/** * {@link #doPrivileged(PrivilegedAction, Collection)} with no permissions. * * @param <T> the return type * @param privilegedAction the {@link PrivilegedAction} to execute * @return return value of the privileged action */ public static <T> T doPrivileged(PrivilegedAction<T> privilegedAction) { return doPrivileged(privilegedAction, Collections.<Permission>emptyList()); }
/** * Initializer for this class. Logs whether the security manager is enabled or not. */ public CoreSpringModuleConfig() { LOGGER.debug("Security manager is " + (SecurityManagerHelper.isSecurityManagerEnabled() ? "ENABLED" : "DISABLED")); }
/** * {@link #doPrivileged(PrivilegedAction, Collection)} with no permissions. * * @param <T> the return type * @param privilegedAction the {@link PrivilegedAction} to execute * @return return value of the privileged action */ public static <T> T doPrivileged(PrivilegedAction<T> privilegedAction) { return doPrivileged(privilegedAction, Collections.<Permission>emptyList()); }
/** * Initializer for this class. Logs whether the security manager is enabled or not. */ public CoreSpringModuleConfig() { LOGGER.debug("Security manager is " + (SecurityManagerHelper.isSecurityManagerEnabled() ? "ENABLED" : "DISABLED")); }
/** * {@inheritDoc} * Executes the script under a script manager with no permissions. */ @Override protected Object evaluate(final String script, final String language, final Bindings bindings) { return SecurityManagerHelper.doPrivileged(new PrivilegedAction<Object>() { @Override public Object run() { return SecuredScriptingEngines.super.evaluate(script, language, bindings); } }, Arrays.asList(new RuntimePermission("accessDeclaredMembers"), new ReflectPermission("suppressAccessChecks"))); } }
/** * When {@link org.finra.herd.core.helper.SecurityManagerHelper#doPrivileged(PrivilegedAction)} is called which executes an action restricted by security manager, the method should * throw an {@link AccessControlException}. * If SecurityManager is disabled, this test asserts that no exception was thrown. */ @Test public void testDoPrivilegedWhenNoPermissionsRestrictedActionThrows() { Class<? extends Exception> expectedExceptionType = null; if (SecurityManagerHelper.isSecurityManagerEnabled()) { expectedExceptionType = AccessControlException.class; } testDoPrivileged(expectedExceptionType, new PrivilegedAction<Void>() { @Override public Void run() { System.getProperty("test"); return null; } }); }
/** * {@inheritDoc} * Executes the script under a script manager with no permissions. */ @Override protected Object evaluate(final String script, final String language, final Bindings bindings) { return SecurityManagerHelper.doPrivileged(new PrivilegedAction<Object>() { @Override public Object run() { return SecuredScriptingEngines.super.evaluate(script, language, bindings); } }, Arrays.asList(new RuntimePermission("accessDeclaredMembers"), new ReflectPermission("suppressAccessChecks"))); } }
/** * Asserts that an {@link AccessControlException} is thrown when a SecurityManager restricted action is taken under * {@link SecurityManagerHelper#doPrivileged(PrivilegedAction, Collection)} where a permission is given, but it does not match the action that is being * executed. * This test asserts that no exception is thrown when {@link SecurityManager} is disabled. */ @Test public void testDoPrivilegedWhenNoMatchingPermission() { Class<? extends Exception> expectedException = null; if (SecurityManagerHelper.isSecurityManagerEnabled()) { expectedException = AccessControlException.class; } testDoPrivileged(expectedException, new PrivilegedAction<Void>() { @Override public Void run() { System.getProperty("test"); return null; } }, Arrays.<Permission> asList(new PropertyPermission("anotherValue", "read"))); }
/** * Asserts what the thrown exception is when {@link SecurityManagerHelper#doPrivileged(PrivilegedAction)} is called. If expectedExceptionType is null, no * exceptions are expected to be thrown. * * @param expectedExceptionType the expected thrown exception, or null * @param privilegedAction the action to execute */ private void testDoPrivileged(Class<? extends Exception> expectedExceptionType, PrivilegedAction<Void> privilegedAction) { try { SecurityManagerHelper.doPrivileged(privilegedAction); if (expectedExceptionType != null) { Assert.fail("expected " + expectedExceptionType + ", but no exception was thrown"); } } catch (Exception e) { if (expectedExceptionType == null) { Assert.fail("unexpected exception thrown " + e); } else { Assert.assertEquals("thrown exception type", expectedExceptionType, e.getClass()); } } }
SecurityManagerHelper.doPrivileged(privilegedAction, permissions);