConnectionImpl.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
private static AccessControlContext withPermissions(Permission ... perms){
Permissions col = new Permissions();
for (Permission thePerm : perms ) {
col.add(thePerm);
}
final ProtectionDomain pd = new ProtectionDomain(null, col);
return new AccessControlContext( new ProtectionDomain[] { pd });
}
Example 10
| Source File: DefaultPolicyBuilder.java From onos with Apache License 2.0 | 5 votes |
|
private static Permissions listToPermissions(List<Permission> perms) {
Permissions permissions = new Permissions();
for (Permission perm : perms) {
permissions.add(perm);
}
return permissions;
}
Example 11
| Source File: TestSetResourceBundle.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
public SimplePolicy(TestCase test) {
permissions = new Permissions();
if (test != TestCase.PERMISSION) {
permissions.add(new LoggingPermission("control", null));
}
// required for calling Locale.setDefault in the test.
permissions.add(new PropertyPermission("user.language", "write"));
}
Example 12
| Source File: TestConfigurationListeners.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
public SimplePolicy(TestCase test) {
permissions = new Permissions();
if (test != TestCase.PERMISSION) {
permissions.add(new LoggingPermission("control", null));
permissions.add(new PropertyPermission("java.util.logging.config.class", "read"));
permissions.add(new PropertyPermission("java.util.logging.config.file", "read"));
permissions.add(new PropertyPermission("java.home", "read"));
permissions.add(new FilePermission("<<ALL FILES>>", "read"));
}
}
Example 13
| Source File: XSLTExFuncTest.java From jdk8u60 with GNU General Public License v2.0 | 4 votes |
|
public SimplePolicy(Permission... permissions) {
perms = new Permissions();
for (Permission permission : permissions) {
perms.add(permission);
}
}
Example 14
| Source File: LoaderHandler.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Returns the class annotation (representing the location for
* a class) that RMI will use to annotate the call stream when
* marshalling objects of the given class.
*/
public static String getClassAnnotation(Class<?> cl) {
String name = cl.getName();
/*
* Class objects for arrays of primitive types never need an
* annotation, because they never need to be (or can be) downloaded.
*
* REMIND: should we (not) be annotating classes that are in
* "java.*" packages?
*/
int nameLength = name.length();
if (nameLength > 0 && name.charAt(0) == '[') {
// skip past all '[' characters (see bugid 4211906)
int i = 1;
while (nameLength > i && name.charAt(i) == '[') {
i++;
}
if (nameLength > i && name.charAt(i) != 'L') {
return null;
}
}
/*
* Get the class's class loader. If it is null, the system class
* loader, an ancestor of the base class loader (such as the loader
* for installed extensions), return the value of the
* "java.rmi.server.codebase" property.
*/
ClassLoader loader = cl.getClassLoader();
if (loader == null || codebaseLoaders.containsKey(loader)) {
return codebaseProperty;
}
/*
* Get the codebase URL path for the class loader, if it supports
* such a notion (i.e., if it is a URLClassLoader or subclass).
*/
String annotation = null;
if (loader instanceof Loader) {
/*
* If the class loader is one of our RMI class loaders, we have
* already computed the class annotation string, and no
* permissions are required to know the URLs.
*/
annotation = ((Loader) loader).getClassAnnotation();
} else if (loader instanceof URLClassLoader) {
try {
URL[] urls = ((URLClassLoader) loader).getURLs();
if (urls != null) {
/*
* If the class loader is not one of our RMI class loaders,
* we must verify that the current access control context
* has permission to know all of these URLs.
*/
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
Permissions perms = new Permissions();
for (int i = 0; i < urls.length; i++) {
Permission p =
urls[i].openConnection().getPermission();
if (p != null) {
if (!perms.implies(p)) {
sm.checkPermission(p);
perms.add(p);
}
}
}
}
annotation = urlsToPath(urls);
}
} catch (SecurityException | IOException e) {
/*
* SecurityException: If access was denied to the knowledge of
* the class loader's URLs, fall back to the default behavior.
*
* IOException: This shouldn't happen, although it is declared
* to be thrown by openConnection() and getPermission(). If it
* does happen, forget about this class loader's URLs and
* fall back to the default behavior.
*/
}
}
if (annotation != null) {
return annotation;
} else {
return codebaseProperty; // REMIND: does this make sense??
}
}
Example 15
| Source File: Options.java From hottub with GNU General Public License v2.0 | 4 votes |
|
private static AccessControlContext createPropertyReadAccCtxt() {
final Permissions perms = new Permissions();
perms.add(new PropertyPermission("nashorn.*", "read"));
return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
Example 16
| Source File: XSLTExFuncTest.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
|
public SimplePolicy(Permission... permissions) {
perms = new Permissions();
for (Permission permission : permissions) {
perms.add(permission);
}
}
Example 17
| Source File: DGCImpl.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
|
public Void run() {
ClassLoader savedCcl =
Thread.currentThread().getContextClassLoader();
try {
Thread.currentThread().setContextClassLoader(
ClassLoader.getSystemClassLoader());
/*
* Put remote collector object in table by hand to prevent
* listen on port. (UnicastServerRef.exportObject would
* cause transport to listen.)
*/
try {
dgc = new DGCImpl();
ObjID dgcID = new ObjID(ObjID.DGC_ID);
LiveRef ref = new LiveRef(dgcID, 0);
UnicastServerRef disp = new UnicastServerRef(ref,
DGCImpl::checkInput);
Remote stub =
Util.createProxy(DGCImpl.class,
new UnicastRef(ref), true);
disp.setSkeleton(dgc);
Permissions perms = new Permissions();
perms.add(new SocketPermission("*", "accept,resolve"));
ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };
AccessControlContext acceptAcc = new AccessControlContext(pd);
Target target = AccessController.doPrivileged(
new PrivilegedAction<Target>() {
public Target run() {
return new Target(dgc, disp, stub, dgcID, true);
}
}, acceptAcc);
ObjectTable.putTarget(target);
} catch (RemoteException e) {
throw new Error(
"exception initializing server-side DGC", e);
}
} finally {
Thread.currentThread().setContextClassLoader(savedCcl);
}
return null;
}
Example 18
| Source File: PrivilegedCallables.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
public void setPermissions(Permission...permissions) {
perms = new Permissions();
for (Permission permission : permissions)
perms.add(permission);
}
Example 19
| Source File: AuthPolicyFile.java From hottub with GNU General Public License v2.0 | 4 votes |
|
/**
* Returns true if 'Self' permissions were added to the provided
* 'perms', and false otherwise.
*
* <p>
*
* @param p check to see if this Permission is a "SELF"
* PrivateCredentialPermission. <p>
*
* @param entryCs the codesource for the Policy entry.
*
* @param accCs the codesource for from the current AccessControlContext.
*
* @param perms the PermissionCollection where the individual
* PrivateCredentialPermissions will be added.
*/
private boolean addSelfPermissions(final Permission p,
CodeSource entryCs,
CodeSource accCs,
Permissions perms) {
if (!(p instanceof PrivateCredentialPermission)) {
return false;
}
if (!(entryCs instanceof SubjectCodeSource)) {
return false;
}
PrivateCredentialPermission pcp = (PrivateCredentialPermission)p;
SubjectCodeSource scs = (SubjectCodeSource)entryCs;
// see if it is a SELF permission
String[][] pPrincipals = pcp.getPrincipals();
if (pPrincipals.length <= 0 ||
!pPrincipals[0][0].equalsIgnoreCase("self") ||
!pPrincipals[0][1].equalsIgnoreCase("self")) {
// regular PrivateCredentialPermission
return false;
} else {
// granted a SELF permission - create a
// PrivateCredentialPermission for each
// of the Policy entry's CodeSource Principals
if (scs.getPrincipals() == null) {
// XXX SubjectCodeSource has no Subject???
return true;
}
for (PrincipalEntry principal : scs.getPrincipals()) {
// if the Policy entry's Principal does not contain a
// WILDCARD for the Principal name, then a
// new PrivateCredentialPermission is created
// for the Principal listed in the Policy entry.
// if the Policy entry's Principal contains a WILDCARD
// for the Principal name, then a new
// PrivateCredentialPermission is created
// for each Principal associated with the Subject
// in the current ACC.
String[][] principalInfo = getPrincipalInfo(principal, accCs);
for (int i = 0; i < principalInfo.length; i++) {
// here's the new PrivateCredentialPermission
PrivateCredentialPermission newPcp =
new PrivateCredentialPermission
(pcp.getCredentialClass() +
" " +
principalInfo[i][0] +
" " +
"\"" + principalInfo[i][1] + "\"",
"read");
if (debug != null) {
debug.println("adding SELF permission: " +
newPcp.toString());
}
perms.add(newPcp);
}
}
}
return true;
}
Example 20
| Source File: CallbacksSecurityTests.java From spring-analysis-note with MIT License | 4 votes |
|
@Test
public void testTrustedExecution() throws Exception {
beanFactory.setSecurityContextProvider(null);
Permissions perms = new Permissions();
perms.add(new AuthPermission("getSubject"));
ProtectionDomain pd = new ProtectionDomain(null, perms);
new AccessControlContext(new ProtectionDomain[] { pd });
final Subject subject = new Subject();
subject.getPrincipals().add(new TestPrincipal("user1"));
// request the beans from non-privileged code
Subject.doAsPrivileged(subject, new PrivilegedAction<Object>() {
@Override
public Object run() {
// sanity check
assertEquals("user1", getCurrentSubjectName());
assertEquals(false, NonPrivilegedBean.destroyed);
beanFactory.getBean("trusted-spring-callbacks");
beanFactory.getBean("trusted-custom-init-destroy");
// the factory is a prototype - ask for multiple instances
beanFactory.getBean("trusted-spring-factory");
beanFactory.getBean("trusted-spring-factory");
beanFactory.getBean("trusted-spring-factory");
beanFactory.getBean("trusted-factory-bean");
beanFactory.getBean("trusted-static-factory-method");
beanFactory.getBean("trusted-factory-method");
beanFactory.getBean("trusted-property-injection");
beanFactory.getBean("trusted-working-property-injection");
beanFactory.destroySingletons();
assertEquals(true, NonPrivilegedBean.destroyed);
return null;
}
}, provider.getAccessControlContext());
}
