Refine search
protected PermissionCollection getPermissions(CodeSource codeSource) { PermissionCollection perms; try { try { perms = super.getPermissions(codeSource); } catch (SecurityException e) { // We lied about our CodeSource and that makes URLClassLoader unhappy. perms = new Permissions(); } ProtectionDomain myDomain = AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() { public ProtectionDomain run() { return getClass().getProtectionDomain(); } }); PermissionCollection myPerms = myDomain.getPermissions(); if (myPerms != null) { for (Enumeration<Permission> elements = myPerms.elements(); elements.hasMoreElements();) { perms.add(elements.nextElement()); } } } catch (Throwable e) { // We lied about our CodeSource and that makes URLClassLoader unhappy. perms = new Permissions(); } perms.setReadOnly(); return perms; }
Object readResolve() { final PermissionCollection collection = s.newPermissionCollection(); for (Permission permission : p) { collection.add(permission); } if (r) collection.setReadOnly(); return collection; } }
/** * Create a permission collection that is the union of two permission collections. The permission * collections must be read-only. * * @param pc1 the first permission collection (must not be {@code null}) * @param pc2 the second permission collection (must not be {@code null}) * @return a new permission collection that is the union of the two collections (not {@code null}) */ public static PermissionCollection union(PermissionCollection pc1, PermissionCollection pc2) { Assert.checkNotNullParam("pc1", pc1); Assert.checkNotNullParam("pc2", pc2); if (! pc1.isReadOnly() || ! pc2.isReadOnly()) { throw ElytronMessages.log.permissionCollectionMustBeReadOnly(); } if (pc1.implies(ALL_PERMISSION) || pc2.implies(ALL_PERMISSION)) { return ALL_PERMISSIONS; } else { return new UnionPermissionCollection(pc1, pc2); } }
void addToUncheckedPolicy(PermissionCollection permissions) throws PolicyContextException { Enumeration<Permission> iter = permissions.elements(); while( iter.hasMoreElements() ) { Permission p = iter.nextElement(); uncheckedPermissions.add(p); } }
@Override public void addToExcludedPolicy(PermissionCollection permissions) throws PolicyContextException { checkNotNullParam("permissions", permissions); Enumeration<Permission> elements = permissions.elements(); while (elements.hasMoreElements()) { addToExcludedPolicy(elements.nextElement()); } }
public PermissionCollection getPermissions(ProtectionDomain domain) { PermissionCollection pc = super.getPermissions(domain); PermissionCollection delegated = delegate.getPermissions(domain); for (Enumeration<Permission> e = delegated.elements(); e.hasMoreElements();) { Permission p = (Permission) e.nextElement(); pc.add(p); } return pc; }
private AuthorizationResult authorize(PermissionCollection userPermissions, PermissionCollection requiredPermissions) { final Enumeration<Permission> enumeration = requiredPermissions.elements(); while (enumeration.hasMoreElements()){ Permission requiredPermission = enumeration.nextElement(); if (!userPermissions.implies(requiredPermission)) { return new AuthorizationResult(AuthorizationResult.Decision.DENY, new ModelNode(ControllerLogger.ROOT_LOGGER.permissionDenied())); } } return AuthorizationResult.PERMITTED; }
protected PermissionCollection getPermissions(final CodeSource codesource) { PermissionCollection pc = super.getPermissions(codesource); URL u = codesource.getLocation(); if (u.getProtocol().equals("jar")) { try { u = ((JarURLConnection) u.openConnection()).getJarFileURL(); } catch (IOException e) { if (u.getProtocol().equals("file")) { String path = u.getFile(); String host = u.getHost(); pc.add(new FilePermission(path + "-", "read")); } else { pc.add(new FilePermission(path, "read")); host = "localhost"; pc.add(new SocketPermission(host, "connect, accept"));
/** * Get the Permissions for a CodeSource. If this instance * of WebappClassLoaderBase is for a web application context, * add read FilePermission for the appropriate resources. * * @param codeSource where the code was loaded from * @return PermissionCollection for CodeSource */ @Override protected PermissionCollection getPermissions(CodeSource codeSource) { String codeUrl = codeSource.getLocation().toString(); PermissionCollection pc; if ((pc = loaderPC.get(codeUrl)) == null) { pc = super.getPermissions(codeSource); if (pc != null) { for (Permission p : permissionList) { pc.add(p); } loaderPC.put(codeUrl,pc); } } return pc; }
public PermissionCollection getPermissions(CodeSource codesource) { URL url = codesource.getLocation(); if (url != null) { // Is this us? if (url.equals(codeSourceLocation)) return allPermissions(); // Is this a test location? File file = new File(url.toString()); String name = file.getName(); if (name.indexOf("tests") != -1 || name.indexOf("test-classes") != -1 || name.indexOf("-test.jar") != -1) { PermissionCollection pc = noPermissions(); Iterator iter = classPermissions.iterator(); while( iter.hasNext() ) { Permission p = (Permission) iter.next(); pc.add(p); } return pc; } } return allPermissions(); } }
new FilePermission("", "read").newPermissionCollection(); for (URL url : ClassPath.Scanner.parseJavaClassPath()) { if (url.getProtocol().equalsIgnoreCase("file")) { file = new File(url.toURI()); readClassPathFiles.add(new FilePermission(file.getAbsolutePath(), "read"));
URL location = codeSource.getLocation(); if (BootstrapInfo.UNTRUSTED_CODEBASE.equals(location.getFile())) { return untrusted.implies(domain, permission); Policy plugin = plugins.get(location.getFile()); if (plugin != null && plugin.implies(domain, permission)) { return true; return template.implies(domain, permission) || dynamic.implies(permission) || system.implies(domain, permission);
protected static Permission convertTempDirPermission(PermissionCollection revisedPC, DeploymentContext context, FilePermission perm) throws MalformedURLException { if (!isFilePermforTempDir(perm)) { return perm; } String actions = perm.getActions(); if (context.getScratchDir("jsp") != null) { String jspdir = context.getScratchDir("jsp").toURI().toURL().toString(); Permission jspDirPerm = new FilePermission(jspdir, actions); revisedPC.add(jspDirPerm); Permission jspPerm = new FilePermission(jspdir + File.separator + "-", actions); revisedPC.add(jspPerm); return jspPerm; } return perm; }
/** * @param permissions * @param codeSource */ private static void augmentPermissionsForAllowedCodeSources(PermissionCollection permissions, CodeSource codeSource) { String fullPath = codeSource.getLocation().getPath(); Set<Permission> foundPermissions = GrantedPermissions.getPermissionsForPath(fullPath); if (foundPermissions.size() > 0) { for (Permission permission : foundPermissions) { log.info("[SERVER STACK] Adding {} permission for location {}", permission, fullPath); permissions.add(permission); } } }
@Override public boolean implies(ProtectionDomain domain, Permission permission) { String path = domain.getCodeSource().getLocation().getPath(); PermissionCollection pc; synchronized (cache) { pc = cache.get(path); } if (pc == null) { pc = getPermissions(domain); synchronized (cache) { cache.put(path, pc); } } return pc.implies(permission); }
/** */ @Override public boolean implies(final ProtectionDomain pd, final Permission p) { // NYI! Optimize here for framework.jar + bootclasses? final CodeSource cs = null != pd ? pd.getCodeSource() : null; final URL u = null != cs ? cs.getLocation() : null; if (u != null && BundleURLStreamHandler.PROTOCOL.equals(u.getProtocol())) { final PermissionCollection pc = getPermissions(cs); return (pc == null) ? false : pc.implies(p); } else { final Boolean res = AccessController.doPrivileged(new PrivilegedAction<Boolean>() { public Boolean run() { return new Boolean(defaultPolicy.implies(pd, p)); } }); return res.booleanValue(); } }
@Override public PermissionCollection getPermissions(CodeSource codeSource) { PermissionCollection permissions = super.getPermissions(codeSource); boolean isOnBaseStack = false; for (ProtectionDomain baseStackDomain : baseStackDomains) { if (baseStackDomain.getCodeSource().equals(codeSource)) { permissions.add(new AllPermission()); log.info("[BASE STACK] Granting <AllPermission> to code source location {}.", codeSource.getLocation()); isOnBaseStack = true; break; } } if (!isOnBaseStack) { augmentPermissionsForAllowedCodeSources(permissions, codeSource); } return permissions; } });
@Override public boolean check(Permission permission) { if (!Globals.IS_SECURITY_ENABLED) { return true; } Policy currentPolicy = Policy.getPolicy(); if (currentPolicy != null) { URL contextRootUrl = resources.getResource("/").getCodeBase(); CodeSource cs = new CodeSource(contextRootUrl, (Certificate[]) null); PermissionCollection pc = currentPolicy.getPermissions(cs); if (pc.implies(permission)) { return true; } } return false; }
protected PermissionCollection createPermissions(CodeSource cs, InputOutput io) { PermissionCollection allPerms = new Permissions(); allPerms.add(new AllPermission()); allPerms.setReadOnly(); return allPerms; }