java.security.Permission Java Examples

The following examples show how to use java.security.Permission. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: LimitedDoPrivilegedWithThread.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
public void runTest(AccessControlContext acc, Permission perm,
        boolean expectACE, int id) {

    AccessController.doPrivileged(
            (PrivilegedAction) () -> {
                try {
                    AccessController.getContext().checkPermission(P1);
                } catch (AccessControlException ace) {
                    catchACE = true;
                }
                if (catchACE ^ expectACE) {
                    throw new RuntimeException("test" + id + " failed");
                }
                return null;
            }, acc, perm);
}
 
Example #2
Source File: ServicePermission.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * @serialData "permissions" field (a Vector containing the ServicePermissions).
 */
/*
 * Writes the contents of the perms field out as a Vector for
 * serialization compatibility with earlier releases.
 */
private void writeObject(ObjectOutputStream out) throws IOException {
    // Don't call out.defaultWriteObject()

    // Write out Vector
    Vector<Permission> permissions = new Vector<>(perms.size());

    synchronized (this) {
        permissions.addAll(perms);
    }

    ObjectOutputStream.PutField pfields = out.putFields();
    pfields.put("permissions", permissions);
    out.writeFields();
}
 
Example #3
Source File: SubjectDelegator.java    From jdk8u-dev-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check if the connector server creator can assume the identity of each
 * principal in the authenticated subject, i.e. check if the connector
 * server creator codebase contains a subject delegation permission for
 * each principal present in the authenticated subject.
 *
 * @return {@code true} if the connector server creator can delegate to all
 * the authenticated principals in the subject. Otherwise, {@code false}.
 */
public static synchronized boolean
    checkRemoveCallerContext(Subject subject) {
    try {
        for (Principal p : getSubjectPrincipals(subject)) {
            final String pname =
                p.getClass().getName() + "." + p.getName();
            final Permission sdp =
                new SubjectDelegationPermission(pname);
            AccessController.checkPermission(sdp);
        }
    } catch (SecurityException e) {
        return false;
    }
    return true;
}
 
Example #4
Source File: Activation.java    From jdk8u_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Prints warning message if installed Policy is the default Policy
 * implementation and globally granted permissions do not include
 * AllPermission or any ExecPermissions/ExecOptionPermissions.
 */
static void checkConfiguration() {
    Policy policy =
        AccessController.doPrivileged(new PrivilegedAction<Policy>() {
            public Policy run() {
                return Policy.getPolicy();
            }
        });
    if (!(policy instanceof PolicyFile)) {
        return;
    }
    PermissionCollection perms = getExecPermissions();
    for (Enumeration<Permission> e = perms.elements();
         e.hasMoreElements();)
    {
        Permission p = e.nextElement();
        if (p instanceof AllPermission ||
            p instanceof ExecPermission ||
            p instanceof ExecOptionPermission)
        {
            return;
        }
    }
    System.err.println(getTextResource("rmid.exec.perms.inadequate"));
}
 
Example #5
Source File: PlatformDependent0Test.java    From netty-4.1.22 with Apache License 2.0 6 votes vote down vote up
@Test
public void testMajorVersionFromJavaSpecificationVersion() {
    final SecurityManager current = System.getSecurityManager();

    try {
        System.setSecurityManager(new SecurityManager() {
            @Override
            public void checkPropertyAccess(String key) {
                if (key.equals("java.specification.version")) {
                    // deny
                    throw new SecurityException(key);
                }
            }

            // so we can restore the security manager
            @Override
            public void checkPermission(Permission perm) {
            }
        });

        assertEquals(6, PlatformDependent0.majorVersionFromJavaSpecificationVersion());
    } finally {
        System.setSecurityManager(current);
    }
}
 
Example #6
Source File: DynamicClassLoader.java    From baratine with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Returns the permission collection for the given code source.
 */
@Override
protected PermissionCollection getPermissions(CodeSource codeSource)
{
  PermissionCollection perms = super.getPermissions(codeSource);

  ArrayList<Permission> permissions = _permissions;

  int size = permissions != null ? permissions.size() : 0;
  for (int i = 0; i < size; i++) {
    Permission permission = permissions.get(i);

    perms.add(permission);
  }

  return perms;
}
 
Example #7
Source File: SocketPermission.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Adds a permission to the SocketPermissions. The key for the hash is
 * the name in the case of wildcards, or all the IP addresses.
 *
 * @param permission the Permission object to add.
 *
 * @exception IllegalArgumentException - if the permission is not a
 *                                       SocketPermission
 *
 * @exception SecurityException - if this SocketPermissionCollection object
 *                                has been marked readonly
 */
public void add(Permission permission) {
    if (! (permission instanceof SocketPermission))
        throw new IllegalArgumentException("invalid permission: "+
                                           permission);
    if (isReadOnly())
        throw new SecurityException(
            "attempt to add a Permission to a readonly PermissionCollection");

    // optimization to ensure perms most likely to be tested
    // show up early (4301064)
    synchronized (this) {
        perms.add(0, (SocketPermission)permission);
    }
}
 
Example #8
Source File: JmxMBeanServer.java    From jdk1.8-source-analysis with Apache License 2.0 5 votes vote down vote up
private static void checkMBeanPermission(String classname,
                                         String member,
                                         ObjectName objectName,
                                         String actions)
    throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        Permission perm = new MBeanPermission(classname,
                                              member,
                                              objectName,
                                              actions);
        sm.checkPermission(perm);
    }
}
 
Example #9
Source File: DelegationPermission.java    From Java8CN with Apache License 2.0 5 votes vote down vote up
/**
 * Returns an enumeration of all the DelegationPermission objects
 * in the container.
 *
 * @return an enumeration of all the DelegationPermission objects.
 */
public Enumeration<Permission> elements() {
    // Convert Iterator into Enumeration
    synchronized (this) {
        return Collections.enumeration(perms);
    }
}
 
Example #10
Source File: LogManagerAppContextDeadlock.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
public PermissionsBuilder addAll(PermissionCollection col) {
    if (col != null) {
        for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
            perms.add(e.nextElement());
        }
    }
    return this;
}
 
Example #11
Source File: TestDateTimeUtils.java    From astor with GNU General Public License v2.0 5 votes vote down vote up
public boolean implies(ProtectionDomain domain, Permission permission) {
                if (permission instanceof JodaTimePermission) {
                    return false;
                }
                return true;
//                return super.implies(domain, permission);
            }
 
Example #12
Source File: DelegationPermission.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
private void readObject(ObjectInputStream in)
    throws IOException, ClassNotFoundException
{
    // Don't call defaultReadObject()

    // Read in serialized fields
    ObjectInputStream.GetField gfields = in.readFields();

    // Get the one we want
    Vector<Permission> permissions =
            (Vector<Permission>)gfields.get("permissions", null);
    perms = new ArrayList<Permission>(permissions.size());
    perms.addAll(permissions);
}
 
Example #13
Source File: AuthPolicyFile.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
@Override
public boolean implies(Permission permission) {
    if (notInit) {
        init();
    }
    return perms.implies(permission);
}
 
Example #14
Source File: ClassDeclaredFieldsTest.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
public PermissionsBuilder addAll(PermissionCollection col) {
    if (col != null) {
        for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
            perms.add(e.nextElement());
        }
    }
    return this;
}
 
Example #15
Source File: ClassDeclaredFieldsTest.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
public PermissionsBuilder addAll(PermissionCollection col) {
    if (col != null) {
        for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
            perms.add(e.nextElement());
        }
    }
    return this;
}
 
Example #16
Source File: ClassDeclaredFieldsTest.java    From native-obfuscator with GNU General Public License v3.0 5 votes vote down vote up
public PermissionsBuilder addAll(PermissionCollection col) {
    if (col != null) {
        for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
            perms.add(e.nextElement());
        }
    }
    return this;
}
 
Example #17
Source File: bug6694823.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    toolkit = (SunToolkit) Toolkit.getDefaultToolkit();
    SwingUtilities.invokeAndWait(new Runnable() {
        public void run() {
            createGui();
        }
    });

    toolkit.realSync();

    // Get screen insets
    screenInsets = toolkit.getScreenInsets(frame.getGraphicsConfiguration());
    if (screenInsets.bottom == 0) {
        // This test is only for configurations with taskbar on the bottom
        return;
    }

    System.setSecurityManager(new SecurityManager(){

        private String allowsAlwaysOnTopPermission = SecurityConstants.AWT.SET_WINDOW_ALWAYS_ON_TOP_PERMISSION.getName();

        @Override
        public void checkPermission(Permission perm) {
            if (allowsAlwaysOnTopPermission.equals(perm.getName())) {
                throw new SecurityException();
            }
        }

    });

    // Show popup as if from an applet
    // The popup shouldn't overlap the task bar. It should be shifted up.
    checkPopup();

}
 
Example #18
Source File: EqualsImplies.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[]args) throws Exception {

      Permission p1 = new A("foo");
      Permission p2 = new B("foo");

      if (p1.implies(p2) || p2.implies(p1) || p1.equals(p2)) {
          throw new Exception("Test failed");
      }

      // make sure permissions imply and equal themselves
      if (! (p1.implies(p1) && p1.equals(p1))) {
          throw new Exception("Test failed");
      }

    }
 
Example #19
Source File: TestPolicy.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
@Override
public String toString() {
    StringJoiner sj = new StringJoiner("\n", "policy: ", "");
    Enumeration<Permission> perms = permissions.elements();
    while (perms.hasMoreElements()) {
        sj.add(perms.nextElement().toString());
    }
    return sj.toString();

}
 
Example #20
Source File: DelegationPermission.java    From JDKSourceCode1.8 with MIT License 5 votes vote down vote up
/**
 * Returns an enumeration of all the DelegationPermission objects
 * in the container.
 *
 * @return an enumeration of all the DelegationPermission objects.
 */
public Enumeration<Permission> elements() {
    // Convert Iterator into Enumeration
    synchronized (this) {
        return Collections.enumeration(perms);
    }
}
 
Example #21
Source File: SocketPermission.java    From Java8CN with Apache License 2.0 5 votes vote down vote up
/**
 * Adds a permission to the SocketPermissions. The key for the hash is
 * the name in the case of wildcards, or all the IP addresses.
 *
 * @param permission the Permission object to add.
 *
 * @exception IllegalArgumentException - if the permission is not a
 *                                       SocketPermission
 *
 * @exception SecurityException - if this SocketPermissionCollection object
 *                                has been marked readonly
 */
public void add(Permission permission) {
    if (! (permission instanceof SocketPermission))
        throw new IllegalArgumentException("invalid permission: "+
                                           permission);
    if (isReadOnly())
        throw new SecurityException(
            "attempt to add a Permission to a readonly PermissionCollection");

    // optimization to ensure perms most likely to be tested
    // show up early (4301064)
    synchronized (this) {
        perms.add(0, (SocketPermission)permission);
    }
}
 
Example #22
Source File: ServicePermission.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Check and see if this collection of permissions implies the permissions
 * expressed in "permission".
 *
 * @param permission the Permission object to compare
 *
 * @return true if "permission" is a proper subset of a permission in
 * the collection, false if not.
 */
public boolean implies(Permission permission) {
    if (! (permission instanceof ServicePermission))
            return false;

    ServicePermission np = (ServicePermission) permission;
    int desired = np.getMask();
    int effective = 0;
    int needed = desired;

    synchronized (this) {
        int len = perms.size();

        // need to deal with the case where the needed permission has
        // more than one action and the collection has individual permissions
        // that sum up to the needed.

        for (int i = 0; i < len; i++) {
            ServicePermission x = (ServicePermission) perms.get(i);

            //System.out.println("  trying "+x);
            if (((needed & x.getMask()) != 0) && x.impliesIgnoreMask(np)) {
                effective |=  x.getMask();
                if ((effective & desired) == desired)
                    return true;
                needed = (desired ^ effective);
            }
        }
    }
    return false;
}
 
Example #23
Source File: FrameworkPolicy.java    From knopflerfish.org with BSD 3-Clause "New" or "Revised" License 5 votes vote down vote up
private static PermissionCollection copy(PermissionCollection pc) {
  // TODO, provide a copy-on-write collection?!
  final Permissions pc2 = new Permissions();
  for (final Enumeration<Permission> e = pc.elements(); e.hasMoreElements();) {
    pc2.add(e.nextElement());
  }
  return pc2;
}
 
Example #24
Source File: PrintDeniedPermissions.java    From pro-grade with Apache License 2.0 5 votes vote down vote up
public void permissionDenied(final ProtectionDomain pd, final Permission perm) {
    final StringBuilder sb = new StringBuilder(">> Denied permission ");
    sb.append(perm.getClass().getName()).append(" \"") //
            .append(createPrintablePermissionName(perm.getName())).append("\""); //
    if (perm.getActions()!=null && !perm.getActions().equals("")) {
            sb.append(", \"").append(perm.getActions()).append("\"");
    }
    sb.append(";");
    if (includeCodeSource) {
        sb.append("\n>>> CodeSource: " + pd.getCodeSource());
    }
    printStream.println(sb);
}
 
Example #25
Source File: DcmdMBeanPermissionsTest.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
public final void checkPermission(final Permission perm) {
    for (Permission p : grantedPermissions) {
        if (p.implies(perm)) {
            return;
        }
    }
    throw new SecurityException(perm.toString());
}
 
Example #26
Source File: ConfigurationPermission.java    From knopflerfish.org with BSD 3-Clause "New" or "Revised" License 5 votes vote down vote up
/**
 * Adds the specified permission to the
 * {@code ConfigurationPermissionCollection}. The key for the hash is the
 * interface name of the service.
 * 
 * @param permission The {@code Permission} object to add.
 * 
 * @exception IllegalArgumentException If the permission is not an
 *            {@code ConfigurationPermission}.
 * 
 * @exception SecurityException If this ConfigurationPermissionCollection
 *            object has been marked read-only.
 */

@Override
public void add(Permission permission) {
	if (!(permission instanceof ConfigurationPermission)) {
		throw new IllegalArgumentException("invalid permission: " + permission);
	}

	if (isReadOnly())
		throw new SecurityException("attempt to add a Permission to a " + "readonly PermissionCollection");

	final ConfigurationPermission cp = (ConfigurationPermission) permission;
	final String name = cp.getName();
	synchronized (this) {
		Map<String, ConfigurationPermission> pc = permissions;
		final ConfigurationPermission existing = pc.get(name);
		if (existing != null) {
			final int oldMask = existing.action_mask;
			final int newMask = cp.action_mask;
			if (oldMask != newMask) {
				pc.put(name, new ConfigurationPermission(name, oldMask | newMask));
			}
		} else {
			pc.put(name, cp);
		}

		if (!all_allowed) {
			if (name.equals("*")) {
				all_allowed = true;
			}
		}
	}
}
 
Example #27
Source File: KeyPermissions.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void checkPermission(Permission perm) {
    if (perm instanceof PrivateCredentialPermission) {
        if (!perm.getName().startsWith("javax.security.auth.kerberos.")) {
            throw new AccessControlException(
                    "I don't like this", perm);
        }
    }
}
 
Example #28
Source File: RMIConnectionImpl.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
private static AccessControlContext withPermissions(Permission ... perms){
    Permissions col = new Permissions();

    for (Permission thePerm : perms ) {
        col.add(thePerm);
    }

    final ProtectionDomain pd = new ProtectionDomain(null, col);
    return new AccessControlContext( new ProtectionDomain[] { pd });
}
 
Example #29
Source File: RMIConnectionImpl.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
private static AccessControlContext withPermissions(Permission ... perms){
    Permissions col = new Permissions();

    for (Permission thePerm : perms ) {
        col.add(thePerm);
    }

    final ProtectionDomain pd = new ProtectionDomain(null, col);
    return new AccessControlContext( new ProtectionDomain[] { pd });
}
 
Example #30
Source File: KeyPermissions.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void checkPermission(Permission perm) {
    if (perm instanceof PrivateCredentialPermission) {
        if (!perm.getName().startsWith("javax.security.auth.kerberos.")) {
            throw new AccessControlException(
                    "I don't like this", perm);
        }
    }
}