Java Code Examples for java.security.Permissions#add()

The following examples show how to use java.security.Permissions#add() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: FieldSetAccessibleTest.java    From jdk8u_jdk with GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example 2
Source File: FieldSetAccessibleTest.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example 3
Source File: FieldSetAccessibleTest.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new RuntimePermission("accessSystemModules"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example 4
Source File: LogManagerAppContextDeadlock.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;
    // we don't actually need any permission to create our
    // FileHandlers because we're passing invalid parameters
    // which will make the creation fail...
    permissions = new Permissions();
    permissions.add(new RuntimePermission("accessClassInPackage.sun.misc"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());

}
 
Example 5
Source File: LogManagerAppContextDeadlock.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;
    // we don't actually need any permission to create our
    // FileHandlers because we're passing invalid parameters
    // which will make the creation fail...
    permissions = new Permissions();
    permissions.add(new RuntimePermission("accessClassInPackage.sun.misc"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());

}
 
Example 6
Source File: TestSetResourceBundle.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
public SimplePolicy(TestCase test) {
    permissions = new Permissions();
    if (test != TestCase.PERMISSION) {
        permissions.add(new LoggingPermission("control", null));
    }
    // required for calling Locale.setDefault in the test.
    permissions.add(new PropertyPermission("user.language", "write"));
}
 
Example 7
Source File: ClassDeclaredFieldsTest.java    From native-obfuscator with GNU General Public License v3.0 5 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;
    // we don't actually need any permission to create our
    // FileHandlers because we're passing invalid parameters
    // which will make the creation fail...
    permissions = new Permissions();
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());

}
 
Example 8
Source File: RMIConnectionImpl.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
private static AccessControlContext withPermissions(Permission ... perms){
    Permissions col = new Permissions();

    for (Permission thePerm : perms ) {
        col.add(thePerm);
    }

    final ProtectionDomain pd = new ProtectionDomain(null, col);
    return new AccessControlContext( new ProtectionDomain[] { pd });
}
 
Example 9
Source File: RMIConnectionImpl.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
private static AccessControlContext withPermissions(Permission ... perms){
    Permissions col = new Permissions();

    for (Permission thePerm : perms ) {
        col.add(thePerm);
    }

    final ProtectionDomain pd = new ProtectionDomain(null, col);
    return new AccessControlContext( new ProtectionDomain[] { pd });
}
 
Example 10
Source File: DefaultPolicyBuilder.java    From onos with Apache License 2.0 5 votes vote down vote up
private static Permissions listToPermissions(List<Permission> perms) {
    Permissions permissions = new Permissions();
    for (Permission perm : perms) {
        permissions.add(perm);
    }
    return permissions;
}
 
Example 11
Source File: TestSetResourceBundle.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
public SimplePolicy(TestCase test) {
    permissions = new Permissions();
    if (test != TestCase.PERMISSION) {
        permissions.add(new LoggingPermission("control", null));
    }
    // required for calling Locale.setDefault in the test.
    permissions.add(new PropertyPermission("user.language", "write"));
}
 
Example 12
Source File: TestConfigurationListeners.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public SimplePolicy(TestCase test) {
    permissions = new Permissions();
    if (test != TestCase.PERMISSION) {
        permissions.add(new LoggingPermission("control", null));
        permissions.add(new PropertyPermission("java.util.logging.config.class", "read"));
        permissions.add(new PropertyPermission("java.util.logging.config.file", "read"));
        permissions.add(new PropertyPermission("java.home", "read"));
        permissions.add(new FilePermission("<<ALL FILES>>", "read"));
    }
}
 
Example 13
Source File: XSLTExFuncTest.java    From jdk8u60 with GNU General Public License v2.0 4 votes vote down vote up
public SimplePolicy(Permission... permissions) {
    perms = new Permissions();
    for (Permission permission : permissions) {
        perms.add(permission);
    }
}
 
Example 14
Source File: LoaderHandler.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Returns the class annotation (representing the location for
 * a class) that RMI will use to annotate the call stream when
 * marshalling objects of the given class.
 */
public static String getClassAnnotation(Class<?> cl) {
    String name = cl.getName();

    /*
     * Class objects for arrays of primitive types never need an
     * annotation, because they never need to be (or can be) downloaded.
     *
     * REMIND: should we (not) be annotating classes that are in
     * "java.*" packages?
     */
    int nameLength = name.length();
    if (nameLength > 0 && name.charAt(0) == '[') {
        // skip past all '[' characters (see bugid 4211906)
        int i = 1;
        while (nameLength > i && name.charAt(i) == '[') {
            i++;
        }
        if (nameLength > i && name.charAt(i) != 'L') {
            return null;
        }
    }

    /*
     * Get the class's class loader.  If it is null, the system class
     * loader, an ancestor of the base class loader (such as the loader
     * for installed extensions), return the value of the
     * "java.rmi.server.codebase" property.
     */
    ClassLoader loader = cl.getClassLoader();
    if (loader == null || codebaseLoaders.containsKey(loader)) {
        return codebaseProperty;
    }

    /*
     * Get the codebase URL path for the class loader, if it supports
     * such a notion (i.e., if it is a URLClassLoader or subclass).
     */
    String annotation = null;
    if (loader instanceof Loader) {
        /*
         * If the class loader is one of our RMI class loaders, we have
         * already computed the class annotation string, and no
         * permissions are required to know the URLs.
         */
        annotation = ((Loader) loader).getClassAnnotation();

    } else if (loader instanceof URLClassLoader) {
        try {
            URL[] urls = ((URLClassLoader) loader).getURLs();
            if (urls != null) {
                /*
                 * If the class loader is not one of our RMI class loaders,
                 * we must verify that the current access control context
                 * has permission to know all of these URLs.
                 */
                SecurityManager sm = System.getSecurityManager();
                if (sm != null) {
                    Permissions perms = new Permissions();
                    for (int i = 0; i < urls.length; i++) {
                        Permission p =
                            urls[i].openConnection().getPermission();
                        if (p != null) {
                            if (!perms.implies(p)) {
                                sm.checkPermission(p);
                                perms.add(p);
                            }
                        }
                    }
                }

                annotation = urlsToPath(urls);
            }
        } catch (SecurityException | IOException e) {
            /*
             * SecurityException: If access was denied to the knowledge of
             * the class loader's URLs, fall back to the default behavior.
             *
             * IOException: This shouldn't happen, although it is declared
             * to be thrown by openConnection() and getPermission().  If it
             * does happen, forget about this class loader's URLs and
             * fall back to the default behavior.
             */
        }
    }

    if (annotation != null) {
        return annotation;
    } else {
        return codebaseProperty;    // REMIND: does this make sense??
    }
}
 
Example 15
Source File: Options.java    From hottub with GNU General Public License v2.0 4 votes vote down vote up
private static AccessControlContext createPropertyReadAccCtxt() {
    final Permissions perms = new Permissions();
    perms.add(new PropertyPermission("nashorn.*", "read"));
    return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
 
Example 16
Source File: XSLTExFuncTest.java    From openjdk-jdk8u with GNU General Public License v2.0 4 votes vote down vote up
public SimplePolicy(Permission... permissions) {
    perms = new Permissions();
    for (Permission permission : permissions) {
        perms.add(permission);
    }
}
 
Example 17
Source File: DGCImpl.java    From dragonwell8_jdk with GNU General Public License v2.0 4 votes vote down vote up
public Void run() {
    ClassLoader savedCcl =
        Thread.currentThread().getContextClassLoader();
    try {
        Thread.currentThread().setContextClassLoader(
            ClassLoader.getSystemClassLoader());

        /*
         * Put remote collector object in table by hand to prevent
         * listen on port.  (UnicastServerRef.exportObject would
         * cause transport to listen.)
         */
        try {
            dgc = new DGCImpl();
            ObjID dgcID = new ObjID(ObjID.DGC_ID);
            LiveRef ref = new LiveRef(dgcID, 0);
            UnicastServerRef disp = new UnicastServerRef(ref,
                    DGCImpl::checkInput);
            Remote stub =
                Util.createProxy(DGCImpl.class,
                                 new UnicastRef(ref), true);
            disp.setSkeleton(dgc);

            Permissions perms = new Permissions();
            perms.add(new SocketPermission("*", "accept,resolve"));
            ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };
            AccessControlContext acceptAcc = new AccessControlContext(pd);

            Target target = AccessController.doPrivileged(
                new PrivilegedAction<Target>() {
                    public Target run() {
                        return new Target(dgc, disp, stub, dgcID, true);
                    }
                }, acceptAcc);

            ObjectTable.putTarget(target);
        } catch (RemoteException e) {
            throw new Error(
                "exception initializing server-side DGC", e);
        }
    } finally {
        Thread.currentThread().setContextClassLoader(savedCcl);
    }
    return null;
}
 
Example 18
Source File: PrivilegedCallables.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
public void setPermissions(Permission...permissions) {
    perms = new Permissions();
    for (Permission permission : permissions)
        perms.add(permission);
}
 
Example 19
Source File: AuthPolicyFile.java    From hottub with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Returns true if 'Self' permissions were added to the provided
 * 'perms', and false otherwise.
 *
 * <p>
 *
 * @param p check to see if this Permission is a "SELF"
 *                  PrivateCredentialPermission. <p>
 *
 * @param entryCs the codesource for the Policy entry.
 *
 * @param accCs the codesource for from the current AccessControlContext.
 *
 * @param perms the PermissionCollection where the individual
 *                  PrivateCredentialPermissions will be added.
 */
private boolean addSelfPermissions(final Permission p,
                                   CodeSource entryCs,
                                   CodeSource accCs,
                                   Permissions perms) {

    if (!(p instanceof PrivateCredentialPermission)) {
        return false;
    }

    if (!(entryCs instanceof SubjectCodeSource)) {
        return false;
    }

    PrivateCredentialPermission pcp = (PrivateCredentialPermission)p;
    SubjectCodeSource scs = (SubjectCodeSource)entryCs;

    // see if it is a SELF permission
    String[][] pPrincipals = pcp.getPrincipals();
    if (pPrincipals.length <= 0 ||
        !pPrincipals[0][0].equalsIgnoreCase("self") ||
        !pPrincipals[0][1].equalsIgnoreCase("self")) {

        // regular PrivateCredentialPermission
        return false;
    } else {

        // granted a SELF permission - create a
        // PrivateCredentialPermission for each
        // of the Policy entry's CodeSource Principals

        if (scs.getPrincipals() == null) {
            // XXX SubjectCodeSource has no Subject???
            return true;
        }

        for (PrincipalEntry principal : scs.getPrincipals()) {

            //      if the Policy entry's Principal does not contain a
            //              WILDCARD for the Principal name, then a
            //              new PrivateCredentialPermission is created
            //              for the Principal listed in the Policy entry.
            //      if the Policy entry's Principal contains a WILDCARD
            //              for the Principal name, then a new
            //              PrivateCredentialPermission is created
            //              for each Principal associated with the Subject
            //              in the current ACC.

            String[][] principalInfo = getPrincipalInfo(principal, accCs);

            for (int i = 0; i < principalInfo.length; i++) {

                // here's the new PrivateCredentialPermission

                PrivateCredentialPermission newPcp =
                    new PrivateCredentialPermission
                            (pcp.getCredentialClass() +
                                    " " +
                                    principalInfo[i][0] +
                                    " " +
                                    "\"" + principalInfo[i][1] + "\"",
                            "read");

                if (debug != null) {
                    debug.println("adding SELF permission: " +
                                    newPcp.toString());
                }

                perms.add(newPcp);
            }
        }
    }
    return true;
}
 
Example 20
Source File: CallbacksSecurityTests.java    From spring-analysis-note with MIT License 4 votes vote down vote up
@Test
public void testTrustedExecution() throws Exception {
	beanFactory.setSecurityContextProvider(null);

	Permissions perms = new Permissions();
	perms.add(new AuthPermission("getSubject"));
	ProtectionDomain pd = new ProtectionDomain(null, perms);

	new AccessControlContext(new ProtectionDomain[] { pd });

	final Subject subject = new Subject();
	subject.getPrincipals().add(new TestPrincipal("user1"));

	// request the beans from non-privileged code
	Subject.doAsPrivileged(subject, new PrivilegedAction<Object>() {

		@Override
		public Object run() {
			// sanity check
			assertEquals("user1", getCurrentSubjectName());
			assertEquals(false, NonPrivilegedBean.destroyed);

			beanFactory.getBean("trusted-spring-callbacks");
			beanFactory.getBean("trusted-custom-init-destroy");
			// the factory is a prototype - ask for multiple instances
			beanFactory.getBean("trusted-spring-factory");
			beanFactory.getBean("trusted-spring-factory");
			beanFactory.getBean("trusted-spring-factory");

			beanFactory.getBean("trusted-factory-bean");
			beanFactory.getBean("trusted-static-factory-method");
			beanFactory.getBean("trusted-factory-method");
			beanFactory.getBean("trusted-property-injection");
			beanFactory.getBean("trusted-working-property-injection");

			beanFactory.destroySingletons();
			assertEquals(true, NonPrivilegedBean.destroyed);
			return null;
		}
	}, provider.getAccessControlContext());
}