Java 类java.security.Policy 实例源码
项目:openjdk-jdk10
文件:JAXBContextWithLegacyFactory.java
public static void main(String[] args) throws JAXBException {
System.out.println("\nWithout security manager\n");
test(FactoryBase.class, FactoryBase.class);
test(Factory1.class, FactoryBase.class);
test(Factory2.class, Factory2.class);
System.out.println("\nWith security manager\n");
Policy.setPolicy(new Policy() {
@Override
public boolean implies(ProtectionDomain domain, Permission permission) {
return true; // allow all
}
});
System.setSecurityManager(new SecurityManager());
test(FactoryBase.class, FactoryBase.class);
test(Factory1.class, FactoryBase.class);
test(Factory2.class, Factory2.class);
}
项目:openjdk-jdk10
文件:JAXBContextWithSubclassedFactory.java
public static void main(String[] args) throws JAXBException {
System.out.println("\nWithout security manager\n");
test(FactoryBase.class);
test(Factory1.class);
test(Factory2.class);
System.out.println("\nWith security manager\n");
Policy.setPolicy(new Policy() {
@Override
public boolean implies(ProtectionDomain domain, Permission permission) {
return true; // allow all
}
});
System.setSecurityManager(new SecurityManager());
test(FactoryBase.class);
test(Factory1.class);
test(Factory2.class);
}
项目:openjdk-jdk10
文件:LogManagerAppContextDeadlock.java
static void setUp(TestCase test) {
switch (test) {
case SECURE:
if (policy == null && System.getSecurityManager() != null) {
throw new IllegalStateException("SecurityManager already set");
} else if (policy == null) {
policy = new SimplePolicy(TestCase.SECURE, allowAll);
Policy.setPolicy(policy);
System.setSecurityManager(new SecurityManager());
}
if (System.getSecurityManager() == null) {
throw new IllegalStateException("No SecurityManager.");
}
if (policy == null) {
throw new IllegalStateException("policy not configured");
}
break;
case UNSECURE:
if (System.getSecurityManager() != null) {
throw new IllegalStateException("SecurityManager already set");
}
break;
default:
new InternalError("No such testcase: " + test);
}
}
项目:tomcat7
文件:WebappClassLoaderBase.java
@Override
public boolean check(Permission permission) {
if (!Globals.IS_SECURITY_ENABLED) {
return true;
}
Policy currentPolicy = Policy.getPolicy();
if (currentPolicy != null) {
ResourceEntry entry = findResourceInternal("/", "/", false);
if (entry != null) {
CodeSource cs = new CodeSource(
entry.codeBase, (java.security.cert.Certificate[]) null);
PermissionCollection pc = currentPolicy.getPermissions(cs);
if (pc.implies(permission)) {
return true;
}
}
}
return false;
}
项目:guava-mock
文件:FinalizableReferenceQueueClassLoaderUnloadingTest.java
public void testUnloadableWithSecurityManager() throws Exception {
// Test that the use of a FinalizableReferenceQueue does not subsequently prevent the
// loader of that class from being garbage-collected even if there is a SecurityManager.
// The SecurityManager environment makes such leaks more likely because when you create
// a URLClassLoader with a SecurityManager, the creating code's AccessControlContext is
// captured, and that references the creating code's ClassLoader.
Policy oldPolicy = Policy.getPolicy();
SecurityManager oldSecurityManager = System.getSecurityManager();
try {
Policy.setPolicy(new PermissivePolicy());
System.setSecurityManager(new SecurityManager());
doTestUnloadable();
} finally {
System.setSecurityManager(oldSecurityManager);
Policy.setPolicy(oldPolicy);
}
}
项目:guava-mock
文件:JSR166TestCase.java
/**
* Returns a policy containing all the permissions we ever need.
*/
public static Policy permissivePolicy() {
return new AdjustablePolicy
// Permissions j.u.c. needs directly
(new RuntimePermission("modifyThread"),
new RuntimePermission("getClassLoader"),
new RuntimePermission("setContextClassLoader"),
// Permissions needed to change permissions!
new SecurityPermission("getPolicy"),
new SecurityPermission("setPolicy"),
new RuntimePermission("setSecurityManager"),
// Permissions needed by the junit test harness
new RuntimePermission("accessDeclaredMembers"),
new PropertyPermission("*", "read"),
new java.io.FilePermission("<<ALL FILES>>", "read"));
}
项目:openjdk-jdk10
文件:SystemLoggerConfigTest.java
public static void launch(TestCase test) {
switch(test) {
case WITHSECURITY:
Policy.setPolicy(new Policy() {
@Override
public boolean implies(ProtectionDomain domain, Permission permission) {
return true;
}
});
System.setSecurityManager(new SecurityManager());
break;
case NOSECURITY:
break;
default:
throw new InternalError("Unexpected enum: " + test);
}
try {
test(test.name(), ".1", ".child");
test(test.name(), ".2", "");
testUpdateConfiguration(test.name(), ".3");
testSetPlatformLevel(test.name(), ".4");
} catch (IOException io) {
throw new UncheckedIOException(io);
}
}
项目:OpenJSharp
文件:PolicySpiFile.java
public PolicySpiFile(Policy.Parameters params) {
if (params == null) {
pf = new PolicyFile();
} else {
if (!(params instanceof URIParameter)) {
throw new IllegalArgumentException
("Unrecognized policy parameter: " + params);
}
URIParameter uriParam = (URIParameter)params;
try {
pf = new PolicyFile(uriParam.getURI().toURL());
} catch (MalformedURLException mue) {
throw new IllegalArgumentException("Invalid URIParameter", mue);
}
}
}
项目:OpenJSharp
文件:Activation.java
/**
* Prints warning message if installed Policy is the default Policy
* implementation and globally granted permissions do not include
* AllPermission or any ExecPermissions/ExecOptionPermissions.
*/
static void checkConfiguration() {
Policy policy =
AccessController.doPrivileged(new PrivilegedAction<Policy>() {
public Policy run() {
return Policy.getPolicy();
}
});
if (!(policy instanceof PolicyFile)) {
return;
}
PermissionCollection perms = getExecPermissions();
for (Enumeration<Permission> e = perms.elements();
e.hasMoreElements();)
{
Permission p = e.nextElement();
if (p instanceof AllPermission ||
p instanceof ExecPermission ||
p instanceof ExecOptionPermission)
{
return;
}
}
System.err.println(getTextResource("rmid.exec.perms.inadequate"));
}
项目:OpenJSharp
文件:Activation.java
private static PermissionCollection getExecPermissions() {
/*
* The approach used here is taken from the similar method
* getLoaderAccessControlContext() in the class
* sun.rmi.server.LoaderHandler.
*/
// obtain permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource =
new CodeSource(null, (Certificate[]) null);
Policy p = Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
return perms;
}
项目:jerrydog
文件:StandardClassLoader.java
/**
* Get the Permissions for a CodeSource. If this instance
* of StandardClassLoader is for a web application context,
* add read FilePermissions for the base directory (if unpacked),
* the context URL, and jar file resources.
*
* @param CodeSource where the code was loaded from
* @return PermissionCollection for CodeSource
*/
protected final PermissionCollection getPermissions(CodeSource codeSource) {
if (!policy_refresh) {
// Refresh the security policies
Policy policy = Policy.getPolicy();
policy.refresh();
policy_refresh = true;
}
String codeUrl = codeSource.getLocation().toString();
PermissionCollection pc;
if ((pc = (PermissionCollection)loaderPC.get(codeUrl)) == null) {
pc = super.getPermissions(codeSource);
if (pc != null) {
Iterator perms = permissionList.iterator();
while (perms.hasNext()) {
Permission p = (Permission)perms.next();
pc.add(p);
}
loaderPC.put(codeUrl,pc);
}
}
return (pc);
}
项目:googles-monorepo-demo
文件:JSR166TestCase.java
/**
* Returns a policy containing all the permissions we ever need.
*/
public static Policy permissivePolicy() {
return new AdjustablePolicy
// Permissions j.u.c. needs directly
(new RuntimePermission("modifyThread"),
new RuntimePermission("getClassLoader"),
new RuntimePermission("setContextClassLoader"),
// Permissions needed to change permissions!
new SecurityPermission("getPolicy"),
new SecurityPermission("setPolicy"),
new RuntimePermission("setSecurityManager"),
// Permissions needed by the junit test harness
new RuntimePermission("accessDeclaredMembers"),
new PropertyPermission("*", "read"),
new java.io.FilePermission("<<ALL FILES>>", "read"));
}
项目:apache-tomcat-7.0.73-with-comment
文件:WebappClassLoaderBase.java
@Override
public boolean check(Permission permission) {
if (!Globals.IS_SECURITY_ENABLED) {
return true;
}
Policy currentPolicy = Policy.getPolicy();
if (currentPolicy != null) {
ResourceEntry entry = findResourceInternal("/", "/", false);
if (entry != null) {
CodeSource cs = new CodeSource(
entry.codeBase, (java.security.cert.Certificate[]) null);
PermissionCollection pc = currentPolicy.getPermissions(cs);
if (pc.implies(permission)) {
return true;
}
}
}
return false;
}
项目:jdk8u-jdk
文件:Activation.java
private static PermissionCollection getExecPermissions() {
/*
* The approach used here is taken from the similar method
* getLoaderAccessControlContext() in the class
* sun.rmi.server.LoaderHandler.
*/
// obtain permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource =
new CodeSource(null, (Certificate[]) null);
Policy p = Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
return perms;
}
项目:jdk8u-jdk
文件:ClassDeclaredFieldsTest.java
static void setUp(TestCase test) {
switch (test) {
case SECURE:
if (policy == null && System.getSecurityManager() != null) {
throw new IllegalStateException("SecurityManager already set");
} else if (policy == null) {
policy = new SimplePolicy(TestCase.SECURE, allowAll);
Policy.setPolicy(policy);
System.setSecurityManager(new SecurityManager());
}
if (System.getSecurityManager() == null) {
throw new IllegalStateException("No SecurityManager.");
}
if (policy == null) {
throw new IllegalStateException("policy not configured");
}
break;
case UNSECURE:
if (System.getSecurityManager() != null) {
throw new IllegalStateException("SecurityManager already set");
}
break;
default:
throw new InternalError("No such testcase: " + test);
}
}
项目:jdk8u-jdk
文件:TestLoggerBundleSync.java
/**
* This test will run both with and without a security manager.
*
* The test starts a number of threads that will attempt to concurrently
* set resource bundles on Logger, and verifies the consistency of the
* obtained results.
*
* This is a best effort test.
*
* @param args the command line arguments
*/
public static void main(String[] args) throws Exception {
try {
// test without security
System.out.println("No security");
test();
// test with security
System.out.println("\nWith security");
Policy.setPolicy(new Policy() {
@Override
public boolean implies(ProtectionDomain domain, Permission permission) {
if (super.implies(domain, permission)) return true;
// System.out.println("Granting " + permission);
return true; // all permissions
}
});
System.setSecurityManager(new SecurityManager());
test();
} finally {
SetRB.executor.shutdownNow();
SetRBName.executor.shutdownNow();
}
}
项目:jdk8u-jdk
文件:XSLTExFuncTest.java
/**
* Security is enabled, extension function not allowed
*/
public void testExtFuncNotAllowed() {
Policy p = new SimplePolicy(new AllPermission());
Policy.setPolicy(p);
System.setSecurityManager(new SecurityManager());
TransformerFactory factory = TransformerFactory.newInstance();
try {
transform(factory);
} catch (TransformerConfigurationException e) {
fail(e.getMessage());
} catch (TransformerException ex) {
//expected since extension function is disallowed
System.out.println("testExtFuncNotAllowed: OK");
} finally {
System.setSecurityManager(null);
}
}
项目:jdk8u-jdk
文件:XPathExFuncTest.java
/**
* Security is enabled, extension function not allowed
*/
public void testExtFuncNotAllowed() {
Policy p = new SimplePolicy(new AllPermission());
Policy.setPolicy(p);
System.setSecurityManager(new SecurityManager());
try {
evaluate(false);
} catch (XPathFactoryConfigurationException e) {
fail(e.getMessage());
} catch (XPathExpressionException ex) {
//expected since extension function is disallowed
System.out.println("testExtFuncNotAllowed: OK");
} finally {
System.setSecurityManager(null);
}
}
项目:openjdk-jdk10
文件:TestSetResourceBundle.java
/**
* Test the LoggingPermission("control") is required.
* @param loggerName The logger to use.
*/
public static void testPermission(String loggerName) {
if (System.getSecurityManager() != null) {
throw new Error("Security manager is already set");
}
Policy.setPolicy(new SimplePolicy(TestCase.PERMISSION));
System.setSecurityManager(new SecurityManager());
final ResourceBundle bundle = ResourceBundle.getBundle(LIST_BUNDLE_NAME);
Logger foobar = Logger.getLogger(loggerName);
try {
foobar.setResourceBundle(bundle);
throw new RuntimeException("Permission not checked!");
} catch (AccessControlException x) {
if (x.getPermission() instanceof LoggingPermission) {
if ("control".equals(x.getPermission().getName())) {
System.out.println("Got expected exception: " + x);
return;
}
}
throw new RuntimeException("Unexpected exception: "+x, x);
}
}
项目:openjdk-jdk10
文件:XSLTExFuncTest.java
/**
* Security is enabled, extension function not allowed
*/
public void testExtFuncNotAllowed() {
Policy p = new SimplePolicy(new AllPermission());
Policy.setPolicy(p);
System.setSecurityManager(new SecurityManager());
TransformerFactory factory = TransformerFactory.newInstance();
try {
transform(factory);
} catch (TransformerConfigurationException e) {
fail(e.getMessage());
} catch (TransformerException ex) {
//expected since extension function is disallowed
System.out.println("testExtFuncNotAllowed: OK");
} finally {
System.setSecurityManager(null);
}
}
项目:openjdk-jdk10
文件:PolicySpiFile.java
public PolicySpiFile(Policy.Parameters params) {
if (params == null) {
pf = new PolicyFile();
} else {
if (!(params instanceof URIParameter)) {
throw new IllegalArgumentException
("Unrecognized policy parameter: " + params);
}
URIParameter uriParam = (URIParameter)params;
try {
pf = new PolicyFile(uriParam.getURI().toURL());
} catch (MalformedURLException mue) {
throw new IllegalArgumentException("Invalid URIParameter", mue);
}
}
}
项目:openjdk-jdk10
文件:Activation.java
private static PermissionCollection getExecPermissions() {
/*
* The approach used here is taken from the similar method
* getLoaderAccessControlContext() in the class
* sun.rmi.server.LoaderHandler.
*/
// obtain permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource =
new CodeSource(null, (Certificate[]) null);
Policy p = Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
return perms;
}
项目:openjdk-jdk10
文件:LookupTest.java
public static void main(String args[]) throws Exception {
String hostsFileName = CWD + "/LookupTestHosts";
System.setProperty("jdk.net.hosts.file", hostsFileName);
addMappingToHostsFile("allowedAndFound.com",
"127.0.0.1",
hostsFileName,
false);
addMappingToHostsFile("notAllowedButFound.com",
"99.99.99.99",
hostsFileName,
true);
// name "notAllowedAndNotFound.com" is not in map
// name "allowedButNotfound.com" is not in map
Server server = new Server();
try {
Policy.setPolicy(new LookupTestPolicy());
System.setSecurityManager(new SecurityManager());
server.start();
test("http://allowedAndFound.com:" + port + "/foo", false, false);
test("http://notAllowedButFound.com:" + port + "/foo", true, false);
test("http://allowedButNotfound.com:" + port + "/foo", false, true);
test("http://notAllowedAndNotFound.com:" + port + "/foo", true, false);
} finally {
server.terminate();
}
}
项目:openjdk-jdk10
文件:XPathExFuncTest.java
/**
* Security is enabled, extension function not allowed
*/
public void testExtFuncNotAllowed() {
Policy p = new SimplePolicy(new AllPermission());
Policy.setPolicy(p);
System.setSecurityManager(new SecurityManager());
try {
evaluate(false);
} catch (XPathFactoryConfigurationException e) {
fail(e.getMessage());
} catch (XPathExpressionException ex) {
//expected since extension function is disallowed
System.out.println("testExtFuncNotAllowed: OK");
} finally {
System.setSecurityManager(null);
}
}
项目:openjdk-jdk10
文件:DefaultPolicy.java
public static void main(String[] args) throws Exception {
// Check policy with no java.security.policy property set
Policy p = Policy.getPolicy();
checkPolicy(p);
// Check policy with java.security.policy '=' option
System.setProperty("java.security.policy", "Extra.policy");
p.refresh();
checkPolicy(p);
// Check policy with java.security.policy override '==' option
System.setProperty("java.security.policy", "=Extra.policy");
p.refresh();
checkPolicy(p);
// Check Policy.getInstance
URI policyURI = Paths.get(System.getProperty("test.src"),
"Extra.policy").toUri();
p = Policy.getInstance("JavaPolicy", new URIParameter(policyURI));
checkPolicy(p);
}
项目:openjdk-jdk10
文件:GetCallerClassTest.java
public static void main(String... args) throws Exception {
if (args.length > 0 && args[0].equals("sm")) {
PermissionCollection perms = new Permissions();
perms.add(new RuntimePermission("getStackWalkerWithClassReference"));
Policy.setPolicy(new Policy() {
@Override
public boolean implies(ProtectionDomain domain, Permission p) {
return perms.implies(p);
}
});
System.setSecurityManager(new SecurityManager());
}
new GetCallerClassTest(StackWalker.getInstance(), true).test();
new GetCallerClassTest(StackWalker.getInstance(RETAIN_CLASS_REFERENCE), false).test();
new GetCallerClassTest(StackWalker.getInstance(EnumSet.of(RETAIN_CLASS_REFERENCE,
SHOW_HIDDEN_FRAMES)), false).test();
}
项目:openjdk-jdk10
文件:TestConfigurationLock.java
/**
* This test will run both with and without a security manager.
*
* The test starts a number of threads that will call
* LogManager.reset() concurrently (ResetConf), and a number of threads
* that will call readConfiguration() (ReadConf), and then starts a
* number of threads that will create new loggers concurrently
* (AddLogger), and finally two additional threads:
* - one (Stopper) that will stop the test after 4secs (TIME ms),
* - and one DeadlockDetector that will attempt to detect deadlocks.
* If after 4secs no deadlock was detected and no exception was thrown
* then the test is considered a success and passes.
*
* This procedure is done twice: once without a security manager and once
* again with a security manager - which means the test takes ~8secs to
* run.
*
* Note that 8sec may not be enough to detect issues if there are some.
* This is a best effort test.
*
* @param args the command line arguments
* @throws java.lang.Exception if the test fails
*/
public static void main(String[] args) throws Exception {
File conf = new File(System.getProperty("test.src", "./src"),
TestConfigurationLock.class.getSimpleName() + ".properties");
if (!conf.canRead()) {
throw new IOException("Can't read config file: " + conf.getAbsolutePath());
}
System.setProperty("java.util.logging.config.file", conf.getAbsolutePath());
// test without security
System.out.println("No security");
test();
// test with security
System.out.println("\nWith security");
Policy.setPolicy(new Policy() {
@Override
public boolean implies(ProtectionDomain domain, Permission permission) {
if (super.implies(domain, permission)) return true;
// System.out.println("Granting " + permission);
return true; // all permissions
}
});
System.setSecurityManager(new SecurityManager());
test();
}
项目:openjdk-jdk10
文件:JSR166TestCase.java
/**
* Returns a policy containing all the permissions we ever need.
*/
public static Policy permissivePolicy() {
return new AdjustablePolicy
// Permissions j.u.c. needs directly
(new RuntimePermission("modifyThread"),
new RuntimePermission("getClassLoader"),
new RuntimePermission("setContextClassLoader"),
// Permissions needed to change permissions!
new SecurityPermission("getPolicy"),
new SecurityPermission("setPolicy"),
new RuntimePermission("setSecurityManager"),
// Permissions needed by the junit test harness
new RuntimePermission("accessDeclaredMembers"),
new PropertyPermission("*", "read"),
new java.io.FilePermission("<<ALL FILES>>", "read"));
}
项目:openjdk-jdk10
文件:UpdateConfigurationTest.java
static void setUp(TestCase test) {
switch (test) {
case SECURE:
if (policy == null && System.getSecurityManager() != null) {
throw new IllegalStateException("SecurityManager already set");
} else if (policy == null) {
policy = new SimplePolicy(TestCase.SECURE, allowAll);
Policy.setPolicy(policy);
System.setSecurityManager(new SecurityManager());
}
if (System.getSecurityManager() == null) {
throw new IllegalStateException("No SecurityManager.");
}
if (policy == null) {
throw new IllegalStateException("policy not configured");
}
break;
case UNSECURE:
if (System.getSecurityManager() != null) {
throw new IllegalStateException("SecurityManager already set");
}
break;
default:
new InternalError("No such testcase: " + test);
}
}
项目:openjdk-jdk10
文件:FieldSetAccessibleTest.java
static void setUp(TestCase test) {
switch (test) {
case SECURE:
if (policy == null && System.getSecurityManager() != null) {
throw new IllegalStateException("SecurityManager already set");
} else if (policy == null) {
policy = new SimplePolicy(TestCase.SECURE, allowAll);
Policy.setPolicy(policy);
System.setSecurityManager(new SecurityManager());
}
if (System.getSecurityManager() == null) {
throw new IllegalStateException("No SecurityManager.");
}
if (policy == null) {
throw new IllegalStateException("policy not configured");
}
break;
case UNSECURE:
if (System.getSecurityManager() != null) {
throw new IllegalStateException("SecurityManager already set");
}
break;
default:
throw new InternalError("No such testcase: " + test);
}
}
项目:incubator-netbeans
文件:Main.java
/**
* Attempt to give the rest of NetBeans all the
* permissions. The jars besides the one containing this class
* don't have to be signed with this.
*/
final static void fixPolicy() {
if (Boolean.getBoolean("netbeans.jnlp.fixPolicy")) { // NOI18N
// Grant all the code all persmission
Policy.setPolicy(new RuntimePolicy());
// Replace the security manager by a fresh copy
// that does the delegation to the permissions system
// -- just to make sure that there is nothing left
// from the JWS
System.setSecurityManager(new SecurityManager());
}
}
项目:elasticsearch_my
文件:Security.java
/**
* Initializes SecurityManager for the environment
* Can only happen once!
* @param environment configuration for generating dynamic permissions
* @param filterBadDefaults true if we should filter out bad java defaults in the system policy.
*/
static void configure(Environment environment, boolean filterBadDefaults) throws IOException, NoSuchAlgorithmException {
// enable security policy: union of template and environment-based paths, and possibly plugin permissions
Policy.setPolicy(new ESPolicy(createPermissions(environment), getPluginPermissions(environment), filterBadDefaults));
// enable security manager
System.setSecurityManager(new SecureSM(new String[] { "org.elasticsearch.bootstrap.", "org.elasticsearch.cli" }));
// do some basic tests
selfTest();
}
项目:elasticsearch_my
文件:ESPolicy.java
@Override @SuppressForbidden(reason = "fast equals check is desired")
public boolean implies(ProtectionDomain domain, Permission permission) {
CodeSource codeSource = domain.getCodeSource();
// codesource can be null when reducing privileges via doPrivileged()
if (codeSource == null) {
return false;
}
URL location = codeSource.getLocation();
// location can be null... ??? nobody knows
// https://bugs.openjdk.java.net/browse/JDK-8129972
if (location != null) {
// run scripts with limited permissions
if (BootstrapInfo.UNTRUSTED_CODEBASE.equals(location.getFile())) {
return untrusted.implies(domain, permission);
}
// check for an additional plugin permission: plugin policy is
// only consulted for its codesources.
Policy plugin = plugins.get(location.getFile());
if (plugin != null && plugin.implies(domain, permission)) {
return true;
}
}
// Special handling for broken Hadoop code: "let me execute or my classes will not load"
// yeah right, REMOVE THIS when hadoop is fixed
if (permission instanceof FilePermission && "<<ALL FILES>>".equals(permission.getName())) {
for (StackTraceElement element : Thread.currentThread().getStackTrace()) {
if ("org.apache.hadoop.util.Shell".equals(element.getClassName()) &&
"runCommand".equals(element.getMethodName())) {
// we found the horrible method: the hack begins!
// force the hadoop code to back down, by throwing an exception that it catches.
rethrow(new IOException("no hadoop, you cannot do this."));
}
}
}
// otherwise defer to template + dynamic file permissions
return template.implies(domain, permission) || dynamic.implies(permission) || system.implies(domain, permission);
}
项目:tomcat7
文件:WebappClassLoaderBase.java
/**
* Refresh the system policy file, to pick up eventual changes.
*/
protected void refreshPolicy() {
try {
// The policy file may have been modified to adjust
// permissions, so we're reloading it when loading or
// reloading a Context
Policy policy = Policy.getPolicy();
policy.refresh();
} catch (AccessControlException e) {
// Some policy files may restrict this, even for the core,
// so this exception is ignored
}
}
项目:guava-mock
文件:FinalizableReferenceQueueClassLoaderUnloadingTest.java
public void testUnloadableInStaticFieldIfClosed() throws Exception {
Policy oldPolicy = Policy.getPolicy();
SecurityManager oldSecurityManager = System.getSecurityManager();
try {
Policy.setPolicy(new PermissivePolicy());
System.setSecurityManager(new SecurityManager());
WeakReference<ClassLoader> loaderRef = doTestUnloadableInStaticFieldIfClosed();
GcFinalization.awaitClear(loaderRef);
} finally {
System.setSecurityManager(oldSecurityManager);
Policy.setPolicy(oldPolicy);
}
}
项目:lams
文件:WebappClassLoader.java
/**
* Refresh the system policy file, to pick up eventual changes.
*/
protected void refreshPolicy() {
try {
// The policy file may have been modified to adjust
// permissions, so we're reloading it when loading or
// reloading a Context
Policy policy = Policy.getPolicy();
policy.refresh();
} catch (AccessControlException e) {
// Some policy files may restrict this, even for the core,
// so this exception is ignored
}
}
项目:openjdk-jdk10
文件:TestSetResourceBundle.java
/**
* Test with security manager.
* @param loggerName The logger to use.
* @throws Exception if the test fails.
*/
public static void testSecure(String loggerName) throws Exception {
if (System.getSecurityManager() != null) {
throw new Error("Security manager is already set");
}
Policy.setPolicy(new SimplePolicy(TestCase.SECURE));
System.setSecurityManager(new SecurityManager());
test(loggerName);
}
项目:openjdk-jdk10
文件:TestAppletLoggerContext.java
public static void init() {
SharedSecrets.setJavaAWTAccess(javaAwtAccess);
if (System.getProperty("test.security", "on").equals("on")) {
Policy p = new SimplePolicy(new LoggingPermission("control", null),
new RuntimePermission("setContextClassLoader"),
new RuntimePermission("shutdownHooks"));
Policy.setPolicy(p);
System.setSecurityManager(new SecurityManager());
}
}
项目:Elasticsearch
文件:ESPolicy.java
@Override @SuppressForbidden(reason = "fast equals check is desired")
public boolean implies(ProtectionDomain domain, Permission permission) {
CodeSource codeSource = domain.getCodeSource();
// codesource can be null when reducing privileges via doPrivileged()
if (codeSource == null) {
return false;
}
URL location = codeSource.getLocation();
// location can be null... ??? nobody knows
// https://bugs.openjdk.java.net/browse/JDK-8129972
if (location != null) {
// run scripts with limited permissions
if (BootstrapInfo.UNTRUSTED_CODEBASE.equals(location.getFile())) {
return untrusted.implies(domain, permission);
}
// check for an additional plugin permission: plugin policy is
// only consulted for its codesources.
Policy plugin = plugins.get(location.getFile());
if (plugin != null && plugin.implies(domain, permission)) {
return true;
}
}
// otherwise defer to template + dynamic file permissions
return template.implies(domain, permission) || dynamic.implies(permission) || system.implies(domain, permission);
}