Java 类java.security.PermissionCollection 实例源码
项目:lazycat
文件:WebappClassLoaderBase.java
/**
* Get the Permissions for a CodeSource. If this instance of
* WebappClassLoaderBase is for a web application context, add read
* FilePermission or JndiPermissions for the base directory (if unpacked),
* the context URL, and jar file resources.
*
* @param codeSource
* where the code was loaded from
* @return PermissionCollection for CodeSource
*/
@Override
protected PermissionCollection getPermissions(CodeSource codeSource) {
String codeUrl = codeSource.getLocation().toString();
PermissionCollection pc;
if ((pc = loaderPC.get(codeUrl)) == null) {
pc = super.getPermissions(codeSource);
if (pc != null) {
Iterator<Permission> perms = permissionList.iterator();
while (perms.hasNext()) {
Permission p = perms.next();
pc.add(p);
}
loaderPC.put(codeUrl, pc);
}
}
return (pc);
}
项目:elasticsearch_my
文件:EvilSecurityTests.java
/**
* checks exact file permissions, meaning those and only those for that path.
*/
static void assertExactPermissions(FilePermission expected, PermissionCollection actual) {
String target = expected.getName(); // see javadocs
Set<String> permissionSet = asSet(expected.getActions().split(","));
boolean read = permissionSet.remove("read");
boolean readlink = permissionSet.remove("readlink");
boolean write = permissionSet.remove("write");
boolean delete = permissionSet.remove("delete");
boolean execute = permissionSet.remove("execute");
assertTrue("unrecognized permission: " + permissionSet, permissionSet.isEmpty());
assertEquals(read, actual.implies(new FilePermission(target, "read")));
assertEquals(readlink, actual.implies(new FilePermission(target, "readlink")));
assertEquals(write, actual.implies(new FilePermission(target, "write")));
assertEquals(delete, actual.implies(new FilePermission(target, "delete")));
assertEquals(execute, actual.implies(new FilePermission(target, "execute")));
}
项目:tomcat7
文件:WebappClassLoaderBase.java
/**
* Get the Permissions for a CodeSource. If this instance
* of WebappClassLoaderBase is for a web application context,
* add read FilePermission or JndiPermissions for the base
* directory (if unpacked),
* the context URL, and jar file resources.
*
* @param codeSource where the code was loaded from
* @return PermissionCollection for CodeSource
*/
@Override
protected PermissionCollection getPermissions(CodeSource codeSource) {
String codeUrl = codeSource.getLocation().toString();
PermissionCollection pc;
if ((pc = loaderPC.get(codeUrl)) == null) {
pc = super.getPermissions(codeSource);
if (pc != null) {
Iterator<Permission> perms = permissionList.iterator();
while (perms.hasNext()) {
Permission p = perms.next();
pc.add(p);
}
loaderPC.put(codeUrl,pc);
}
}
return (pc);
}
项目:OpenJSharp
文件:Activation.java
private static PermissionCollection getExecPermissions() {
/*
* The approach used here is taken from the similar method
* getLoaderAccessControlContext() in the class
* sun.rmi.server.LoaderHandler.
*/
// obtain permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource =
new CodeSource(null, (Certificate[]) null);
Policy p = Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
return perms;
}
项目:jerrydog
文件:StandardClassLoader.java
/**
* Get the Permissions for a CodeSource. If this instance
* of StandardClassLoader is for a web application context,
* add read FilePermissions for the base directory (if unpacked),
* the context URL, and jar file resources.
*
* @param CodeSource where the code was loaded from
* @return PermissionCollection for CodeSource
*/
protected final PermissionCollection getPermissions(CodeSource codeSource) {
if (!policy_refresh) {
// Refresh the security policies
Policy policy = Policy.getPolicy();
policy.refresh();
policy_refresh = true;
}
String codeUrl = codeSource.getLocation().toString();
PermissionCollection pc;
if ((pc = (PermissionCollection)loaderPC.get(codeUrl)) == null) {
pc = super.getPermissions(codeSource);
if (pc != null) {
Iterator perms = permissionList.iterator();
while (perms.hasNext()) {
Permission p = (Permission)perms.next();
pc.add(p);
}
loaderPC.put(codeUrl,pc);
}
}
return (pc);
}
项目:jerrydog
文件:WebappClassLoader.java
/**
* Get the Permissions for a CodeSource. If this instance
* of WebappClassLoader is for a web application context,
* add read FilePermission or JndiPermissions for the base
* directory (if unpacked),
* the context URL, and jar file resources.
*
// * @param CodeSource where the code was loaded from
* @return PermissionCollection for CodeSource
*/
protected PermissionCollection getPermissions(CodeSource codeSource) {
String codeUrl = codeSource.getLocation().toString();
PermissionCollection pc;
if ((pc = (PermissionCollection)loaderPC.get(codeUrl)) == null) {
pc = super.getPermissions(codeSource);
if (pc != null) {
Iterator perms = permissionList.iterator();
while (perms.hasNext()) {
Permission p = (Permission)perms.next();
pc.add(p);
}
loaderPC.put(codeUrl,pc);
}
}
return (pc);
}
项目:apache-tomcat-7.0.73-with-comment
文件:WebappClassLoaderBase.java
/**
* Get the Permissions for a CodeSource. If this instance
* of WebappClassLoaderBase is for a web application context,
* add read FilePermission or JndiPermissions for the base
* directory (if unpacked),
* the context URL, and jar file resources.
*
* @param codeSource where the code was loaded from
* @return PermissionCollection for CodeSource
*/
@Override
protected PermissionCollection getPermissions(CodeSource codeSource) {
String codeUrl = codeSource.getLocation().toString();
PermissionCollection pc;
if ((pc = loaderPC.get(codeUrl)) == null) {
pc = super.getPermissions(codeSource);
if (pc != null) {
Iterator<Permission> perms = permissionList.iterator();
while (perms.hasNext()) {
Permission p = perms.next();
pc.add(p);
}
loaderPC.put(codeUrl,pc);
}
}
return (pc);
}
项目:apache-tomcat-7.0.73-with-comment
文件:WebappClassLoaderBase.java
@Override
public boolean check(Permission permission) {
if (!Globals.IS_SECURITY_ENABLED) {
return true;
}
Policy currentPolicy = Policy.getPolicy();
if (currentPolicy != null) {
ResourceEntry entry = findResourceInternal("/", "/", false);
if (entry != null) {
CodeSource cs = new CodeSource(
entry.codeBase, (java.security.cert.Certificate[]) null);
PermissionCollection pc = currentPolicy.getPermissions(cs);
if (pc.implies(permission)) {
return true;
}
}
}
return false;
}
项目:jdk8u-jdk
文件:Activation.java
/**
* Prints warning message if installed Policy is the default Policy
* implementation and globally granted permissions do not include
* AllPermission or any ExecPermissions/ExecOptionPermissions.
*/
static void checkConfiguration() {
Policy policy =
AccessController.doPrivileged(new PrivilegedAction<Policy>() {
public Policy run() {
return Policy.getPolicy();
}
});
if (!(policy instanceof PolicyFile)) {
return;
}
PermissionCollection perms = getExecPermissions();
for (Enumeration<Permission> e = perms.elements();
e.hasMoreElements();)
{
Permission p = e.nextElement();
if (p instanceof AllPermission ||
p instanceof ExecPermission ||
p instanceof ExecOptionPermission)
{
return;
}
}
System.err.println(getTextResource("rmid.exec.perms.inadequate"));
}
项目:openjdk-jdk10
文件:HandlersOnComplexUpdate.java
public PermissionsBuilder addAll(PermissionCollection col) {
if (col != null) {
for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
perms.add(e.nextElement());
}
}
return this;
}
项目:openjdk-jdk10
文件:LogManagerAppContextDeadlock.java
public PermissionsBuilder addAll(PermissionCollection col) {
if (col != null) {
for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
perms.add(e.nextElement());
}
}
return this;
}
项目:openjdk-jdk10
文件:SimpleUpdateConfigurationTest.java
public PermissionCollection permissions() {
PermissionsBuilder builder = new PermissionsBuilder();
if (allowAll.get().get()) {
builder.addAll(all);
} else {
builder.addAll(basic);
if (allowControl.get().get()) {
builder.addAll(control);
}
}
return builder.toPermissions();
}
项目:incubator-netbeans
文件:DriverClassLoader.java
protected PermissionCollection getPermissions(CodeSource codesource) {
Permissions permissions = new Permissions();
permissions.add(new AllPermission());
permissions.setReadOnly();
return permissions;
}
项目:incubator-netbeans
文件:CustomClassLoader.java
@Override
protected PermissionCollection getPermissions(CodeSource codeSource) {
Permissions perms = new Permissions();
perms.add(new AllPermission());
perms.setReadOnly();
return perms;
}
项目:openjdk-jdk10
文件:DefaultLoggerTest.java
public PermissionsBuilder addAll(PermissionCollection col) {
if (col != null) {
for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
perms.add(e.nextElement());
}
}
return this;
}
项目:openjdk-jdk10
文件:DefaultLoggerFinderTest.java
public PermissionsBuilder addAll(PermissionCollection col) {
if (col != null) {
for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
perms.add(e.nextElement());
}
}
return this;
}
项目:elasticsearch_my
文件:ESPolicyUnitTests.java
/**
* test with null location
* <p>
* its unclear when/if this happens, see https://bugs.openjdk.java.net/browse/JDK-8129972
*/
public void testNullLocation() throws Exception {
assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
PermissionCollection noPermissions = new Permissions();
ESPolicy policy = new ESPolicy(noPermissions, Collections.emptyMap(), true);
assertFalse(policy.implies(new ProtectionDomain(new CodeSource(null, (Certificate[]) null), noPermissions),
new FilePermission("foo", "read")));
}
项目:elasticsearch_my
文件:ESPolicy.java
@Override
public PermissionCollection getPermissions(CodeSource codesource) {
// code should not rely on this method, or at least use it correctly:
// https://bugs.openjdk.java.net/browse/JDK-8014008
// return them a new empty permissions object so jvisualvm etc work
for (StackTraceElement element : Thread.currentThread().getStackTrace()) {
if ("sun.rmi.server.LoaderHandler".equals(element.getClassName()) &&
"loadClass".equals(element.getMethodName())) {
return new Permissions();
}
}
// return UNSUPPORTED_EMPTY_COLLECTION since it is safe.
return super.getPermissions(codesource);
}
项目:openjdk-jdk10
文件:DefaultLoggerBridgeTest.java
public PermissionsBuilder addAll(PermissionCollection col) {
if (col != null) {
for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
perms.add(e.nextElement());
}
}
return this;
}
项目:jdk8u-jdk
文件:RegistryImpl.java
/**
* Generates an AccessControlContext with minimal permissions.
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
private static AccessControlContext getAccessControlContext(int port) {
// begin with permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new java.security.PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource = new CodeSource(null,
(java.security.cert.Certificate[]) null);
Policy p = java.security.Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
/*
* Anyone can connect to the registry and the registry can connect
* to and possibly download stubs from anywhere. Downloaded stubs and
* related classes themselves are more tightly limited by RMI.
*/
perms.add(new SocketPermission("*", "connect,accept"));
perms.add(new SocketPermission("localhost:"+port, "listen,accept"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
perms.add(new FilePermission("<<ALL FILES>>", "read"));
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(
new CodeSource(null,
(java.security.cert.Certificate[]) null), perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
项目:elasticsearch_my
文件:ClassPermissionTests.java
public void testPermissionCollectionWildcards() {
ClassPermission lang = new ClassPermission("java.lang.*");
PermissionCollection collection = lang.newPermissionCollection();
collection.add(lang);
assertTrue(collection.implies(new ClassPermission("java.lang.Math")));
assertFalse(collection.implies(new ClassPermission("pkg.MyClass")));
}
项目:elasticsearch_my
文件:ESPolicyTests.java
/**
* test restricting privileges to no permissions actually works
*/
public void testRestrictPrivileges() {
assumeTrue("test requires security manager", System.getSecurityManager() != null);
try {
System.getProperty("user.home");
} catch (SecurityException e) {
fail("this test needs to be fixed: user.home not available by policy");
}
PermissionCollection noPermissions = new Permissions();
AccessControlContext noPermissionsAcc = new AccessControlContext(
new ProtectionDomain[] {
new ProtectionDomain(null, noPermissions)
}
);
try {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
System.getProperty("user.home");
fail("access should have been denied");
return null;
}
}, noPermissionsAcc);
} catch (SecurityException expected) {
// expected exception
}
}
项目:jdk8u-jdk
文件:LoaderHandler.java
/**
* Return the permissions to be granted to code loaded from the
* given code source.
*/
protected PermissionCollection getPermissions(CodeSource codesource) {
PermissionCollection perms = super.getPermissions(codesource);
/*
* Grant the same permissions that URLClassLoader would grant.
*/
return perms;
}
项目:openjdk-jdk10
文件:ClassDeclaredFieldsTest.java
public PermissionsBuilder addAll(PermissionCollection col) {
if (col != null) {
for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
perms.add(e.nextElement());
}
}
return this;
}
项目:openjdk-jdk10
文件:SimpleUpdateConfigurationTest.java
public PermissionsBuilder addAll(PermissionCollection col) {
if (col != null) {
for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
perms.add(e.nextElement());
}
}
return this;
}
项目:openjdk-jdk10
文件:JarURL.java
public static void main(String[] args) throws Exception {
String userDir = System.getProperty("user.dir");
String jarURL = "jar:file:" + userDir + File.separator + "foo.jar!/";
URL codeSourceURL = new URL(jarURL);
CodeSource cs = new CodeSource(codeSourceURL, new Certificate[0]);
PermissionCollection perms = Policy.getPolicy().getPermissions(cs);
if (!perms.implies(new AllPermission()))
throw new Exception("FAILED: " + codeSourceURL
+ " not granted AllPermission");
}
项目:openjdk-jdk10
文件:SimpleUpdateConfigWithInputStreamTest.java
public PermissionCollection permissions() {
PermissionsBuilder builder = new PermissionsBuilder();
if (allowAll.get().get()) {
builder.addAll(all);
} else {
builder.addAll(basic);
if (allowControl.get().get()) {
builder.addAll(control);
}
}
return builder.toPermissions();
}
项目:OpenJSharp
文件:LoaderHandler.java
/**
* Return the permissions to be granted to code loaded from the
* given code source.
*/
protected PermissionCollection getPermissions(CodeSource codesource) {
PermissionCollection perms = super.getPermissions(codesource);
/*
* Grant the same permissions that URLClassLoader would grant.
*/
return perms;
}
项目:OpenJSharp
文件:RegistryImpl.java
/**
* Generates an AccessControlContext with minimal permissions.
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
private static AccessControlContext getAccessControlContext(int port) {
// begin with permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new java.security.PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource = new CodeSource(null,
(java.security.cert.Certificate[]) null);
Policy p = java.security.Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
/*
* Anyone can connect to the registry and the registry can connect
* to and possibly download stubs from anywhere. Downloaded stubs and
* related classes themselves are more tightly limited by RMI.
*/
perms.add(new SocketPermission("*", "connect,accept"));
perms.add(new SocketPermission("localhost:"+port, "listen,accept"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
perms.add(new FilePermission("<<ALL FILES>>", "read"));
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(
new CodeSource(null,
(java.security.cert.Certificate[]) null), perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
项目:jdk8u-jdk
文件:FieldSetAccessibleTest.java
public PermissionsBuilder addAll(PermissionCollection col) {
if (col != null) {
for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
perms.add(e.nextElement());
}
}
return this;
}
项目:openjdk-jdk10
文件:Activation.java
private static void checkPermission(PermissionCollection perms,
Permission p)
throws AccessControlException
{
if (!perms.implies(p)) {
throw new AccessControlException(
"access denied " + p.toString());
}
}
项目:openjdk-jdk10
文件:CustomLoggerTest.java
@Override
public PermissionCollection getPermissions(ProtectionDomain domain) {
return new PermissionsBuilder().addAll(permissions()).toPermissions();
}
项目:openjdk-jdk10
文件:XPathExFuncTest.java
@Override
public PermissionCollection getPermissions(ProtectionDomain pd) {
return perms;
}
项目:lazycat
文件:JasperLoader.java
public JasperLoader(URL[] urls, ClassLoader parent, PermissionCollection permissionCollection) {
super(urls, parent);
this.permissionCollection = permissionCollection;
this.parent = parent;
this.securityManager = System.getSecurityManager();
}
项目:openjdk-jdk10
文件:BaseLoggerFinderTest.java
@Override
public PermissionCollection getPermissions(ProtectionDomain domain) {
return new PermissionsBuilder().addAll(getPermissions()).toPermissions();
}
项目:jdk8u-jdk
文件:XPathExFuncTest.java
@Override
public PermissionCollection getPermissions(ProtectionDomain pd) {
return perms;
}
项目:openjdk-jdk10
文件:BasicPermissionCollection.java
public static void main(String[] args) throws Exception {
int testFail = 0;
TestPermission perm = new TestPermission("foo");
PermissionCollection perms = perm.newPermissionCollection();
// test 1
System.out.println("test 1: add throws IllegalArgumentExc");
try {
perms.add(new SecurityPermission("createAccessControlContext"));
System.err.println("Expected IllegalArgumentException");
testFail++;
} catch (IllegalArgumentException iae) {}
// test 2
System.out.println("test 2: implies returns false for wrong class");
if (perms.implies(new SecurityPermission("getPolicy"))) {
System.err.println("Expected false, returned true");
testFail++;
}
// test 3
System.out.println("test 3: implies returns true for match on name");
perms.add(new TestPermission("foo"));
if (!perms.implies(new TestPermission("foo"))) {
System.err.println("Expected true, returned false");
testFail++;
}
// test 4
System.out.println("test 4: implies returns true for wildcard match");
perms.add(new TestPermission("bar.*"));
if (!perms.implies(new TestPermission("bar.foo"))) {
System.err.println("Expected true, returned false");
testFail++;
}
// test 5
System.out.println
("test 5: implies returns false for invalid wildcard");
perms.add(new TestPermission("baz*"));
if (perms.implies(new TestPermission("baz.foo"))) {
System.err.println("Expected false, returned true");
testFail++;
}
// test 6
System.out.println
("test 6: implies returns true for deep wildcard match");
if (!perms.implies(new TestPermission("bar.foo.baz"))) {
System.err.println("Expected true, returned false");
testFail++;
}
// test 7
System.out.println
("test 7: implies returns true for all wildcard match");
perms.add(new TestPermission("*"));
if (!perms.implies(new TestPermission("yes"))) {
System.err.println("Expected true, returned false");
testFail++;
}
// test 8
System.out.println("test 8: elements returns correct number of perms");
int numPerms = 0;
Enumeration<Permission> e = perms.elements();
while (e.hasMoreElements()) {
numPerms++;
System.out.println(e.nextElement());
}
if (numPerms != 4) {
System.err.println("Expected 4, got " + numPerms);
testFail++;
}
if (testFail > 0) {
throw new Exception(testFail + " test(s) failed");
}
}
项目:jdk8u-jdk
文件:FieldSetAccessibleTest.java
@Override
public PermissionCollection getPermissions(CodeSource codesource) {
return new PermissionsBuilder().addAll(allowAll.get().get()
? allPermissions : permissions).toPermissions();
}
项目:incubator-netbeans
文件:ExecutionEngine.java
/** Creates new PermissionCollection for given CodeSource and given PermissionCollection.
* @param cs a CodeSource
* @param io an InputOutput
* @return PermissionCollection for given CodeSource and InputOutput
*/
protected final PermissionCollection createPermissions(CodeSource cs, InputOutput io) {
PermissionCollection pc = Policy.getPolicy().getPermissions(cs);
ThreadGroup grp = Thread.currentThread().getThreadGroup();
return new IOPermissionCollection(io, pc, (grp instanceof TaskThreadGroup ? (TaskThreadGroup) grp: null));
}
项目:incubator-netbeans
文件:ClassLoaderSupport.java
@Override
@NonNull
protected PermissionCollection getPermissions(final CodeSource codesource) {
return allPermission;
}