Java Examples for java.io.FilePermission
The following java examples will help you to understand the usage of java.io.FilePermission. These source code samples are taken from different open source projects.
Example 1
| Project: robocode-master File: RobocodeSecurityPolicy.java View source code |
private boolean impliesRobot(Permission perm) {
// For development purposes, allow read any file if override is set.
final String actions = perm.getActions();
final String name = perm.getName();
if (perm instanceof FilePermission && actions.equals("read") && isFileReadSecutityOff) {
return true;
}
// Allow reading of properties.
if (perm instanceof PropertyPermission && actions.equals("read")) {
return true;
}
if (perm instanceof RobocodePermission) {
if (name.equals("System.out") || name.equals("System.err") || name.equals("System.in")) {
return true;
}
}
// Ok, we need to figure out who our robot is.
Thread c = Thread.currentThread();
IHostedThread robotProxy = threadManager.getLoadedOrLoadingRobotProxy(c);
if (robotProxy == null) {
Logger.logError("Preventing unknown thread " + Thread.currentThread().getName() + " from access: " + perm);
return false;
}
// Attempt to stop the window from displaying
if (perm instanceof java.awt.AWTPermission) {
final String message = "Preventing " + robotProxy.getStatics().getName() + " from access: " + perm;
robotProxy.punishSecurityViolation(message);
// this is hack, because security exception is not enough
throw new ThreadDeath();
}
// FilePermission access request.
if (perm instanceof FilePermission) {
FilePermission filePermission = (FilePermission) perm;
// Get the fileSystemManager
RobotFileSystemManager fileSystemManager = robotProxy.getRobotFileSystemManager();
// Robot wants access to read something
if (filePermission.getActions().equals("read")) {
return impliesRobotFileRead(robotProxy, fileSystemManager, filePermission);
} else // Robot wants access to write something
if (filePermission.getActions().equals("write")) {
return impliesRobotFileWrite(robotProxy, fileSystemManager, filePermission);
} else // Robot wants access to write something
if (filePermission.getActions().equals("delete")) {
return impliesRobotFileDelete(robotProxy, fileSystemManager, filePermission);
}
}
// check package access
if (perm instanceof RuntimePermission && name.startsWith("accessClassInPackage.")) {
return impliesRobotPackageAccess(robotProxy, name.substring(21));
}
// Permission denied.
final String message = "Preventing " + robotProxy.getStatics().getName() + " from access: " + perm;
robotProxy.punishSecurityViolation(message);
return false;
}Example 2
| Project: open-mika-master File: FilePreferencesImplTest.java View source code |
/*
@TestTargets({
@TestTargetNew(
level = TestLevel.PARTIAL,
notes = "SecurityException checking only, but methods are abstract, probably it is OK",
method = "node",
args = {java.lang.String.class}
),
@TestTargetNew(
level = TestLevel.PARTIAL,
notes = "SecurityException checking only, but methods are abstract, probably it is OK",
method = "removeNode",
args = {}
),
@TestTargetNew(
level = TestLevel.PARTIAL,
notes = "SecurityException checking only, but methods are abstract, probably it is OK",
method = "childrenNames",
args = {}
),
@TestTargetNew(
level = TestLevel.PARTIAL,
notes = "SecurityException checking only, but methods are abstract, probably it is OK",
method = "flush",
args = {}
),
@TestTargetNew(
level = TestLevel.PARTIAL,
notes = "SecurityException checking only, but methods are abstract, probably it is OK",
method = "sync",
args = {}
)
})
*/
public void testSecurityException() throws BackingStoreException {
Preferences uroot = Preferences.userRoot().node("test");
Preferences child1 = uroot.node("child1");
MockFileSecurityManager manager = new MockFileSecurityManager();
manager.install();
try {
try {
uroot.node("securityNode");
fail("should throw security exception");
} catch (SecurityException e) {
}
try {
// need FilePermission(delete);
child1.removeNode();
fail("should throw security exception");
} catch (SecurityException e) {
}
try {
uroot.childrenNames();
fail("should throw security exception");
} catch (SecurityException e) {
}
uroot.keys();
uroot.put("securitykey", "value1");
uroot.remove("securitykey");
try {
uroot.flush();
fail("should throw security exception");
} catch (SecurityException e) {
} catch (BackingStoreException e) {
assertTrue(e.getCause() instanceof SecurityException);
}
try {
uroot.sync();
fail("should throw security exception");
} catch (SecurityException e) {
} catch (BackingStoreException e) {
assertTrue(e.getCause() instanceof SecurityException);
}
} finally {
manager.restoreDefault();
uroot.removeNode();
}
}Example 3
| Project: android_libcore-master File: AccessControlContextTest.java View source code |
/**
* @tests java.security.AccessControlException#checkPermission(Permission)
*/
@TestTargetNew(level = TestLevel.COMPLETE, notes = "", method = "checkPermission", args = { java.security.Permission.class })
public void test_checkPermission() {
char s = File.separatorChar;
FilePermission perm[] = new FilePermission[7];
perm[0] = new FilePermission("test1.file", "write");
perm[1] = new FilePermission("test1.file", "read, execute, delete");
perm[2] = new FilePermission(s + "tmp" + s + "test" + s + "*", "read, write");
perm[3] = new FilePermission(s + "tmp" + s + "test" + s + "collection.file", "read");
perm[4] = new FilePermission(s + "windows" + "*", "delete");
perm[5] = new FilePermission("aFile.file", "read");
perm[6] = new FilePermission("hello.file", "write");
Permissions perms = new Permissions();
for (int i = 0; i < perm.length; i++) {
perms.add(perm[i]);
}
ProtectionDomain pd = new ProtectionDomain(null, perms);
AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] { pd });
for (int i = 0; i < perm.length; i++) {
try {
acc.checkPermission(perm[i]);
} catch (AccessControlException e) {
fail("Should have permission " + perm[i]);
}
}
try {
acc.checkPermission(new FilePermission("test1.file", "execute"));
} catch (AccessControlException e) {
fail("Should have permission ");
}
try {
acc.checkPermission(new FilePermission(s + "tmp" + s + "test" + s + "hello.file", "read"));
} catch (AccessControlException e) {
fail("Should have permission ");
}
try {
acc.checkPermission(new FilePermission("test2.file", "execute"));
fail("SecurityException expected");
} catch (AccessControlException e) {
}
try {
acc.checkPermission(new FilePermission(s + "tmp" + s + "test" + s + "hello.file", "delete"));
fail("SecurityException expected");
} catch (AccessControlException e) {
}
try {
acc.checkPermission(null);
fail("NullPointerException expected");
} catch (NullPointerException npe) {
}
}Example 4
| Project: flower-platform-3-master File: SecurityEntityListenerTest.java View source code |
/**
* Setup database before each test, as each test modifies records.
*/
@Before
public void beforeTest() {
final GeneralService service = new GeneralService();
new DatabaseOperationWrapper(new DatabaseOperation() {
@Override
public void run() {
org1 = service.createOrganization("org1", wrapper);
org2 = service.createOrganization("org2", wrapper);
org3 = service.createOrganization("org3", wrapper);
org1AdminGroup = service.createGroup("org1/admin", org1, wrapper);
orgProj1MembersGroup = service.createGroup("org1/proj1_members", org1, wrapper);
org2AdminGroup = service.createGroup("org2/admin", org2, wrapper);
org3AdminGroup = service.createGroup("org3/admin", org3, wrapper);
allGroup = service.createGroup("ALL", null, wrapper);
user1 = service.createUserAndAddToGroups("user1", null, Arrays.asList(org1AdminGroup, orgProj1MembersGroup), wrapper);
user2 = service.createUserAndAddToGroups("user2", null, Arrays.asList(org2AdminGroup), wrapper);
user3 = service.createUserAndAddToGroups("user3", null, Arrays.asList(org3AdminGroup), wrapper);
// create some normal permissions
normalPermission = service.createPermission(AdminSecurityEntitiesPermission.class, "", user1, "#org1", wrapper);
service.createPermission(AdminSecurityEntitiesPermission.class, "", user2, "#org2", wrapper);
service.createPermission(AdminSecurityEntitiesPermission.class, "", user3, "#org3", wrapper);
// create some tree permissions
treePermission = service.createPermission(FlowerWebFilePermission.class, "org1/*", org1AdminGroup, FlowerWebFilePermission.READ_WRITE_DELETE, wrapper);
service.createPermission(FlowerWebFilePermission.class, "org1/proj1/*", orgProj1MembersGroup, FlowerWebFilePermission.READ_WRITE_DELETE, wrapper);
service.createPermission(FlowerWebFilePermission.class, "org1/proj1/activity_log.txt", orgProj1MembersGroup, FlowerWebFilePermission.READ, wrapper);
service.createPermission(FlowerWebFilePermission.class, "org1/proj1/noadmin/*", org1AdminGroup, FlowerWebFilePermission.NONE, wrapper);
service.createPermission(FlowerWebFilePermission.class, "org1/proj1/private/*", org3, FlowerWebFilePermission.READ_WRITE, wrapper);
service.createPermission(FlowerWebFilePermission.class, "org1/proj1/private/*", allGroup, FlowerWebFilePermission.NONE, wrapper);
service.createPermission(FlowerWebFilePermission.class, "org1/proj1/private/*", org2AdminGroup, FlowerWebFilePermission.READ, wrapper);
service.createPermission(FlowerWebFilePermission.class, "org1/proj1/private/*", org1AdminGroup, FlowerWebFilePermission.READ_WRITE_DELETE, wrapper);
service.createPermission(FlowerWebFilePermission.class, "org1/proj1/private/*", user1, FlowerWebFilePermission.NONE, wrapper);
}
});
// install policy
policy = (FlowerWebPolicyTest) Policy.getPolicy();
// init caches
Utils.hasPermission(user1, new AdminSecurityEntitiesPermission("", "#org1"));
Utils.hasPermission(user2, new AdminSecurityEntitiesPermission("", "#org2"));
Utils.hasPermission(user3, new AdminSecurityEntitiesPermission("", "#org3"));
Utils.hasPermission(user1, new FilePermission("root/*", "read"));
}Example 5
| Project: wala-mirror-master File: Reflect7.java View source code |
@SuppressWarnings("unchecked")
public static void main(String[] args) throws ClassNotFoundException, NoSuchMethodException, IllegalArgumentException, InstantiationException, IllegalAccessException, InvocationTargetException {
Class c = Class.forName("java.io.FilePermission");
Class[] paramTypes = new Class[] { "".getClass(), "".getClass() };
Constructor<FilePermission> constr = c.getConstructor(paramTypes);
Object[] params = new String[] { "log.txt", "read" };
FilePermission fp = constr.newInstance(params);
fp.toString();
}Example 6
| Project: ProjectIndigo-master File: PolicyManager.java View source code |
public void enforceSecurityManager(String basepath, String nativesDir) {
copySecurityPolicy();
addAdditionalPerm("permission java.lang.RuntimePermission \"*\"");
addAdditionalPerm("permission java.io.FilePermission \"" + new File(basepath).getParentFile().getAbsolutePath().replaceAll("\\\\", "/") + "/-\", \"read, write, delete\"");
addAdditionalPerm("permission java.io.FilePermission \"" + nativesDir.replaceAll("\\\\", "/") + "/-\", \"read\"");
addAdditionalPerm("permission java.io.FilePermission \"" + System.getProperty("java.io.tmpdir").replaceAll("\\\\", "/") + "-\", \"read, write, delete\"");
addAdditionalPerm("permission java.io.FilePermission \"" + System.getProperty("java.io.tmpdir").replaceAll("\\\\", "/") + "\", \"read, write, delete\"");
addAdditionalPerm("permission java.io.FilePermission \"" + System.getProperty("java.home").replaceAll("\\\\", "/") + "/-\", \"read\"");
addAdditionalPerm("permission java.io.FilePermission \"" + System.getProperty("java.home").replaceAll("\\\\", "/").replaceAll(" ", "%20") + "/-\", \"read\"");
addAdditionalPerm("permission java.io.FilePermission \"" + IndigoLauncher.class.getProtectionDomain().getCodeSource().getLocation().getPath().replaceAll("\\\\", "/") + "\", \"read\"");
writeAdditionalPerms(getPolicyLocation());
System.out.println("Setting security policy to " + getPolicyLocation());
System.setProperty("java.security.policy", getPolicyLocation());
Policy.getPolicy().refresh();
File[] natives = new File(nativesDir).listFiles();
System.setSecurityManager(getSecurityManager(natives));
}Example 7
| Project: stanbol-master File: PermissionDefinitionsTest.java View source code |
@Before
public void setUp() {
final ImmutableGraph graph = Parser.getInstance().parse(getClass().getResourceAsStream("systemgraph.nt"), "text/rdf+n3");
this.permissionDefinitions = new PermissionDefinitions(new SimpleGraph(graph.iterator()));
this.allPermissions = new PermissionInfo[] { new PermissionInfo("(java.io.FilePermission \"file:///home/foo/-\" \"read,write,delete\")"), new PermissionInfo("(java.io.FilePermission \"file:///home/foo/*\" \"read,write\")"), new PermissionInfo("(java.io.FilePermission \"file:///home/*\" \"read,write\")") };
this.nullPermission = null;
}Example 8
| Project: roboyuddh-master File: RobocodeSecurityPolicy.java View source code |
private boolean impliesRobot(Permission perm) {
// For development purposes, allow read any file if override is set.
final String actions = perm.getActions();
final String name = perm.getName();
if (perm instanceof FilePermission && actions.equals("read") && isFileReadSecutityOff) {
return true;
}
// Allow reading of properties.
if (perm instanceof PropertyPermission && actions.equals("read")) {
return true;
}
if (perm instanceof RobocodePermission) {
if (name.equals("System.out") || name.equals("System.err") || name.equals("System.in")) {
return true;
}
}
// Ok, we need to figure out who our robot is.
Thread c = Thread.currentThread();
IHostedThread robotProxy = threadManager.getLoadedOrLoadingRobotProxy(c);
if (robotProxy == null) {
Logger.logError("Preventing unknown thread " + Thread.currentThread().getName() + " from access: " + perm);
return false;
}
// Attempt to stop the window from displaying
if (perm instanceof java.awt.AWTPermission) {
final String message = "Preventing " + robotProxy.getStatics().getName() + " from access: " + perm;
robotProxy.punishSecurityViolation(message);
// this is hack, because security exception is not enough
throw new ThreadDeath();
}
// FilePermission access request.
if (perm instanceof FilePermission) {
FilePermission filePermission = (FilePermission) perm;
// Get the fileSystemManager
RobotFileSystemManager fileSystemManager = robotProxy.getRobotFileSystemManager();
// Robot wants access to read something
if (filePermission.getActions().equals("read")) {
return impliesRobotFileRead(robotProxy, fileSystemManager, filePermission);
} else // Robot wants access to write something
if (filePermission.getActions().equals("write")) {
return impliesRobotFileWrite(robotProxy, fileSystemManager, filePermission);
} else // Robot wants access to write something
if (filePermission.getActions().equals("delete")) {
return impliesRobotFileDelete(robotProxy, fileSystemManager, filePermission);
}
}
// check package access
if (perm instanceof RuntimePermission && name.startsWith("accessClassInPackage.")) {
return impliesRobotPackageAccess(robotProxy, name.substring(21));
}
// Permission denied.
final String message = "Preventing " + robotProxy.getStatics().getName() + " from access: " + perm;
robotProxy.punishSecurityViolation(message);
return false;
}Example 9
| Project: SRE-RoboCode-master File: RobocodeSecurityPolicy.java View source code |
private boolean impliesRobot(Permission perm) {
// For development purposes, allow read any file if override is set.
final String actions = perm.getActions();
final String name = perm.getName();
if (perm instanceof FilePermission && actions.equals("read") && isFileReadSecutityOff) {
return true;
}
// Allow reading of properties.
if (perm instanceof PropertyPermission && actions.equals("read")) {
return true;
}
if (perm instanceof RobocodePermission) {
if (name.equals("System.out") || name.equals("System.err") || name.equals("System.in")) {
return true;
}
}
// Ok, we need to figure out who our robot is.
Thread c = Thread.currentThread();
IHostedThread robotProxy = threadManager.getLoadedOrLoadingRobotProxy(c);
if (robotProxy == null) {
Logger.logError("Preventing unknown thread " + Thread.currentThread().getName() + " from access: " + perm);
return false;
}
// Attempt to stop the window from displaying
if (perm instanceof java.awt.AWTPermission) {
final String message = "Preventing " + robotProxy.getStatics().getName() + " from access: " + perm;
robotProxy.punishSecurityViolation(message);
// this is hack, because security exception is not enough
throw new ThreadDeath();
}
// FilePermission access request.
if (perm instanceof FilePermission) {
FilePermission filePermission = (FilePermission) perm;
// Get the fileSystemManager
RobotFileSystemManager fileSystemManager = robotProxy.getRobotFileSystemManager();
// Robot wants access to read something
if (filePermission.getActions().equals("read")) {
return impliesRobotFileRead(robotProxy, fileSystemManager, filePermission);
} else // Robot wants access to write something
if (filePermission.getActions().equals("write")) {
return impliesRobotFileWrite(robotProxy, fileSystemManager, filePermission);
} else // Robot wants access to write something
if (filePermission.getActions().equals("delete")) {
return impliesRobotFileDelete(robotProxy, fileSystemManager, filePermission);
}
}
// check package access
if (perm instanceof RuntimePermission && name.startsWith("accessClassInPackage.")) {
return impliesRobotPackageAccess(robotProxy, name.substring(21));
}
// Permission denied.
final String message = "Preventing " + robotProxy.getStatics().getName() + " from access: " + perm;
robotProxy.punishSecurityViolation(message);
return false;
}Example 10
| Project: L42-master File: RunningUtils.java View source code |
public void checkPermission(Permission p) {
if (p instanceof RuntimePermission && "accessDeclaredMembers".equals(p.getName())) {
return;
}
if (p instanceof java.io.FilePermission) {
java.io.FilePermission pp = (java.io.FilePermission) p;
if ("read".equals(p.getActions()) && pp.getName().endsWith(".class"))
return;
}
throw new SecurityException(p.toString());
}Example 11
| Project: jdk7u-jdk-master File: UnixFileSystemProvider.java View source code |
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
UnixPath link = UnixPath.toUnixPath(obj1);
// permission check
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
FilePermission perm = new FilePermission(link.getPathForPermissionCheck(), SecurityConstants.FILE_READLINK_ACTION);
AccessController.checkPermission(perm);
}
try {
byte[] target = readlink(link);
return new UnixPath(link.getFileSystem(), target);
} catch (UnixException x) {
if (x.errno() == UnixConstants.EINVAL)
throw new NotLinkException(link.getPathForExecptionMessage());
x.rethrowAsIOException(link);
return null;
}
}Example 12
| Project: ManagedRuntimeInitiative-master File: Launcher.java View source code |
public Object run() {
for (int i = 0; i < path.length; i++) {
File f = path[i];
String path;
try {
path = f.getCanonicalPath();
} catch (IOException ioe) {
path = f.getAbsolutePath();
}
if (i == 0) {
codeBase = Launcher.getFileURL(new File(path));
}
if (f.isDirectory()) {
if (path.endsWith(File.separator)) {
perms.add(new FilePermission(path + "-", SecurityConstants.FILE_READ_ACTION));
} else {
perms.add(new FilePermission(path + File.separator + "-", SecurityConstants.FILE_READ_ACTION));
}
} else {
int endIndex = path.lastIndexOf(File.separatorChar);
if (endIndex != -1) {
path = path.substring(0, endIndex + 1) + "-";
perms.add(new FilePermission(path, SecurityConstants.FILE_READ_ACTION));
} else {
// XXX?
}
}
}
return null;
}Example 13
| Project: openjdk-master File: UnixFileSystemProvider.java View source code |
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
UnixPath link = UnixPath.toUnixPath(obj1);
// permission check
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
FilePermission perm = new FilePermission(link.getPathForPermissionCheck(), SecurityConstants.FILE_READLINK_ACTION);
sm.checkPermission(perm);
}
try {
byte[] target = readlink(link);
return new UnixPath(link.getFileSystem(), target);
} catch (UnixException x) {
if (x.errno() == UnixConstants.EINVAL)
throw new NotLinkException(link.getPathForExceptionMessage());
x.rethrowAsIOException(link);
return null;
}
}Example 14
| Project: openjdk8-jdk-master File: UnixFileSystemProvider.java View source code |
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
UnixPath link = UnixPath.toUnixPath(obj1);
// permission check
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
FilePermission perm = new FilePermission(link.getPathForPermissionCheck(), SecurityConstants.FILE_READLINK_ACTION);
AccessController.checkPermission(perm);
}
try {
byte[] target = readlink(link);
return new UnixPath(link.getFileSystem(), target);
} catch (UnixException x) {
if (x.errno() == UnixConstants.EINVAL)
throw new NotLinkException(link.getPathForExceptionMessage());
x.rethrowAsIOException(link);
return null;
}
}Example 15
| Project: river-container-master File: DeployerConfigParserTest.java View source code |
@Test
public /**
Ensure that the parsing basically happens; we can create the stream and run
it through the parser without errors.
*/
void testBasicParsing() throws ParseException {
log.setLevel(Level.FINE);
ASTconfig config = parseTestConfig();
log.fine("grants string is:" + config.toString());
String expected = "config (grant (permission java.io.FilePermission \"${serviceArchive}\" \"read\") " + "(permission java.net.SocketPermission \"*\" \"connect\")) " + "(classloader (parent systemClassLoader) " + "appPriority " + "(jars (classpath (cpEntry commons-vfs-1.0.jar) " + "(cpEntry commons-logging-1.1.1.jar) (cpEntry jsk-platform.jar) " + "(cpEntry jsk-lib.jar) (cpEntry jsk-resources.jar) " + "(cpEntry RiverSurrogate.jar " + "org.apache.river.container.liaison.Strings " + "org.apache.river.container.liaison.VirtualFileSystemConfiguration " + "org.apache.river.container.liaison.VirtualFileSystemConfiguration$MyConfigurationFile " + "\"META-INF/services/*\"))) (codebase jsk-dl.jar)) (configuration " + "(configEntry discoveryGroup defaultDiscoveryGroup))";
assertEquals(expected, config.toString());
}Example 16
| Project: JamVM-PH-master File: AppletSecurityManager.java View source code |
public void checkPermission(Permission permission) {
if (permission == null)
throw new NullPointerException();
// to be able to execute "addr2line" to get proper stack traces.
if (permission instanceof FilePermission)
return;
// FIXME: we need to restrict this.
if (permission instanceof SecurityPermission)
return;
// FIXME: is this really needed ?
if (permission instanceof PropertyPermission)
return;
// Needed to allow to access AWT event queue.
if (permission.getName().equals("accessEventQueue"))
return;
// Needed to create a class loader for each codebase.
if (permission.getName().equals("createClassLoader"))
return;
if (// for net access
permission instanceof SocketPermission || // for checkWrite(FileDescriptor)
permission instanceof RuntimePermission)
return;
if (!plugin && permission.getName().equals("exitVM"))
return;
// Reject all other permissions.
throw new SecurityException();
}Example 17
| Project: wildfly-elytron-master File: SimpleSecurityEventFormatterTest.java View source code |
@Test
public void testPermissionCheckFailed() {
String formatted = baseTest(new SecurityPermissionCheckFailedEvent(securityDomain.getCurrentSecurityIdentity(), new FilePermission("/etc", "read")));
assertTrue("Event", formatted.contains("event=SecurityPermissionCheckFailedEvent"));
assertTrue("Success", formatted.contains("success=false"));
assertTrue("Permission", formatted.contains("permission="));
assertTrue("Permission Type", formatted.contains("type=java.io.FilePermission"));
assertTrue("Permission Actions", formatted.contains("actions=read"));
assertTrue("Permission Name", formatted.contains("name=/etc"));
}Example 18
| Project: wildfly-security-master File: SimpleSecurityEventFormatterTest.java View source code |
@Test
public void testPermissionCheckFailed() {
String formatted = baseTest(new SecurityPermissionCheckFailedEvent(securityDomain.getCurrentSecurityIdentity(), new FilePermission("/etc", "read")));
assertTrue("Event", formatted.contains("event=SecurityPermissionCheckFailedEvent"));
assertTrue("Success", formatted.contains("success=false"));
assertTrue("Permission", formatted.contains("permission="));
assertTrue("Permission Type", formatted.contains("type=java.io.FilePermission"));
assertTrue("Permission Actions", formatted.contains("actions=read"));
assertTrue("Permission Name", formatted.contains("name=/etc"));
}Example 19
| Project: aliyun-odps-java-sdk-master File: SecurityClient.java View source code |
public static void init(ApplicatitionType appType, List<String> appCodeBase, Map<String, String> replacement, boolean isSecurityEnabled, boolean isJNIEnabled, String userDefinePolicy) {
getInstance().appType = appType;
getInstance().appCodeBase = appCodeBase;
getInstance().isSecurityEnabled = isSecurityEnabled;
if (!getInstance().isSecurityEnabled) {
return;
}
getInstance().isJNIEnabled = isJNIEnabled;
if (userDefinePolicy == null || userDefinePolicy.length() < "permission".length()) {
userDefinePolicy = "";
}
//delete useless quotes ( from console set)
if (userDefinePolicy.startsWith("\"") && userDefinePolicy.endsWith("\"")) {
userDefinePolicy = userDefinePolicy.substring(1, userDefinePolicy.length() - 1);
} else if (userDefinePolicy.startsWith("'") && userDefinePolicy.endsWith("'")) {
userDefinePolicy = userDefinePolicy.substring(1, userDefinePolicy.length() - 1);
}
userDefinePolicy = userDefinePolicy.trim();
if (!userDefinePolicy.isEmpty() && !userDefinePolicy.endsWith(";")) {
userDefinePolicy = userDefinePolicy + ";";
}
if (getInstance().isJNIEnabled) {
userDefinePolicy += "permission java.lang.RuntimePermission \"loadLibrary.*\";";
try {
if (WareHouse.getInstance().getOdps() != null && WareHouse.getInstance().getOdps().getDefaultProject() != null) {
addJavaLibPath(WareHouse.getInstance().getResourceDir(WareHouse.getInstance().getOdps().getDefaultProject()).getAbsolutePath());
}
} catch (IOException e) {
System.err.println("Add java.library.path failed! " + e.getMessage());
}
}
if (WareHouse.getInstance() != null && WareHouse.getInstance().getWarehouseDir() != null) {
userDefinePolicy += "permission java.io.FilePermission \"" + WareHouse.getInstance().getWarehouseDir().getAbsolutePath() + File.separator + "-" + "\" , \"read,write,delete\";";
}
if (WareHouse.getInstance() != null && WareHouse.getInstance().getJobDirStr() != null) {
userDefinePolicy += "permission java.io.FilePermission \"" + WareHouse.getInstance().getJobDirStr() + File.separator + "-" + "\" , \"read,write,delete\";";
}
getInstance().userDefinePolicy = userDefinePolicy;
getInstance().replacement = replacement;
copyPolicyFile();
}Example 20
| Project: com.idega.core-master File: PDFOutput.java View source code |
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FileInputStream fis = null;
try {
// take the message from the URL or create default message
String spath = request.getParameter("dir");
if (spath == null || spath.trim().length() <= 0) {
spath = "[ specify a message in the 'msg' argument on the URL ]";
}
new FilePermission(spath, "read,execute");
// create simple doc and write to a ByteArrayOutputStream
ByteArrayOutputStream baos = new ByteArrayOutputStream();
fis = new FileInputStream(spath);
// Read the entire contents of the file.
while (fis.available() > 0) {
baos.write(fis.read());
}
// write ByteArrayOutputStream to the ServletOutputStream
response.setContentType("application/pdf");
response.setContentLength(baos.size());
ServletOutputStream out = response.getOutputStream();
baos.writeTo(out);
out.flush();
} catch (Exception e2) {
System.out.println("Error in " + getClass().getName() + "\n" + e2);
} finally {
if (fis != null) {
fis.close();
}
}
}Example 21
| Project: gemini.blueprint-master File: BaseIntegrationTest.java View source code |
/**
* Returns the list of permissions for the running test.
*
* @return
*/
protected List<Permission> getTestPermissions() {
List<Permission> perms = new ArrayList<Permission>();
perms.add(new PackagePermission("*", PackagePermission.EXPORT));
perms.add(new PackagePermission("*", PackagePermission.IMPORT));
perms.add(new BundlePermission("*", BundlePermission.HOST));
perms.add(new BundlePermission("*", BundlePermission.PROVIDE));
perms.add(new BundlePermission("*", BundlePermission.REQUIRE));
perms.add(new ServicePermission("*", ServicePermission.REGISTER));
perms.add(new ServicePermission("*", ServicePermission.GET));
perms.add(new PropertyPermission("*", "read,write"));
// required by Spring
perms.add(new RuntimePermission("*", "accessDeclaredMembers"));
perms.add(new ReflectPermission("*", "suppressAccessChecks"));
// logging permission
perms.add(new FilePermission("-", "write"));
perms.add(new FilePermission("-", "read"));
return perms;
}Example 22
| Project: Izou-master File: RootPermission.java View source code |
/**
* Checks if the given addOn is allowed to access the requested service and registers them if not yet registered.
*
* @param permission the Permission to check
* @param addon the identifiable to check
* @throws IzouPermissionException thrown if the addOn is not allowed to access its requested service
*/
@Override
public void checkPermission(Permission permission, AddOnModel addon) throws IzouPermissionException {
if (isRegistered(addon))
return;
if (permission instanceof FilePermission && !permission.getActions().intern().toLowerCase().equals("read")) {
String canonicalName = permission.getName().intern().toLowerCase();
getSecurityManager().getPermissionManager().getFilePermissionModule().fileWriteCheck(canonicalName, addon);
}
Function<PluginDescriptor, Boolean> checkPermission = descriptor -> {
try {
return descriptor.getAddOnProperties().get("root").equals("true");
} catch (NullPointerException e) {
return false;
}
};
String exceptionMessage = "Root permission denied for: " + addon + "is not registered to " + "use socket root connections.";
registerOrThrow(addon, () -> new IzouSocketPermissionException(exceptionMessage), checkPermission);
}Example 23
| Project: platform2-master File: PDFOutput.java View source code |
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
// take the message from the URL or create default message
String spath = request.getParameter("dir");
if (spath == null || spath.trim().length() <= 0) {
spath = "[ specify a message in the 'msg' argument on the URL ]";
}
new FilePermission(spath, "read,execute");
// create simple doc and write to a ByteArrayOutputStream
ByteArrayOutputStream baos = new ByteArrayOutputStream();
FileInputStream fis = new FileInputStream(spath);
// Read the entire contents of the file.
while (fis.available() > 0) {
baos.write(fis.read());
}
// write ByteArrayOutputStream to the ServletOutputStream
response.setContentType("application/pdf");
response.setContentLength(baos.size());
ServletOutputStream out = response.getOutputStream();
baos.writeTo(out);
out.flush();
} catch (Exception e2) {
System.out.println("Error in " + getClass().getName() + "\n" + e2);
}
}Example 24
| Project: riena-master File: AuthorizationServiceITest.java View source code |
public void testLoginWithUserWithRightsAndGetPermissions() throws Exception {
printTestName();
TestLocalCallbackHandler.setSuppliedCredentials("stefan", "passpass");
final URL configUrl = Activator.getDefault().getContext().getBundle().getEntry(JAAS_CONFIG_FILE);
final ILoginContext secureContext = LoginContextFactory.createContext("RemoteTest", configUrl);
secureContext.login();
final ServiceReference ref = getContext().getServiceReference(IAuthenticationService.class.getName());
final IAuthenticationService authenticationService = (IAuthenticationService) getContext().getService(ref);
System.out.println("subject:" + secureContext.getSubject());
System.out.println("login in sucessful");
try {
final ServiceReference authorizationServiceRef = getContext().getServiceReference(IAuthorizationService.class.getName());
final IAuthorizationService authorizationService = (IAuthorizationService) getContext().getService(authorizationServiceRef);
// get the permissions
final Set<Principal> principals = secureContext.getSubject().getPrincipals();
assertEquals(1, principals.size());
final Permissions[] permissionss = authorizationService.getPermissions(principals.toArray(new Principal[principals.size()]));
assertNotNull(permissionss);
assertEquals(1, permissionss.length);
final Permissions permissions = permissionss[0];
assertNotNull(permissions);
int count = 0;
for (final Permission permission : Iter.able(permissions.elements())) {
System.out.println("Permission: " + permission);
if (permission.getClass() == FilePermission.class) {
assertEquals("*.tmp", permission.getName());
assertEquals("write", permission.getActions());
} else if (permission.getClass() == CustomersPermission.class) {
assertTrue(permission.getActions().equals("find") || permission.getActions().equals("create"));
assertTrue(permission.getName().equals("riena.sample.A") || permission.getName().equals("riena.sample.B"));
} else {
fail("Unexpected permission: " + permission);
}
count++;
}
assertEquals(3, count);
} finally {
authenticationService.logout();
System.out.println("logoff sucessful");
}
new FilePermission("", "delete");
}Example 25
| Project: zoj-master File: SandboxSecurityManager.java View source code |
private void internalCheckPermision(Permission perm) {
if (Thread.currentThread() == targetThread) {
if (perm instanceof SecurityPermission) {
if (perm.getName().startsWith("getProperty")) {
return;
}
} else if (perm instanceof PropertyPermission) {
if (perm.getActions().equals("read")) {
return;
}
} else if (perm instanceof FilePermission) {
String name = perm.getName();
if (name.length() > 1 && name.charAt(0) != '.' && name.charAt(0) != '/') {
return;
}
}
throw new SecurityException(perm.toString());
}
}Example 26
| Project: Tstream-master File: SandBoxMaker.java View source code |
private String genClassPath(String classPathLine) {
StringBuilder sb = new StringBuilder();
String[] classPathes = classPathLine.split(":");
for (String classpath : classPathes) {
if (StringUtils.isBlank(classpath)) {
continue;
}
File file = new File(classpath);
if (file.isDirectory()) {
sb.append(" permission java.io.FilePermission \"");
sb.append(classpath).append(File.separator).append("**");
sb.append("\", \"read\";\n");
} else {
sb.append(" permission java.io.FilePermission \"");
sb.append(classpath);
sb.append("\", \"read\";\n");
}
}
return sb.toString();
}Example 27
| Project: axis2-java-master File: Java2SecTest.java View source code |
/**
* testCheckPermissionAllowed
*/
public void testCheckPermissionAllowed() throws Exception {
Java2SecTest.testResult = "testCheckPermissionAllowed failed.";
SecurityManager oldSM = null;
System.out.println("\ntestCheckPermissionAllowed() begins.\n");
boolean allowed = false;
String fileName = "public/public.txt";
oldSM = System.getSecurityManager();
if (oldSM != null) {
System.out.println("\nSecurity Manager is enabled.");
} else {
System.out.println("\nSecurity Manager is disabled.");
System.out.println("Enabling the default Java Security Manager");
System.setSecurityManager(new SecurityManager());
}
try {
// Print out maven's base,build, and test direcotories
String baseDir = AbstractTestCase.basedir;
System.out.println("basedir => " + baseDir);
// Convert the \ (back slash) to / (forward slash)
String baseDirM = baseDir.replace('\\', '/');
System.out.println("baseDirM => " + baseDirM);
String fs = "/";
String fileURL = baseDirM + fs + "test-resources" + fs + "java2sec" + fs + fileName;
Permission perm = new java.io.FilePermission(fileURL, "read");
AccessController.checkPermission(perm);
allowed = true;
} catch (Exception e) {
if (e instanceof AccessControlException) {
e.printStackTrace(System.out);
}
} finally {
assertTrue("Accessing to public.txt file is denied; Test failed.", allowed);
if (System.getSecurityManager() != null && oldSM == null) {
System.setSecurityManager(null);
if (System.getSecurityManager() == null) {
System.out.println("Security Manager is successfully disabled.");
} else {
System.out.println("Security Manager is still enabled");
}
}
System.out.println("\ntestCheckPermissionAllowed() ends.\n");
}
}Example 28
| Project: extreme-fishbowl-master File: LocalFileSystem.java View source code |
/**
* Creates a temporary local copy of a file and its descendents.
*/
protected File doReplicateFile(final FileObject fileObject, final FileSelector selector) throws Exception {
final LocalFile localFile = (LocalFile) fileObject;
final File file = localFile.getLocalFile();
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
final FilePermission requiredPerm = new FilePermission(file.getAbsolutePath(), "read");
sm.checkPermission(requiredPerm);
}
return file;
}Example 29
| Project: jargo-master File: SecurityTest.java View source code |
@Override
public void checkPermission(Permission perm) {
if (perm instanceof FilePermission) {
// To load the java class
if (perm.getActions().equals("read"))
return;
} else if (perm instanceof NetPermission) {
// To load the java class
if (perm.getName().equals("specifyStreamHandler"))
return;
} else if (perm instanceof RuntimePermission) {
// To shutdown the executor
if (perm.getName().equals("modifyThread"))
return;
} else if (perm instanceof PropertyPermission) {
if (READABLE_PROPERTIES.contains(perm.getName()) && perm.getActions().equals("read"))
return;
}
throw new SecurityException("Permission: " + perm + " not granted");
}Example 30
| Project: javatar-master File: ROMTransferHandlerUtil.java View source code |
public static boolean canAccept(Transferable transf) {
// General URLs
if (transf.isDataFlavorSupported(DATA_FLAVOR_TEXT))
return true;
// Files
if (!transf.isDataFlavorSupported(DATA_FLAVOR_FILE_LIST))
return false;
// Files Permission
try {
new FilePermission(".", "read").checkGuard("Ignored");
return true;
} catch (SecurityException ex) {
return false;
}
}Example 31
| Project: jboss-modules-master File: PermissionsTest.java View source code |
@Test
public void testExpansion() throws Exception {
Module module = moduleLoader.loadModule(MODULE_WITH_INVALID_EXPANSION);
Enumeration<Permission> permissions = module.getPermissionCollection().elements();
assertTrue(permissions.hasMoreElements());
Permission firstPermission = permissions.nextElement();
assertEquals(FilePermission.class.getName(), firstPermission.getClass().getName());
assertFalse(permissions.hasMoreElements());
}Example 32
| Project: Modular-Systems-master File: PermissionsTest.java View source code |
@Test
public void testExpansion() throws Exception {
Module module = moduleLoader.loadModule(MODULE_WITH_INVALID_EXPANSION);
Enumeration<Permission> permissions = module.getPermissionCollection().elements();
assertTrue(permissions.hasMoreElements());
Permission firstPermission = permissions.nextElement();
assertEquals(FilePermission.class.getName(), firstPermission.getClass().getName());
assertFalse(permissions.hasMoreElements());
}Example 33
| Project: pdi-vfs-master File: LocalFileSystem.java View source code |
/**
* Creates a temporary local copy of a file and its descendents.
*/
protected File doReplicateFile(final FileObject fileObject, final FileSelector selector) throws Exception {
final LocalFile localFile = (LocalFile) fileObject;
final File file = localFile.getLocalFile();
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
final FilePermission requiredPerm = new FilePermission(file.getAbsolutePath(), "read");
sm.checkPermission(requiredPerm);
}
return file;
}Example 34
| Project: wildfly-master File: WarStructureDeploymentProcessor.java View source code |
@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
if (!DeploymentTypeMarker.isType(DeploymentType.WAR, deploymentUnit)) {
// Skip non web deployments
return;
}
final ResourceRoot deploymentResourceRoot = deploymentUnit.getAttachment(Attachments.DEPLOYMENT_ROOT);
final VirtualFile deploymentRoot = deploymentResourceRoot.getRoot();
if (deploymentRoot == null) {
return;
}
// set the child first behaviour
final ModuleSpecification moduleSpecification = deploymentUnit.getAttachment(Attachments.MODULE_SPECIFICATION);
if (moduleSpecification == null) {
return;
}
moduleSpecification.setPrivateModule(true);
// other sub deployments should not have access to classes in the war module
PrivateSubDeploymentMarker.mark(deploymentUnit);
// OSGi WebApp deployments (WAB) may use the deployment root if they don't use WEB-INF/classes already
if (!deploymentUnit.hasAttachment(Attachments.OSGI_MANIFEST) || deploymentRoot.getChild(WEB_INF_CLASSES).exists()) {
// we do not want to index the resource root, only WEB-INF/classes and WEB-INF/lib
deploymentResourceRoot.putAttachment(Attachments.INDEX_RESOURCE_ROOT, false);
// Make sure the root does not end up in the module, only META-INF
deploymentResourceRoot.getExportFilters().add(new FilterSpecification(PathFilters.getMetaInfFilter(), true));
deploymentResourceRoot.getExportFilters().add(new FilterSpecification(PathFilters.getMetaInfSubdirectoriesFilter(), true));
deploymentResourceRoot.getExportFilters().add(new FilterSpecification(PathFilters.acceptAll(), false));
ModuleRootMarker.mark(deploymentResourceRoot, true);
}
// TODO: This needs to be ported to add additional resource roots the standard way
final MountHandle mountHandle = deploymentResourceRoot.getMountHandle();
try {
// add standard resource roots, this should eventually replace ClassPathEntry
final List<ResourceRoot> resourceRoots = createResourceRoots(deploymentRoot, deploymentUnit);
for (ResourceRoot root : resourceRoots) {
deploymentUnit.addToAttachmentList(Attachments.RESOURCE_ROOTS, root);
}
} catch (Exception e) {
throw new DeploymentUnitProcessingException(e);
}
// Add the war metadata
final WarMetaData warMetaData = new WarMetaData();
deploymentUnit.putAttachment(WarMetaData.ATTACHMENT_KEY, warMetaData);
String deploymentName;
if (deploymentUnit.getParent() == null) {
deploymentName = deploymentUnit.getName();
} else {
deploymentName = deploymentUnit.getParent().getName() + "." + deploymentUnit.getName();
}
PathManager pathManager = deploymentUnit.getAttachment(Attachments.PATH_MANAGER);
File tempDir = new File(pathManager.getPathEntry(TEMP_DIR).resolvePath(), deploymentName);
tempDir.mkdirs();
warMetaData.setTempDir(tempDir);
moduleSpecification.addPermissionFactory(new ImmediatePermissionFactory(new FilePermission(tempDir.getAbsolutePath() + File.separatorChar + "-", "read,write,delete")));
// Add the shared TLDs metadata
final TldsMetaData tldsMetaData = new TldsMetaData();
tldsMetaData.setSharedTlds(sharedTldsMetaData);
deploymentUnit.putAttachment(TldsMetaData.ATTACHMENT_KEY, tldsMetaData);
processExternalMounts(deploymentUnit, deploymentRoot);
}Example 35
| Project: datacollector-master File: TestSecurityUtil.java View source code |
@Override
public Void run() {
// set the security manager and override checkPermission as in java.lang.SecurityManager
System.setSecurityManager(new SecurityManager() {
@Override
public void checkWrite(String fd) {
}
@Override
public void checkPermission(Permission perm) {
try {
AccessController.checkPermission(perm);
} catch (Exception e) {
return;
}
}
});
Thread t = new Thread() {
@Override
public void run() {
try {
// While AccessController.checkPermission takes lock on this stuff in reverse order
synchronized (SecurityUtil.getSubjectDomainLock(AccessController.getContext())) {
Set<Principal> set = subject.getPrincipals();
set.add(new Principal() {
@Override
public String getName() {
return "anything";
}
});
Thread.sleep(1000);
}
} catch (Exception e) {
}
}
};
t.start();
Thread t1 = new Thread() {
@Override
public void run() {
try {
final FilePermission perm = new FilePermission("anything", "read");
AccessController.checkPermission(perm);
} catch (Exception e) {
}
}
};
t1.start();
try {
t.join();
t1.join();
} catch (InterruptedException e) {
}
return null;
}Example 36
| Project: elassandra-master File: SecurityTests.java View source code |
/** test generated permissions for all configured paths */
public void testEnvironmentPaths() throws Exception {
Path path = createTempDir();
// make a fake ES home and ensure we only grant permissions to that.
Path esHome = path.resolve("esHome");
Settings.Builder settingsBuilder = Settings.builder();
settingsBuilder.put("path.home", esHome.resolve("home").toString());
settingsBuilder.put("path.conf", esHome.resolve("conf").toString());
settingsBuilder.put("path.scripts", esHome.resolve("scripts").toString());
settingsBuilder.put("path.plugins", esHome.resolve("plugins").toString());
settingsBuilder.putArray("path.data", esHome.resolve("data1").toString(), esHome.resolve("data2").toString());
settingsBuilder.put("path.shared_data", esHome.resolve("custom").toString());
settingsBuilder.put("path.logs", esHome.resolve("logs").toString());
settingsBuilder.put("pidfile", esHome.resolve("test.pid").toString());
Settings settings = settingsBuilder.build();
Path fakeTmpDir = createTempDir();
String realTmpDir = System.getProperty("java.io.tmpdir");
Permissions permissions;
Environment environment;
try {
System.setProperty("java.io.tmpdir", fakeTmpDir.toString());
environment = new Environment(settings);
permissions = Security.createPermissions(environment);
} finally {
System.setProperty("java.io.tmpdir", realTmpDir);
}
// the fake es home
assertNoPermissions(esHome, permissions);
// its parent
assertNoPermissions(esHome.getParent(), permissions);
// some other sibling
assertNoPermissions(esHome.getParent().resolve("other"), permissions);
// double check we overwrote java.io.tmpdir correctly for the test
assertNoPermissions(PathUtils.get(realTmpDir), permissions);
// check that all directories got permissions:
// bin file: ro
assertExactPermissions(new FilePermission(environment.binFile().toString(), "read,readlink"), permissions);
// lib file: ro
assertExactPermissions(new FilePermission(environment.libFile().toString(), "read,readlink"), permissions);
// modules file: ro
assertExactPermissions(new FilePermission(environment.modulesFile().toString(), "read,readlink"), permissions);
// config file: ro
assertExactPermissions(new FilePermission(environment.configFile().toString(), "read,readlink"), permissions);
// scripts file: ro
assertExactPermissions(new FilePermission(environment.scriptsFile().toString(), "read,readlink"), permissions);
// plugins: ro
assertExactPermissions(new FilePermission(environment.pluginsFile().toString(), "read,readlink"), permissions);
// data paths: r/w
for (Path dataPath : environment.dataFiles()) {
assertExactPermissions(new FilePermission(dataPath.toString(), "read,readlink,write,delete"), permissions);
}
for (Path dataPath : environment.dataWithClusterFiles()) {
assertExactPermissions(new FilePermission(dataPath.toString(), "read,readlink,write,delete"), permissions);
}
assertExactPermissions(new FilePermission(environment.sharedDataFile().toString(), "read,readlink,write,delete"), permissions);
// logs: r/w
assertExactPermissions(new FilePermission(environment.logsFile().toString(), "read,readlink,write,delete"), permissions);
// temp dir: r/w
assertExactPermissions(new FilePermission(fakeTmpDir.toString(), "read,readlink,write,delete"), permissions);
// PID file: delete only (for the shutdown hook)
assertExactPermissions(new FilePermission(environment.pidFile().toString(), "delete"), permissions);
}Example 37
| Project: elasticsearch-master File: EvilSecurityTests.java View source code |
/** test generated permissions for all configured paths */
// needs to check settings for deprecated path
@SuppressWarnings("deprecation")
public void testEnvironmentPaths() throws Exception {
Path path = createTempDir();
// make a fake ES home and ensure we only grant permissions to that.
Path esHome = path.resolve("esHome");
Settings.Builder settingsBuilder = Settings.builder();
settingsBuilder.put(Environment.PATH_HOME_SETTING.getKey(), esHome.resolve("home").toString());
settingsBuilder.put(Environment.PATH_CONF_SETTING.getKey(), esHome.resolve("conf").toString());
settingsBuilder.put(Environment.PATH_SCRIPTS_SETTING.getKey(), esHome.resolve("scripts").toString());
settingsBuilder.putArray(Environment.PATH_DATA_SETTING.getKey(), esHome.resolve("data1").toString(), esHome.resolve("data2").toString());
settingsBuilder.put(Environment.PATH_SHARED_DATA_SETTING.getKey(), esHome.resolve("custom").toString());
settingsBuilder.put(Environment.PATH_LOGS_SETTING.getKey(), esHome.resolve("logs").toString());
settingsBuilder.put(Environment.PIDFILE_SETTING.getKey(), esHome.resolve("test.pid").toString());
Settings settings = settingsBuilder.build();
Path fakeTmpDir = createTempDir();
String realTmpDir = System.getProperty("java.io.tmpdir");
Permissions permissions;
Environment environment;
try {
System.setProperty("java.io.tmpdir", fakeTmpDir.toString());
environment = new Environment(settings);
permissions = Security.createPermissions(environment);
} finally {
System.setProperty("java.io.tmpdir", realTmpDir);
}
// the fake es home
assertNoPermissions(esHome, permissions);
// its parent
assertNoPermissions(esHome.getParent(), permissions);
// some other sibling
assertNoPermissions(esHome.getParent().resolve("other"), permissions);
// double check we overwrote java.io.tmpdir correctly for the test
assertNoPermissions(PathUtils.get(realTmpDir), permissions);
// check that all directories got permissions:
// bin file: ro
assertExactPermissions(new FilePermission(environment.binFile().toString(), "read,readlink"), permissions);
// lib file: ro
assertExactPermissions(new FilePermission(environment.libFile().toString(), "read,readlink"), permissions);
// modules file: ro
assertExactPermissions(new FilePermission(environment.modulesFile().toString(), "read,readlink"), permissions);
// config file: ro
assertExactPermissions(new FilePermission(environment.configFile().toString(), "read,readlink"), permissions);
// scripts file: ro
assertExactPermissions(new FilePermission(environment.scriptsFile().toString(), "read,readlink"), permissions);
assertSettingDeprecationsAndWarnings(new Setting<?>[] { Environment.PATH_SCRIPTS_SETTING });
// plugins: ro
assertExactPermissions(new FilePermission(environment.pluginsFile().toString(), "read,readlink"), permissions);
// data paths: r/w
for (Path dataPath : environment.dataFiles()) {
assertExactPermissions(new FilePermission(dataPath.toString(), "read,readlink,write,delete"), permissions);
}
for (Path dataPath : environment.dataWithClusterFiles()) {
assertExactPermissions(new FilePermission(dataPath.toString(), "read,readlink,write,delete"), permissions);
}
assertExactPermissions(new FilePermission(environment.sharedDataFile().toString(), "read,readlink,write,delete"), permissions);
// logs: r/w
assertExactPermissions(new FilePermission(environment.logsFile().toString(), "read,readlink,write,delete"), permissions);
// temp dir: r/w
assertExactPermissions(new FilePermission(fakeTmpDir.toString(), "read,readlink,write,delete"), permissions);
// PID file: delete only (for the shutdown hook)
assertExactPermissions(new FilePermission(environment.pidFile().toString(), "delete"), permissions);
}Example 38
| Project: filebot-master File: SecureCompiledScript.java View source code |
public static PermissionCollection getDefaultSandboxPermissions() {
Permissions permissions = new Permissions();
// give up on real security, just try to keep files read-only (because of classloading and native lib loading issues)
permissions.add(new RuntimePermission("createClassLoader"));
permissions.add(new RuntimePermission("getClassLoader"));
permissions.add(new RuntimePermission("modifyThread"));
permissions.add(new RuntimePermission("modifyThreadGroup"));
permissions.add(new RuntimePermission("loadLibrary.*"));
permissions.add(new RuntimePermission("accessClassInPackage.*"));
permissions.add(new RuntimePermission("accessDeclaredMembers"));
permissions.add(new RuntimePermission("canProcessApplicationEvents"));
permissions.add(new RuntimePermission("getenv.*"));
permissions.add(new RuntimePermission("getFileSystemAttributes"));
permissions.add(new RuntimePermission("readFileDescriptor"));
permissions.add(new RuntimePermission("preferences"));
permissions.add(new AWTPermission("toolkitModality"));
permissions.add(new AWTPermission("setWindowAlwaysOnTop"));
permissions.add(new AWTPermission("showWindowWithoutWarningBanner"));
permissions.add(new FilePermission("<<ALL FILES>>", "read"));
permissions.add(new SocketPermission("*", "connect"));
permissions.add(new PropertyPermission("*", "read"));
permissions.add(new PropertyPermission("*", "write"));
permissions.add(new LoggingPermission("control", null));
permissions.add(new ManagementPermission("monitor"));
permissions.add(new ReflectPermission("suppressAccessChecks"));
permissions.add(new ReflectPermission("newProxyInPackage.*"));
// write permissions for cache and temp folders
for (ApplicationFolder it : ApplicationFolder.values()) {
permissions.add(new FilePermission(it.get().getAbsolutePath() + File.separator + "-", "read, write, delete"));
}
return permissions;
}Example 39
| Project: javaee7-samples-master File: SubjectServlet.java View source code |
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
if (subject != null) {
response.getWriter().print("Obtained subject from context.\n");
// Get the permissions associated with the Subject we obtained
PermissionCollection permissionCollection = getPermissionCollection(subject);
// Resolve any potentially unresolved permissions
permissionCollection.implies(new WebRoleRefPermission("", "nothing"));
// Filter just the roles from all the permissions, which may include things like
// java.net.SocketPermission, java.io.FilePermission, and obtain the actual role names.
Set<String> roles = filterRoles(request, permissionCollection);
for (String role : roles) {
response.getWriter().print("User has role " + role + "\n");
}
}
} catch (PolicyContextException e) {
e.printStackTrace(response.getWriter());
}
}Example 40
| Project: JavaIncrementalParser-master File: SubjectServlet.java View source code |
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
if (subject != null) {
response.getWriter().print("Obtained subject from context.\n");
// Get the permissions associated with the Subject we obtained
PermissionCollection permissionCollection = getPermissionCollection(subject);
// Resolve any potentially unresolved permissions
permissionCollection.implies(new WebRoleRefPermission("", "nothing"));
// Filter just the roles from all the permissions, which may include things like
// java.net.SocketPermission, java.io.FilePermission, and obtain the actual role names.
Set<String> roles = filterRoles(request, permissionCollection);
for (String role : roles) {
response.getWriter().print("User has role " + role + "\n");
}
}
} catch (PolicyContextException e) {
e.printStackTrace(response.getWriter());
}
}Example 41
| Project: Moogle-Muice-master File: StrictContainerTestSuite.java View source code |
@Override
public void checkPermission(Permission permission) {
if (permission instanceof FilePermission || permission instanceof PropertyPermission) {
// avoid creating a stacktrace for common permissions
return;
}
String stacktrace = Arrays.toString(new Throwable().getStackTrace());
if (stacktrace.contains("Thread.<init>") || stacktrace.contains(".getSystemClassLoader(")) {
throw new AccessControlException("StrictContainerTestSuite forbids this!");
}
}Example 42
| Project: phoneme-components-cdc-master File: PolicyFile.java View source code |
/**
* Creates one of the well-known permissions directly instead of
* via reflection. Keep list short to not penalize non-JDK-defined
* permissions.
*/
private static final Permission getKnownInstance(Class claz, String name, String actions) {
// TODO: shorten list to most popular ones?
if (claz.equals(FilePermission.class)) {
return new FilePermission(name, actions);
} else if (claz.equals(SocketPermission.class)) {
return new SocketPermission(name, actions);
} else if (claz.equals(RuntimePermission.class)) {
return new RuntimePermission(name, actions);
} else if (claz.equals(PropertyPermission.class)) {
return new PropertyPermission(name, actions);
} else if (claz.equals(NetPermission.class)) {
return new NetPermission(name, actions);
} else if (claz.equals(AllPermission.class)) {
return SecurityConstants.ALL_PERMISSION;
/* Subset out AWTPermission for CDC/FP.
} else if (claz.equals(AWTPermission.class)) {
return new AWTPermission(name, actions);
*/
/*
} else if (claz.equals(ReflectPermission.class)) {
return new ReflectPermission(name, actions);
} else if (claz.equals(SecurityPermission.class)) {
return new SecurityPermission(name, actions);
} else if (claz.equals(PrivateCredentialPermission.class)) {
return new PrivateCredentialPermission(name, actions);
} else if (claz.equals(AuthPermission.class)) {
return new AuthPermission(name, actions);
} else if (claz.equals(ServicePermission.class)) {
return new ServicePermission(name, actions);
} else if (claz.equals(DelegationPermission.class)) {
return new DelegationPermission(name, actions);
} else if (claz.equals(SerializablePermission.class)) {
return new SerializablePermission(name, actions);
} else if (claz.equals(AudioPermission.class)) {
return new AudioPermission(name, actions);
} else if (claz.equals(SSLPermission.class)) {
return new SSLPermission(name, actions);
} else if (claz.equals(LoggingPermission.class)) {
return new LoggingPermission(name, actions);
} else if (claz.equals(SQLPermission.class)) {
return new SQLPermission(name, actions);
*/
} else {
return null;
}
}Example 43
| Project: Resteasy-master File: EntityBufferingInFileTest.java View source code |
@Deployment
public static Archive<?> deploy() {
WebArchive war = TestUtil.prepareArchive(EntityBufferingInFileTest.class.getSimpleName());
war.addClass(EntityBufferingInFileTest.class);
// DataSource provider creates tmp file in the filesystem
war.addAsManifestResource(PermissionUtil.createPermissionsXmlAsset(new FilePermission("/tmp/-", "read")), "permissions.xml");
return TestUtil.finishContainerPrepare(war, null, EntityBufferingInFileResource.class);
}Example 44
| Project: jst-master File: SandBoxMaker.java View source code |
private String genClassPath(String classPathLine) {
StringBuilder sb = new StringBuilder();
String[] classpathList = classPathLine.split(":");
for (String classpath : classpathList) {
if (StringUtils.isBlank(classpath)) {
continue;
}
File file = new File(classpath);
if (file.isDirectory()) {
sb.append(" permission java.io.FilePermission \"");
sb.append(classpath).append(File.separator).append("**");
sb.append("\", \"read\";\n");
} else {
sb.append(" permission java.io.FilePermission \"");
sb.append(classpath);
sb.append("\", \"read\";\n");
}
}
return sb.toString();
}Example 45
| Project: jstorm-master File: SandBoxMaker.java View source code |
private String genClassPath(String classPathLine) {
StringBuilder sb = new StringBuilder();
String[] classPathes = classPathLine.split(":");
for (String classpath : classPathes) {
if (StringUtils.isBlank(classpath)) {
continue;
}
File file = new File(classpath);
if (file.isDirectory()) {
sb.append(" permission java.io.FilePermission \"");
sb.append(classpath).append(File.separator).append("**");
sb.append("\", \"read\";\n");
} else {
sb.append(" permission java.io.FilePermission \"");
sb.append(classpath);
sb.append("\", \"read\";\n");
}
}
return sb.toString();
}Example 46
| Project: barchart-udt-master File: PolicyFile.java View source code |
/**
* Creates one of the well-known permissions directly instead of
* via reflection. Keep list short to not penalize non-JDK-defined
* permissions.
*/
private static final Permission getKnownInstance(Class claz, String name, String actions) {
// XXX shorten list to most popular ones?
if (claz.equals(FilePermission.class)) {
return new FilePermission(name, actions);
} else if (claz.equals(SocketPermission.class)) {
return new SocketPermission(name, actions);
} else if (claz.equals(RuntimePermission.class)) {
return new RuntimePermission(name, actions);
} else if (claz.equals(PropertyPermission.class)) {
return new PropertyPermission(name, actions);
} else if (claz.equals(NetPermission.class)) {
return new NetPermission(name, actions);
} else if (claz.equals(AllPermission.class)) {
return SecurityConstants.ALL_PERMISSION;
} else if (claz.equals(AWTPermission.class)) {
return new AWTPermission(name, actions);
/*
} else if (claz.equals(ReflectPermission.class)) {
return new ReflectPermission(name, actions);
} else if (claz.equals(SecurityPermission.class)) {
return new SecurityPermission(name, actions);
} else if (claz.equals(PrivateCredentialPermission.class)) {
return new PrivateCredentialPermission(name, actions);
} else if (claz.equals(AuthPermission.class)) {
return new AuthPermission(name, actions);
} else if (claz.equals(ServicePermission.class)) {
return new ServicePermission(name, actions);
} else if (claz.equals(DelegationPermission.class)) {
return new DelegationPermission(name, actions);
} else if (claz.equals(SerializablePermission.class)) {
return new SerializablePermission(name, actions);
} else if (claz.equals(AudioPermission.class)) {
return new AudioPermission(name, actions);
} else if (claz.equals(SSLPermission.class)) {
return new SSLPermission(name, actions);
} else if (claz.equals(LoggingPermission.class)) {
return new LoggingPermission(name, actions);
} else if (claz.equals(SQLPermission.class)) {
return new SQLPermission(name, actions);
*/
} else {
return null;
}
}Example 47
| Project: batik-master File: SVGOnLoadExceptionTest.java View source code |
/**
* Run this test and produce a report.
* The test goes through the following steps: <ul>
* <li>load the input SVG into a Document</li>
* <li>build the GVT tree corresponding to the
* Document and dispatch the 'onload' event</li>
* </ul>
*
*/
public TestReport runImpl() throws Exception {
ApplicationSecurityEnforcer ase = new ApplicationSecurityEnforcer(this.getClass(), "org/apache/batik/apps/svgbrowser/resources/svgbrowser.policy");
if (secure) {
ase.enforceSecurity(true);
}
try {
if (!restricted) {
return testImpl();
} else {
// Emulate calling from restricted code. We create a
// calling context with only the permission to read
// the file.
Policy policy = Policy.getPolicy();
URL classesURL = (new File("classes")).toURL();
CodeSource cs = new CodeSource(classesURL, (Certificate[]) null);
PermissionCollection permissionsOrig = policy.getPermissions(cs);
Permissions permissions = new Permissions();
Enumeration iter = permissionsOrig.elements();
while (iter.hasMoreElements()) {
Permission p = (Permission) iter.nextElement();
if (!(p instanceof RuntimePermission)) {
if (!(p instanceof java.security.AllPermission)) {
permissions.add(p);
}
} else {
if (!"createClassLoader".equals(p.getName())) {
permissions.add(p);
}
}
}
permissions.add(new FilePermission(fileName, "read"));
permissions.add(new RuntimePermission("accessDeclaredMembers"));
ProtectionDomain domain;
AccessControlContext ctx;
domain = new ProtectionDomain(null, permissions);
ctx = new AccessControlContext(new ProtectionDomain[] { domain });
try {
return (TestReport) AccessController.doPrivileged(new PrivilegedExceptionAction() {
public Object run() throws Exception {
return testImpl();
}
}, ctx);
} catch (PrivilegedActionException pae) {
throw pae.getException();
}
}
} finally {
ase.enforceSecurity(false);
}
}Example 48
| Project: billpayevolutiondemo-master File: ResourceTest.java View source code |
/* ------------------------------------------------------------ */
protected void setUp() throws Exception {
if (data != null)
return;
File file = new File(__userDir);
file = new File(file.getCanonicalPath());
__userURL = file.toURL();
if (__userURL.toString().endsWith("/modules/jetty/") || __userURL.toString().endsWith("/modules/jetty")) {
__userURL = new URL(__userURL.toString() + "src/test/java/org/mortbay/resource/");
FilePermission perm = (FilePermission) __userURL.openConnection().getPermission();
__userDir = new File(perm.getName()).getCanonicalPath() + File.separatorChar;
__relDir = "src/test/java/org/mortbay/resource/".replace('/', File.separatorChar);
} else {
__userURL = new URL(__userURL.toString() + "modules/jetty/src/test/java/org/mortbay/resource/");
FilePermission perm = (FilePermission) __userURL.openConnection().getPermission();
__userDir = new File(perm.getName()).getCanonicalPath() + File.separatorChar;
__relDir = "modules/jetty/src/test/java/org/mortbay/resource/".replace('/', File.separatorChar);
}
System.err.println("User Dir=" + __userDir);
System.err.println("Rel Dir=" + __relDir);
System.err.println("User URL=" + __userURL);
tmpFile = File.createTempFile("test", null).getCanonicalFile();
tmpFile.deleteOnExit();
data = new Data[50];
int i = 0;
data[i++] = new Data(tmpFile.toString(), EXISTS, !DIR);
int rt = i;
data[i++] = new Data(__userURL, EXISTS, DIR);
data[i++] = new Data(__userDir, EXISTS, DIR);
data[i++] = new Data(__relDir, EXISTS, DIR);
data[i++] = new Data(__userURL + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__userDir + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__relDir + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__userURL + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(__userDir + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(__relDir + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(data[rt], "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(data[rt], "/ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(data[rt], "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(data[rt], "/NoName.txt", !EXISTS, !DIR);
int td = i;
data[i++] = new Data(data[rt], "TestData", EXISTS, DIR);
data[i++] = new Data(data[rt], "TestData/", EXISTS, DIR);
data[i++] = new Data(data[td], "alphabet.txt", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
data[i++] = new Data("jar:file:/somejar.jar!/content/", !EXISTS, DIR);
data[i++] = new Data("jar:file:/somejar.jar!/", !EXISTS, DIR);
int tj = i;
data[i++] = new Data("jar:" + __userURL + "TestData/test.zip!/", EXISTS, DIR);
data[i++] = new Data(data[tj], "Unkown", !EXISTS, !DIR);
data[i++] = new Data(data[tj], "/Unkown/", !EXISTS, DIR);
data[i++] = new Data(data[tj], "subdir", EXISTS, DIR);
data[i++] = new Data(data[tj], "/subdir/", EXISTS, DIR);
data[i++] = new Data(data[tj], "alphabet", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
data[i++] = new Data(data[tj], "/subdir/alphabet", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
Resource base = Resource.newResource(__userDir);
Resource dir0 = base.addPath("TestData");
assertTrue(dir0.isDirectory());
assertTrue(dir0.toString().endsWith("/"));
assertTrue(dir0.getAlias() == null);
Resource dir1 = base.addPath("TestData/");
assertTrue(dir1.isDirectory());
assertTrue(dir1.toString().endsWith("/"));
assertTrue(dir1.getAlias() == null);
}Example 49
| Project: browsermob-proxy-master File: URLResource.java View source code |
/* ------------------------------------------------------------ */
/**
* Returns an File representing the given resource or NULL if this
* is not possible.
*/
public File getFile() throws IOException {
// Try the permission hack
if (checkConnection()) {
Permission perm = _connection.getPermission();
if (perm instanceof java.io.FilePermission)
return new File(perm.getName());
}
// Try the URL file arg
try {
return new File(_url.getFile());
} catch (Exception e) {
LogSupport.ignore(log, e);
}
// Don't know the file
return null;
}Example 50
| Project: classlib6-master File: RegistryImpl.java View source code |
/**
* Generates an AccessControlContext with minimal permissions.
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
private static AccessControlContext getAccessControlContext() {
// begin with permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(new java.security.PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource = new CodeSource(null, (java.security.cert.Certificate[]) null);
Policy p = java.security.Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
/*
* Anyone can connect to the registry and the registry can connect
* to and possibly download stubs from anywhere. Downloaded stubs and
* related classes themselves are more tightly limited by RMI.
*/
perms.add(new SocketPermission("*", "connect,accept"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
perms.add(new FilePermission("<<ALL FILES>>", "read"));
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(new CodeSource(null, (java.security.cert.Certificate[]) null), perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}Example 51
| Project: eclipse-examples-master File: PermissionInfoCollection.java View source code |
private void addPermissions(PermissionCollection collection, Class<? extends Permission> permClass) throws NoSuchMethodException, IllegalAccessException, InstantiationException, InvocationTargetException {
String permClassName = permClass.getName();
Constructor<? extends Permission> constructor = null;
int numArgs = -1;
for (int i = permClassArrayArgs.length - 1; i >= 0; i--) {
try {
constructor = permClass.getConstructor(permClassArrayArgs[i]);
numArgs = i;
break;
} catch (NoSuchMethodException e) {
}
}
if (constructor == null)
//$NON-NLS-1$
throw new NoSuchMethodException(permClass.getName() + ".<init>()");
/*
* TODO: We need to cache the permission constructors to enhance performance (see bug 118813).
*/
for (int i = 0; i < permInfos.length; i++) {
if (permInfos[i].getType().equals(permClassName)) {
String args[] = new String[numArgs];
if (numArgs > 0)
args[0] = permInfos[i].getName();
if (numArgs > 1)
args[1] = permInfos[i].getActions();
if (//$NON-NLS-1$
permInfos[i].getType().equals("java.io.FilePermission")) {
// map FilePermissions for relative names to the bundle's data area
if (!args[0].equals("<<ALL FILES>>")) {
File file = new File(args[0]);
if (// relative name
!file.isAbsolute()) {
// TODO need to figure out how to do relative FilePermissions from the dataFile
continue;
}
}
}
collection.add(constructor.newInstance((Object[]) args));
}
}
}Example 52
| Project: gestalt-master File: SandboxTest.java View source code |
@Before
public void setup() {
registry = new TableModuleRegistry();
new ModulePathScanner().scan(registry, Paths.get("test-modules").toAbsolutePath());
permissionProviderFactory.getBasePermissionSet().addAPIPackage("sun.reflect");
permissionProviderFactory.getBasePermissionSet().addAPIPackage("java.lang");
permissionProviderFactory.getBasePermissionSet().addAPIPackage("java.util");
PermissionSet ioPermissionSet = new PermissionSet();
ioPermissionSet.addAPIPackage("java.io");
ioPermissionSet.addAPIPackage("java.nio.file");
ioPermissionSet.addAPIPackage("java.nio.file.attribute");
ioPermissionSet.addAPIClass(IOInterface.class);
ioPermissionSet.grantPermission(FilePermission.class);
permissionProviderFactory.addPermissionSet("io", ioPermissionSet);
Policy.setPolicy(new ModuleSecurityPolicy());
System.setSecurityManager(new ModuleSecurityManager());
}Example 53
| Project: ikvm-monotouch-master File: Launcher.java View source code |
public Object run() {
for (int i = 0; i < path.length; i++) {
File f = path[i];
String path;
try {
path = f.getCanonicalPath();
} catch (IOException ioe) {
path = f.getAbsolutePath();
}
if (i == 0) {
codeBase = Launcher.getFileURL(new File(path));
}
if (f.isDirectory()) {
if (path.endsWith(File.separator)) {
perms.add(new FilePermission(path + "-", SecurityConstants.FILE_READ_ACTION));
} else {
perms.add(new FilePermission(path + File.separator + "-", SecurityConstants.FILE_READ_ACTION));
}
} else {
int endIndex = path.lastIndexOf(File.separatorChar);
if (endIndex != -1) {
path = path.substring(0, endIndex + 1) + "-";
perms.add(new FilePermission(path, SecurityConstants.FILE_READ_ACTION));
} else {
// XXX?
}
}
}
return null;
}Example 54
| Project: ikvm-openjdk-master File: Launcher.java View source code |
public Object run() {
for (int i = 0; i < path.length; i++) {
File f = path[i];
String path;
try {
path = f.getCanonicalPath();
} catch (IOException ioe) {
path = f.getAbsolutePath();
}
if (i == 0) {
codeBase = Launcher.getFileURL(new File(path));
}
if (f.isDirectory()) {
if (path.endsWith(File.separator)) {
perms.add(new FilePermission(path + "-", SecurityConstants.FILE_READ_ACTION));
} else {
perms.add(new FilePermission(path + File.separator + "-", SecurityConstants.FILE_READ_ACTION));
}
} else {
int endIndex = path.lastIndexOf(File.separatorChar);
if (endIndex != -1) {
path = path.substring(0, endIndex + 1) + "-";
perms.add(new FilePermission(path, SecurityConstants.FILE_READ_ACTION));
} else {
// XXX?
}
}
}
return null;
}Example 55
| Project: IKVM.NET-cvs-clone-master File: Launcher.java View source code |
public Object run() {
for (int i = 0; i < path.length; i++) {
File f = path[i];
String path;
try {
path = f.getCanonicalPath();
} catch (IOException ioe) {
path = f.getAbsolutePath();
}
if (i == 0) {
codeBase = Launcher.getFileURL(new File(path));
}
if (f.isDirectory()) {
if (path.endsWith(File.separator)) {
perms.add(new FilePermission(path + "-", SecurityConstants.FILE_READ_ACTION));
} else {
perms.add(new FilePermission(path + File.separator + "-", SecurityConstants.FILE_READ_ACTION));
}
} else {
int endIndex = path.lastIndexOf(File.separatorChar);
if (endIndex != -1) {
path = path.substring(0, endIndex + 1) + "-";
perms.add(new FilePermission(path, SecurityConstants.FILE_READ_ACTION));
} else {
// XXX?
}
}
}
return null;
}Example 56
| Project: IoTgo_Android_App-master File: URLResource.java View source code |
/* ------------------------------------------------------------ */
/**
* Returns an File representing the given resource or NULL if this
* is not possible.
*/
@Override
public File getFile() throws IOException {
// Try the permission hack
if (checkConnection()) {
Permission perm = _connection.getPermission();
if (perm instanceof java.io.FilePermission)
return new File(perm.getName());
}
// Try the URL file arg
try {
return new File(_url.getFile());
} catch (Exception e) {
LOG.ignore(e);
}
// Don't know the file
return null;
}Example 57
| Project: jbpm3-seam-master File: GroupDbTest.java View source code |
public void testGroupPermissions() {
Group chicagoBulls = new Group("chicago bulls");
chicagoBulls.addPermission(new SocketPermission("basket", "connect"));
chicagoBulls.addPermission(new FilePermission("ticket", "write"));
chicagoBulls = saveAndReload(chicagoBulls);
assertEquals(2, chicagoBulls.getPermissions().size());
identitySession.deleteEntity(chicagoBulls);
}Example 58
| Project: jetty-hadoop-fix-master File: ResourceTest.java View source code |
/* ------------------------------------------------------------ */
protected void setUp() throws Exception {
if (data != null)
return;
File file = new File(__userDir);
file = new File(file.getCanonicalPath());
__userURL = file.toURL();
if (__userURL.toString().endsWith("/modules/jetty/") || __userURL.toString().endsWith("/modules/jetty")) {
__userURL = new URL(__userURL.toString() + "src/test/java/org/mortbay/resource/");
FilePermission perm = (FilePermission) __userURL.openConnection().getPermission();
__userDir = new File(perm.getName()).getCanonicalPath() + File.separatorChar;
__relDir = "src/test/java/org/mortbay/resource/".replace('/', File.separatorChar);
} else {
__userURL = new URL(__userURL.toString() + "modules/jetty/src/test/java/org/mortbay/resource/");
FilePermission perm = (FilePermission) __userURL.openConnection().getPermission();
__userDir = new File(perm.getName()).getCanonicalPath() + File.separatorChar;
__relDir = "modules/jetty/src/test/java/org/mortbay/resource/".replace('/', File.separatorChar);
}
System.err.println("User Dir=" + __userDir);
System.err.println("Rel Dir=" + __relDir);
System.err.println("User URL=" + __userURL);
tmpFile = File.createTempFile("test", null).getCanonicalFile();
tmpFile.deleteOnExit();
data = new Data[50];
int i = 0;
data[i++] = new Data(tmpFile.toString(), EXISTS, !DIR);
int rt = i;
data[i++] = new Data(__userURL, EXISTS, DIR);
data[i++] = new Data(__userDir, EXISTS, DIR);
data[i++] = new Data(__relDir, EXISTS, DIR);
data[i++] = new Data(__userURL + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__userDir + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__relDir + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__userURL + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(__userDir + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(__relDir + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(data[rt], "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(data[rt], "/ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(data[rt], "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(data[rt], "/NoName.txt", !EXISTS, !DIR);
int td = i;
data[i++] = new Data(data[rt], "TestData", EXISTS, DIR);
data[i++] = new Data(data[rt], "TestData/", EXISTS, DIR);
data[i++] = new Data(data[td], "alphabet.txt", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
data[i++] = new Data("jar:file:/somejar.jar!/content/", !EXISTS, DIR);
data[i++] = new Data("jar:file:/somejar.jar!/", !EXISTS, DIR);
int tj = i;
data[i++] = new Data("jar:" + __userURL + "TestData/test.zip!/", EXISTS, DIR);
data[i++] = new Data(data[tj], "Unkown", !EXISTS, !DIR);
data[i++] = new Data(data[tj], "/Unkown/", !EXISTS, DIR);
data[i++] = new Data(data[tj], "subdir", EXISTS, DIR);
data[i++] = new Data(data[tj], "/subdir/", EXISTS, DIR);
data[i++] = new Data(data[tj], "alphabet", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
data[i++] = new Data(data[tj], "/subdir/alphabet", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
Resource base = Resource.newResource(__userDir);
Resource dir0 = base.addPath("TestData");
assertTrue(dir0.isDirectory());
assertTrue(dir0.toString().endsWith("/"));
assertTrue(dir0.getAlias() == null);
Resource dir1 = base.addPath("TestData/");
assertTrue(dir1.isDirectory());
assertTrue(dir1.toString().endsWith("/"));
assertTrue(dir1.getAlias() == null);
}Example 59
| Project: jetty-plugin-support-master File: ResourceTest.java View source code |
/* ------------------------------------------------------------ */
@BeforeClass
public static void setUp() throws Exception {
if (data != null)
return;
File file = new File(__userDir);
file = new File(file.getCanonicalPath());
URI uri = file.toURI();
__userURL = uri.toURL();
__userURL = new URL(__userURL.toString() + "src/test/java/org/eclipse/jetty/util/resource/");
FilePermission perm = (FilePermission) __userURL.openConnection().getPermission();
__userDir = new File(perm.getName()).getCanonicalPath() + File.separatorChar;
__relDir = "src/test/java/org/eclipse/jetty/util/resource/".replace('/', File.separatorChar);
System.err.println("User Dir=" + __userDir);
System.err.println("Rel Dir=" + __relDir);
System.err.println("User URL=" + __userURL);
tmpFile = File.createTempFile("test", null).getCanonicalFile();
tmpFile.deleteOnExit();
data = new Data[50];
int i = 0;
data[i++] = new Data(tmpFile.toString(), EXISTS, !DIR);
int rt = i;
data[i++] = new Data(__userURL, EXISTS, DIR);
data[i++] = new Data(__userDir, EXISTS, DIR);
data[i++] = new Data(__relDir, EXISTS, DIR);
data[i++] = new Data(__userURL + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__userDir + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__relDir + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__userURL + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(__userDir + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(__relDir + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(data[rt], "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(data[rt], "/ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(data[rt], "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(data[rt], "/NoName.txt", !EXISTS, !DIR);
int td = i;
data[i++] = new Data(data[rt], "TestData", EXISTS, DIR);
data[i++] = new Data(data[rt], "TestData/", EXISTS, DIR);
data[i++] = new Data(data[td], "alphabet.txt", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
data[i++] = new Data("jar:file:/somejar.jar!/content/", !EXISTS, DIR);
data[i++] = new Data("jar:file:/somejar.jar!/", !EXISTS, DIR);
int tj = i;
data[i++] = new Data("jar:" + __userURL + "TestData/test.zip!/", EXISTS, DIR);
data[i++] = new Data(data[tj], "Unkown", !EXISTS, !DIR);
data[i++] = new Data(data[tj], "/Unkown/", !EXISTS, DIR);
data[i++] = new Data(data[tj], "subdir", EXISTS, DIR);
data[i++] = new Data(data[tj], "/subdir/", EXISTS, DIR);
data[i++] = new Data(data[tj], "alphabet", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
data[i++] = new Data(data[tj], "/subdir/alphabet", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
Resource base = Resource.newResource(__userDir);
Resource dir0 = base.addPath("TestData");
assertTrue(dir0.isDirectory());
assertTrue(dir0.toString().endsWith("/"));
assertTrue(dir0.getAlias() == null);
Resource dir1 = base.addPath("TestData/");
assertTrue(dir1.isDirectory());
assertTrue(dir1.toString().endsWith("/"));
assertTrue(dir1.getAlias() == null);
}Example 60
| Project: jetty-spdy-master File: ResourceTest.java View source code |
/* ------------------------------------------------------------ */
@BeforeClass
public static void setUp() throws Exception {
if (data != null)
return;
File file = new File(__userDir);
file = new File(file.getCanonicalPath());
URI uri = file.toURI();
__userURL = uri.toURL();
__userURL = new URL(__userURL.toString() + "src/test/java/org/eclipse/jetty/util/resource/");
FilePermission perm = (FilePermission) __userURL.openConnection().getPermission();
__userDir = new File(perm.getName()).getCanonicalPath() + File.separatorChar;
__relDir = "src/test/java/org/eclipse/jetty/util/resource/".replace('/', File.separatorChar);
System.err.println("User Dir=" + __userDir);
System.err.println("Rel Dir=" + __relDir);
System.err.println("User URL=" + __userURL);
tmpFile = File.createTempFile("test", null).getCanonicalFile();
tmpFile.deleteOnExit();
data = new Data[50];
int i = 0;
data[i++] = new Data(tmpFile.toString(), EXISTS, !DIR);
int rt = i;
data[i++] = new Data(__userURL, EXISTS, DIR);
data[i++] = new Data(__userDir, EXISTS, DIR);
data[i++] = new Data(__relDir, EXISTS, DIR);
data[i++] = new Data(__userURL + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__userDir + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__relDir + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__userURL + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(__userDir + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(__relDir + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(data[rt], "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(data[rt], "/ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(data[rt], "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(data[rt], "/NoName.txt", !EXISTS, !DIR);
int td = i;
data[i++] = new Data(data[rt], "TestData", EXISTS, DIR);
data[i++] = new Data(data[rt], "TestData/", EXISTS, DIR);
data[i++] = new Data(data[td], "alphabet.txt", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
data[i++] = new Data("jar:file:/somejar.jar!/content/", !EXISTS, DIR);
data[i++] = new Data("jar:file:/somejar.jar!/", !EXISTS, DIR);
int tj = i;
data[i++] = new Data("jar:" + __userURL + "TestData/test.zip!/", EXISTS, DIR);
data[i++] = new Data(data[tj], "Unkown", !EXISTS, !DIR);
data[i++] = new Data(data[tj], "/Unkown/", !EXISTS, DIR);
data[i++] = new Data(data[tj], "subdir", EXISTS, DIR);
data[i++] = new Data(data[tj], "/subdir/", EXISTS, DIR);
data[i++] = new Data(data[tj], "alphabet", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
data[i++] = new Data(data[tj], "/subdir/alphabet", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
Resource base = Resource.newResource(__userDir);
Resource dir0 = base.addPath("TestData");
assertTrue(dir0.isDirectory());
assertTrue(dir0.toString().endsWith("/"));
assertTrue(dir0.getAlias() == null);
Resource dir1 = base.addPath("TestData/");
assertTrue(dir1.isDirectory());
assertTrue(dir1.toString().endsWith("/"));
assertTrue(dir1.getAlias() == null);
}Example 61
| Project: lucene-solr-master File: TestReadOnlyIndex.java View source code |
public void testReadOnlyIndex() throws Exception {
runWithRestrictedPermissions(this::doTestReadOnlyIndex, // add some basic permissions (because we are limited already - so we grant all important ones):
new RuntimePermission("*"), new PropertyPermission("*", "read"), // only allow read to the given index dir, nothing else:
new FilePermission(indexPath.toString(), "read"), new FilePermission(indexPath.resolve("-").toString(), "read"));
}Example 62
| Project: miso-java-master File: ResourceTest.java View source code |
/* ------------------------------------------------------------ */
protected void setUp() throws Exception {
if (data != null)
return;
File file = new File(__userDir);
file = new File(file.getCanonicalPath());
__userURL = file.toURL();
if (__userURL.toString().endsWith("/modules/jetty/") || __userURL.toString().endsWith("/modules/jetty")) {
__userURL = new URL(__userURL.toString() + "src/test/java/org/mortbay/resource/");
FilePermission perm = (FilePermission) __userURL.openConnection().getPermission();
__userDir = new File(perm.getName()).getCanonicalPath() + File.separatorChar;
__relDir = "src/test/java/org/mortbay/resource/".replace('/', File.separatorChar);
} else {
__userURL = new URL(__userURL.toString() + "modules/jetty/src/test/java/org/mortbay/resource/");
FilePermission perm = (FilePermission) __userURL.openConnection().getPermission();
__userDir = new File(perm.getName()).getCanonicalPath() + File.separatorChar;
__relDir = "modules/jetty/src/test/java/org/mortbay/resource/".replace('/', File.separatorChar);
}
System.err.println("User Dir=" + __userDir);
System.err.println("Rel Dir=" + __relDir);
System.err.println("User URL=" + __userURL);
tmpFile = File.createTempFile("test", null).getCanonicalFile();
tmpFile.deleteOnExit();
data = new Data[50];
int i = 0;
data[i++] = new Data(tmpFile.toString(), EXISTS, !DIR);
int rt = i;
data[i++] = new Data(__userURL, EXISTS, DIR);
data[i++] = new Data(__userDir, EXISTS, DIR);
data[i++] = new Data(__relDir, EXISTS, DIR);
data[i++] = new Data(__userURL + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__userDir + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__relDir + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__userURL + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(__userDir + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(__relDir + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(data[rt], "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(data[rt], "/ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(data[rt], "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(data[rt], "/NoName.txt", !EXISTS, !DIR);
int td = i;
data[i++] = new Data(data[rt], "TestData", EXISTS, DIR);
data[i++] = new Data(data[rt], "TestData/", EXISTS, DIR);
data[i++] = new Data(data[td], "alphabet.txt", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
data[i++] = new Data("jar:file:/somejar.jar!/content/", !EXISTS, DIR);
data[i++] = new Data("jar:file:/somejar.jar!/", !EXISTS, DIR);
int tj = i;
data[i++] = new Data("jar:" + __userURL + "TestData/test.zip!/", EXISTS, DIR);
data[i++] = new Data(data[tj], "Unkown", !EXISTS, !DIR);
data[i++] = new Data(data[tj], "/Unkown/", !EXISTS, DIR);
data[i++] = new Data(data[tj], "subdir", EXISTS, DIR);
data[i++] = new Data(data[tj], "/subdir/", EXISTS, DIR);
data[i++] = new Data(data[tj], "alphabet", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
data[i++] = new Data(data[tj], "/subdir/alphabet", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
Resource base = Resource.newResource(__userDir);
Resource dir0 = base.addPath("TestData");
assertTrue(dir0.isDirectory());
assertTrue(dir0.toString().endsWith("/"));
assertTrue(dir0.getAlias() == null);
Resource dir1 = base.addPath("TestData/");
assertTrue(dir1.isDirectory());
assertTrue(dir1.toString().endsWith("/"));
assertTrue(dir1.getAlias() == null);
}Example 63
| Project: openshift-nexus-master File: ResourceTest.java View source code |
/* ------------------------------------------------------------ */
protected void setUp() throws Exception {
if (data != null)
return;
File file = new File(__userDir);
file = new File(file.getCanonicalPath());
__userURL = file.toURL();
if (__userURL.toString().endsWith("/modules/jetty/") || __userURL.toString().endsWith("/modules/jetty")) {
__userURL = new URL(__userURL.toString() + "src/test/java/org/mortbay/resource/");
FilePermission perm = (FilePermission) __userURL.openConnection().getPermission();
__userDir = new File(perm.getName()).getCanonicalPath() + File.separatorChar;
__relDir = "src/test/java/org/mortbay/resource/".replace('/', File.separatorChar);
} else {
__userURL = new URL(__userURL.toString() + "modules/jetty/src/test/java/org/mortbay/resource/");
FilePermission perm = (FilePermission) __userURL.openConnection().getPermission();
__userDir = new File(perm.getName()).getCanonicalPath() + File.separatorChar;
__relDir = "modules/jetty/src/test/java/org/mortbay/resource/".replace('/', File.separatorChar);
}
System.err.println("User Dir=" + __userDir);
System.err.println("Rel Dir=" + __relDir);
System.err.println("User URL=" + __userURL);
tmpFile = File.createTempFile("test", null).getCanonicalFile();
tmpFile.deleteOnExit();
data = new Data[50];
int i = 0;
data[i++] = new Data(tmpFile.toString(), EXISTS, !DIR);
int rt = i;
data[i++] = new Data(__userURL, EXISTS, DIR);
data[i++] = new Data(__userDir, EXISTS, DIR);
data[i++] = new Data(__relDir, EXISTS, DIR);
data[i++] = new Data(__userURL + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__userDir + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__relDir + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__userURL + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(__userDir + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(__relDir + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(data[rt], "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(data[rt], "/ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(data[rt], "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(data[rt], "/NoName.txt", !EXISTS, !DIR);
int td = i;
data[i++] = new Data(data[rt], "TestData", EXISTS, DIR);
data[i++] = new Data(data[rt], "TestData/", EXISTS, DIR);
data[i++] = new Data(data[td], "alphabet.txt", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
data[i++] = new Data("jar:file:/somejar.jar!/content/", !EXISTS, DIR);
data[i++] = new Data("jar:file:/somejar.jar!/", !EXISTS, DIR);
int tj = i;
data[i++] = new Data("jar:" + __userURL + "TestData/test.zip!/", EXISTS, DIR);
data[i++] = new Data(data[tj], "Unkown", !EXISTS, !DIR);
data[i++] = new Data(data[tj], "/Unkown/", !EXISTS, DIR);
data[i++] = new Data(data[tj], "subdir", EXISTS, DIR);
data[i++] = new Data(data[tj], "/subdir/", EXISTS, DIR);
data[i++] = new Data(data[tj], "alphabet", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
data[i++] = new Data(data[tj], "/subdir/alphabet", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
Resource base = Resource.newResource(__userDir);
Resource dir0 = base.addPath("TestData");
assertTrue(dir0.isDirectory());
assertTrue(dir0.toString().endsWith("/"));
assertTrue(dir0.getAlias() == null);
Resource dir1 = base.addPath("TestData/");
assertTrue(dir1.isDirectory());
assertTrue(dir1.toString().endsWith("/"));
assertTrue(dir1.getAlias() == null);
}Example 64
| Project: ptii-master File: GraphicalMessageHandlerApplet.java View source code |
/** Initialize the applet. This method is called by the browser
* or applet viewer to inform this applet that it has been
* loaded into the system. It is always called before
* the first time that the start() method is called.
* In this class, this invokes {@link VergilApplication#main(String[])}
*/
public void init() {
super.init();
try {
// Setting the look and feel causes problems with applets
// under JDK1.6.0_02 -> JDK1.6.0_13.
// The exception is: Exception in thread "AWT-EventQueue-1" java.security.AccessControlException: access denied (java.io.FilePermission C:\WINDOWS\Fonts\TAHOMA.TTF read)
// Unfortunately, it occurs well *after* the call below.
UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName());
} catch (Throwable throwable) {
throw new RuntimeException("Failed to set look and feel.", throwable);
}
try {
java.util.Locale.setDefault(java.util.Locale.US);
} catch (java.security.AccessControlException accessControl) {
System.err.println("Warning, failed to set locale");
accessControl.printStackTrace();
}
GraphicalMessageHandler handler = new GraphicalMessageHandler();
MessageHandler.setMessageHandler(handler);
Exception exception = new Exception("My Test Exception");
MessageHandler.error("My Error Message.", exception);
}Example 65
| Project: restrepo-master File: ResourceTest.java View source code |
/* ------------------------------------------------------------ */
protected void setUp() throws Exception {
if (data != null)
return;
File file = new File(__userDir);
file = new File(file.getCanonicalPath());
__userURL = file.toURL();
if (__userURL.toString().endsWith("/modules/jetty/") || __userURL.toString().endsWith("/modules/jetty")) {
__userURL = new URL(__userURL.toString() + "src/test/java/org/mortbay/resource/");
FilePermission perm = (FilePermission) __userURL.openConnection().getPermission();
__userDir = new File(perm.getName()).getCanonicalPath() + File.separatorChar;
__relDir = "src/test/java/org/mortbay/resource/".replace('/', File.separatorChar);
} else {
__userURL = new URL(__userURL.toString() + "modules/jetty/src/test/java/org/mortbay/resource/");
FilePermission perm = (FilePermission) __userURL.openConnection().getPermission();
__userDir = new File(perm.getName()).getCanonicalPath() + File.separatorChar;
__relDir = "modules/jetty/src/test/java/org/mortbay/resource/".replace('/', File.separatorChar);
}
System.err.println("User Dir=" + __userDir);
System.err.println("Rel Dir=" + __relDir);
System.err.println("User URL=" + __userURL);
tmpFile = File.createTempFile("test", null).getCanonicalFile();
tmpFile.deleteOnExit();
data = new Data[50];
int i = 0;
data[i++] = new Data(tmpFile.toString(), EXISTS, !DIR);
int rt = i;
data[i++] = new Data(__userURL, EXISTS, DIR);
data[i++] = new Data(__userDir, EXISTS, DIR);
data[i++] = new Data(__relDir, EXISTS, DIR);
data[i++] = new Data(__userURL + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__userDir + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__relDir + "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(__userURL + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(__userDir + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(__relDir + "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(data[rt], "ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(data[rt], "/ResourceTest.java", EXISTS, !DIR);
data[i++] = new Data(data[rt], "NoName.txt", !EXISTS, !DIR);
data[i++] = new Data(data[rt], "/NoName.txt", !EXISTS, !DIR);
int td = i;
data[i++] = new Data(data[rt], "TestData", EXISTS, DIR);
data[i++] = new Data(data[rt], "TestData/", EXISTS, DIR);
data[i++] = new Data(data[td], "alphabet.txt", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
data[i++] = new Data("jar:file:/somejar.jar!/content/", !EXISTS, DIR);
data[i++] = new Data("jar:file:/somejar.jar!/", !EXISTS, DIR);
int tj = i;
data[i++] = new Data("jar:" + __userURL + "TestData/test.zip!/", EXISTS, DIR);
data[i++] = new Data(data[tj], "Unkown", !EXISTS, !DIR);
data[i++] = new Data(data[tj], "/Unkown/", !EXISTS, DIR);
data[i++] = new Data(data[tj], "subdir", EXISTS, DIR);
data[i++] = new Data(data[tj], "/subdir/", EXISTS, DIR);
data[i++] = new Data(data[tj], "alphabet", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
data[i++] = new Data(data[tj], "/subdir/alphabet", EXISTS, !DIR, "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
Resource base = Resource.newResource(__userDir);
Resource dir0 = base.addPath("TestData");
assertTrue(dir0.isDirectory());
assertTrue(dir0.toString().endsWith("/"));
assertTrue(dir0.getAlias() == null);
Resource dir1 = base.addPath("TestData/");
assertTrue(dir1.isDirectory());
assertTrue(dir1.toString().endsWith("/"));
assertTrue(dir1.getAlias() == null);
}Example 66
| Project: rt.equinox.framework-master File: SecurityAdminUnitTests.java View source code |
public void testLocationPermission01() {
Bundle test = installTestBundle(TEST_BUNDLE);
AccessControlContext acc = test.adapt(AccessControlContext.class);
pa.setPermissions(test.getLocation(), READONLY_INFOS);
//$NON-NLS-1$ //$NON-NLS-2$
testPermission(acc, new FilePermission("test", "write"), false);
//$NON-NLS-1$ //$NON-NLS-2$
testPermission(acc, new FilePermission("test", "read"), true);
testPermission(acc, new AllPermission(), false);
pa.setPermissions(test.getLocation(), null);
//$NON-NLS-1$ //$NON-NLS-2$
testPermission(acc, new FilePermission("test", "write"), true);
//$NON-NLS-1$ //$NON-NLS-2$
testPermission(acc, new FilePermission("test", "read"), true);
testPermission(acc, new AllPermission(), true);
}Example 67
| Project: Sesat-master File: JarFileFactory.java View source code |
private JarFile getCachedJarFile(URL url) {
JarFile result = (JarFile) fileCache.get(url);
/* if the JAR file is cached, the permission will always be there */
if (result != null) {
Permission perm = getPermission(result);
if (perm != null) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {
sm.checkPermission(perm);
} catch (SecurityException se) {
if ((perm instanceof java.io.FilePermission) && perm.getActions().indexOf("read") != -1) {
sm.checkRead(perm.getName());
} else if ((perm instanceof java.net.SocketPermission) && perm.getActions().indexOf("connect") != -1) {
sm.checkConnect(url.getHost(), url.getPort());
} else {
throw se;
}
}
}
}
}
return result;
}Example 68
| Project: Wilma-master File: URLResource.java View source code |
/* ------------------------------------------------------------ */
/**
* Returns an File representing the given resource or NULL if this
* is not possible.
*/
public File getFile() throws IOException {
// Try the permission hack
if (checkConnection()) {
Permission perm = _connection.getPermission();
if (perm instanceof java.io.FilePermission)
return new File(perm.getName());
}
// Try the URL file arg
try {
return new File(_url.getFile());
} catch (Exception e) {
LogSupport.ignore(log, e);
}
// Don't know the file
return null;
}Example 69
| Project: commons-logging-master File: MockSecurityManager.java View source code |
public void checkPermission(Permission p) throws SecurityException {
if (setSecurityManagerPerm.implies(p)) {
// System.out.println("setSecurityManager: granted");
return;
}
// Ideally, we would limit this to just .class and .jar files.
if (p instanceof FilePermission) {
FilePermission fp = (FilePermission) p;
if (fp.getActions().equals("read")) {
// System.out.println("Permit read of files");
return;
}
}
System.out.println("\n\ntesting permission:" + p.getClass() + ":" + p);
Exception e = new Exception();
e.fillInStackTrace();
StackTraceElement[] stack = e.getStackTrace();
// start at 1 to skip the entry in the stack for this method
for (int i = 1; i < stack.length; ++i) {
String cname = stack[i].getClassName();
System.out.println("" + i + ":" + stack[i].getClassName() + "." + stack[i].getMethodName() + ":" + stack[i].getLineNumber());
if (cname.equals("java.util.logging.Handler") && stack[i].getMethodName().equals("setLevel")) {
// http://www-01.ibm.com/support/docview.wss?uid=swg1IZ51152
return;
}
if (cname.equals("java.util.logging.Level") && stack[i].getMethodName().equals("getLocalizedLevelName")) {
// requiring RuntimePermission: "accessClassInPackage.sun.util.logging.resources"
return;
}
if (cname.equals("java.security.AccessController")) {
// Presumably method name equals "doPrivileged"
//
// The previous iteration of this loop verified that the
// PrivilegedAction.run method associated with this
// doPrivileged method call had the right permissions,
// so we just return here. Effectively, the method invoking
// doPrivileged asserted that it checked the input params
// and found them safe, and that code is trusted, so we
// don't need to check the trust level of code higher in
// the call stack.
System.out.println("Access controller found: returning");
return;
} else if (cname.startsWith("java.") || cname.startsWith("javax.") || cname.startsWith("junit.") || cname.startsWith("org.apache.tools.ant.") || cname.startsWith("sun.")) {
// Code in these packages is trusted if the caller is trusted.
//
// TODO: maybe check class is loaded via system loader or similar rather
// than checking name? Trusted domains may be different in alternative
// jvms..
} else if (cname.startsWith("org.apache.commons.logging.security")) {
// this is the unit test code; treat this like an untrusted client
// app that is using JCL
++untrustedCodeCount;
System.out.println("Untrusted code [testcase] found");
throw new SecurityException("Untrusted code [testcase] found");
} else if (cname.startsWith("org.apache.commons.logging.")) {
if (permissions.implies(p)) {
// Code here is trusted if the caller is trusted
System.out.println("Permission in allowed set for JCL class");
} else {
System.out.println("Permission refused:" + p.getClass() + ":" + p);
throw new SecurityException("Permission refused:" + p.getClass() + ":" + p);
}
} else {
// we found some code that is not trusted to perform this operation.
System.out.println("Unexpected code: permission refused:" + p.getClass() + ":" + p);
throw new SecurityException("Unexpected code: permission refused:" + p.getClass() + ":" + p);
}
}
}Example 70
| Project: glassfish-master File: SMGlobalPolicyUtilTest.java View source code |
@Test
public void testFilePermission() {
System.out.println("Starting testFilePermission");
FilePermission fp1 = new FilePermission("-", "delete");
FilePermission fp2 = new FilePermission("a/file.txt", "delete");
Assert.assertTrue(fp1.implies(fp2));
FilePermission fp3 = new FilePermission("*", "delete");
FilePermission fp4 = new FilePermission("file.txt", "delete");
Assert.assertTrue(fp3.implies(fp4));
FilePermission fp5 = new FilePermission("/scratch/xyz/*", "delete");
FilePermission fp6 = new FilePermission("/scratch/xyz/deleteit.txt", "delete");
Assert.assertTrue(fp5.implies(fp6));
FilePermission fp7 = new FilePermission("/scratch/xyz/", "delete");
FilePermission fp8 = new FilePermission("/scratch/xyz", "delete");
Assert.assertTrue(fp7.implies(fp8));
Permission fp9 = new java.security.UnresolvedPermission("VoidPermission", "", "", null);
Permission fp10 = new java.security.AllPermission();
Assert.assertTrue(fp10.implies(fp9));
Assert.assertTrue(!fp9.implies(fp10));
}Example 71
| Project: ics412-master File: NachosSecurityManager.java View source code |
/**
* Check the specified permission. Some operations are permissible while
* not grading. These operations are regulated here.
*
* @param perm the permission to check.
*/
public void checkPermission(Permission perm) {
String name = perm.getName();
// some permissions are strictly forbidden
if (perm instanceof RuntimePermission) {
// no creating class loaders
if (name.equals("createClassLoader"))
no(perm);
}
// allow the AWT mess when not grading
if (!fullySecure) {
if (perm instanceof NetPermission) {
// might be needed to load awt stuff
if (name.equals("specifyStreamHandler"))
return;
}
if (perm instanceof RuntimePermission) {
// might need to load libawt
if (name.startsWith("loadLibrary.")) {
String lib = name.substring("loadLibrary.".length());
if (lib.equals("awt")) {
Lib.debug(dbgSecurity, "\tdynamically linking " + lib);
return;
}
}
}
if (perm instanceof AWTPermission) {
// permit AWT stuff
if (name.equals("accessEventQueue"))
return;
}
}
// some are always allowed
if (perm instanceof PropertyPermission) {
// allowed to read properties
if (perm.getActions().equals("read"))
return;
}
// some require some more checking
if (perm instanceof FilePermission) {
if (perm.getActions().equals("read")) {
// the test directory can only be read with privilege
if (isPrivileged())
return;
enablePrivilege();
// not allowed to read test directory directly w/out privilege
try {
File f = new File(name);
if (f.isFile()) {
File p = f.getParentFile();
if (p != null) {
if (p.equals(testDirectory))
no(perm);
}
}
} catch (Throwable e) {
rethrow(e);
}
disablePrivilege();
return;
} else if (perm.getActions().equals("write") || perm.getActions().equals("delete")) {
// only allowed to write test diretory, and only with privilege
verifyPrivilege();
try {
File f = new File(name);
if (f.isFile()) {
File p = f.getParentFile();
if (p != null && p.equals(testDirectory))
return;
}
} catch (Throwable e) {
no(perm);
}
} else if (perm.getActions().equals("execute")) {
// only allowed to execute with privilege, and if there's a net
verifyPrivilege();
if (Machine.networkLink() == null)
no(perm);
} else {
no(perm);
}
}
// default to requiring privilege
verifyPrivilege(perm);
}Example 72
| Project: jboss-openjdk-orb-master File: ORBUtility.java View source code |
public static String getClassSecurityInfo(final Class cl) {
// Returns a String which looks similar to:
// PermissionCollection java.security.Permissions@1053693 ...
// (java.io.FilePermission <<ALL FILES>> ....)
// (java.io.FilePermission /export0/sunwappserv/lib/- ...)
// ... other permissions ...
// Domain ProtectionDomain (file:/export0/sunwappserv/lib-)
// java.security.Permissions@141fedb (
// (java.io.FilePermission <<ALL FILES>> ...)
// (java.io.FilePermission /var/tmp//- ...)
String result = (String) AccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
StringBuffer sb = new StringBuffer(500);
ProtectionDomain pd = cl.getProtectionDomain();
Policy policy = Policy.getPolicy();
PermissionCollection pc = policy.getPermissions(pd);
sb.append("\nPermissionCollection ");
sb.append(pc.toString());
// Don't need to add 'Protection Domain' string, it's
// in ProtectionDomain.toString() already.
sb.append(pd.toString());
return sb.toString();
}
});
return result;
}Example 73
| Project: jboss-rmi-api_spec-master File: ORBUtility.java View source code |
public static String getClassSecurityInfo(final Class<?> cl) {
// Returns a String which looks similar to:
// PermissionCollection java.security.Permissions@1053693 ...
// (java.io.FilePermission <<ALL FILES>> ....)
// (java.io.FilePermission /export0/sunwappserv/lib/- ...)
// ... other permissions ...
// Domain ProtectionDomain (file:/export0/sunwappserv/lib-)
// java.security.Permissions@141fedb (
// (java.io.FilePermission <<ALL FILES>> ...)
// (java.io.FilePermission /var/tmp//- ...)
String result = AccessController.doPrivileged(new PrivilegedAction<String>() {
public String run() {
StringBuffer sb = new StringBuffer(500);
ProtectionDomain pd = cl.getProtectionDomain();
Policy policy = Policy.getPolicy();
PermissionCollection pc = policy.getPermissions(pd);
sb.append("\nPermissionCollection ");
sb.append(pc.toString());
// Don't need to add 'Protection Domain' string, it's in ProtectionDomain.toString() already.
sb.append(pd.toString());
return sb.toString();
}
});
return result;
}Example 74
| Project: JDK-master File: ORBUtility.java View source code |
public static String getClassSecurityInfo(final Class cl) {
// Returns a String which looks similar to:
// PermissionCollection java.security.Permissions@1053693 ...
// (java.io.FilePermission <<ALL FILES>> ....)
// (java.io.FilePermission /export0/sunwappserv/lib/- ...)
// ... other permissions ...
// Domain ProtectionDomain (file:/export0/sunwappserv/lib-)
// java.security.Permissions@141fedb (
// (java.io.FilePermission <<ALL FILES>> ...)
// (java.io.FilePermission /var/tmp//- ...)
String result = (String) AccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
StringBuffer sb = new StringBuffer(500);
ProtectionDomain pd = cl.getProtectionDomain();
Policy policy = Policy.getPolicy();
PermissionCollection pc = policy.getPermissions(pd);
sb.append("\nPermissionCollection ");
sb.append(pc.toString());
// Don't need to add 'Protection Domain' string, it's
// in ProtectionDomain.toString() already.
sb.append(pd.toString());
return sb.toString();
}
});
return result;
}Example 75
| Project: jdk7u-corba-master File: ORBUtility.java View source code |
public static String getClassSecurityInfo(final Class cl) {
// Returns a String which looks similar to:
// PermissionCollection java.security.Permissions@1053693 ...
// (java.io.FilePermission <<ALL FILES>> ....)
// (java.io.FilePermission /export0/sunwappserv/lib/- ...)
// ... other permissions ...
// Domain ProtectionDomain (file:/export0/sunwappserv/lib-)
// java.security.Permissions@141fedb (
// (java.io.FilePermission <<ALL FILES>> ...)
// (java.io.FilePermission /var/tmp//- ...)
String result = (String) AccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
StringBuffer sb = new StringBuffer(500);
ProtectionDomain pd = cl.getProtectionDomain();
Policy policy = Policy.getPolicy();
PermissionCollection pc = policy.getPermissions(pd);
sb.append("\nPermissionCollection ");
sb.append(pc.toString());
// Don't need to add 'Protection Domain' string, it's
// in ProtectionDomain.toString() already.
sb.append(pd.toString());
return sb.toString();
}
});
return result;
}Example 76
| Project: jetty.project-master File: URLResource.java View source code |
/* ------------------------------------------------------------ */
/**
* Returns an File representing the given resource or NULL if this
* is not possible.
*/
@Override
public File getFile() throws IOException {
// Try the permission hack
if (checkConnection()) {
Permission perm = _connection.getPermission();
if (perm instanceof java.io.FilePermission)
return new File(perm.getName());
}
// Try the URL file arg
try {
return new File(_url.getFile());
} catch (Exception e) {
LOG.ignore(e);
}
// Don't know the file
return null;
}Example 77
| Project: kbot-master File: ScriptPermission.java View source code |
/**
* Checks if the specified permission's actions are "implied by"
* this object's actions.
* <p/>
* This must be implemented by subclasses of Permission, as they are the
* only ones that can impose semantics on a Permission object.
* <p/>
* <p>The <code>implies</code> method is used by the AccessController to determine
* whether or not a requested permission is implied by another permission that
* is known to be valid in the current execution context.
*
* @param permission the permission to check against.
* @return true if the specified permission is implied by this object,
* false if not.
*/
@Override
public boolean implies(Permission permission) {
if (permission instanceof SocketPermission) {
for (SocketPermission socketPermission : allowedSockets) {
if (socketPermission.implies(permission)) {
return true;
}
}
return false;
}
if (permission instanceof FilePermission) {
if (permission.getActions().contains("execute")) {
return false;
}
if (!filePermission.implies(permission)) {
return false;
}
}
if (permission instanceof RuntimePermission) {
if (permission.getName().equals("createClassLoader")) {
return false;
}
if (permission.getName().equals("setContextClassLoader")) {
return false;
}
if (permission.getName().equals("setSecurityManager")) {
return false;
}
if (permission.getName().equals("exitVM")) {
return false;
}
if (permission.getName().equals("shutdownHooks")) {
return false;
}
if (permission.getName().startsWith("loadLibrary")) {
return false;
}
if (permission.getName().equals("queuePrintJob")) {
return true;
}
}
if (permission instanceof ReflectPermission) {
return false;
}
return true;
}Example 78
| Project: kouinject-master File: ClassPathScanner.java View source code |
private Set<Class<?>> findClassesFromBasePackage(final String basePackage) {
final Set<Class<?>> classes = new HashSet<Class<?>>();
final String path = basePackage.replace('.', '/');
try {
final Enumeration<URL> resources = classLoader.getResources(path);
if (resources != null) {
AccessController.doPrivileged(new PrivilegedAction<Object>() {
@Override
public Object run() {
// hasMoreElements requires java.io.FilePermission "read" to find anything
while (resources.hasMoreElements()) {
classes.addAll(getClassesFromResource(basePackage, path, resources));
}
return null;
}
});
}
} catch (final IOException e) {
throw new RuntimeException(e);
}
return classes;
}Example 79
| Project: littles3-master File: ResourcePermissionTest.java View source code |
/**
* Test the <code>implies()</code> method.
*/
public void test_implies() {
ResourcePermission permission, another;
CanonicalUser grantee;
grantee = new CanonicalUser("id");
permission = new ResourcePermission(grantee, ResourcePermission.ACTION_FULL_CONTROL);
assertTrue("Should imply", permission.implies(permission));
assertFalse("Should not imply", permission.implies(null));
assertFalse("Should not imply", permission.implies(new FilePermission("/etc", "read")));
another = new ResourcePermission(grantee, ResourcePermission.ACTION_READ);
assertTrue("Should imply", permission.implies(another));
another = new ResourcePermission(grantee, ResourcePermission.ACTION_WRITE);
assertTrue("Should imply", permission.implies(another));
another = new ResourcePermission(grantee, ResourcePermission.ACTION_READ_ACP);
assertTrue("Should imply", permission.implies(another));
another = new ResourcePermission(grantee, ResourcePermission.ACTION_WRITE_ACP);
assertTrue("Should imply", permission.implies(another));
another = new ResourcePermission(grantee, "read, write");
assertTrue("Should imply", permission.implies(another));
another = new ResourcePermission(grantee, "read, read_acp");
assertTrue("Should imply", permission.implies(another));
permission = new ResourcePermission(grantee, ResourcePermission.ACTION_READ);
another = new ResourcePermission(grantee, ResourcePermission.ACTION_WRITE);
assertFalse("Should not imply", permission.implies(another));
permission = new ResourcePermission(grantee, ResourcePermission.ACTION_FULL_CONTROL);
another = new ResourcePermission(new CanonicalUser("foo"), ResourcePermission.ACTION_FULL_CONTROL);
assertFalse("Should not imply", permission.implies(another));
permission = new ResourcePermission(AuthenticatedUsersGroup.getInstance(), "read, read_acp");
another = new ResourcePermission(grantee, ResourcePermission.ACTION_READ);
assertTrue("Should imply", permission.implies(another));
another = new ResourcePermission(grantee, ResourcePermission.ACTION_WRITE);
assertFalse("Should not imply", permission.implies(another));
permission = new ResourcePermission(AuthenticatedUsersGroup.getInstance(), "read, read_acp");
another = new ResourcePermission(new CanonicalUser(CanonicalUser.ID_ANONYMOUS), ResourcePermission.ACTION_READ);
assertFalse("Should not imply", permission.implies(another));
permission = new ResourcePermission(AllUsersGroup.getInstance(), "read");
another = new ResourcePermission(grantee, ResourcePermission.ACTION_READ);
assertTrue("Should imply", permission.implies(another));
another = new ResourcePermission(grantee, ResourcePermission.ACTION_WRITE);
assertFalse("Should not imply", permission.implies(another));
permission = new ResourcePermission(AllUsersGroup.getInstance(), "read");
another = new ResourcePermission(new CanonicalUser(CanonicalUser.ID_ANONYMOUS), ResourcePermission.ACTION_READ);
assertTrue("Should imply", permission.implies(another));
another = new ResourcePermission(new CanonicalUser(CanonicalUser.ID_ANONYMOUS), ResourcePermission.ACTION_WRITE);
assertFalse("Should not imply", permission.implies(another));
}Example 80
| Project: Payara-master File: SMGlobalPolicyUtilTest.java View source code |
@Test
public void testFilePermission() {
System.out.println("Starting testFilePermission");
FilePermission fp1 = new FilePermission("-", "delete");
FilePermission fp2 = new FilePermission("a/file.txt", "delete");
Assert.assertTrue(fp1.implies(fp2));
FilePermission fp3 = new FilePermission("*", "delete");
FilePermission fp4 = new FilePermission("file.txt", "delete");
Assert.assertTrue(fp3.implies(fp4));
FilePermission fp5 = new FilePermission("/scratch/xyz/*", "delete");
FilePermission fp6 = new FilePermission("/scratch/xyz/deleteit.txt", "delete");
Assert.assertTrue(fp5.implies(fp6));
FilePermission fp7 = new FilePermission("/scratch/xyz/", "delete");
FilePermission fp8 = new FilePermission("/scratch/xyz", "delete");
Assert.assertTrue(fp7.implies(fp8));
Permission fp9 = new java.security.UnresolvedPermission("VoidPermission", "", "", null);
Permission fp10 = new java.security.AllPermission();
Assert.assertTrue(fp10.implies(fp9));
Assert.assertTrue(!fp9.implies(fp10));
}Example 81
| Project: pljava-master File: Backend.java View source code |
void assertPermission(Permission perm) {
if (perm instanceof FilePermission) {
String actions = perm.getActions();
if ("read".equals(actions)) {
// Allow read of /dev/random
// and /dev/urandom
String fileName = perm.getName();
if ("/dev/random".equals(fileName) || "/dev/urandom".equals(fileName))
return;
// Must be able to read
// timezone info etc. in the
// java installation
// directory.
//
File javaHome = new File(System.getProperty("java.home"));
File accessedFile = new File(perm.getName());
File fileDir = accessedFile.getParentFile();
while (fileDir != null) {
if (fileDir.equals(javaHome))
return;
fileDir = fileDir.getParentFile();
}
}
throw new SecurityException(perm.getActions() + " on " + perm.getName());
}
super.assertPermission(perm);
}Example 82
| Project: rhq-master File: PythonScriptEngineInitializerTest.java View source code |
public void testSecuredEngine() throws Exception {
PythonScriptEngineInitializer initializer = new PythonScriptEngineInitializer();
//jython seems to need these two..
Permissions perms = new Permissions();
perms.add(new RuntimePermission("createClassLoader"));
perms.add(new RuntimePermission("getProtectionDomain"));
//add permission to read files so that modules can be loaded, but writing should fail
perms.add(new FilePermission("<<ALL FILES>>", "read"));
ScriptEngine engine = initializer.instantiate(Collections.<String>emptySet(), perms);
try {
engine.eval("import os\nfp = open('pom.xml', 'w')");
Assert.fail("Opening a file for writing should have failed with a security exception.");
} catch (ScriptException e) {
checkIsCausedByAccessControlException(e);
}
}Example 83
| Project: river-master File: SharedActivationPolicyPermission.java View source code |
/**
* Contains common code to all constructors.
*/
private void init(final String policy) {
/*
* In order to leverage the <code>FilePermission</code> logic
* we need to make sure that forward slashes ("/"), in
* <code>URLs</code>, are converted to
* the appropriate system dependent <code>File.separatorChar</code>.
* For example,
* http://host:port/* matches http://host:port/bogus.jar under
* UNIX, but not under Windows since "\*" is the wildcard there.
*/
String uncanonicalPath = null;
try {
URL url = new URL(policy);
uncanonicalPath = url.toExternalForm();
uncanonicalPath = uncanonicalPath.replace('/', File.separatorChar);
if (DEBUG) {
System.out.println("SharedActivationPolicyPermission::init() - " + policy + " => " + uncanonicalPath);
}
} catch (MalformedURLException me) {
uncanonicalPath = policy;
}
policyPermission = new FilePermission(uncanonicalPath, "read");
}Example 84
| Project: Rythm-master File: RythmSecurityManager.java View source code |
private void checkFilePermission(FilePermission fp) {
String actions = fp.getActions();
String name = fp.getName();
if (actions.contains(SecurityConstants.FILE_READ_ACTION)) {
checkRead(name);
}
if (actions.contains(SecurityConstants.FILE_WRITE_ACTION)) {
checkWrite(name);
}
if (actions.contains(SecurityConstants.FILE_DELETE_ACTION)) {
checkDelete(name);
}
if (actions.contains(SecurityConstants.FILE_EXECUTE_ACTION)) {
checkExec(name);
}
}Example 85
| Project: rythmengine-master File: RythmSecurityManager.java View source code |
private void checkFilePermission(FilePermission fp) {
String actions = fp.getActions();
String name = fp.getName();
if (actions.contains(SecurityConstants.FILE_READ_ACTION)) {
checkRead(name);
}
if (actions.contains(SecurityConstants.FILE_WRITE_ACTION)) {
checkWrite(name);
}
if (actions.contains(SecurityConstants.FILE_DELETE_ACTION)) {
checkDelete(name);
}
if (actions.contains(SecurityConstants.FILE_EXECUTE_ACTION)) {
checkExec(name);
}
}Example 86
| Project: svarog-master File: SvarogSecurityManager.java View source code |
@Override
public /**
* For top-level calls (no recursion) the permission (p) is granted iff
* at least 1 of the following holds:
*
* <ul>
* <li>p is granted by the super call</li>
* <li>p is a java.lang.PropertyPermission with action eq. "read"</li>
* <li>p is a java.lang.RuntimePermission with name eq. "accessDeclaredMembers"</li>
* <li>p is not a plugin context</li>
* </ul>
*
* @param p requested permission
* @throws SecurityException iff access is denied
*/
void checkPermission(Permission p) {
final String pn = p.getName();
final String pa = p.getActions();
final Thread t = Thread.currentThread();
boolean permit = true;
StackTraceElement frame = null;
try {
incRecLevel(t);
super.checkPermission(p);
} catch (SecurityException e) {
permit = false;
if (recursionPresent(t)) {
if (p instanceof BasicPermission) {
if (p instanceof RuntimePermission) {
if ("accessDeclaredMembers".equals(pn))
permit = true;
}
} else if (p instanceof FilePermission) {
if ("read".equals(pa))
permit = true;
}
} else {
frame = findPluginCtx(t);
if (frame == null) {
permit = true;
} else {
if (p instanceof BasicPermission) {
if (p instanceof PropertyPermission) {
if ("read".equals(pa))
permit = true;
}
} else if (p instanceof FilePermission) {
if ("read".equals(pa))
permit = true;
}
}
}
if (!permit) {
String errMsg = "Permission DENIED [" + t.getId() + "/" + t.getName() + "]: " + p;
if (frame != null)
errMsg += "; plugin ctx: " + toString(frame);
permissionDenied(t, p, e, frame);
if (this.enforcing)
throw new SecurityException(errMsg, e);
}
} finally {
// if (permit)
// sl.permissionGranted(t, p);
decRecLevel(t);
}
}Example 87
| Project: ToastAPI-master File: ToastSecurityManager.java View source code |
/**
* Check a permission. This performs the check statement for the permission type and handles it accordingly
*/
@Override
public void checkPermission(Permission perm) {
if (perm instanceof FilePermission) {
} else if (perm instanceof SocketPermission) {
SocketPermission sp = (SocketPermission) perm;
h_Socket(sp);
} else if (perm instanceof RuntimePermission) {
RuntimePermission rp = (RuntimePermission) perm;
h_Runtime(rp);
}
}Example 88
| Project: tripping-dangerzone-master File: NachosSecurityManager.java View source code |
/**
* Check the specified permission. Some operations are permissible while
* not grading. These operations are regulated here.
*
* @param perm the permission to check.
*/
public void checkPermission(Permission perm) {
String name = perm.getName();
// some permissions are strictly forbidden
if (perm instanceof RuntimePermission) {
// no creating class loaders
if (name.equals("createClassLoader"))
no(perm);
}
// allow the AWT mess when not grading
if (!fullySecure) {
if (perm instanceof NetPermission) {
// might be needed to load awt stuff
if (name.equals("specifyStreamHandler"))
return;
}
if (perm instanceof RuntimePermission) {
// might need to load libawt
if (name.startsWith("loadLibrary.")) {
String lib = name.substring("loadLibrary.".length());
if (lib.equals("awt")) {
Lib.debug(dbgSecurity, "\tdynamically linking " + lib);
return;
}
}
}
if (perm instanceof AWTPermission) {
// permit AWT stuff
if (name.equals("accessEventQueue"))
return;
}
}
// some are always allowed
if (perm instanceof PropertyPermission) {
// allowed to read properties
if (perm.getActions().equals("read"))
return;
}
// some require some more checking
if (perm instanceof FilePermission) {
if (perm.getActions().equals("read")) {
// the test directory can only be read with privilege
if (isPrivileged())
return;
enablePrivilege();
// not allowed to read test directory directly w/out privilege
try {
File f = new File(name);
if (f.isFile()) {
File p = f.getParentFile();
if (p != null) {
if (p.equals(testDirectory))
no(perm);
}
}
} catch (Throwable e) {
rethrow(e);
}
disablePrivilege();
return;
} else if (perm.getActions().equals("write") || perm.getActions().equals("delete")) {
// only allowed to write test diretory, and only with privilege
verifyPrivilege();
try {
File f = new File(name);
if (f.isFile()) {
File p = f.getParentFile();
if (p != null && p.equals(testDirectory))
return;
}
} catch (Throwable e) {
no(perm);
}
} else if (perm.getActions().equals("execute")) {
// only allowed to execute with privilege, and if there's a net
verifyPrivilege();
if (Machine.networkLink() == null)
no(perm);
} else {
no(perm);
}
}
// default to requiring privilege
verifyPrivilege(perm);
}Example 89
| Project: xstream-for-android-master File: SecurityManagerTest.java View source code |
public void testSerializeWithXpp3DriverAndSun14ReflectionProviderAndActiveSecurityManager() {
if (JVM.is14()) {
securityManager.addPermission(defaultCodeSource, new FilePermission(mainClasses.toString(), "read"));
securityManager.addPermission(defaultCodeSource, new FilePermission(testClasses.toString(), "read"));
securityManager.addPermission(defaultCodeSource, new FilePermission(libs.toString(), "read"));
securityManager.addPermission(defaultCodeSource, new RuntimePermission("accessDeclaredMembers"));
securityManager.addPermission(defaultCodeSource, new RuntimePermission("accessClassInPackage.sun.reflect"));
securityManager.addPermission(defaultCodeSource, new RuntimePermission("accessClassInPackage.sun.misc"));
securityManager.addPermission(defaultCodeSource, new RuntimePermission("createClassLoader"));
securityManager.addPermission(defaultCodeSource, new RuntimePermission("reflectionFactoryAccess"));
securityManager.addPermission(defaultCodeSource, new ReflectPermission("suppressAccessChecks"));
// permissions necessary for CGLIBMapper
securityManager.addPermission(defaultCodeSource, new PropertyPermission("cglib.debugLocation", "read"));
securityManager.addPermission(defaultCodeSource, new RuntimePermission("getProtectionDomain"));
securityManager.setReadOnly();
System.setSecurityManager(securityManager);
// uses implicit Sun14ReflectionProvider in JDK >= 1.4, since it has the appropriate
// rights
xstream = new XStream();
assertBothWays();
}
}Example 90
| Project: xwiki-commons-master File: JarProxy.java View source code |
@SuppressWarnings("resource")
@Override
public JarFile openJarFile(JarURLConnection conn) throws IOException {
URL url = conn.getJarFileURL();
CachedJarFile result;
synchronized (this.cache) {
result = this.cache.get(url);
}
if (result != null) {
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkPermission(result.perm);
}
return result;
}
// we have to download and open the JAR; yet it may be a local file
try {
URI uri = new URI(url.toString());
if (ResourceUtils.isLocalFile(uri)) {
File file = new File(uri);
Permission perm = new FilePermission(file.getAbsolutePath(), "read");
result = new CachedJarFile(file, perm, false);
}
} catch (URISyntaxException e) {
}
if (result == null) {
final URLConnection jarconn = url.openConnection();
// set up the properties based on the JarURLConnection
jarconn.setAllowUserInteraction(conn.getAllowUserInteraction());
jarconn.setDoInput(conn.getDoInput());
jarconn.setDoOutput(conn.getDoOutput());
jarconn.setIfModifiedSince(conn.getIfModifiedSince());
Map<String, List<String>> map = conn.getRequestProperties();
for (Map.Entry<String, List<String>> entry : map.entrySet()) {
StringBuilder value = new StringBuilder();
for (String str : entry.getValue()) {
value.append(',').append(str);
}
if (value.length() >= 1) {
jarconn.setRequestProperty(entry.getKey(), value.substring(1));
}
}
jarconn.setUseCaches(conn.getUseCaches());
try (InputStream in = getJarInputStream(jarconn)) {
result = AccessController.doPrivileged(new PrivilegedExceptionAction<CachedJarFile>() {
@Override
public CachedJarFile run() throws IOException {
File file = File.createTempFile("jar_cache", "");
try (FileOutputStream out = new FileOutputStream(file)) {
RedirectibleInput r = new RedirectingInputStream(in, false, false);
int len = r.redirectAll(out);
out.flush();
if (len == 0) {
// e.g. HttpURLConnection: "NOT_MODIFIED"
return null;
}
}
return new CachedJarFile(file, jarconn.getPermission(), true);
}
});
} catch (PrivilegedActionException pae) {
throw (IOException) pae.getException();
}
}
// if no input came (e.g. due to NOT_MODIFIED), do not cache
if (result == null) {
return null;
}
// optimistic locking
synchronized (this.cache) {
CachedJarFile asyncResult = this.cache.get(url);
if (asyncResult != null) {
// some other thread already retrieved the file; return w/o
// security check since we already succeeded in getting past it
result.closeCachedFile();
return asyncResult;
}
this.cache.put(url, result);
return result;
}
}Example 91
| Project: JCGO-master File: SunToolkit.java View source code |
static synchronized java.awt.Image getImageFromHash(Toolkit tk, URL url) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {
java.security.Permission perm = url.openConnection().getPermission();
if (perm != null) {
try {
sm.checkPermission(perm);
} catch (SecurityException se) {
if ((perm instanceof java.io.FilePermission) && perm.getActions().indexOf("read") != -1) {
sm.checkRead(perm.getName());
} else if ((perm instanceof java.net.SocketPermission) && perm.getActions().indexOf("connect") != -1) {
sm.checkConnect(url.getHost(), url.getPort());
} else {
throw se;
}
}
}
} catch (java.io.IOException ioe) {
sm.checkConnect(url.getHost(), url.getPort());
}
}
java.awt.Image img = (java.awt.Image) imgCache.get(url);
if (img == null) {
img = tk.createImage(new URLImageSource(url));
imgCache.put(url, img);
}
return img;
}Example 92
| Project: easybeans-master File: JPolicy.java View source code |
// Section 4.8
// J2EE 1.4 container can call Policy.implies or Policy.getPermissions
// with an argument ProtectionDomain that was constructed with the
// principals of the caller.
// Then the caller must call implies method on the returned
// PermissionCollection
/**
* Evaluates the global policy for the permissions granted to the
* ProtectionDomain and tests whether the permission is granted.
* @param domain the ProtectionDomain to test.
* @param permission the Permission object to be tested for implication.
* @return true if "permission" is a proper subset of a permission granted
* to this ProtectionDomain.
*/
@Override
public boolean implies(final ProtectionDomain domain, final Permission permission) {
// Something has reset the policy object, avoid NPE
if (initialPolicy == null) {
return false;
}
if (permission instanceof RuntimePermission || permission instanceof SocketPermission || permission instanceof PropertyPermission || permission instanceof FilePermission || permission instanceof MBeanPermission || permission instanceof ReflectPermission) {
return initialPolicy.implies(domain, permission);
}
// check with context ID
String contextID = PolicyContext.getContextID();
// No context, use existing
if (contextID == null) {
return initialPolicy.implies(domain, permission);
}
if (!(permission instanceof EJBMethodPermission || permission instanceof EJBRoleRefPermission || permission instanceof WebUserDataPermission || permission instanceof WebRoleRefPermission || permission instanceof WebResourcePermission)) {
return initialPolicy.implies(domain, permission);
}
logger.debug("Permission being checked = ''{0}''", permission);
// configuration was committed ?
try {
if (policyConfigurationFactory == null) {
initPolicyConfigurationFactory();
}
if (!policyConfigurationFactory.inService(contextID)) {
logger.debug("Policy configuration factory not in service, return false");
return false;
}
} catch (JPolicyException jpe) {
logger.error("JPolicy.implies.canNotCheck", jpe);
return false;
} catch (PolicyContextException pce) {
logger.error("JPolicy.implies.canNotCheck", pce);
return false;
}
JPolicyConfiguration jPolicyConfiguration = null;
try {
PolicyConfiguration pc = policyConfigurationFactory.getPolicyConfiguration(contextID, false);
if (pc instanceof JPolicyConfiguration) {
jPolicyConfiguration = (JPolicyConfiguration) pc;
} else {
// Maybe it's a delegating policy configuration and we have a
// configuration for this object
jPolicyConfiguration = JPolicyConfigurationKeeper.getConfiguration(contextID);
if (jPolicyConfiguration == null) {
throw new RuntimeException("This policy provider can only manage JPolicyConfiguration objects");
}
}
} catch (PolicyContextException pce) {
logger.error("JPolicy.implies.canNotRetrieve", contextID, pce);
return false;
}
/*
* JACC 3.2 The provider must ensure that excluded policy statements
* take precedence over overlapping unchecked policy statements, and
* that both excluded and unchecked policy statements take precedence
* over overlapping role based policy statements.
*/
PermissionCollection excludedPermissions = jPolicyConfiguration.getExcludedPermissions();
PermissionCollection uncheckedPermissions = jPolicyConfiguration.getUncheckedPermissions();
// debug info.
if (logger.isDebugEnabled()) {
logger.debug("Check permission");
logger.debug("Excluded permissions = " + excludedPermissions);
logger.debug("unchecked permissions = " + uncheckedPermissions);
}
// excluded ?
if (excludedPermissions.implies(permission)) {
logger.debug("Permission ''{0}'' is excluded, return false", permission);
return false;
} else if (uncheckedPermissions.implies(permission)) {
// unchecked
logger.debug("Permission ''{0}'' is unchecked, return true", permission);
return true;
} else {
// per role if any or false
if (domain.getPrincipals().length > 0) {
logger.debug("There are principals, checking principals...");
// check roles
return isImpliedPermissionForPrincipals(jPolicyConfiguration, permission, domain.getPrincipals());
}
// permission not found
logger.debug("Principals length = 0, there is no principal on this domain");
logger.debug("Permission ''{0}'' not found, return false", permission);
return false;
}
}Example 93
| Project: glowroot-master File: PreInitializeWeavingClasses.java View source code |
private static void preInitializeLinkedHashMapKeySetAndKeySetIterator() {
// Resources.toByteArray(), which is used during weaving (see AnalyzedWorld), calls
// java.io.ExpiringCache.get(), which every 300 executions calls
// java.io.ExpiringCache.cleanup() (see stacktrace below)
//
// sometimes this leads to a ClassCircularityError, e.g.
//
// java.lang.ClassCircularityError: java/util/LinkedHashMap$LinkedKeyIterator
// java.util.LinkedHashMap$LinkedKeySet.iterator(LinkedHashMap.java:539)
// java.io.ExpiringCache.cleanup(ExpiringCache.java:119)
// java.io.ExpiringCache.get(ExpiringCache.java:76)
// java.io.UnixFileSystem.canonicalize(UnixFileSystem.java:152)
// java.io.File.getCanonicalPath(File.java:618)
// java.io.FilePermission$1.run(FilePermission.java:215)
// java.io.FilePermission$1.run(FilePermission.java:203)
// java.security.AccessController.doPrivileged(Native Method)
// java.io.FilePermission.init(FilePermission.java:203)
// java.io.FilePermission.<init>(FilePermission.java:277)
// sun.net.www.protocol.file.FileURLConnection.getPermission(FileURLConnection.java:225)
// sun.net.www.protocol.jar.JarFileFactory.getPermission(JarFileFactory.java:156)
// sun.net.www.protocol.jar.JarFileFactory.getCachedJarFile(JarFileFactory.java:126)
// sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:81)
// sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
// sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150)
// java.net.URL.openStream(URL.java:1038)
// com.google.common.io.Resources$UrlByteSource.openStream(Resources.java:72)
// com.google.common.io.ByteSource.read(ByteSource.java:285)
// com.google.common.io.Resources.toByteArray(Resources.java:98)
// org.glowroot.agent.weaving.AnalyzedWorld.createAnalyzedClass(AnalyzedWorld.java:320)
// org.glowroot.agent.weaving.AnalyzedWorld.getOrCreateAnalyzedClass(AnalyzedWorld.java:232)
// org.glowroot.agent.weaving.AnalyzedWorld.getSuperClasses(AnalyzedWorld.java:189)
// org.glowroot.agent.weaving.AnalyzedWorld.getAnalyzedHierarchy(AnalyzedWorld.java:139)
// org.glowroot.agent.weaving.ClassAnalyzer.<init>(ClassAnalyzer.java:108)
// org.glowroot.agent.weaving.Weaver.weaveUnderTimer(Weaver.java:144)
// org.glowroot.agent.weaving.Weaver.weave(Weaver.java:95)
// org.glowroot.agent.weaving.WeavingClassFileTransformer.transformInternal(WeavingClassFileTransformer.java:86)
// org.glowroot.agent.weaving.WeavingClassFileTransformer.transform(WeavingClassFileTransformer.java:65)
// sun.instrument.TransformerManager.transform(TransformerManager.java:188)
// sun.instrument.InstrumentationImpl.transform(InstrumentationImpl.java:428)
//
// but different Java versions have different private implementation classes for
// LinkedHashMap "key set" and "key set iterator", e.g.
// Java 8 uses java.util.LinkedHashMap$LinkedKeySet and
// java.util.LinkedHashMap$LinkedKeyIterator
// while Java 6 and 7 use java.util.HashMap$KeySet and java.util.LinkedHashMap$KeyIterator
//
// so using this code to load the "occasional" dependencies of java.io.ExpiringCache
// instead of loading them by class name
toPreventDeadCodeElimination = new LinkedHashMap<Object, Object>().keySet().iterator();
}Example 94
| Project: spaceout-master File: Display.java View source code |
private static void chooseNewHomeDir() {
try {
AccessController.checkPermission(new FilePermission(Launcher.workingDir, "write"));
} catch (java.security.AccessControlException e) {
}
int ret = JOptionPane.showConfirmDialog(null, "Error: Couldn't get write access to " + Launcher.workingDir + "\nSelect a different directory?", "Write Access Denied", JOptionPane.YES_NO_OPTION, JOptionPane.ERROR_MESSAGE);
if (ret == JOptionPane.YES_OPTION) {
JFileChooser chooser = new JFileChooser();
chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY);
int returnVal = chooser.showOpenDialog(null);
if (returnVal == JFileChooser.APPROVE_OPTION) {
Launcher.workingDir = chooser.getSelectedFile().getAbsolutePath();
if (!Launcher.workingDir.endsWith(System.getProperty("file.separator")))
Launcher.workingDir += System.getProperty("file.separator");
Display.info.setText("Using " + Launcher.workingDir + " as home directory");
}
}
}Example 95
| Project: felix-master File: Permissions.java View source code |
/**
* @param target
* the permission to be implied
* @param bundle
* if not null then allow implicit permissions like file access
* to local data area
* @return true if the permission is implied by this permissions object.
*/
public boolean implies(Permission target, final Bundle bundle) {
if (m_allPermission) {
return true;
}
Class targetClass = target.getClass();
cleanUp(m_queue, m_cache);
if ((bundle != null) && targetClass == FilePermission.class) {
for (int i = 0; i < m_permissionInfos.length; i++) {
if (m_permissionInfos[i].getType().equals(FilePermission.class.getName())) {
String postfix = "";
String name = m_permissionInfos[i].getName();
if (!"<<ALL FILES>>".equals(name)) {
if (name.endsWith("*") || name.endsWith("-")) {
postfix = name.substring(name.length() - 1);
name = name.substring(0, name.length() - 1);
}
if (!(new File(name)).isAbsolute()) {
BundleContext context = (BundleContext) AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
return bundle.getBundleContext();
}
});
if (context == null) {
break;
}
name = m_action.getAbsolutePath(new File(context.getDataFile(""), name));
}
if (postfix.length() > 0) {
if ((name.length() > 0) && !name.endsWith("/")) {
name += "/" + postfix;
} else {
name += postfix;
}
}
}
Permission source = createPermission(new PermissionInfo(FilePermission.class.getName(), name, m_permissionInfos[i].getActions()), targetClass);
if (source.implies(target)) {
return true;
}
}
}
return false;
}
Object current = m_stack.get();
if (current == null) {
m_stack.set(targetClass);
} else {
if (current instanceof HashSet) {
if (((HashSet) current).contains(targetClass)) {
return false;
}
((HashSet) current).add(targetClass);
} else {
if (current == targetClass) {
return false;
}
HashSet frame = new HashSet();
frame.add(current);
frame.add(targetClass);
m_stack.set(frame);
current = frame;
}
}
try {
SoftReference collectionEntry = null;
PermissionCollection collection = null;
synchronized (m_cache) {
collectionEntry = (SoftReference) m_cache.get(targetClass);
}
if (collectionEntry != null) {
collection = (PermissionCollection) collectionEntry.get();
}
if (collection == null) {
collection = target.newPermissionCollection();
if (collection == null) {
collection = new DefaultPermissionCollection();
}
for (int i = 0; i < m_permissionInfos.length; i++) {
PermissionInfo permissionInfo = m_permissionInfos[i];
String infoType = permissionInfo.getType();
String permissionType = targetClass.getName();
if (infoType.equals(permissionType)) {
Permission permission = createPermission(permissionInfo, targetClass);
if (permission != null) {
collection.add(permission);
}
}
}
synchronized (m_cache) {
m_cache.put(new Entry(target.getClass(), m_queue), new SoftReference(collection));
}
}
return collection.implies(target);
} finally {
if (current == null) {
m_stack.set(null);
} else {
((HashSet) current).remove(targetClass);
if (((HashSet) current).isEmpty()) {
m_stack.set(null);
}
}
}
}Example 96
| Project: javablog-master File: JspRuntimeContext.java View source code |
/**
* Method used to initialize SecurityManager data.
*/
private void initSecurity() {
// Setup the PermissionCollection for this web app context
// based on the permissions configured for the root of the
// web app context directory, then add a file read permission
// for that directory.
Policy policy = Policy.getPolicy();
if (policy != null) {
try {
// Get the permissions for the web app context
String docBase = context.getRealPath("/");
if (docBase == null) {
docBase = options.getScratchDir().toString();
}
String codeBase = docBase;
if (!codeBase.endsWith(File.separator)) {
codeBase = codeBase + File.separator;
}
File contextDir = new File(codeBase);
URL url = contextDir.getCanonicalFile().toURL();
codeSource = new CodeSource(url, (Certificate[]) null);
permissionCollection = policy.getPermissions(codeSource);
// Create a file read permission for web app context directory
if (!docBase.endsWith(File.separator)) {
permissionCollection.add(new FilePermission(docBase, "read"));
docBase = docBase + File.separator;
} else {
permissionCollection.add(new FilePermission(docBase.substring(0, docBase.length() - 1), "read"));
}
docBase = docBase + "-";
permissionCollection.add(new FilePermission(docBase, "read"));
// Create a file read permission for web app tempdir (work)
// directory
String workDir = options.getScratchDir().toString();
if (!workDir.endsWith(File.separator)) {
permissionCollection.add(new FilePermission(workDir, "read"));
workDir = workDir + File.separator;
}
workDir = workDir + "-";
permissionCollection.add(new FilePermission(workDir, "read"));
// Allow the JSP to access org.apache.struts2.jasper.runtime.HttpJspBase
permissionCollection.add(new RuntimePermission("accessClassInPackage.org.apache.struts2.jasper.runtime"));
if (parentClassLoader instanceof URLClassLoader) {
URL[] urls = parentClassLoader.getURLs();
String jarUrl = null;
String jndiUrl = null;
for (int i = 0; i < urls.length; i++) {
if (jndiUrl == null && urls[i].toString().startsWith("jndi:")) {
jndiUrl = urls[i].toString() + "-";
}
if (jarUrl == null && urls[i].toString().startsWith("jar:jndi:")) {
jarUrl = urls[i].toString();
jarUrl = jarUrl.substring(0, jarUrl.length() - 2);
jarUrl = jarUrl.substring(0, jarUrl.lastIndexOf('/')) + "/-";
}
}
if (jarUrl != null) {
permissionCollection.add(new FilePermission(jarUrl, "read"));
permissionCollection.add(new FilePermission(jarUrl.substring(4), "read"));
}
if (jndiUrl != null)
permissionCollection.add(new FilePermission(jndiUrl, "read"));
}
} catch (Exception e) {
context.log("Security Init for context failed", e);
}
}
}Example 97
| Project: javahaiku-master File: JspRuntimeContext.java View source code |
/**
* Method used to initialize SecurityManager data.
*/
private void initSecurity() {
// Setup the PermissionCollection for this web app context
// based on the permissions configured for the root of the
// web app context directory, then add a file read permission
// for that directory.
Policy policy = Policy.getPolicy();
if (policy != null) {
try {
// Get the permissions for the web app context
String docBase = context.getRealPath("/");
if (docBase == null) {
docBase = options.getScratchDir().toString();
}
String codeBase = docBase;
if (!codeBase.endsWith(File.separator)) {
codeBase = codeBase + File.separator;
}
File contextDir = new File(codeBase);
URL url = contextDir.getCanonicalFile().toURL();
codeSource = new CodeSource(url, (Certificate[]) null);
permissionCollection = policy.getPermissions(codeSource);
// Create a file read permission for web app context directory
if (!docBase.endsWith(File.separator)) {
permissionCollection.add(new FilePermission(docBase, "read"));
docBase = docBase + File.separator;
} else {
permissionCollection.add(new FilePermission(docBase.substring(0, docBase.length() - 1), "read"));
}
docBase = docBase + "-";
permissionCollection.add(new FilePermission(docBase, "read"));
// Create a file read permission for web app tempdir (work)
// directory
String workDir = options.getScratchDir().toString();
if (!workDir.endsWith(File.separator)) {
permissionCollection.add(new FilePermission(workDir, "read"));
workDir = workDir + File.separator;
}
workDir = workDir + "-";
permissionCollection.add(new FilePermission(workDir, "read"));
// Allow the JSP to access org.apache.struts2.jasper.runtime.HttpJspBase
permissionCollection.add(new RuntimePermission("accessClassInPackage.org.apache.struts2.jasper.runtime"));
if (parentClassLoader instanceof URLClassLoader) {
URL[] urls = parentClassLoader.getURLs();
String jarUrl = null;
String jndiUrl = null;
for (int i = 0; i < urls.length; i++) {
if (jndiUrl == null && urls[i].toString().startsWith("jndi:")) {
jndiUrl = urls[i].toString() + "-";
}
if (jarUrl == null && urls[i].toString().startsWith("jar:jndi:")) {
jarUrl = urls[i].toString();
jarUrl = jarUrl.substring(0, jarUrl.length() - 2);
jarUrl = jarUrl.substring(0, jarUrl.lastIndexOf('/')) + "/-";
}
}
if (jarUrl != null) {
permissionCollection.add(new FilePermission(jarUrl, "read"));
permissionCollection.add(new FilePermission(jarUrl.substring(4), "read"));
}
if (jndiUrl != null)
permissionCollection.add(new FilePermission(jndiUrl, "read"));
}
} catch (Exception e) {
context.log("Security Init for context failed", e);
}
}
}Example 98
| Project: liferay-portal-master File: FileChecker.java View source code |
protected void addPermission(String path, String actions) {
if (_log.isDebugEnabled()) {
_log.debug("Allowing " + actions + " on " + path);
}
String unixPath = PathUtil.toUnixPath(path);
Permission unixPermission = new FilePermission(unixPath, actions);
_permissions.add(unixPermission);
String windowsPath = PathUtil.toWindowsPath(path);
Permission windowsPermission = new FilePermission(windowsPath, actions);
_permissions.add(windowsPermission);
}Example 99
| Project: pretty-printer-master File: SecManager.java View source code |
private void checkPerm(Permission p, String actions, String name) {
if (p instanceof FilePermission) {
File f = new File(name);
if (actions.equals("read") && (onClassPath.contains(name) || onClassPath.contains(f.getAbsolutePath()) || startsWithOKDir(name)))
return;
}
if (p instanceof PropertyPermission) {
if (actions.equals("read")) {
if (!checkStack(noSystemProperty)) {
if (allowProps.contains(name))
return;
if (p.getName().toLowerCase().contains("proxy"))
return;
if (isJenaAnonId(getClassContext())) {
return;
}
}
}
}
if (p instanceof NetPermission && (name.equals("getCookieHandler") || name.equals("getResponseCache") || name.equals("getProxySelector"))) {
if (checkStack(xmlParserStack))
return;
if (checkStack(preparedStylesheetStack))
return;
if (checkStack(importStack))
return;
}
if (p instanceof SocketPermission) {
if (checkStack(xmlParserStack))
return;
if (checkStack(preparedStylesheetStack))
return;
if (checkStack(importStack))
return;
}
if (p instanceof ReflectPermission && name.equals("suppressAccessChecks")) {
if (isJenaAnonId(getClassContext())) {
return;
}
if (checkStack(classLoaderMiniStack))
return;
if (checkStack(accesibleMiniStack))
return;
if (checkStack(accesibleMethodStack))
return;
if (checkStack(methodInvokeStack))
return;
}
if (p instanceof RuntimePermission && name.startsWith("accessClassInPackage.")) {
if (isJenaAnonId(getClassContext())) {
return;
}
}
if (p instanceof RuntimePermission && name.equals("writeFileDescriptor")) {
if (checkStack(preparedStyleSheetWriteSocket))
return;
if (checkStack(xmlParserWriteSocket))
return;
if (checkStack(importWriteSocket))
return;
}
if (p instanceof RuntimePermission && name.equals("readFileDescriptor")) {
if (checkStack(preparedStyleSheetReadSocket))
return;
if (checkStack(xmlParserReadSocket))
return;
if (checkStack(importReadSocket))
return;
}
if (p instanceof RuntimePermission && name.equals("createClassLoader")) {
if (checkStack(classLoaderMiniStack))
return;
if (checkStack(methodInvokeStack))
return;
}
if (p instanceof RuntimePermission && (name.equals("modifyThreadGroup") || name.equals("modifyThread"))) {
if (checkStack(httpClientStack))
return;
}
if (p instanceof SecurityPermission && (name.startsWith("getProperty.") || name.startsWith("putProviderProperty."))) {
if (isJenaAnonId(getClassContext()))
return;
}
throw new SecurityException(p.toString());
}Example 100
| Project: rapidminer-studio-master File: PluginSandboxPolicy.java View source code |
@Override
public Void run() {
String userHome = System.getProperty("user.home");
String tmpDir = System.getProperty("java.io.tmpdir");
String pluginKey = loader.getPluginKey();
// delete access to the general temp directory
permissions.add(new FilePermission(tmpDir, "read, write"));
permissions.add(new FilePermission(tmpDir + "/-", "read, write, delete"));
// .RapidMiner/extensions/workspace folder
if (pluginKey != null) {
String pluginFolder = pluginKey;
permissions.add(new FilePermission(userHome + "/.RapidMiner/extensions", "read"));
permissions.add(new FilePermission(userHome + "/.RapidMiner/extensions/workspace", "read"));
permissions.add(new FilePermission(userHome + "/.RapidMiner/extensions/workspace/" + pluginFolder, "read, write"));
permissions.add(new FilePermission(userHome + "/.RapidMiner/extensions/workspace/" + pluginFolder + "/-", "read, write, delete"));
}
// unfortunately currently we have to give all location permissons to read/write
// files to not block extensions that add "Read/Write xyz" operators
permissions.add(new FilePermission("<<ALL FILES>>", "read, write"));
return null;
}Example 101
| Project: sling-master File: JspRuntimeContext.java View source code |
// -------------------------------------------------------- Private Methods
/**
* Method used to initialize SecurityManager data.
*/
private void initSecurity() {
// Setup the PermissionCollection for this web app context
// based on the permissions configured for the root of the
// web app context directory, then add a file read permission
// for that directory.
Policy policy = Policy.getPolicy();
if (policy != null) {
try {
// Get the permissions for the web app context
String docBase = context.getRealPath("/");
if (docBase == null) {
docBase = options.getScratchDir().toString();
}
String codeBase = docBase;
if (!codeBase.endsWith(File.separator)) {
codeBase = codeBase + File.separator;
}
File contextDir = new File(codeBase);
URL url = contextDir.getCanonicalFile().toURL();
final CodeSource codeSource = new CodeSource(url, (Certificate[]) null);
permissionCollection = policy.getPermissions(codeSource);
// Create a file read permission for web app context directory
if (!docBase.endsWith(File.separator)) {
permissionCollection.add(new FilePermission(docBase, "read"));
docBase = docBase + File.separator;
} else {
permissionCollection.add(new FilePermission(docBase.substring(0, docBase.length() - 1), "read"));
}
docBase = docBase + "-";
permissionCollection.add(new FilePermission(docBase, "read"));
// Create a file read permission for web app tempdir (work)
// directory
String workDir = options.getScratchDir().toString();
if (!workDir.endsWith(File.separator)) {
permissionCollection.add(new FilePermission(workDir, "read"));
workDir = workDir + File.separator;
}
workDir = workDir + "-";
permissionCollection.add(new FilePermission(workDir, "read"));
// Allow the JSP to access org.apache.sling.scripting.jsp.jasper.runtime.HttpJspBase
permissionCollection.add(new RuntimePermission("accessClassInPackage.org.apache.jasper.runtime"));
} catch (final Exception e) {
context.log("Security Init for context failed", e);
}
}
}