private static void checkPropertyWritePermission(Class<?> clazz, String propertyName) { final ProtectionDomain protectionDomain; final ClassLoader classLoader; if (getSecurityManager() instanceof WildFlySecurityManager) { protectionDomain = clazz.getProtectionDomain(); classLoader = clazz.getClassLoader(); } else { protectionDomain = doPrivileged(new GetProtectionDomainAction(clazz)); classLoader = doPrivileged(new GetClassLoaderAction(clazz)); } if (protectionDomain.implies(PROPERTIES_PERMISSION)) { return; } final PropertyPermission permission = new PropertyPermission(propertyName, "write"); if (protectionDomain.implies(permission)) { return; } access.accessCheckFailed(permission, protectionDomain.getCodeSource(), classLoader); if (! LOG_ONLY) { throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); } }
private static void checkPDPermission(Class<?> clazz, Permission permission) { final ProtectionDomain protectionDomain; final ClassLoader classLoader; if (getSecurityManager() instanceof WildFlySecurityManager) { protectionDomain = clazz.getProtectionDomain(); classLoader = clazz.getClassLoader(); } else { protectionDomain = doPrivileged(new GetProtectionDomainAction(clazz)); classLoader = doPrivileged(new GetClassLoaderAction(clazz)); } if (protectionDomain.implies(permission)) { return; } access.accessCheckFailed(permission, protectionDomain.getCodeSource(), classLoader); if (! LOG_ONLY) { throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); } }
private static void checkEnvPropertyReadPermission(Class<?> clazz, String propertyName) { final ProtectionDomain protectionDomain; final ClassLoader classLoader; if (getSecurityManager() instanceof WildFlySecurityManager) { protectionDomain = clazz.getProtectionDomain(); classLoader = clazz.getClassLoader(); } else { protectionDomain = doPrivileged(new GetProtectionDomainAction(clazz)); classLoader = doPrivileged(new GetClassLoaderAction(clazz)); } if (protectionDomain.implies(ENVIRONMENT_PERMISSION)) { return; } final RuntimePermission permission = new RuntimePermission("getenv." + propertyName); if (protectionDomain.implies(permission)) { return; } access.accessCheckFailed(permission, protectionDomain.getCodeSource(), classLoader); if (! LOG_ONLY) { throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); } }
private static void checkPropertyReadPermission(Class<?> clazz, String propertyName) { final ProtectionDomain protectionDomain; final ClassLoader classLoader; if (getSecurityManager() instanceof WildFlySecurityManager) { protectionDomain = clazz.getProtectionDomain(); classLoader = clazz.getClassLoader(); } else { protectionDomain = doPrivileged(new GetProtectionDomainAction(clazz)); classLoader = doPrivileged(new GetClassLoaderAction(clazz)); } if (protectionDomain.implies(PROPERTIES_PERMISSION)) { return; } final PropertyPermission permission = new PropertyPermission(propertyName, "read"); if (protectionDomain.implies(permission)) { return; } access.accessCheckFailed(permission, protectionDomain.getCodeSource(), classLoader); if (! LOG_ONLY) { throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); } }
/** * Find the protection domain in the given list which denies a permission, or {@code null} if the permission * check would pass. * * @param permission the permission to test * @param domains the protection domains to try * @return the first denying protection domain, or {@code null} if there is none */ public static ProtectionDomain findAccessDenial(final Permission permission, final ProtectionDomain... domains) { ProtectionDomain deniedDomain = null; if (domains != null) for (ProtectionDomain domain : domains) { if (! domain.implies(permission)) { final CodeSource codeSource = domain.getCodeSource(); final ClassLoader classLoader = domain.getClassLoader(); final Principal[] principals = domain.getPrincipals(); if (principals == null || principals.length == 0) { access.accessCheckFailed(permission, codeSource, classLoader); } else { access.accessCheckFailed(permission, codeSource, classLoader, Arrays.toString(principals)); } if (deniedDomain == null && ! LOG_ONLY) { deniedDomain = domain; } } } return deniedDomain; }
if (protectionDomain.implies(permission)) { return;
/** * Enables customisation of permission check. * @param pd protection domain to be checked. * @param p permission to be checked. * @return true if ProtectionDomain pd has Permission p. */ protected boolean checkPermission(ProtectionDomain pd, Permission p){ return pd.implies(p); }
boolean superImplies(Permission permission) { return super.implies(permission); }
@Override public boolean implies(Permission permission) { return delegate.implies(permission); }
/** * Determine if the permission collection of this protection domain implies the given permission. This is * just a shortcut for calling {@code getPermissions().implies(permission)}. * * @param permission the permission to check (must not be {@code null}) * @return {@code true} if the permission is implied, {@code false} otherwise. */ public boolean implies(final Permission permission) { return dynamic ? super.implies(permission) : getPermissions().implies(permission); }
private ProtectionDomain create(ProtectionDomain domain) { if (domain.implies(ACCESS_DECLARED_MEMBERS_PERMISSION)) { return domain; } PermissionCollection permissions = domain.getPermissions(); PermissionCollection proxyPermissions = new Permissions(); if (permissions != null) { Enumeration<Permission> permissionElements = permissions.elements(); while (permissionElements.hasMoreElements()) { proxyPermissions.add(permissionElements.nextElement()); } } proxyPermissions.add(ACCESS_DECLARED_MEMBERS_PERMISSION); return new ProtectionDomain(domain.getCodeSource(), proxyPermissions); }
private ProtectionDomain create(ProtectionDomain domain) { if (domain.implies(ACCESS_DECLARED_MEMBERS_PERMISSION)) { return domain; } PermissionCollection permissions = domain.getPermissions(); PermissionCollection proxyPermissions = new Permissions(); if (permissions != null) { Enumeration<Permission> permissionElements = permissions.elements(); while (permissionElements.hasMoreElements()) { proxyPermissions.add(permissionElements.nextElement()); } } proxyPermissions.add(ACCESS_DECLARED_MEMBERS_PERMISSION); return new ProtectionDomain(domain.getCodeSource(), proxyPermissions); }
/** * Check for permission to listen to a service. */ static boolean hasListenServicePermission(ServiceEvent event, BundleContextImpl context) { ProtectionDomain domain = context.getBundleImpl().getProtectionDomain(); if (domain == null) { return true; } return domain.implies(new ServicePermission(event.getServiceReference(), ServicePermission.GET)); }
/** * Check for permission to listen to a service. */ static boolean hasListenServicePermission(ServiceEvent event, BundleContextImpl context) { ProtectionDomain domain = context.getBundleImpl().getProtectionDomain(); if (domain == null) { return true; } return domain.implies(new ServicePermission(event.getServiceReference(), ServicePermission.GET)); }
/** * Check for permission to listen to a service. */ static boolean hasListenServicePermission(ServiceEvent event, BundleContextImpl context) { ModuleRevision revision = context.getBundleImpl().getModule().getCurrentRevision(); if (revision == null) { return false; } ProtectionDomain domain = ((Generation) revision.getRevisionInfo()).getDomain(); if (domain == null) { return true; } return domain.implies(new ServicePermission(event.getServiceReference(), ServicePermission.GET)); }
/** * Check for permission to listen to a service. */ static boolean hasListenServicePermission(ServiceEvent event, BundleContextImpl context) { ModuleRevision revision = context.getBundleImpl().getModule().getCurrentRevision(); if (revision == null) { return false; } ProtectionDomain domain = ((Generation) revision.getRevisionInfo()).getDomain(); if (domain == null) { return true; } return domain.implies(new ServicePermission(event.getServiceReference(), ServicePermission.GET)); }
/** * Check for permission to listen to a service. */ static boolean hasListenServicePermission(ServiceEvent event, BundleContextImpl context) { ModuleRevision revision = context.getBundleImpl().getModule().getCurrentRevision(); if (revision == null) { return false; } ProtectionDomain domain = ((Generation) revision.getRevisionInfo()).getDomain(); if (domain == null) { return true; } return domain.implies(new ServicePermission(event.getServiceReference(), ServicePermission.GET)); }
/** * Check for permission to listen to a service. */ static boolean hasListenServicePermission(ServiceEvent event, BundleContextImpl context) { ModuleRevision revision = context.getBundleImpl().getModule().getCurrentRevision(); if (revision == null) { return false; } ProtectionDomain domain = ((Generation) revision.getRevisionInfo()).getDomain(); if (domain == null) { return true; } return domain.implies(new ServicePermission(event.getServiceReference(), ServicePermission.GET)); }
/** * Check for permission to listen to a service. */ static boolean hasListenServicePermission(ServiceEvent event, BundleContextImpl context) { ModuleRevision revision = context.getBundleImpl().getModule().getCurrentRevision(); if (revision == null) { return false; } ProtectionDomain domain = ((Generation) revision.getRevisionInfo()).getDomain(); if (domain == null) { return true; } return domain.implies(new ServicePermission(event.getServiceReference(), ServicePermission.GET)); }