java.security.AccessControlException Java Examples

The following examples show how to use java.security.AccessControlException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SecurityAwareTransformerFactory.java    From ignite with Apache License 2.0 6 votes vote down vote up
/** {@inheritDoc} */
@Override public IgniteClosure<E, R> create() {
    final IgniteClosure<E, R> cl = original.create();

    return new IgniteClosure<E, R>() {
        /** {@inheritDoc} */
        @Override public R apply(E e) {
            IgniteSecurity security = ignite.context().security();

            try (OperationSecurityContext c = security.withContext(subjectId)) {
                IgniteSandbox sandbox = security.sandbox();

                return sandbox.enabled() ? sandbox.execute(() -> cl.apply(e)) : cl.apply(e);
            }
            catch (AccessControlException ace) {
                logAccessDeniedMessage(ace);

                throw ace;
            }
        }
    };
}
 
Example #2
Source File: NonPublicProxyClass.java    From openjdk-8-source with GNU General Public License v2.0 6 votes vote down vote up
private void newProxyInstance() {
    // expect newProxyInstance to succeed if it's in the same runtime package
    int i = proxyClass.getName().lastIndexOf('.');
    String pkg = (i != -1) ? proxyClass.getName().substring(0, i) : "";
    boolean hasAccess = pkg.isEmpty() || hasAccess();
    try {
        Proxy.newProxyInstance(loader, interfaces, handler);
        if (!hasAccess) {
            throw new RuntimeException("ERROR: Proxy.newProxyInstance should fail " + proxyClass);
        }
    } catch (AccessControlException e) {
        if (hasAccess) {
            throw e;
        }
        if (e.getPermission().getClass() != ReflectPermission.class ||
                !e.getPermission().getName().equals(NEW_PROXY_IN_PKG + pkg)) {
            throw e;
        }
    }
}
 
Example #3
Source File: FolderServiceImpl.java    From document-management-software with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
public void paste(long[] docIds, long folderId, String action) throws ServerException {
	Session session = ServiceUtil.validateSession(getThreadLocalRequest());

	FolderDAO fdao = (FolderDAO) Context.get().getBean(FolderDAO.class);

	Folder folder = fdao.findFolder(folderId);

	if (!fdao.isWriteEnabled(folder.getId(), session.getUserId()))
		throw new AccessControlException("Cannot write in folder " + folder.getName());

	if (action.equals(Clipboard.CUT))
		cut(session, docIds, folder.getId());
	else if (action.equals(Clipboard.COPY))
		copy(session, docIds, folder.getId());
}
 
Example #4
Source File: InternalWorkbook.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * creates the WriteAccess record containing the logged in user's name
 */
private static WriteAccessRecord createWriteAccess() {
    WriteAccessRecord retval = new WriteAccessRecord();

    String defaultUserName = "POI";
    try {
        String username = System.getProperty("user.name");
        // Google App engine returns null for user.name, see Bug 53974
        if(username == null) {
            username = defaultUserName;
        }

        retval.setUsername(username);
    } catch (AccessControlException e) {
        LOG.log(POILogger.WARN, "can't determine user.name", e);
        // AccessControlException can occur in a restricted context
        // (client applet/jws application or restricted security server)
        retval.setUsername(defaultUserName);
    }
    return retval;
}
 
Example #5
Source File: AbstractSecurityService.java    From tomee with Apache License 2.0 6 votes vote down vote up
@Override
public boolean isCallerAuthorized(final Method method, final InterfaceType type) {
    final ThreadContext threadContext = ThreadContext.getThreadContext();
    final BeanContext beanContext = threadContext.getBeanContext();
    try {
        final String ejbName = beanContext.getEjbName();
        String name = type == null ? null : type.getSpecName();
        if ("LocalBean".equals(name) || "LocalBeanHome".equals(name)) {
            name = null;
        }
        final Identity currentIdentity = clientIdentity.get();
        final SecurityContext securityContext;
        if (currentIdentity == null) {
            securityContext = threadContext.get(SecurityContext.class);
        } else {
            securityContext = new SecurityContext(currentIdentity.getSubject());
        }
        securityContext.acc.checkPermission(new EJBMethodPermission(ejbName, name, method));
    } catch (final AccessControlException e) {
        return false;
    }
    return true;
}
 
Example #6
Source File: VelocityResponseWriterTest.java    From lucene-solr with Apache License 2.0 6 votes vote down vote up
@Test
@Ignore("SOLR-14025: Velocity's SecureUberspector addresses this")
public void testSandboxIntersection() throws Exception {
  assumeTrue("This test only works with security manager", System.getSecurityManager() != null);
  VelocityResponseWriter vrw = new VelocityResponseWriter();
  NamedList<String> nl = new NamedList<>();
  nl.add("template.base.dir", getFile("velocity").getAbsolutePath());
  vrw.init(nl);
  SolrQueryRequest req = req(VelocityResponseWriter.TEMPLATE,"sandbox_intersection");
  SolrQueryResponse rsp = new SolrQueryResponse();
  StringWriter buf = new StringWriter();
  try {
    vrw.write(buf, req, rsp);
    fail("template broke outside the box, retrieved: " + buf);
  } catch (MethodInvocationException e) {
    assertNotNull(e.getCause());
    assertEquals(AccessControlException.class, e.getCause().getClass());
    // expected failure, can't get outside the box
  }
}
 
Example #7
Source File: NonPublicProxyClass.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
private void newProxyInstance() {
    // expect newProxyInstance to succeed if it's in the same runtime package
    int i = proxyClass.getName().lastIndexOf('.');
    String pkg = (i != -1) ? proxyClass.getName().substring(0, i) : "";
    boolean hasAccess = pkg.isEmpty() || hasAccess();
    try {
        Proxy.newProxyInstance(loader, interfaces, handler);
        if (!hasAccess) {
            throw new RuntimeException("ERROR: Proxy.newProxyInstance should fail " + proxyClass);
        }
    } catch (AccessControlException e) {
        if (hasAccess) {
            throw e;
        }
        if (e.getPermission().getClass() != ReflectPermission.class ||
                !e.getPermission().getName().equals(NEW_PROXY_IN_PKG + pkg)) {
            throw e;
        }
    }
}
 
Example #8
Source File: TestSetResourceBundle.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Test the LoggingPermission("control") is required.
 * @param loggerName The logger to use.
 */
public static void testPermission(String loggerName) {
    if (System.getSecurityManager() != null) {
        throw new Error("Security manager is already set");
    }
    Policy.setPolicy(new SimplePolicy(TestCase.PERMISSION));
    System.setSecurityManager(new SecurityManager());
    final ResourceBundle bundle = ResourceBundle.getBundle(LIST_BUNDLE_NAME);
    Logger foobar = Logger.getLogger(loggerName);
    try {
        foobar.setResourceBundle(bundle);
        throw new RuntimeException("Permission not checked!");
    } catch (AccessControlException x) {
        if (x.getPermission() instanceof LoggingPermission) {
            if ("control".equals(x.getPermission().getName())) {
                System.out.println("Got expected exception: " + x);
                return;
            }
        }
        throw new RuntimeException("Unexpected exception: "+x, x);
    }

}
 
Example #9
Source File: ServiceAuthorizationManager.java    From hadoop-gpu with Apache License 2.0 6 votes vote down vote up
/**
 * Check if the given {@link Subject} has all of necessary {@link Permission} 
 * set.
 * 
 * @param user <code>Subject</code> to be authorized
 * @param permissions <code>Permission</code> set
 * @throws AuthorizationException if the authorization failed
 */
private static void checkPermission(final Subject user, 
                                    final Permission... permissions) 
throws AuthorizationException {
  try{
    Subject.doAs(user, 
                 new PrivilegedExceptionAction<Void>() {
                   @Override
                   public Void run() throws Exception {
                     try {
                       for(Permission permission : permissions) {
                         AccessController.checkPermission(permission);
                       }
                     } catch (AccessControlException ace) {
                       LOG.info("Authorization failed for " + 
                                UserGroupInformation.getCurrentUGI(), ace);
                       throw new AuthorizationException(ace);
                     }
                    return null;
                   }
                 }
                );
  } catch (PrivilegedActionException e) {
    throw new AuthorizationException(e.getException());
  }
}
 
Example #10
Source File: TikaProcessorTest.java    From jesterj with Apache License 2.0 6 votes vote down vote up
@Test
public void testExceptionToIgnoreFromTika() throws ParserConfigurationException, IOException, SAXException, TikaException {
  DocumentBuilderFactory factory =
      DocumentBuilderFactory.newInstance();
  DocumentBuilder builder = factory.newDocumentBuilder();
  ByteArrayInputStream input = new ByteArrayInputStream(XML_CONFIG.getBytes("UTF-8"));
  org.w3c.dom.Document doc = builder.parse(input);

  TikaProcessor proc = new TikaProcessor.Builder().named("foo").appendingSuffix("_tk").truncatingTextTo(20)
      .configuredWith(doc)
      .build();
  expect(mockDocument.getRawData()).andThrow(new AccessControlException("Oh no you don't!"));

  replay();
  proc.processDocument(mockDocument);
}
 
Example #11
Source File: bug6484091.java    From jdk8u_jdk with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) {
    File dir = FileSystemView.getFileSystemView().getDefaultDirectory();

    printDirContent(dir);

    System.setSecurityManager(new SecurityManager());

    // The next test cases use 'dir' obtained without SecurityManager

    try {
        printDirContent(dir);

        throw new RuntimeException("Dir content was derived bypass SecurityManager");
    } catch (AccessControlException e) {
        // It's a successful situation
    }
}
 
Example #12
Source File: TestSetResourceBundle.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Test the LoggingPermission("control") is required.
 * @param loggerName The logger to use.
 */
public static void testPermission(String loggerName) {
    if (System.getSecurityManager() != null) {
        throw new Error("Security manager is already set");
    }
    Policy.setPolicy(new SimplePolicy(TestCase.PERMISSION));
    System.setSecurityManager(new SecurityManager());
    final ResourceBundle bundle = ResourceBundle.getBundle(LIST_BUNDLE_NAME);
    Logger foobar = Logger.getLogger(loggerName);
    try {
        foobar.setResourceBundle(bundle);
        throw new RuntimeException("Permission not checked!");
    } catch (AccessControlException x) {
        if (x.getPermission() instanceof LoggingPermission) {
            if ("control".equals(x.getPermission().getName())) {
                System.out.println("Got expected exception: " + x);
                return;
            }
        }
        throw new RuntimeException("Unexpected exception: "+x, x);
    }

}
 
Example #13
Source File: SecurityTestSupport.java    From groovy with Apache License 2.0 6 votes vote down vote up
protected void executeScript(Class scriptClass, Permission missingPermission) {
    try {
        Script script = InvokerHelper.createScript(scriptClass, new Binding());
        script.run();
        //InvokerHelper.runScript(scriptClass, null);
    } catch (AccessControlException ace) {
        if (missingPermission != null && missingPermission.implies(ace.getPermission())) {
            return;
        } else {
            fail(ace.toString());
        }
    }
    if (missingPermission != null) {
        fail("Should catch an AccessControlException");
    }
}
 
Example #14
Source File: FilterWithSecurityManagerTest.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Test that setting process-wide filter is checked by security manager.
 */
@Test
public void testGlobalFilter() throws Exception {
    if (ObjectInputFilter.Config.getSerialFilter() == null) {
        return;
    }
    try (ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
            ObjectInputStream ois = new ObjectInputStream(bais)) {
        ObjectInputFilter.Config.setSerialFilter(filter);
        assertFalse(setSecurityManager,
                "When SecurityManager exists, without "
                + "java.security.SerializablePermission(serialFilter) Exception should be thrown");
        Object o = ois.readObject();
    } catch (AccessControlException ex) {
        assertTrue(setSecurityManager);
        assertTrue(ex.getMessage().contains("java.io.SerializablePermission"));
        assertTrue(ex.getMessage().contains("serialFilter"));
    }
}
 
Example #15
Source File: ClientRMService.java    From hadoop with Apache License 2.0 6 votes vote down vote up
private String checkReservationACLs(String queueName, String auditConstant)
    throws YarnException {
  UserGroupInformation callerUGI;
  try {
    callerUGI = UserGroupInformation.getCurrentUser();
  } catch (IOException ie) {
    RMAuditLogger.logFailure("UNKNOWN", auditConstant, queueName,
        "ClientRMService", "Error getting UGI");
    throw RPCUtil.getRemoteException(ie);
  }
  // Check if user has access on the managed queue
  if (!queueACLsManager.checkAccess(callerUGI, QueueACL.SUBMIT_APPLICATIONS,
      queueName)) {
    RMAuditLogger.logFailure(
        callerUGI.getShortUserName(),
        auditConstant,
        "User doesn't have permissions to "
            + QueueACL.SUBMIT_APPLICATIONS.toString(), "ClientRMService",
        AuditConstants.UNAUTHORIZED_USER);
    throw RPCUtil.getRemoteException(new AccessControlException("User "
        + callerUGI.getShortUserName() + " cannot perform operation "
        + QueueACL.SUBMIT_APPLICATIONS.name() + " on queue" + queueName));
  }
  return callerUGI.getShortUserName();
}
 
Example #16
Source File: NonPublicProxyClass.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
private void newProxyInstance() {
    // expect newProxyInstance to succeed if it's in the same runtime package
    int i = proxyClass.getName().lastIndexOf('.');
    String pkg = (i != -1) ? proxyClass.getName().substring(0, i) : "";
    boolean hasAccess = pkg.isEmpty() || hasAccess();
    try {
        Proxy.newProxyInstance(loader, interfaces, handler);
        if (!hasAccess) {
            throw new RuntimeException("ERROR: Proxy.newProxyInstance should fail " + proxyClass);
        }
    } catch (AccessControlException e) {
        if (hasAccess) {
            throw e;
        }
        if (e.getPermission().getClass() != ReflectPermission.class ||
                !e.getPermission().getName().equals(NEW_PROXY_IN_PKG + pkg)) {
            throw e;
        }
    }
}
 
Example #17
Source File: TestMoveApplication.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testMoveRejectedByPermissions() throws Exception {
  failMove = true;
  
  // Submit application
  final Application application = new Application("user1", resourceManager);
  application.submit();

  final ClientRMService clientRMService = resourceManager.getClientRMService();
  try {
    UserGroupInformation.createRemoteUser("otheruser").doAs(
        new PrivilegedExceptionAction<MoveApplicationAcrossQueuesResponse>() {
          @Override
          public MoveApplicationAcrossQueuesResponse run() throws Exception {
            return clientRMService.moveApplicationAcrossQueues(
                MoveApplicationAcrossQueuesRequest.newInstance(
                    application.getApplicationId(), "newqueue"));
          }
          
        });
    fail("Should have hit exception");
  } catch (Exception ex) {
    assertEquals(AccessControlException.class, ex.getCause().getCause().getClass());
  }
}
 
Example #18
Source File: GetAuthenticatorTest.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
public static void main (String args[]) throws Exception {
    Authenticator defaultAuth = Authenticator.getDefault();
    if (defaultAuth != null) {
        throw new RuntimeException("Unexpected authenticator: null expected");
    }
    MyAuthenticator auth = new MyAuthenticator();
    Authenticator.setDefault(auth);
    defaultAuth = Authenticator.getDefault();
    if (defaultAuth != auth) {
        throw new RuntimeException("Unexpected authenticator: auth expected");
    }
    System.setSecurityManager(new SecurityManager());
    try {
        defaultAuth = Authenticator.getDefault();
        throw new RuntimeException("Expected security exception not raised");
    } catch (AccessControlException s) {
        System.out.println("Got expected exception: " + s);
        if (!s.getPermission().equals(new NetPermission("requestPasswordAuthentication"))) {
            throw new RuntimeException("Unexpected permission check: " + s.getPermission());
        }
    }
    System.out.println("Test passed with default authenticator "
                       + defaultAuth);
}
 
Example #19
Source File: FilterWithSecurityManagerTest.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Test that setting process-wide filter is checked by security manager.
 */
@Test
public void testGlobalFilter() throws Exception {
    ObjectInputFilter global = ObjectInputFilter.Config.getSerialFilter();

    try  {
        ObjectInputFilter.Config.setSerialFilter(filter);
        assertFalse(setSecurityManager,
                "When SecurityManager exists, without "
                + "java.io.SerializablePermission(serialFilter) "
                + "IllegalStateException should be thrown");
    } catch (AccessControlException ex) {
        assertTrue(setSecurityManager);
        assertTrue(ex.getMessage().contains("java.io.SerializablePermission"));
        assertTrue(ex.getMessage().contains("serialFilter"));
    } catch (IllegalStateException ise) {
        // ISE should occur only if global filter already set
        Assert.assertNotNull(global, "Global filter should be non-null");
    }
}
 
Example #20
Source File: SystemPrivilegesPermissionTest.java    From spliceengine with GNU Affero General Public License v3.0 6 votes vote down vote up
/**
 * Runs a privileged user action for a given principal.
 */
private void execute(SystemPrincipal principal,
                     PrivilegedAction action,
                     boolean isGrantExpected) {
    //println();
    //println("    testing action " + action);

    final RunAsPrivilegedUserAction runAsPrivilegedUserAction
            = new RunAsPrivilegedUserAction(principal, action);
    try {
        AccessController.doPrivileged(runAsPrivilegedUserAction);
        //println("    Congrats! access granted " + action);
        if (!isGrantExpected) {
            fail("expected AccessControlException");
        }
    } catch (AccessControlException ace) {
        //println("    Yikes! " + ace.getMessage());
        if (isGrantExpected) {
            //fail("caught AccessControlException");
            throw ace;
        }
    }
}
 
Example #21
Source File: GanttProject.java    From ganttproject with GNU General Public License v3.0 6 votes vote down vote up
public void setAskForSave(boolean afs) {
  if (isOnlyViewer) {
    return;
  }
  fireProjectModified(afs);
  String title = getTitle();
  askForSave = afs;
  try {
    if (System.getProperty("mrj.version") != null) {
      rootPane.putClientProperty("windowModified", Boolean.valueOf(afs));
      // see http://developer.apple.com/qa/qa2001/qa1146.html
    } else {
      if (askForSave) {
        if (!title.endsWith(" *")) {
          setTitle(title + " *");
        }
      }
    }
  } catch (AccessControlException e) {
    // This can happen when running in a sandbox (Java WebStart)
    System.err.println(e + ": " + e.getMessage());
  }
}
 
Example #22
Source File: RestServiceImpl.java    From peer-os with Apache License 2.0 6 votes vote down vote up
@RolesAllowed( { "Peer-Management|Delete", "Peer-Management|Update" } )
@Override
public Response cancelForRegistrationRequest( final String peerId, Boolean force )
{
    try
    {
        peerManager.doCancelRequest( peerId, force );
    }
    catch ( Exception e )
    {
        if ( e.getClass() == AccessControlException.class )
        {
            LOGGER.error( e.getMessage() );
            return Response.status( Response.Status.INTERNAL_SERVER_ERROR ).
                    entity( JsonUtil.GSON.toJson( "You don't have permission to perform this operation" ) ).build();
        }

        return Response.status( Response.Status.BAD_REQUEST ).entity( e.getMessage() ).build();
    }

    return Response.ok().build();
}
 
Example #23
Source File: BaseDefaultLoggerFinderTest.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
static TestLoggerFinder getLoggerFinder(Class<?> expectedClass) {
    LoggerFinder provider = null;
    try {
        TestLoggerFinder.sequencer.incrementAndGet();
        provider = LoggerFinder.getLoggerFinder();
    } catch(AccessControlException a) {
        throw a;
    }
    ErrorStream.errorStream.store();
    System.out.println("*** Actual LoggerFinder class is: " + provider.getClass().getName());
    expectedClass.cast(provider);
    return TestLoggerFinder.class.cast(provider);
}
 
Example #24
Source File: KeyTab.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
sun.security.krb5.internal.ktab.KeyTab takeSnapshot() {
    try {
        return sun.security.krb5.internal.ktab.KeyTab.getInstance(file);
    } catch (AccessControlException ace) {
        if (file != null) {
            // It's OK to show the name if caller specified it
            throw ace;
        } else {
            AccessControlException ace2 = new AccessControlException(
                    "Access to default keytab denied (modified exception)");
            ace2.setStackTrace(ace.getStackTrace());
            throw ace2;
        }
    }
}
 
Example #25
Source File: CacheSandboxTest.java    From ignite with Apache License 2.0 5 votes vote down vote up
/** */
@Test
public void testEntryProcessor() {
    entryProcessorOperations(grid(CLNT_ALLOWED_WRITE_PROP)).forEach(this::runOperation);
    entryProcessorOperations(grid(CLNT_FORBIDDEN_WRITE_PROP))
        .forEach(r -> runForbiddenOperation(r, AccessControlException.class));
}
 
Example #26
Source File: KeyPermissions.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void checkPermission(Permission perm) {
    if (perm instanceof PrivateCredentialPermission) {
        if (!perm.getName().startsWith("javax.security.auth.kerberos.")) {
            throw new AccessControlException(
                    "I don't like this", perm);
        }
    }
}
 
Example #27
Source File: RepositoryManager.java    From rapidminer-studio with GNU Affero General Public License v3.0 5 votes vote down vote up
/**
 * Add a repository as a special resource repository. The ordering is determined by the {@code before} or {@code after}
 * parameters. Only one should not be {@code null}. If both are {@code null} or not {@code null}, or if the referenced name can not be found, the new repository
 * will simply be sorted to the end.
 * <p>
 * <strong>Note:</strong> only signed extensions can call this method outside the core!
 *
 * @param repository
 * 		the repository to add
 * @param before
 * 		the name of the repository the new repository should be inserted in front of; can be {@code null}
 * @param after
 * 		the name of the repository the new repository should be inserted after; can be {@code null}
 * @since 9.0.0
 */
public void addSpecialRepository(Repository repository, String before, String after) {
	try {
		// only signed extensions are allowed to add special repositories
		if (System.getSecurityManager() != null) {
			AccessController.checkPermission(new RuntimePermission(PluginSandboxPolicy.RAPIDMINER_INTERNAL_PERMISSION));
		}
	} catch (AccessControlException e) {
		return;
	}
	int insertionIndex = -1;
	if (before == null && after != null) {
		insertionIndex = SPECIAL_RESOURCE_REPOSITORY_NAMES.indexOf(after);
		// sort to end (-1) or after the actual position
		if (insertionIndex != -1) {
			insertionIndex++;
		}
	} else if (after == null && before != null) {
		// insert at that specific index; sorted to the end automatically if reference point not found
		insertionIndex = SPECIAL_RESOURCE_REPOSITORY_NAMES.indexOf(before);
	}
	if (insertionIndex == -1) {
		SPECIAL_RESOURCE_REPOSITORY_NAMES.add(repository.getName());
	} else {
		SPECIAL_RESOURCE_REPOSITORY_NAMES.add(insertionIndex, repository.getName());
	}
	addRepository(repository);
}
 
Example #28
Source File: SAAJUtil.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
public static boolean getSystemBoolean(String arg) {
    try {
        return Boolean.getBoolean(arg);
    } catch (AccessControlException ex) {
        return false;
    }
}
 
Example #29
Source File: Tests.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
@Test
public void testFactoryMethodUsingIteratorNoPermission() {
    ServiceLoader<S2> sl = doPrivileged(loadAction(S2.class), noPermissions());
    try {
        sl.iterator().next();
        assertTrue(false);
    } catch (ServiceConfigurationError e) {
        assertTrue(e.getCause() instanceof AccessControlException);
    }
}
 
Example #30
Source File: KeyPermissions.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void checkPermission(Permission perm) {
    if (perm instanceof PrivateCredentialPermission) {
        if (!perm.getName().startsWith("javax.security.auth.kerberos.")) {
            throw new AccessControlException(
                    "I don't like this", perm);
        }
    }
}