@Override public final void accessCheckFailed(final Permission permission, final CodeSource codeSource, final ClassLoader classLoader, final String principals) { log.logf(FQCN, DEBUG, null, accessCheckFailed4$str(), permission, codeSource, classLoader, principals); } private static final String accessCheckFailed4 = "Permission check failed (permission \"%s\" in code source \"%s\" of \"%s\", principals \"%s\")";
@Override public final void accessCheckFailed(final Permission permission, final CodeSource codeSource, final ClassLoader classLoader) { log.logf(FQCN, DEBUG, null, accessCheckFailed3$str(), permission, codeSource, classLoader); } private static final String accessCheckFailed3 = "Permission check failed (permission \"%s\" in code source \"%s\" of \"%s\")";
@Override public final IllegalArgumentException unexpectedActionCharacter(final char ch, final int offset, final String actionString) { final IllegalArgumentException result = new IllegalArgumentException(String.format(getLoggingLocale(), unexpectedActionCharacter$str(), ch, offset, actionString)); final StackTraceElement[] st = result.getStackTrace(); result.setStackTrace(Arrays.copyOfRange(st, 1, st.length)); return result; } private static final String invalidAction = "WFSM000005: Invalid action '%s' at offset %d of '%s'";
private static void checkPDPermission(Class<?> clazz, Permission permission) { final ProtectionDomain protectionDomain; final ClassLoader classLoader; if (getSecurityManager() instanceof WildFlySecurityManager) { protectionDomain = clazz.getProtectionDomain(); classLoader = clazz.getClassLoader(); } else { protectionDomain = doPrivileged(new GetProtectionDomainAction(clazz)); classLoader = doPrivileged(new GetClassLoaderAction(clazz)); } if (protectionDomain.implies(permission)) { return; } access.accessCheckFailed(permission, protectionDomain.getCodeSource(), classLoader); if (! LOG_ONLY) { throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); } }
throw access.secMgrChange(); final ProtectionDomain deniedDomain = findAccessDenial(perm, stack); if (deniedDomain != null) { throw access.accessControlException(perm, perm, deniedDomain.getCodeSource(), deniedDomain.getClassLoader());
@Override public final IllegalArgumentException wrongPermType(final Class<? extends Permission> expectedType, final Permission permission) { final IllegalArgumentException result = new IllegalArgumentException(String.format(getLoggingLocale(), wrongPermType$str(), expectedType, permission)); final StackTraceElement[] st = result.getStackTrace(); result.setStackTrace(Arrays.copyOfRange(st, 1, st.length)); return result; } }
@Override public final IllegalArgumentException invalidName(final String name) { final IllegalArgumentException result = new IllegalArgumentException(String.format(getLoggingLocale(), invalidName$str(), name)); final StackTraceElement[] st = result.getStackTrace(); result.setStackTrace(Arrays.copyOfRange(st, 1, st.length)); return result; } private static final String readOnlyPermCollection = "WFSM000007: Permission collection is read-only";
@Override public final SecurityException readOnlyPermCollection() { final SecurityException result = new SecurityException(String.format(getLoggingLocale(), readOnlyPermCollection$str())); final StackTraceElement[] st = result.getStackTrace(); result.setStackTrace(Arrays.copyOfRange(st, 1, st.length)); return result; } private static final String wrongPermType = "WFSM000008: Invalid permission (expected an instance of %s, but got %s)";
@Override public final SecurityException unknownContext() { final SecurityException result = new SecurityException(String.format(getLoggingLocale(), unknownContext$str())); final StackTraceElement[] st = result.getStackTrace(); result.setStackTrace(Arrays.copyOfRange(st, 1, st.length)); return result; } private static final String unexpectedActionCharacter = "WFSM000004: Unexpected character '%s' at offset %d of '%s'";
@Override public final SecurityException secMgrChange() { final SecurityException result = new SecurityException(String.format(getLoggingLocale(), secMgrChange$str())); final StackTraceElement[] st = result.getStackTrace(); result.setStackTrace(Arrays.copyOfRange(st, 1, st.length)); return result; } private static final String unknownContext = "WFSM000003: Unknown security context type";
@Override public final AccessControlException accessControlException(final Permission permission, final Permission permission_, final CodeSource codeSource, final ClassLoader classLoader) { final AccessControlException result = new AccessControlException(String.format(getLoggingLocale(), accessControlException$str(), permission_, codeSource, classLoader), permission); final StackTraceElement[] st = result.getStackTrace(); result.setStackTrace(Arrays.copyOfRange(st, 1, st.length)); return result; } private static final String secMgrChange = "WFSM000002: Security manager may not be changed";
@Override public final IllegalArgumentException invalidAction(final String action, final int offset, final String actionString) { final IllegalArgumentException result = new IllegalArgumentException(String.format(getLoggingLocale(), invalidAction$str(), action, offset, actionString)); final StackTraceElement[] st = result.getStackTrace(); result.setStackTrace(Arrays.copyOfRange(st, 1, st.length)); return result; } private static final String invalidName = "WFSM000006: Invalid permission name '%s'";
throw permission.unexpectedActionCharacter(c, i, actionString); throw permission.invalidAction(actionString.substring(start, i), start, actionString); throw permission.unexpectedActionCharacter(c, i, actionString);
/** * Perform a permission check. * * @param perm the permission to check * @param context the security context to use for the check (must be an {@link AccessControlContext} instance) * @throws SecurityException if the check fails */ public void checkPermission(final Permission perm, final Object context) throws SecurityException { if (context instanceof AccessControlContext) { checkPermission(perm, (AccessControlContext) context); } else { throw access.unknownContext(); } }
/** * Find the protection domain in the given list which denies a permission, or {@code null} if the permission * check would pass. * * @param permission the permission to test * @param domains the protection domains to try * @return the first denying protection domain, or {@code null} if there is none */ public static ProtectionDomain findAccessDenial(final Permission permission, final ProtectionDomain... domains) { ProtectionDomain deniedDomain = null; if (domains != null) for (ProtectionDomain domain : domains) { if (! domain.implies(permission)) { final CodeSource codeSource = domain.getCodeSource(); final ClassLoader classLoader = domain.getClassLoader(); final Principal[] principals = domain.getPrincipals(); if (principals == null || principals.length == 0) { access.accessCheckFailed(permission, codeSource, classLoader); } else { access.accessCheckFailed(permission, codeSource, classLoader, Arrays.toString(principals)); } if (deniedDomain == null && ! LOG_ONLY) { deniedDomain = domain; } } } return deniedDomain; }
private static void checkPropertyReadPermission(Class<?> clazz, String propertyName) { final ProtectionDomain protectionDomain; final ClassLoader classLoader; if (getSecurityManager() instanceof WildFlySecurityManager) { protectionDomain = clazz.getProtectionDomain(); classLoader = clazz.getClassLoader(); } else { protectionDomain = doPrivileged(new GetProtectionDomainAction(clazz)); classLoader = doPrivileged(new GetClassLoaderAction(clazz)); } if (protectionDomain.implies(PROPERTIES_PERMISSION)) { return; } final PropertyPermission permission = new PropertyPermission(propertyName, "read"); if (protectionDomain.implies(permission)) { return; } access.accessCheckFailed(permission, protectionDomain.getCodeSource(), classLoader); if (! LOG_ONLY) { throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); } }
@Override public final void accessCheckFailed(final Permission permission, final CodeSource codeSource, final ClassLoader classLoader, final String principals) { log.logf(FQCN, DEBUG, null, accessCheckFailed4$str(), permission, codeSource, classLoader, principals); } private static final String accessCheckFailed4 = "Permission check failed (permission \"%s\" in code source \"%s\" of \"%s\", principals \"%s\")";
@Override public final void accessCheckFailed(final Permission permission, final CodeSource codeSource, final ClassLoader classLoader) { log.logf(FQCN, DEBUG, null, accessCheckFailed3$str(), permission, codeSource, classLoader); } private static final String accessCheckFailed3 = "Permission check failed (permission \"%s\" in code source \"%s\" of \"%s\")";
private static void checkEnvPropertyReadPermission(Class<?> clazz, String propertyName) { final ProtectionDomain protectionDomain; final ClassLoader classLoader; if (getSecurityManager() instanceof WildFlySecurityManager) { protectionDomain = clazz.getProtectionDomain(); classLoader = clazz.getClassLoader(); } else { protectionDomain = doPrivileged(new GetProtectionDomainAction(clazz)); classLoader = doPrivileged(new GetClassLoaderAction(clazz)); } if (protectionDomain.implies(ENVIRONMENT_PERMISSION)) { return; } final RuntimePermission permission = new RuntimePermission("getenv." + propertyName); if (protectionDomain.implies(permission)) { return; } access.accessCheckFailed(permission, protectionDomain.getCodeSource(), classLoader); if (! LOG_ONLY) { throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); } }
private static void checkPropertyWritePermission(Class<?> clazz, String propertyName) { final ProtectionDomain protectionDomain; final ClassLoader classLoader; if (getSecurityManager() instanceof WildFlySecurityManager) { protectionDomain = clazz.getProtectionDomain(); classLoader = clazz.getClassLoader(); } else { protectionDomain = doPrivileged(new GetProtectionDomainAction(clazz)); classLoader = doPrivileged(new GetClassLoaderAction(clazz)); } if (protectionDomain.implies(PROPERTIES_PERMISSION)) { return; } final PropertyPermission permission = new PropertyPermission(propertyName, "write"); if (protectionDomain.implies(permission)) { return; } access.accessCheckFailed(permission, protectionDomain.getCodeSource(), classLoader); if (! LOG_ONLY) { throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); } }