javax.security.auth.PrivateCredentialPermission Java Examples
The following examples show how to use
javax.security.auth.PrivateCredentialPermission.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KeyPermissions.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
@Override public void checkPermission(Permission perm) { if (perm instanceof PrivateCredentialPermission) { if (!perm.getName().startsWith("javax.security.auth.kerberos.")) { throw new AccessControlException( "I don't like this", perm); } } }
Example #2
Source File: KeyPermissions.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
@Override public void checkPermission(Permission perm) { if (perm instanceof PrivateCredentialPermission) { if (!perm.getName().startsWith("javax.security.auth.kerberos.")) { throw new AccessControlException( "I don't like this", perm); } } }
Example #3
Source File: KeyPermissions.java From hottub with GNU General Public License v2.0 | 5 votes |
@Override public void checkPermission(Permission perm) { if (perm instanceof PrivateCredentialPermission) { if (!perm.getName().startsWith("javax.security.auth.kerberos.")) { throw new AccessControlException( "I don't like this", perm); } } }
Example #4
Source File: KeyPermissions.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
@Override public void checkPermission(Permission perm) { if (perm instanceof PrivateCredentialPermission) { if (!perm.getName().startsWith("javax.security.auth.kerberos.")) { throw new AccessControlException( "I don't like this", perm); } } }
Example #5
Source File: KeyPermissions.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
@Override public void checkPermission(Permission perm) { if (perm instanceof PrivateCredentialPermission) { if (!perm.getName().startsWith("javax.security.auth.kerberos.")) { throw new AccessControlException( "I don't like this", perm); } } }
Example #6
Source File: KeyPermissions.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
@Override public void checkPermission(Permission perm) { if (perm instanceof PrivateCredentialPermission) { if (!perm.getName().startsWith("javax.security.auth.kerberos.")) { throw new AccessControlException( "I don't like this", perm); } } }
Example #7
Source File: KeyPermissions.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
@Override public void checkPermission(Permission perm) { if (perm instanceof PrivateCredentialPermission) { if (!perm.getName().startsWith("javax.security.auth.kerberos.")) { throw new AccessControlException( "I don't like this", perm); } } }
Example #8
Source File: KeyPermissions.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
@Override public void checkPermission(Permission perm) { if (perm instanceof PrivateCredentialPermission) { if (!perm.getName().startsWith("javax.security.auth.kerberos.")) { throw new AccessControlException( "I don't like this", perm); } } }
Example #9
Source File: KeyPermissions.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
@Override public void checkPermission(Permission perm) { if (perm instanceof PrivateCredentialPermission) { if (!perm.getName().startsWith("javax.security.auth.kerberos.")) { throw new AccessControlException( "I don't like this", perm); } } }
Example #10
Source File: KeyPermissions.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
@Override public void checkPermission(Permission perm) { if (perm instanceof PrivateCredentialPermission) { if (!perm.getName().startsWith("javax.security.auth.kerberos.")) { throw new AccessControlException( "I don't like this", perm); } } }
Example #11
Source File: KeyPermissions.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
@Override public void checkPermission(Permission perm) { if (perm instanceof PrivateCredentialPermission) { if (!perm.getName().startsWith("javax.security.auth.kerberos.")) { throw new AccessControlException( "I don't like this", perm); } } }
Example #12
Source File: KeyPermissions.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
@Override public void checkPermission(Permission perm) { if (perm instanceof PrivateCredentialPermission) { if (!perm.getName().startsWith("javax.security.auth.kerberos.")) { throw new AccessControlException( "I don't like this", perm); } } }
Example #13
Source File: KeyPermissions.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
@Override public void checkPermission(Permission perm) { if (perm instanceof PrivateCredentialPermission) { if (!perm.getName().startsWith("javax.security.auth.kerberos.")) { throw new AccessControlException( "I don't like this", perm); } } }
Example #14
Source File: AuthPolicyFile.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
/** * Returns true if 'Self' permissions were added to the provided * 'perms', and false otherwise. * * <p> * * @param p check to see if this Permission is a "SELF" * PrivateCredentialPermission. <p> * * @param entryCs the codesource for the Policy entry. * * @param accCs the codesource for from the current AccessControlContext. * * @param perms the PermissionCollection where the individual * PrivateCredentialPermissions will be added. */ private boolean addSelfPermissions(final Permission p, CodeSource entryCs, CodeSource accCs, Permissions perms) { if (!(p instanceof PrivateCredentialPermission)) { return false; } if (!(entryCs instanceof SubjectCodeSource)) { return false; } PrivateCredentialPermission pcp = (PrivateCredentialPermission)p; SubjectCodeSource scs = (SubjectCodeSource)entryCs; // see if it is a SELF permission String[][] pPrincipals = pcp.getPrincipals(); if (pPrincipals.length <= 0 || !pPrincipals[0][0].equalsIgnoreCase("self") || !pPrincipals[0][1].equalsIgnoreCase("self")) { // regular PrivateCredentialPermission return false; } else { // granted a SELF permission - create a // PrivateCredentialPermission for each // of the Policy entry's CodeSource Principals if (scs.getPrincipals() == null) { // XXX SubjectCodeSource has no Subject??? return true; } for (PrincipalEntry principal : scs.getPrincipals()) { // if the Policy entry's Principal does not contain a // WILDCARD for the Principal name, then a // new PrivateCredentialPermission is created // for the Principal listed in the Policy entry. // if the Policy entry's Principal contains a WILDCARD // for the Principal name, then a new // PrivateCredentialPermission is created // for each Principal associated with the Subject // in the current ACC. String[][] principalInfo = getPrincipalInfo(principal, accCs); for (int i = 0; i < principalInfo.length; i++) { // here's the new PrivateCredentialPermission PrivateCredentialPermission newPcp = new PrivateCredentialPermission (pcp.getCredentialClass() + " " + principalInfo[i][0] + " " + "\"" + principalInfo[i][1] + "\"", "read"); if (debug != null) { debug.println("adding SELF permission: " + newPcp.toString()); } perms.add(newPcp); } } } return true; }
Example #15
Source File: DefaultPolicyBuilder.java From onos with Apache License 2.0 | 4 votes |
private static Permission getPermission(org.onosproject.security.Permission permission) { String classname = permission.getClassName(); String name = permission.getName(); String actions = permission.getActions(); if (classname == null || name == null) { return null; } classname = classname.trim(); name = name.trim(); actions = actions.trim(); if (AppPermission.class.getName().equals(classname)) { return new AppPermission(name); } else if (FilePermission.class.getName().equals(classname)) { return new FilePermission(name, actions); } else if (SerializablePermission.class.getName().equals(classname)) { return new SerializablePermission(name, actions); } else if (NetPermission.class.getName().equals(classname)) { return new NetPermission(name, actions); } else if (RuntimePermission.class.getName().equals(classname)) { return new RuntimePermission(name, actions); } else if (SocketPermission.class.getName().equals(classname)) { return new SocketPermission(name, actions); } else if (SQLPermission.class.getName().equals(classname)) { return new SQLPermission(name, actions); } else if (PropertyPermission.class.getName().equals(classname)) { return new PropertyPermission(name, actions); } else if (LoggingPermission.class.getName().equals(classname)) { return new LoggingPermission(name, actions); } else if (SSLPermission.class.getName().equals(classname)) { return new SSLPermission(name, actions); } else if (AuthPermission.class.getName().equals(classname)) { return new AuthPermission(name, actions); } else if (PrivateCredentialPermission.class.getName().equals(classname)) { return new PrivateCredentialPermission(name, actions); } else if (DelegationPermission.class.getName().equals(classname)) { return new DelegationPermission(name, actions); } else if (javax.security.auth.kerberos.ServicePermission.class.getName().equals(classname)) { return new javax.security.auth.kerberos.ServicePermission(name, actions); } else if (AudioPermission.class.getName().equals(classname)) { return new AudioPermission(name, actions); } else if (AdaptPermission.class.getName().equals(classname)) { return new AdaptPermission(name, actions); } else if (BundlePermission.class.getName().equals(classname)) { return new BundlePermission(name, actions); } else if (CapabilityPermission.class.getName().equals(classname)) { return new CapabilityPermission(name, actions); } else if (PackagePermission.class.getName().equals(classname)) { return new PackagePermission(name, actions); } else if (ServicePermission.class.getName().equals(classname)) { return new ServicePermission(name, actions); } else if (AdminPermission.class.getName().equals(classname)) { return new AdminPermission(name, actions); //} else if (ConfigurationPermission.class.getName().equals(classname)) { // return new ConfigurationPermission(name, actions); } else if (ReflectPermission.class.getName().equals(classname)) { return new ReflectPermission(name, actions); } //AllPermission, SecurityPermission, UnresolvedPermission //AWTPermission, ReflectPermission not allowed return null; }
Example #16
Source File: AuthPolicyFile.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
/** * Returns true if 'Self' permissions were added to the provided * 'perms', and false otherwise. * * <p> * * @param p check to see if this Permission is a "SELF" * PrivateCredentialPermission. <p> * * @param entryCs the codesource for the Policy entry. * * @param accCs the codesource for from the current AccessControlContext. * * @param perms the PermissionCollection where the individual * PrivateCredentialPermissions will be added. */ private boolean addSelfPermissions(final Permission p, CodeSource entryCs, CodeSource accCs, Permissions perms) { if (!(p instanceof PrivateCredentialPermission)) { return false; } if (!(entryCs instanceof SubjectCodeSource)) { return false; } PrivateCredentialPermission pcp = (PrivateCredentialPermission)p; SubjectCodeSource scs = (SubjectCodeSource)entryCs; // see if it is a SELF permission String[][] pPrincipals = pcp.getPrincipals(); if (pPrincipals.length <= 0 || !pPrincipals[0][0].equalsIgnoreCase("self") || !pPrincipals[0][1].equalsIgnoreCase("self")) { // regular PrivateCredentialPermission return false; } else { // granted a SELF permission - create a // PrivateCredentialPermission for each // of the Policy entry's CodeSource Principals if (scs.getPrincipals() == null) { // XXX SubjectCodeSource has no Subject??? return true; } for (PrincipalEntry principal : scs.getPrincipals()) { // if the Policy entry's Principal does not contain a // WILDCARD for the Principal name, then a // new PrivateCredentialPermission is created // for the Principal listed in the Policy entry. // if the Policy entry's Principal contains a WILDCARD // for the Principal name, then a new // PrivateCredentialPermission is created // for each Principal associated with the Subject // in the current ACC. String[][] principalInfo = getPrincipalInfo(principal, accCs); for (int i = 0; i < principalInfo.length; i++) { // here's the new PrivateCredentialPermission PrivateCredentialPermission newPcp = new PrivateCredentialPermission (pcp.getCredentialClass() + " " + principalInfo[i][0] + " " + "\"" + principalInfo[i][1] + "\"", "read"); if (debug != null) { debug.println("adding SELF permission: " + newPcp.toString()); } perms.add(newPcp); } } } return true; }
Example #17
Source File: BasicProc.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
/** * One test run. * * @param label test label * @param lc lib of client * @param ls lib of server * @param lb lib of backend */ private static void once(String label, String lc, String ls, String lb) throws Exception { Proc pc = proc(lc) .args("client", lc == null ? "j" : "n") .perm(new javax.security.auth.kerberos.ServicePermission( "krbtgt/" + REALM + "@" + REALM, "initiate")) .perm(new javax.security.auth.kerberos.ServicePermission( SERVER + "@" + REALM, "initiate")) .perm(new javax.security.auth.kerberos.DelegationPermission( "\"" + SERVER + "@" + REALM + "\" " + "\"krbtgt/" + REALM + "@" + REALM + "\"")) .debug(label + "-C"); if (lc == null) { // for Krb5LoginModule::promptForName pc.perm(new PropertyPermission("user.name", "read")); } else { Files.copy(Paths.get("base.ccache"), Paths.get(label + ".ccache")); Set<PosixFilePermission> perms = new HashSet<>(); perms.add(PosixFilePermission.OWNER_READ); perms.add(PosixFilePermission.OWNER_WRITE); Files.setPosixFilePermissions(Paths.get(label + ".ccache"), Collections.unmodifiableSet(perms)); pc.env("KRB5CCNAME", label + ".ccache"); // Do not try system ktab if ccache fails pc.env("KRB5_KTNAME", "none"); } pc.start(); Proc ps = proc(ls) .args("server", ls == null ? "j" : "n") .perm(new javax.security.auth.kerberos.ServicePermission( SERVER + "@" + REALM, "accept")) .perm(new javax.security.auth.kerberos.ServicePermission( BACKEND + "@" + REALM, "initiate")) .debug(label + "-S"); if (ls == null) { ps.perm(new PrivateCredentialPermission( "javax.security.auth.kerberos.KeyTab * \"*\"", "read")) .perm(new java.io.FilePermission(KTAB_S, "read")); } else { ps.env("KRB5_KTNAME", KTAB_S); } ps.start(); Proc pb = proc(lb) .args("backend", lb == null ? "j" : "n") .perm(new javax.security.auth.kerberos.ServicePermission( BACKEND + "@" + REALM, "accept")) .debug(label + "-B"); if (lb == null) { pb.perm(new PrivateCredentialPermission( "javax.security.auth.kerberos.KeyTab * \"*\"", "read")) .perm(new java.io.FilePermission(KTAB_B, "read")); } else { pb.env("KRB5_KTNAME", KTAB_B); } pb.start(); // Client and server ps.println(pc.readData()); // AP-REQ pc.println(ps.readData()); // AP-REP ps.println(pc.readData()); // KRB-PRIV ps.println(pc.readData()); // KRB-SAFE // Server and backend pb.println(ps.readData()); // AP-REQ ps.println(pb.readData()); // KRB-PRIV ps.println(pb.readData()); // KRB-SAFE if ((pc.waitFor() | ps.waitFor() | pb.waitFor()) != 0) { throw new Exception("Process failed"); } }
Example #18
Source File: AuthPolicyFile.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
/** * Returns true if 'Self' permissions were added to the provided * 'perms', and false otherwise. * * <p> * * @param p check to see if this Permission is a "SELF" * PrivateCredentialPermission. <p> * * @param entryCs the codesource for the Policy entry. * * @param accCs the codesource for from the current AccessControlContext. * * @param perms the PermissionCollection where the individual * PrivateCredentialPermissions will be added. */ private boolean addSelfPermissions(final Permission p, CodeSource entryCs, CodeSource accCs, Permissions perms) { if (!(p instanceof PrivateCredentialPermission)) { return false; } if (!(entryCs instanceof SubjectCodeSource)) { return false; } PrivateCredentialPermission pcp = (PrivateCredentialPermission)p; SubjectCodeSource scs = (SubjectCodeSource)entryCs; // see if it is a SELF permission String[][] pPrincipals = pcp.getPrincipals(); if (pPrincipals.length <= 0 || !pPrincipals[0][0].equalsIgnoreCase("self") || !pPrincipals[0][1].equalsIgnoreCase("self")) { // regular PrivateCredentialPermission return false; } else { // granted a SELF permission - create a // PrivateCredentialPermission for each // of the Policy entry's CodeSource Principals if (scs.getPrincipals() == null) { // XXX SubjectCodeSource has no Subject??? return true; } for (PrincipalEntry principal : scs.getPrincipals()) { // if the Policy entry's Principal does not contain a // WILDCARD for the Principal name, then a // new PrivateCredentialPermission is created // for the Principal listed in the Policy entry. // if the Policy entry's Principal contains a WILDCARD // for the Principal name, then a new // PrivateCredentialPermission is created // for each Principal associated with the Subject // in the current ACC. String[][] principalInfo = getPrincipalInfo(principal, accCs); for (int i = 0; i < principalInfo.length; i++) { // here's the new PrivateCredentialPermission PrivateCredentialPermission newPcp = new PrivateCredentialPermission (pcp.getCredentialClass() + " " + principalInfo[i][0] + " " + "\"" + principalInfo[i][1] + "\"", "read"); if (debug != null) { debug.println("adding SELF permission: " + newPcp.toString()); } perms.add(newPcp); } } } return true; }
Example #19
Source File: DefaultPolicyBuilder.java From onos with Apache License 2.0 | 4 votes |
public static org.onosproject.security.Permission getOnosPermission(Permission permission) { if (permission instanceof AppPermission) { return new org.onosproject.security.Permission(AppPermission.class.getName(), permission.getName(), ""); } else if (permission instanceof FilePermission) { return new org.onosproject.security.Permission( FilePermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof SerializablePermission) { return new org.onosproject.security.Permission( SerializablePermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof NetPermission) { return new org.onosproject.security.Permission( NetPermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof RuntimePermission) { return new org.onosproject.security.Permission( RuntimePermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof SocketPermission) { return new org.onosproject.security.Permission( SocketPermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof SQLPermission) { return new org.onosproject.security.Permission( SQLPermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof PropertyPermission) { return new org.onosproject.security.Permission( PropertyPermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof LoggingPermission) { return new org.onosproject.security.Permission( LoggingPermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof SSLPermission) { return new org.onosproject.security.Permission( SSLPermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof AuthPermission) { return new org.onosproject.security.Permission( AuthPermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof PrivateCredentialPermission) { return new org.onosproject.security.Permission( PrivateCredentialPermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof DelegationPermission) { return new org.onosproject.security.Permission( DelegationPermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof javax.security.auth.kerberos.ServicePermission) { return new org.onosproject.security.Permission( javax.security.auth.kerberos.ServicePermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof AudioPermission) { return new org.onosproject.security.Permission( AudioPermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof AdaptPermission) { return new org.onosproject.security.Permission( AdaptPermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof BundlePermission) { return new org.onosproject.security.Permission( BundlePermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof CapabilityPermission) { return new org.onosproject.security.Permission( CapabilityPermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof PackagePermission) { return new org.onosproject.security.Permission( PackagePermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof ServicePermission) { return new org.onosproject.security.Permission( ServicePermission.class.getName(), permission.getName(), permission.getActions()); } else if (permission instanceof AdminPermission) { return new org.onosproject.security.Permission( AdminPermission.class.getName(), permission.getName(), permission.getActions()); //} else if (permission instanceof ConfigurationPermission) { // return new org.onosproject.security.Permission( // ConfigurationPermission.class.getName(), permission.getName(), permission.getActions()); } return null; }
Example #20
Source File: AuthPolicyFile.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
/** * Returns true if 'Self' permissions were added to the provided * 'perms', and false otherwise. * * <p> * * @param p check to see if this Permission is a "SELF" * PrivateCredentialPermission. <p> * * @param entryCs the codesource for the Policy entry. * * @param accCs the codesource for from the current AccessControlContext. * * @param perms the PermissionCollection where the individual * PrivateCredentialPermissions will be added. */ private boolean addSelfPermissions(final Permission p, CodeSource entryCs, CodeSource accCs, Permissions perms) { if (!(p instanceof PrivateCredentialPermission)) { return false; } if (!(entryCs instanceof SubjectCodeSource)) { return false; } PrivateCredentialPermission pcp = (PrivateCredentialPermission)p; SubjectCodeSource scs = (SubjectCodeSource)entryCs; // see if it is a SELF permission String[][] pPrincipals = pcp.getPrincipals(); if (pPrincipals.length <= 0 || !pPrincipals[0][0].equalsIgnoreCase("self") || !pPrincipals[0][1].equalsIgnoreCase("self")) { // regular PrivateCredentialPermission return false; } else { // granted a SELF permission - create a // PrivateCredentialPermission for each // of the Policy entry's CodeSource Principals if (scs.getPrincipals() == null) { // XXX SubjectCodeSource has no Subject??? return true; } for (PrincipalEntry principal : scs.getPrincipals()) { // if the Policy entry's Principal does not contain a // WILDCARD for the Principal name, then a // new PrivateCredentialPermission is created // for the Principal listed in the Policy entry. // if the Policy entry's Principal contains a WILDCARD // for the Principal name, then a new // PrivateCredentialPermission is created // for each Principal associated with the Subject // in the current ACC. String[][] principalInfo = getPrincipalInfo(principal, accCs); for (int i = 0; i < principalInfo.length; i++) { // here's the new PrivateCredentialPermission PrivateCredentialPermission newPcp = new PrivateCredentialPermission (pcp.getCredentialClass() + " " + principalInfo[i][0] + " " + "\"" + principalInfo[i][1] + "\"", "read"); if (debug != null) { debug.println("adding SELF permission: " + newPcp.toString()); } perms.add(newPcp); } } } return true; }
Example #21
Source File: AuthPolicyFile.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
/** * Returns true if 'Self' permissions were added to the provided * 'perms', and false otherwise. * * <p> * * @param p check to see if this Permission is a "SELF" * PrivateCredentialPermission. <p> * * @param entryCs the codesource for the Policy entry. * * @param accCs the codesource for from the current AccessControlContext. * * @param perms the PermissionCollection where the individual * PrivateCredentialPermissions will be added. */ private boolean addSelfPermissions(final Permission p, CodeSource entryCs, CodeSource accCs, Permissions perms) { if (!(p instanceof PrivateCredentialPermission)) { return false; } if (!(entryCs instanceof SubjectCodeSource)) { return false; } PrivateCredentialPermission pcp = (PrivateCredentialPermission)p; SubjectCodeSource scs = (SubjectCodeSource)entryCs; // see if it is a SELF permission String[][] pPrincipals = pcp.getPrincipals(); if (pPrincipals.length <= 0 || !pPrincipals[0][0].equalsIgnoreCase("self") || !pPrincipals[0][1].equalsIgnoreCase("self")) { // regular PrivateCredentialPermission return false; } else { // granted a SELF permission - create a // PrivateCredentialPermission for each // of the Policy entry's CodeSource Principals if (scs.getPrincipals() == null) { // XXX SubjectCodeSource has no Subject??? return true; } for (PrincipalEntry principal : scs.getPrincipals()) { // if the Policy entry's Principal does not contain a // WILDCARD for the Principal name, then a // new PrivateCredentialPermission is created // for the Principal listed in the Policy entry. // if the Policy entry's Principal contains a WILDCARD // for the Principal name, then a new // PrivateCredentialPermission is created // for each Principal associated with the Subject // in the current ACC. String[][] principalInfo = getPrincipalInfo(principal, accCs); for (int i = 0; i < principalInfo.length; i++) { // here's the new PrivateCredentialPermission PrivateCredentialPermission newPcp = new PrivateCredentialPermission (pcp.getCredentialClass() + " " + principalInfo[i][0] + " " + "\"" + principalInfo[i][1] + "\"", "read"); if (debug != null) { debug.println("adding SELF permission: " + newPcp.toString()); } perms.add(newPcp); } } } return true; }
Example #22
Source File: AuthPolicyFile.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
/** * Returns true if 'Self' permissions were added to the provided * 'perms', and false otherwise. * * <p> * * @param p check to see if this Permission is a "SELF" * PrivateCredentialPermission. <p> * * @param entryCs the codesource for the Policy entry. * * @param accCs the codesource for from the current AccessControlContext. * * @param perms the PermissionCollection where the individual * PrivateCredentialPermissions will be added. */ private boolean addSelfPermissions(final Permission p, CodeSource entryCs, CodeSource accCs, Permissions perms) { if (!(p instanceof PrivateCredentialPermission)) { return false; } if (!(entryCs instanceof SubjectCodeSource)) { return false; } PrivateCredentialPermission pcp = (PrivateCredentialPermission)p; SubjectCodeSource scs = (SubjectCodeSource)entryCs; // see if it is a SELF permission String[][] pPrincipals = pcp.getPrincipals(); if (pPrincipals.length <= 0 || !pPrincipals[0][0].equalsIgnoreCase("self") || !pPrincipals[0][1].equalsIgnoreCase("self")) { // regular PrivateCredentialPermission return false; } else { // granted a SELF permission - create a // PrivateCredentialPermission for each // of the Policy entry's CodeSource Principals if (scs.getPrincipals() == null) { // XXX SubjectCodeSource has no Subject??? return true; } for (PrincipalEntry principal : scs.getPrincipals()) { // if the Policy entry's Principal does not contain a // WILDCARD for the Principal name, then a // new PrivateCredentialPermission is created // for the Principal listed in the Policy entry. // if the Policy entry's Principal contains a WILDCARD // for the Principal name, then a new // PrivateCredentialPermission is created // for each Principal associated with the Subject // in the current ACC. String[][] principalInfo = getPrincipalInfo(principal, accCs); for (int i = 0; i < principalInfo.length; i++) { // here's the new PrivateCredentialPermission PrivateCredentialPermission newPcp = new PrivateCredentialPermission (pcp.getCredentialClass() + " " + principalInfo[i][0] + " " + "\"" + principalInfo[i][1] + "\"", "read"); if (debug != null) { debug.println("adding SELF permission: " + newPcp.toString()); } perms.add(newPcp); } } } return true; }
Example #23
Source File: AuthPolicyFile.java From hottub with GNU General Public License v2.0 | 4 votes |
/** * Returns true if 'Self' permissions were added to the provided * 'perms', and false otherwise. * * <p> * * @param p check to see if this Permission is a "SELF" * PrivateCredentialPermission. <p> * * @param entryCs the codesource for the Policy entry. * * @param accCs the codesource for from the current AccessControlContext. * * @param perms the PermissionCollection where the individual * PrivateCredentialPermissions will be added. */ private boolean addSelfPermissions(final Permission p, CodeSource entryCs, CodeSource accCs, Permissions perms) { if (!(p instanceof PrivateCredentialPermission)) { return false; } if (!(entryCs instanceof SubjectCodeSource)) { return false; } PrivateCredentialPermission pcp = (PrivateCredentialPermission)p; SubjectCodeSource scs = (SubjectCodeSource)entryCs; // see if it is a SELF permission String[][] pPrincipals = pcp.getPrincipals(); if (pPrincipals.length <= 0 || !pPrincipals[0][0].equalsIgnoreCase("self") || !pPrincipals[0][1].equalsIgnoreCase("self")) { // regular PrivateCredentialPermission return false; } else { // granted a SELF permission - create a // PrivateCredentialPermission for each // of the Policy entry's CodeSource Principals if (scs.getPrincipals() == null) { // XXX SubjectCodeSource has no Subject??? return true; } for (PrincipalEntry principal : scs.getPrincipals()) { // if the Policy entry's Principal does not contain a // WILDCARD for the Principal name, then a // new PrivateCredentialPermission is created // for the Principal listed in the Policy entry. // if the Policy entry's Principal contains a WILDCARD // for the Principal name, then a new // PrivateCredentialPermission is created // for each Principal associated with the Subject // in the current ACC. String[][] principalInfo = getPrincipalInfo(principal, accCs); for (int i = 0; i < principalInfo.length; i++) { // here's the new PrivateCredentialPermission PrivateCredentialPermission newPcp = new PrivateCredentialPermission (pcp.getCredentialClass() + " " + principalInfo[i][0] + " " + "\"" + principalInfo[i][1] + "\"", "read"); if (debug != null) { debug.println("adding SELF permission: " + newPcp.toString()); } perms.add(newPcp); } } } return true; }
Example #24
Source File: AuthPolicyFile.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
/** * Returns true if 'Self' permissions were added to the provided * 'perms', and false otherwise. * * <p> * * @param p check to see if this Permission is a "SELF" * PrivateCredentialPermission. <p> * * @param entryCs the codesource for the Policy entry. * * @param accCs the codesource for from the current AccessControlContext. * * @param perms the PermissionCollection where the individual * PrivateCredentialPermissions will be added. */ private boolean addSelfPermissions(final Permission p, CodeSource entryCs, CodeSource accCs, Permissions perms) { if (!(p instanceof PrivateCredentialPermission)) { return false; } if (!(entryCs instanceof SubjectCodeSource)) { return false; } PrivateCredentialPermission pcp = (PrivateCredentialPermission)p; SubjectCodeSource scs = (SubjectCodeSource)entryCs; // see if it is a SELF permission String[][] pPrincipals = pcp.getPrincipals(); if (pPrincipals.length <= 0 || !pPrincipals[0][0].equalsIgnoreCase("self") || !pPrincipals[0][1].equalsIgnoreCase("self")) { // regular PrivateCredentialPermission return false; } else { // granted a SELF permission - create a // PrivateCredentialPermission for each // of the Policy entry's CodeSource Principals if (scs.getPrincipals() == null) { // XXX SubjectCodeSource has no Subject??? return true; } for (PrincipalEntry principal : scs.getPrincipals()) { // if the Policy entry's Principal does not contain a // WILDCARD for the Principal name, then a // new PrivateCredentialPermission is created // for the Principal listed in the Policy entry. // if the Policy entry's Principal contains a WILDCARD // for the Principal name, then a new // PrivateCredentialPermission is created // for each Principal associated with the Subject // in the current ACC. String[][] principalInfo = getPrincipalInfo(principal, accCs); for (int i = 0; i < principalInfo.length; i++) { // here's the new PrivateCredentialPermission PrivateCredentialPermission newPcp = new PrivateCredentialPermission (pcp.getCredentialClass() + " " + principalInfo[i][0] + " " + "\"" + principalInfo[i][1] + "\"", "read"); if (debug != null) { debug.println("adding SELF permission: " + newPcp.toString()); } perms.add(newPcp); } } } return true; }
Example #25
Source File: AuthPolicyFile.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
/** * Returns true if 'Self' permissions were added to the provided * 'perms', and false otherwise. * * <p> * * @param p check to see if this Permission is a "SELF" * PrivateCredentialPermission. <p> * * @param entryCs the codesource for the Policy entry. * * @param accCs the codesource for from the current AccessControlContext. * * @param perms the PermissionCollection where the individual * PrivateCredentialPermissions will be added. */ private boolean addSelfPermissions(final Permission p, CodeSource entryCs, CodeSource accCs, Permissions perms) { if (!(p instanceof PrivateCredentialPermission)) { return false; } if (!(entryCs instanceof SubjectCodeSource)) { return false; } PrivateCredentialPermission pcp = (PrivateCredentialPermission)p; SubjectCodeSource scs = (SubjectCodeSource)entryCs; // see if it is a SELF permission String[][] pPrincipals = pcp.getPrincipals(); if (pPrincipals.length <= 0 || !pPrincipals[0][0].equalsIgnoreCase("self") || !pPrincipals[0][1].equalsIgnoreCase("self")) { // regular PrivateCredentialPermission return false; } else { // granted a SELF permission - create a // PrivateCredentialPermission for each // of the Policy entry's CodeSource Principals if (scs.getPrincipals() == null) { // XXX SubjectCodeSource has no Subject??? return true; } for (PrincipalEntry principal : scs.getPrincipals()) { // if the Policy entry's Principal does not contain a // WILDCARD for the Principal name, then a // new PrivateCredentialPermission is created // for the Principal listed in the Policy entry. // if the Policy entry's Principal contains a WILDCARD // for the Principal name, then a new // PrivateCredentialPermission is created // for each Principal associated with the Subject // in the current ACC. String[][] principalInfo = getPrincipalInfo(principal, accCs); for (int i = 0; i < principalInfo.length; i++) { // here's the new PrivateCredentialPermission PrivateCredentialPermission newPcp = new PrivateCredentialPermission (pcp.getCredentialClass() + " " + principalInfo[i][0] + " " + "\"" + principalInfo[i][1] + "\"", "read"); if (debug != null) { debug.println("adding SELF permission: " + newPcp.toString()); } perms.add(newPcp); } } } return true; }
Example #26
Source File: AuthPolicyFile.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
/** * Returns true if 'Self' permissions were added to the provided * 'perms', and false otherwise. * * <p> * * @param p check to see if this Permission is a "SELF" * PrivateCredentialPermission. <p> * * @param entryCs the codesource for the Policy entry. * * @param accCs the codesource for from the current AccessControlContext. * * @param perms the PermissionCollection where the individual * PrivateCredentialPermissions will be added. */ private boolean addSelfPermissions(final Permission p, CodeSource entryCs, CodeSource accCs, Permissions perms) { if (!(p instanceof PrivateCredentialPermission)) { return false; } if (!(entryCs instanceof SubjectCodeSource)) { return false; } PrivateCredentialPermission pcp = (PrivateCredentialPermission)p; SubjectCodeSource scs = (SubjectCodeSource)entryCs; // see if it is a SELF permission String[][] pPrincipals = pcp.getPrincipals(); if (pPrincipals.length <= 0 || !pPrincipals[0][0].equalsIgnoreCase("self") || !pPrincipals[0][1].equalsIgnoreCase("self")) { // regular PrivateCredentialPermission return false; } else { // granted a SELF permission - create a // PrivateCredentialPermission for each // of the Policy entry's CodeSource Principals if (scs.getPrincipals() == null) { // XXX SubjectCodeSource has no Subject??? return true; } for (PrincipalEntry principal : scs.getPrincipals()) { // if the Policy entry's Principal does not contain a // WILDCARD for the Principal name, then a // new PrivateCredentialPermission is created // for the Principal listed in the Policy entry. // if the Policy entry's Principal contains a WILDCARD // for the Principal name, then a new // PrivateCredentialPermission is created // for each Principal associated with the Subject // in the current ACC. String[][] principalInfo = getPrincipalInfo(principal, accCs); for (int i = 0; i < principalInfo.length; i++) { // here's the new PrivateCredentialPermission PrivateCredentialPermission newPcp = new PrivateCredentialPermission (pcp.getCredentialClass() + " " + principalInfo[i][0] + " " + "\"" + principalInfo[i][1] + "\"", "read"); if (debug != null) { debug.println("adding SELF permission: " + newPcp.toString()); } perms.add(newPcp); } } } return true; }
Example #27
Source File: BasicProc.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
/** * One test run. * * @param label test label * @param lc lib of client * @param ls lib of server * @param lb lib of backend */ private static void once(String label, String lc, String ls, String lb) throws Exception { Proc pc = proc(lc) .args("client", lc == null ? "j" : "n") .perm(new javax.security.auth.kerberos.ServicePermission( "krbtgt/" + REALM + "@" + REALM, "initiate")) .perm(new javax.security.auth.kerberos.ServicePermission( SERVER + "@" + REALM, "initiate")) .perm(new javax.security.auth.kerberos.DelegationPermission( "\"" + SERVER + "@" + REALM + "\" " + "\"krbtgt/" + REALM + "@" + REALM + "\"")) .debug(label + "-C"); if (lc == null) { // for Krb5LoginModule::promptForName pc.perm(new PropertyPermission("user.name", "read")); } else { Files.copy(Paths.get("base.ccache"), Paths.get(label + ".ccache")); Set<PosixFilePermission> perms = new HashSet<>(); perms.add(PosixFilePermission.OWNER_READ); perms.add(PosixFilePermission.OWNER_WRITE); Files.setPosixFilePermissions(Paths.get(label + ".ccache"), Collections.unmodifiableSet(perms)); pc.env("KRB5CCNAME", label + ".ccache"); // Do not try system ktab if ccache fails pc.env("KRB5_KTNAME", "none"); } pc.start(); Proc ps = proc(ls) .args("server", ls == null ? "j" : "n") .perm(new javax.security.auth.kerberos.ServicePermission( SERVER + "@" + REALM, "accept")) .perm(new javax.security.auth.kerberos.ServicePermission( BACKEND + "@" + REALM, "initiate")) .debug(label + "-S"); if (ls == null) { ps.perm(new PrivateCredentialPermission( "javax.security.auth.kerberos.KeyTab * \"*\"", "read")) .perm(new java.io.FilePermission(KTAB_S, "read")); } else { ps.env("KRB5_KTNAME", KTAB_S); } ps.start(); Proc pb = proc(lb) .args("backend", lb == null ? "j" : "n") .perm(new javax.security.auth.kerberos.ServicePermission( BACKEND + "@" + REALM, "accept")) .debug(label + "-B"); if (lb == null) { pb.perm(new PrivateCredentialPermission( "javax.security.auth.kerberos.KeyTab * \"*\"", "read")) .perm(new java.io.FilePermission(KTAB_B, "read")); } else { pb.env("KRB5_KTNAME", KTAB_B); } pb.start(); // Client and server ps.println(pc.readData()); // AP-REQ pc.println(ps.readData()); // AP-REP ps.println(pc.readData()); // KRB-PRIV ps.println(pc.readData()); // KRB-SAFE // Server and backend pb.println(ps.readData()); // AP-REQ ps.println(pb.readData()); // KRB-PRIV ps.println(pb.readData()); // KRB-SAFE if ((pc.waitFor() | ps.waitFor() | pb.waitFor()) != 0) { throw new Exception("Process failed"); } }
Example #28
Source File: AuthPolicyFile.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
/** * Returns true if 'Self' permissions were added to the provided * 'perms', and false otherwise. * * <p> * * @param p check to see if this Permission is a "SELF" * PrivateCredentialPermission. <p> * * @param entryCs the codesource for the Policy entry. * * @param accCs the codesource for from the current AccessControlContext. * * @param perms the PermissionCollection where the individual * PrivateCredentialPermissions will be added. */ private boolean addSelfPermissions(final Permission p, CodeSource entryCs, CodeSource accCs, Permissions perms) { if (!(p instanceof PrivateCredentialPermission)) { return false; } if (!(entryCs instanceof SubjectCodeSource)) { return false; } PrivateCredentialPermission pcp = (PrivateCredentialPermission)p; SubjectCodeSource scs = (SubjectCodeSource)entryCs; // see if it is a SELF permission String[][] pPrincipals = pcp.getPrincipals(); if (pPrincipals.length <= 0 || !pPrincipals[0][0].equalsIgnoreCase("self") || !pPrincipals[0][1].equalsIgnoreCase("self")) { // regular PrivateCredentialPermission return false; } else { // granted a SELF permission - create a // PrivateCredentialPermission for each // of the Policy entry's CodeSource Principals if (scs.getPrincipals() == null) { // XXX SubjectCodeSource has no Subject??? return true; } for (PrincipalEntry principal : scs.getPrincipals()) { // if the Policy entry's Principal does not contain a // WILDCARD for the Principal name, then a // new PrivateCredentialPermission is created // for the Principal listed in the Policy entry. // if the Policy entry's Principal contains a WILDCARD // for the Principal name, then a new // PrivateCredentialPermission is created // for each Principal associated with the Subject // in the current ACC. String[][] principalInfo = getPrincipalInfo(principal, accCs); for (int i = 0; i < principalInfo.length; i++) { // here's the new PrivateCredentialPermission PrivateCredentialPermission newPcp = new PrivateCredentialPermission (pcp.getCredentialClass() + " " + principalInfo[i][0] + " " + "\"" + principalInfo[i][1] + "\"", "read"); if (debug != null) { debug.println("adding SELF permission: " + newPcp.toString()); } perms.add(newPcp); } } } return true; }
Example #29
Source File: AuthPolicyFile.java From jdk8u60 with GNU General Public License v2.0 | 4 votes |
/** * Returns true if 'Self' permissions were added to the provided * 'perms', and false otherwise. * * <p> * * @param p check to see if this Permission is a "SELF" * PrivateCredentialPermission. <p> * * @param entryCs the codesource for the Policy entry. * * @param accCs the codesource for from the current AccessControlContext. * * @param perms the PermissionCollection where the individual * PrivateCredentialPermissions will be added. */ private boolean addSelfPermissions(final Permission p, CodeSource entryCs, CodeSource accCs, Permissions perms) { if (!(p instanceof PrivateCredentialPermission)) { return false; } if (!(entryCs instanceof SubjectCodeSource)) { return false; } PrivateCredentialPermission pcp = (PrivateCredentialPermission)p; SubjectCodeSource scs = (SubjectCodeSource)entryCs; // see if it is a SELF permission String[][] pPrincipals = pcp.getPrincipals(); if (pPrincipals.length <= 0 || !pPrincipals[0][0].equalsIgnoreCase("self") || !pPrincipals[0][1].equalsIgnoreCase("self")) { // regular PrivateCredentialPermission return false; } else { // granted a SELF permission - create a // PrivateCredentialPermission for each // of the Policy entry's CodeSource Principals if (scs.getPrincipals() == null) { // XXX SubjectCodeSource has no Subject??? return true; } for (PrincipalEntry principal : scs.getPrincipals()) { // if the Policy entry's Principal does not contain a // WILDCARD for the Principal name, then a // new PrivateCredentialPermission is created // for the Principal listed in the Policy entry. // if the Policy entry's Principal contains a WILDCARD // for the Principal name, then a new // PrivateCredentialPermission is created // for each Principal associated with the Subject // in the current ACC. String[][] principalInfo = getPrincipalInfo(principal, accCs); for (int i = 0; i < principalInfo.length; i++) { // here's the new PrivateCredentialPermission PrivateCredentialPermission newPcp = new PrivateCredentialPermission (pcp.getCredentialClass() + " " + principalInfo[i][0] + " " + "\"" + principalInfo[i][1] + "\"", "read"); if (debug != null) { debug.println("adding SELF permission: " + newPcp.toString()); } perms.add(newPcp); } } } return true; }
Example #30
Source File: BasicProc.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
/** * One test run. * * @param label test label * @param lc lib of client * @param ls lib of server * @param lb lib of backend */ private static void once(String label, String lc, String ls, String lb) throws Exception { Proc pc = proc(lc) .args("client", lc == null ? "j" : "n") .perm(new javax.security.auth.kerberos.ServicePermission( "krbtgt/" + REALM + "@" + REALM, "initiate")) .perm(new javax.security.auth.kerberos.ServicePermission( SERVER + "@" + REALM, "initiate")) .perm(new javax.security.auth.kerberos.DelegationPermission( "\"" + SERVER + "@" + REALM + "\" " + "\"krbtgt/" + REALM + "@" + REALM + "\"")) .debug(label + "-C"); if (lc == null) { // for Krb5LoginModule::promptForName pc.perm(new PropertyPermission("user.name", "read")); } else { Files.copy(Paths.get("base.ccache"), Paths.get(label + ".ccache")); Set<PosixFilePermission> perms = new HashSet<>(); perms.add(PosixFilePermission.OWNER_READ); perms.add(PosixFilePermission.OWNER_WRITE); Files.setPosixFilePermissions(Paths.get(label + ".ccache"), Collections.unmodifiableSet(perms)); pc.env("KRB5CCNAME", label + ".ccache"); // Do not try system ktab if ccache fails pc.env("KRB5_KTNAME", "none"); } pc.start(); Proc ps = proc(ls) .args("server", ls == null ? "j" : "n") .perm(new javax.security.auth.kerberos.ServicePermission( SERVER + "@" + REALM, "accept")) .perm(new javax.security.auth.kerberos.ServicePermission( BACKEND + "@" + REALM, "initiate")) .debug(label + "-S"); if (ls == null) { ps.perm(new PrivateCredentialPermission( "javax.security.auth.kerberos.KeyTab * \"*\"", "read")) .perm(new java.io.FilePermission(KTAB_S, "read")); } else { ps.env("KRB5_KTNAME", KTAB_S); } ps.start(); Proc pb = proc(lb) .args("backend", lb == null ? "j" : "n") .perm(new javax.security.auth.kerberos.ServicePermission( BACKEND + "@" + REALM, "accept")) .debug(label + "-B"); if (lb == null) { pb.perm(new PrivateCredentialPermission( "javax.security.auth.kerberos.KeyTab * \"*\"", "read")) .perm(new java.io.FilePermission(KTAB_B, "read")); } else { pb.env("KRB5_KTNAME", KTAB_B); } pb.start(); // Client and server ps.println(pc.readData()); // AP-REQ pc.println(ps.readData()); // AP-REP ps.println(pc.readData()); // KRB-PRIV ps.println(pc.readData()); // KRB-SAFE // Server and backend pb.println(ps.readData()); // AP-REQ ps.println(pb.readData()); // KRB-PRIV ps.println(pb.readData()); // KRB-SAFE if ((pc.waitFor() | ps.waitFor() | pb.waitFor()) != 0) { throw new Exception("Process failed"); } }