Java 类java.security.Permissions 实例源码
项目:openjdk-jdk10
文件:DefaultLoggerBridgeTest.java
Permissions getPermissions() {
if (allowControl.get().get() || allowAccess.get().get() || allowAll.get().get()) {
PermissionsBuilder builder = new PermissionsBuilder()
.addAll(permissions);
if (allowControl.get().get()) {
builder.add(LOGGERFINDER_PERMISSION);
}
if (allowAccess.get().get()) {
builder.add(ACCESS_LOGGER);
builder.add(ACCESS_LOGGING);
}
if (allowAll.get().get()) {
builder.addAll(allPermissions);
}
return builder.toPermissions();
}
return permissions;
}
项目:elasticsearch_my
文件:Security.java
/** Adds access to classpath jars/classes for jar hell scan, etc */
@SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
static void addClasspathPermissions(Permissions policy) throws IOException {
// add permissions to everything in classpath
// really it should be covered by lib/, but there could be e.g. agents or similar configured)
for (URL url : JarHell.parseClassPath()) {
Path path;
try {
path = PathUtils.get(url.toURI());
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
// resource itself
policy.add(new FilePermission(path.toString(), "read,readlink"));
// classes underneath
if (Files.isDirectory(path)) {
policy.add(new FilePermission(path.toString() + path.getFileSystem().getSeparator() + "-", "read,readlink"));
}
}
}
项目:elasticsearch_my
文件:TikaImpl.java
static PermissionCollection getRestrictedPermissions() {
Permissions perms = new Permissions();
// property/env access needed for parsing
perms.add(new PropertyPermission("*", "read"));
perms.add(new RuntimePermission("getenv.TIKA_CONFIG"));
// add permissions for resource access:
// classpath
addReadPermissions(perms, JarHell.parseClassPath());
// plugin jars
if (TikaImpl.class.getClassLoader() instanceof URLClassLoader) {
addReadPermissions(perms, ((URLClassLoader)TikaImpl.class.getClassLoader()).getURLs());
}
// jvm's java.io.tmpdir (needs read/write)
perms.add(new FilePermission(System.getProperty("java.io.tmpdir") + System.getProperty("file.separator") + "-",
"read,readlink,write,delete"));
// current hacks needed for POI/PDFbox issues:
perms.add(new SecurityPermission("putProviderProperty.BC"));
perms.add(new SecurityPermission("insertProvider"));
perms.add(new ReflectPermission("suppressAccessChecks"));
// xmlbeans, use by POI, needs to get the context classloader
perms.add(new RuntimePermission("getClassLoader"));
perms.setReadOnly();
return perms;
}
项目:openjdk-jdk10
文件:LoaderHandler.java
private Loader(URL[] urls, ClassLoader parent) {
super(urls, parent);
this.parent = parent;
/*
* Precompute the permissions required to access the loader.
*/
permissions = new Permissions();
addPermissionsForURLs(urls, permissions, false);
/*
* Caching the value of class annotation string here assumes
* that the protected method addURL() is never called on this
* class loader.
*/
annotation = urlsToPath(urls);
}
项目:Equella
文件:MacOpener.java
private void attemptSetNullSecurityManager()
{
final Permissions permissions = new Permissions();
permissions.add(new RuntimePermission("setSecurityManager"));
final AccessControlContext context = new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain(null,
permissions)});
AccessController.doPrivileged(new PrivilegedAction<Object>()
{
@Override
public Object run()
{
LOGGER.info("About to call System.setSecurityManager(null)");
System.setSecurityManager(null);
LOGGER.info("Progressed beyond call to System.setSecurityManager(null)");
return null;
}
}, context);
}
项目:Elasticsearch
文件:Security.java
/** Adds access to classpath jars/classes for jar hell scan, etc */
@SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
static void addClasspathPermissions(Permissions policy) throws IOException {
// add permissions to everything in classpath
// really it should be covered by lib/, but there could be e.g. agents or similar configured)
for (URL url : JarHell.parseClassPath()) {
Path path;
try {
path = PathUtils.get(url.toURI());
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
// resource itself
policy.add(new FilePermission(path.toString(), "read,readlink"));
// classes underneath
if (Files.isDirectory(path)) {
policy.add(new FilePermission(path.toString() + path.getFileSystem().getSeparator() + "-", "read,readlink"));
}
}
}
项目:openjdk-jdk10
文件:LoggerBridgeTest.java
Permissions getPermissions() {
if (allowControl.get().get() || allowAccess.get().get() || allowAll.get().get()) {
PermissionsBuilder builder = new PermissionsBuilder()
.addAll(permissions);
if (allowControl.get().get()) {
builder.add(CONTROL);
}
if (allowAccess.get().get()) {
builder.add(ACCESS_LOGGER);
builder.add(ACCESS_LOGGING);
}
if (allowAll.get().get()) {
builder.addAll(allPermissions);
}
return builder.toPermissions();
}
return permissions;
}
项目:jdk8u-jdk
文件:FileHandlerPath.java
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
this.allowAll = allowAll;
permissions = new Permissions();
permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
permissions.add(new PropertyPermission("user.dir", "read"));
permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
项目:incubator-netbeans
文件:CustomClassLoader.java
@Override
protected PermissionCollection getPermissions(CodeSource codeSource) {
Permissions perms = new Permissions();
perms.add(new AllPermission());
perms.setReadOnly();
return perms;
}
项目:incubator-netbeans
文件:ModuleManager.java
public SystemClassLoader(List<File> files, ClassLoader[] parents, Set<Module> modules) throws IllegalArgumentException {
super(files, parents, false);
allPermissions = new Permissions();
allPermissions.add(new AllPermission());
allPermissions.setReadOnly();
size = modules.size();
}
项目:openjdk-jdk10
文件:DefaultPlatformLoggerTest.java
public SimplePolicy(ThreadLocal<AtomicBoolean> allowAll,
ThreadLocal<AtomicBoolean> allowControl) {
this.allowAll = allowAll;
this.allowControl = allowControl;
permissions = new Permissions();
withControlPermissions = new Permissions();
withControlPermissions.add(LOGGERFINDER_PERMISSION);
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
项目:incubator-netbeans
文件:DriverClassLoader.java
protected PermissionCollection getPermissions(CodeSource codesource) {
Permissions permissions = new Permissions();
permissions.add(new AllPermission());
permissions.setReadOnly();
return permissions;
}
项目:incubator-netbeans
文件:DriverClassLoader.java
protected PermissionCollection getPermissions(CodeSource codesource) {
Permissions permissions = new Permissions();
permissions.add(new AllPermission());
permissions.setReadOnly();
return permissions;
}
项目:openjdk-jdk10
文件:CustomSystemClassLoader.java
private Class<?> defineFinderClass(String name)
throws ClassNotFoundException {
final Object obj = getClassLoadingLock(name);
synchronized(obj) {
if (finderClasses.get(name) != null) return finderClasses.get(name);
if (testLoggerFinderClass == null) {
// Hack: we load testLoggerFinderClass to get its code source.
// we can't use this.getClass() since we are in the boot.
testLoggerFinderClass = super.loadClass("BaseDefaultLoggerFinderTest$TestLoggerFinder");
}
URL url = testLoggerFinderClass.getProtectionDomain().getCodeSource().getLocation();
File file = new File(url.getPath(), name+".class");
if (file.canRead()) {
try {
byte[] b = Files.readAllBytes(file.toPath());
Permissions perms = new Permissions();
perms.add(new AllPermission());
Class<?> finderClass = defineClass(
name, b, 0, b.length, new ProtectionDomain(
this.getClass().getProtectionDomain().getCodeSource(),
perms));
System.out.println("Loaded " + name);
finderClasses.put(name, finderClass);
return finderClass;
} catch (Throwable ex) {
ex.printStackTrace();
throw new ClassNotFoundException(name, ex);
}
} else {
throw new ClassNotFoundException(name,
new IOException(file.toPath() + ": can't read"));
}
}
}
项目:elasticsearch_my
文件:ESPolicyUnitTests.java
/**
* test with null location
* <p>
* its unclear when/if this happens, see https://bugs.openjdk.java.net/browse/JDK-8129972
*/
public void testNullLocation() throws Exception {
assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
PermissionCollection noPermissions = new Permissions();
ESPolicy policy = new ESPolicy(noPermissions, Collections.emptyMap(), true);
assertFalse(policy.implies(new ProtectionDomain(new CodeSource(null, (Certificate[]) null), noPermissions),
new FilePermission("foo", "read")));
}
项目:openjdk-jdk10
文件:LogManagerAppContextDeadlock.java
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
this.allowAll = allowAll;
// we don't actually need any permission to create our
// FileHandlers because we're passing invalid parameters
// which will make the creation fail...
permissions = new Permissions();
permissions.add(new RuntimePermission("accessClassInPackage.jdk.internal.misc"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
项目:openjdk-jdk10
文件:AccessControlContextFactory.java
/**
* Creates an access control context limited to only the specified permissions.
* @param permissions the permissions for the newly created access control context.
* @return a new access control context limited to only the specified permissions.
*/
public static AccessControlContext createAccessControlContext(final Permission... permissions) {
final Permissions perms = new Permissions();
for(final Permission permission: permissions) {
perms.add(permission);
}
return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
项目:elasticsearch_my
文件:PluginSecurityTests.java
/** Test that we can parse the set of permissions correctly for a complex policy */
public void testParseTwoPermissions() throws Exception {
assumeTrue("test cannot run with security manager enabled", System.getSecurityManager() == null);
Path scratch = createTempDir();
Path testFile = this.getDataPath("security/complex-plugin-security.policy");
Permissions expected = new Permissions();
expected.add(new RuntimePermission("getClassLoader"));
expected.add(new RuntimePermission("closeClassLoader"));
PermissionCollection actual = PluginSecurity.parsePermissions(Terminal.DEFAULT, testFile, scratch);
assertEquals(expected, actual);
}
项目:openjdk-jdk10
文件:CustomSystemClassLoader.java
private Class<?> defineFinderClass(String name)
throws ClassNotFoundException {
final Object obj = getClassLoadingLock(name);
synchronized(obj) {
if (finderClass != null) return finderClass;
URL url = this.getClass().getProtectionDomain().getCodeSource().getLocation();
File file = new File(url.getPath(), name+".class");
if (file.canRead()) {
try {
byte[] b = Files.readAllBytes(file.toPath());
Permissions perms = new Permissions();
perms.add(new AllPermission());
finderClass = defineClass(
name, b, 0, b.length, new ProtectionDomain(
this.getClass().getProtectionDomain().getCodeSource(),
perms));
System.out.println("Loaded " + name);
return finderClass;
} catch (Throwable ex) {
ex.printStackTrace();
throw new ClassNotFoundException(name, ex);
}
} else {
throw new ClassNotFoundException(name,
new IOException(file.toPath() + ": can't read"));
}
}
}
项目:elasticsearch_my
文件:Security.java
/**
* Add dynamic {@link SocketPermission} based on transport settings. This method will first check if there is a port range specified in
* the transport profile specified by {@code profileSettings} and will fall back to {@code settings}.
*
* @param policy the {@link Permissions} instance to apply the dynamic {@link SocketPermission}s to
* @param settings the {@link Settings} instance to read the transport settings from
*/
private static void addSocketPermissionForTransportProfiles(
final Permissions policy,
final Settings settings) {
// transport is way over-engineered
final Map<String, Settings> profiles = new HashMap<>(TransportSettings.TRANSPORT_PROFILES_SETTING.get(settings).getAsGroups());
profiles.putIfAbsent(TransportSettings.DEFAULT_PROFILE, Settings.EMPTY);
// loop through all profiles and add permissions for each one, if it's valid; otherwise Netty transports are lenient and ignores it
for (final Map.Entry<String, Settings> entry : profiles.entrySet()) {
final Settings profileSettings = entry.getValue();
final String name = entry.getKey();
// a profile is only valid if it's the default profile, or if it has an actual name and specifies a port
// TODO: can this leniency be removed?
final boolean valid =
TransportSettings.DEFAULT_PROFILE.equals(name) ||
(name != null && name.length() > 0 && profileSettings.get("port") != null);
if (valid) {
final String transportRange = profileSettings.get("port");
if (transportRange != null) {
addSocketPermissionForPortRange(policy, transportRange);
} else {
addSocketPermissionForTransport(policy, settings);
}
}
}
}
项目:elasticsearch_my
文件:Security.java
private static void addSocketPermissionForTribeNodes(final Permissions policy, final Settings settings) {
for (final Settings tribeNodeSettings : settings.getGroups("tribe", true).values()) {
// tribe nodes have HTTP disabled by default, so we check if HTTP is enabled before granting
if (NetworkModule.HTTP_ENABLED.exists(tribeNodeSettings) && NetworkModule.HTTP_ENABLED.get(tribeNodeSettings)) {
addSocketPermissionForHttp(policy, tribeNodeSettings);
}
addSocketPermissionForTransport(policy, tribeNodeSettings);
}
}
项目:elasticsearch_my
文件:Security.java
/**
* Add access to path (and all files underneath it)
* @param policy current policy to add permissions to
* @param configurationName the configuration name associated with the path (for error messages only)
* @param path the path itself
* @param permissions set of file permissions to grant to the path
*/
static void addPath(Permissions policy, String configurationName, Path path, String permissions) {
// paths may not exist yet, this also checks accessibility
try {
ensureDirectoryExists(path);
} catch (IOException e) {
throw new IllegalStateException("Unable to access '" + configurationName + "' (" + path + ")", e);
}
// add each path twice: once for itself, again for files underneath it
policy.add(new FilePermission(path.toString(), permissions));
policy.add(new FilePermission(path.toString() + path.getFileSystem().getSeparator() + "-", permissions));
}
项目:elasticsearch_my
文件:Security.java
/**
* Add access to a directory iff it exists already
* @param policy current policy to add permissions to
* @param configurationName the configuration name associated with the path (for error messages only)
* @param path the path itself
* @param permissions set of file permissions to grant to the path
*/
static void addPathIfExists(Permissions policy, String configurationName, Path path, String permissions) {
if (Files.isDirectory(path)) {
// add each path twice: once for itself, again for files underneath it
policy.add(new FilePermission(path.toString(), permissions));
policy.add(new FilePermission(path.toString() + path.getFileSystem().getSeparator() + "-", permissions));
try {
path.getFileSystem().provider().checkAccess(path.toRealPath(), AccessMode.READ);
} catch (IOException e) {
throw new IllegalStateException("Unable to access '" + configurationName + "' (" + path + ")", e);
}
}
}
项目:elasticsearch_my
文件:ESPolicy.java
@Override
public PermissionCollection getPermissions(CodeSource codesource) {
// code should not rely on this method, or at least use it correctly:
// https://bugs.openjdk.java.net/browse/JDK-8014008
// return them a new empty permissions object so jvisualvm etc work
for (StackTraceElement element : Thread.currentThread().getStackTrace()) {
if ("sun.rmi.server.LoaderHandler".equals(element.getClassName()) &&
"loadClass".equals(element.getMethodName())) {
return new Permissions();
}
}
// return UNSUPPORTED_EMPTY_COLLECTION since it is safe.
return super.getPermissions(codesource);
}
项目:openjdk-jdk10
文件:CustomSystemClassLoader.java
private Class<?> defineFinderClass(String name)
throws ClassNotFoundException {
final Object obj = getClassLoadingLock(name);
synchronized(obj) {
if (finderClass != null) return finderClass;
URL url = this.getClass().getProtectionDomain().getCodeSource().getLocation();
File file = new File(url.getPath(), name+".class");
if (file.canRead()) {
try {
byte[] b = Files.readAllBytes(file.toPath());
Permissions perms = new Permissions();
perms.add(new AllPermission());
finderClass = defineClass(
name, b, 0, b.length, new ProtectionDomain(
this.getClass().getProtectionDomain().getCodeSource(),
perms));
System.out.println("Loaded " + name);
return finderClass;
} catch (Throwable ex) {
ex.printStackTrace();
throw new ClassNotFoundException(name, ex);
}
} else {
throw new ClassNotFoundException(name,
new IOException(file.toPath() + ": can't read"));
}
}
}
项目:elasticsearch_my
文件:TikaImpl.java
@SuppressForbidden(reason = "adds access to jar resources")
static void addReadPermissions(Permissions perms, URL resources[]) {
try {
for (URL url : resources) {
Path path = PathUtils.get(url.toURI());
// resource itself
perms.add(new FilePermission(path.toString(), "read,readlink"));
// classes underneath
perms.add(new FilePermission(path.toString() + System.getProperty("file.separator") + "-", "read,readlink"));
}
} catch (URISyntaxException bogus) {
throw new RuntimeException(bogus);
}
}
项目:openjdk-jdk10
文件:DefaultLoggerTest.java
public SimplePolicy(ThreadLocal<AtomicBoolean> allowControl, ThreadLocal<AtomicBoolean> allowAll) {
this.allowControl = allowControl;
this.allowAll = allowAll;
permissions = new Permissions();
// these are used for configuring the test itself...
controlPermissions = new Permissions();
controlPermissions.add(LOGGERFINDER_PERMISSION);
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
项目:trading-network
文件:ServerAccessControlService.java
@Override
protected Permissions execLoadPermissions(String userId) {
Permissions permissions = new Permissions();
permissions.add(new RemoteServiceAccessPermission("*.shared.*", "*"));
permissions.add(new AllPermission());
return permissions;
}
项目:openjdk-jdk10
文件:AuthPolicyFile.java
@Override
public PermissionCollection getPermissions(final Subject subject,
final CodeSource codesource) {
// 1) if code instantiates PolicyFile directly, then it will need
// all the permissions required for the PolicyFile initialization
// 2) if code calls Policy.getPolicy, then it simply needs
// AuthPermission(getPolicy), and the javax.security.auth.Policy
// implementation instantiates PolicyFile in a doPrivileged block
// 3) if after instantiating a Policy (either via #1 or #2),
// code calls getPermissions, PolicyFile wraps the call
// in a doPrivileged block.
return AccessController.doPrivileged
(new PrivilegedAction<PermissionCollection>() {
@Override public PermissionCollection run() {
SubjectCodeSource scs = new SubjectCodeSource(
subject, null,
codesource == null ? null : codesource.getLocation(),
codesource == null ? null : codesource.getCertificates());
if (initialized) {
return getPermissions(new Permissions(), scs);
} else {
return new PolicyPermissions(AuthPolicyFile.this, scs);
}
}
});
}
项目:openjdk-jdk10
文件:AccessControlContextFactory.java
/**
* Creates an access control context limited to only the specified permissions.
* @param permissions the permissions for the newly created access control context.
* @return a new access control context limited to only the specified permissions.
*/
public static AccessControlContext createAccessControlContext(final Permission... permissions) {
final Permissions perms = new Permissions();
for(final Permission permission: permissions) {
perms.add(permission);
}
return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
项目:Elasticsearch
文件:Security.java
/** returns dynamic Permissions to configured paths and bind ports */
static Permissions createPermissions(Environment environment) throws IOException {
Permissions policy = new Permissions();
addClasspathPermissions(policy);
addFilePermissions(policy, environment);
addBindPermissions(policy, environment.settings());
return policy;
}
项目:Elasticsearch
文件:ESPolicy.java
@Override
public PermissionCollection getPermissions(CodeSource codesource) {
// code should not rely on this method, or at least use it correctly:
// https://bugs.openjdk.java.net/browse/JDK-8014008
// return them a new empty permissions object so jvisualvm etc work
for (StackTraceElement element : Thread.currentThread().getStackTrace()) {
if ("sun.rmi.server.LoaderHandler".equals(element.getClassName()) &&
"loadClass".equals(element.getMethodName())) {
return new Permissions();
}
}
// return UNSUPPORTED_EMPTY_COLLECTION since it is safe.
return super.getPermissions(codesource);
}
项目:openjdk-jdk10
文件:LoggerBridgeTest.java
public SimplePolicy(ThreadLocal<AtomicBoolean> allowControl,
ThreadLocal<AtomicBoolean> allowAccess,
ThreadLocal<AtomicBoolean> allowAll) {
this.allowControl = allowControl;
this.allowAccess = allowAccess;
this.allowAll = allowAll;
permissions = new Permissions();
allPermissions = new PermissionsBuilder()
.add(new java.security.AllPermission())
.toPermissions();
}
项目:openjdk-jdk10
文件:DefaultLoggerFinderTest.java
public SimplePolicy(ThreadLocal<AtomicBoolean> allowAll,
ThreadLocal<AtomicBoolean> allowControl) {
this.allowAll = allowAll;
this.allowControl = allowControl;
permissions = new Permissions();
withControlPermissions = new Permissions();
withControlPermissions.add(LOGGERFINDER_PERMISSION);
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
项目:openjdk-jdk10
文件:ParentLoggerWithHandlerGC.java
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
this.allowAll = allowAll;
permissions = new Permissions();
permissions.add(new LoggingPermission("control", null));
permissions.add(new FilePermission(PREFIX+".lck", "read,write,delete"));
permissions.add(new FilePermission(PREFIX, "read,write"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
项目:openjdk-jdk10
文件:SimpleUpdateConfigWithInputStreamTest.java
public SimplePolicy(TestCase test) {
basic = new Permissions();
control = new Permissions();
control.add(new LoggingPermission("control", null));
// these are used for configuring the test itself...
all = new Permissions();
all.add(new java.security.AllPermission());
}
项目:openjdk-jdk10
文件:DefaultLoggerBridgeTest.java
public SimplePolicy(ThreadLocal<AtomicBoolean> allowControl,
ThreadLocal<AtomicBoolean> allowAccess,
ThreadLocal<AtomicBoolean> allowAll) {
this.allowControl = allowControl;
this.allowAccess = allowAccess;
this.allowAll = allowAll;
permissions = new Permissions();
allPermissions = new PermissionsBuilder()
.add(new java.security.AllPermission())
.toPermissions();
}
项目:OpenJSharp
文件:NashornLoader.java
@Override
protected PermissionCollection getPermissions(final CodeSource codesource) {
final Permissions permCollection = new Permissions();
for (final Permission perm : SCRIPT_PERMISSIONS) {
permCollection.add(perm);
}
return permCollection;
}
项目:OpenJSharp
文件:ClassAndLoader.java
static AccessControlContext createPermAccCtxt(final String... permNames) {
final Permissions perms = new Permissions();
for (final String permName : permNames) {
perms.add(new RuntimePermission(permName));
}
return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
项目:openjdk-jdk10
文件:ContextInsulation.java
public static void main(String[] args) throws Exception {
/*
* If we delay setting the security manager until after the service
* configuration file has been installed, then this test still
* functions properly, but the -Djava.security.debug output is
* lacking, so to ease debugging, we'll set it early-- at the cost
* of having to specify the policy even when running standalone.
*/
TestLibrary.suggestSecurityManager(null);
ServiceConfiguration.installServiceConfigurationFile();
/*
* Execute use of RMIClassLoader within an AccessControlContext
* that has a protection domain with no permissions, to make sure
* that RMIClassLoader can still properly initialize itself.
*/
CodeSource codesource = new CodeSource(null, (Certificate[]) null);
Permissions perms = null;
ProtectionDomain pd = new ProtectionDomain(codesource, perms);
AccessControlContext acc =
new AccessControlContext(new ProtectionDomain[] { pd });
java.security.AccessController.doPrivileged(
new java.security.PrivilegedExceptionAction() {
public Object run() throws Exception {
TestProvider.exerciseTestProvider(
TestProvider2.loadClassReturn,
TestProvider2.loadProxyClassReturn,
TestProvider2.getClassLoaderReturn,
TestProvider2.getClassAnnotationReturn,
TestProvider2.invocations);
return null;
}
}, acc);
}