Java 类java.security.PermissionCollection 实例源码

项目:lazycat    文件:WebappClassLoaderBase.java   
/**
 * Get the Permissions for a CodeSource. If this instance of
 * WebappClassLoaderBase is for a web application context, add read
 * FilePermission or JndiPermissions for the base directory (if unpacked),
 * the context URL, and jar file resources.
 *
 * @param codeSource
 *            where the code was loaded from
 * @return PermissionCollection for CodeSource
 */
@Override
protected PermissionCollection getPermissions(CodeSource codeSource) {

    String codeUrl = codeSource.getLocation().toString();
    PermissionCollection pc;
    if ((pc = loaderPC.get(codeUrl)) == null) {
        pc = super.getPermissions(codeSource);
        if (pc != null) {
            Iterator<Permission> perms = permissionList.iterator();
            while (perms.hasNext()) {
                Permission p = perms.next();
                pc.add(p);
            }
            loaderPC.put(codeUrl, pc);
        }
    }
    return (pc);

}
项目:elasticsearch_my    文件:EvilSecurityTests.java   
/**
 * checks exact file permissions, meaning those and only those for that path.
 */
static void assertExactPermissions(FilePermission expected, PermissionCollection actual) {
    String target = expected.getName(); // see javadocs
    Set<String> permissionSet = asSet(expected.getActions().split(","));
    boolean read = permissionSet.remove("read");
    boolean readlink = permissionSet.remove("readlink");
    boolean write = permissionSet.remove("write");
    boolean delete = permissionSet.remove("delete");
    boolean execute = permissionSet.remove("execute");
    assertTrue("unrecognized permission: " + permissionSet, permissionSet.isEmpty());
    assertEquals(read, actual.implies(new FilePermission(target, "read")));
    assertEquals(readlink, actual.implies(new FilePermission(target, "readlink")));
    assertEquals(write, actual.implies(new FilePermission(target, "write")));
    assertEquals(delete, actual.implies(new FilePermission(target, "delete")));
    assertEquals(execute, actual.implies(new FilePermission(target, "execute")));
}
项目:tomcat7    文件:WebappClassLoaderBase.java   
/**
 * Get the Permissions for a CodeSource.  If this instance
 * of WebappClassLoaderBase is for a web application context,
 * add read FilePermission or JndiPermissions for the base
 * directory (if unpacked),
 * the context URL, and jar file resources.
 *
 * @param codeSource where the code was loaded from
 * @return PermissionCollection for CodeSource
 */
@Override
protected PermissionCollection getPermissions(CodeSource codeSource) {

    String codeUrl = codeSource.getLocation().toString();
    PermissionCollection pc;
    if ((pc = loaderPC.get(codeUrl)) == null) {
        pc = super.getPermissions(codeSource);
        if (pc != null) {
            Iterator<Permission> perms = permissionList.iterator();
            while (perms.hasNext()) {
                Permission p = perms.next();
                pc.add(p);
            }
            loaderPC.put(codeUrl,pc);
        }
    }
    return (pc);

}
项目:OpenJSharp    文件:Activation.java   
private static PermissionCollection getExecPermissions() {
    /*
     * The approach used here is taken from the similar method
     * getLoaderAccessControlContext() in the class
     * sun.rmi.server.LoaderHandler.
     */

    // obtain permissions granted to all code in current policy
    PermissionCollection perms = AccessController.doPrivileged(
        new PrivilegedAction<PermissionCollection>() {
            public PermissionCollection run() {
                CodeSource codesource =
                    new CodeSource(null, (Certificate[]) null);
                Policy p = Policy.getPolicy();
                if (p != null) {
                    return p.getPermissions(codesource);
                } else {
                    return new Permissions();
                }
            }
        });

    return perms;
}
项目:jerrydog    文件:StandardClassLoader.java   
/**
 * Get the Permissions for a CodeSource.  If this instance
 * of StandardClassLoader is for a web application context,
 * add read FilePermissions for the base directory (if unpacked),
 * the context URL, and jar file resources.
 *
 * @param CodeSource where the code was loaded from
 * @return PermissionCollection for CodeSource
 */
protected final PermissionCollection getPermissions(CodeSource codeSource) {
    if (!policy_refresh) {
        // Refresh the security policies
        Policy policy = Policy.getPolicy();
        policy.refresh();
        policy_refresh = true;
    }
    String codeUrl = codeSource.getLocation().toString();
    PermissionCollection pc;
    if ((pc = (PermissionCollection)loaderPC.get(codeUrl)) == null) {
        pc = super.getPermissions(codeSource);
        if (pc != null) {
            Iterator perms = permissionList.iterator();
            while (perms.hasNext()) {
                Permission p = (Permission)perms.next();
                pc.add(p);
            }
            loaderPC.put(codeUrl,pc);
        }
    }
    return (pc);

}
项目:jerrydog    文件:WebappClassLoader.java   
/**
     * Get the Permissions for a CodeSource.  If this instance
     * of WebappClassLoader is for a web application context,
     * add read FilePermission or JndiPermissions for the base
     * directory (if unpacked),
     * the context URL, and jar file resources.
     *
//     * @param CodeSource where the code was loaded from
     * @return PermissionCollection for CodeSource
     */
    protected PermissionCollection getPermissions(CodeSource codeSource) {

        String codeUrl = codeSource.getLocation().toString();
        PermissionCollection pc;
        if ((pc = (PermissionCollection)loaderPC.get(codeUrl)) == null) {
            pc = super.getPermissions(codeSource);
            if (pc != null) {
                Iterator perms = permissionList.iterator();
                while (perms.hasNext()) {
                    Permission p = (Permission)perms.next();
                    pc.add(p);
                }
                loaderPC.put(codeUrl,pc);
            }
        }
        return (pc);

    }
项目:apache-tomcat-7.0.73-with-comment    文件:WebappClassLoaderBase.java   
/**
 * Get the Permissions for a CodeSource.  If this instance
 * of WebappClassLoaderBase is for a web application context,
 * add read FilePermission or JndiPermissions for the base
 * directory (if unpacked),
 * the context URL, and jar file resources.
 *
 * @param codeSource where the code was loaded from
 * @return PermissionCollection for CodeSource
 */
@Override
protected PermissionCollection getPermissions(CodeSource codeSource) {

    String codeUrl = codeSource.getLocation().toString();
    PermissionCollection pc;
    if ((pc = loaderPC.get(codeUrl)) == null) {
        pc = super.getPermissions(codeSource);
        if (pc != null) {
            Iterator<Permission> perms = permissionList.iterator();
            while (perms.hasNext()) {
                Permission p = perms.next();
                pc.add(p);
            }
            loaderPC.put(codeUrl,pc);
        }
    }
    return (pc);

}
项目:apache-tomcat-7.0.73-with-comment    文件:WebappClassLoaderBase.java   
@Override
public boolean check(Permission permission) {
    if (!Globals.IS_SECURITY_ENABLED) {
        return true;
    }
    Policy currentPolicy = Policy.getPolicy();
    if (currentPolicy != null) {
        ResourceEntry entry = findResourceInternal("/", "/", false);
        if (entry != null) {
            CodeSource cs = new CodeSource(
                    entry.codeBase, (java.security.cert.Certificate[]) null);
            PermissionCollection pc = currentPolicy.getPermissions(cs);
            if (pc.implies(permission)) {
                return true;
            }
        }
    }
    return false;
}
项目:jdk8u-jdk    文件:Activation.java   
/**
 * Prints warning message if installed Policy is the default Policy
 * implementation and globally granted permissions do not include
 * AllPermission or any ExecPermissions/ExecOptionPermissions.
 */
static void checkConfiguration() {
    Policy policy =
        AccessController.doPrivileged(new PrivilegedAction<Policy>() {
            public Policy run() {
                return Policy.getPolicy();
            }
        });
    if (!(policy instanceof PolicyFile)) {
        return;
    }
    PermissionCollection perms = getExecPermissions();
    for (Enumeration<Permission> e = perms.elements();
         e.hasMoreElements();)
    {
        Permission p = e.nextElement();
        if (p instanceof AllPermission ||
            p instanceof ExecPermission ||
            p instanceof ExecOptionPermission)
        {
            return;
        }
    }
    System.err.println(getTextResource("rmid.exec.perms.inadequate"));
}
项目:openjdk-jdk10    文件:HandlersOnComplexUpdate.java   
public PermissionsBuilder addAll(PermissionCollection col) {
    if (col != null) {
        for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
            perms.add(e.nextElement());
        }
    }
    return this;
}
项目:openjdk-jdk10    文件:LogManagerAppContextDeadlock.java   
public PermissionsBuilder addAll(PermissionCollection col) {
    if (col != null) {
        for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
            perms.add(e.nextElement());
        }
    }
    return this;
}
项目:openjdk-jdk10    文件:SimpleUpdateConfigurationTest.java   
public PermissionCollection permissions() {
    PermissionsBuilder builder = new PermissionsBuilder();
    if (allowAll.get().get()) {
        builder.addAll(all);
    } else {
        builder.addAll(basic);
        if (allowControl.get().get()) {
            builder.addAll(control);
        }
    }
    return builder.toPermissions();
}
项目:incubator-netbeans    文件:DriverClassLoader.java   
protected PermissionCollection getPermissions(CodeSource codesource) {
    Permissions permissions = new Permissions();
    permissions.add(new AllPermission());
    permissions.setReadOnly();

    return permissions;
}
项目:incubator-netbeans    文件:CustomClassLoader.java   
@Override
protected PermissionCollection getPermissions(CodeSource codeSource) {
    Permissions perms = new Permissions();
    perms.add(new AllPermission());
    perms.setReadOnly();
    return perms;
}
项目:openjdk-jdk10    文件:DefaultLoggerTest.java   
public PermissionsBuilder addAll(PermissionCollection col) {
    if (col != null) {
        for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
            perms.add(e.nextElement());
        }
    }
    return this;
}
项目:openjdk-jdk10    文件:DefaultLoggerFinderTest.java   
public PermissionsBuilder addAll(PermissionCollection col) {
    if (col != null) {
        for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
            perms.add(e.nextElement());
        }
    }
    return this;
}
项目:elasticsearch_my    文件:ESPolicyUnitTests.java   
/**
 * test with null location
 * <p>
 * its unclear when/if this happens, see https://bugs.openjdk.java.net/browse/JDK-8129972
 */
public void testNullLocation() throws Exception {
    assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
    PermissionCollection noPermissions = new Permissions();
    ESPolicy policy = new ESPolicy(noPermissions, Collections.emptyMap(), true);
    assertFalse(policy.implies(new ProtectionDomain(new CodeSource(null, (Certificate[]) null), noPermissions),
            new FilePermission("foo", "read")));
}
项目:elasticsearch_my    文件:ESPolicy.java   
@Override
public PermissionCollection getPermissions(CodeSource codesource) {
    // code should not rely on this method, or at least use it correctly:
    // https://bugs.openjdk.java.net/browse/JDK-8014008
    // return them a new empty permissions object so jvisualvm etc work
    for (StackTraceElement element : Thread.currentThread().getStackTrace()) {
        if ("sun.rmi.server.LoaderHandler".equals(element.getClassName()) &&
                "loadClass".equals(element.getMethodName())) {
            return new Permissions();
        }
    }
    // return UNSUPPORTED_EMPTY_COLLECTION since it is safe.
    return super.getPermissions(codesource);
}
项目:openjdk-jdk10    文件:DefaultLoggerBridgeTest.java   
public PermissionsBuilder addAll(PermissionCollection col) {
    if (col != null) {
        for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
            perms.add(e.nextElement());
        }
    }
    return this;
}
项目:jdk8u-jdk    文件:RegistryImpl.java   
/**
 * Generates an AccessControlContext with minimal permissions.
 * The approach used here is taken from the similar method
 * getAccessControlContext() in the sun.applet.AppletPanel class.
 */
private static AccessControlContext getAccessControlContext(int port) {
    // begin with permissions granted to all code in current policy
    PermissionCollection perms = AccessController.doPrivileged(
        new java.security.PrivilegedAction<PermissionCollection>() {
            public PermissionCollection run() {
                CodeSource codesource = new CodeSource(null,
                    (java.security.cert.Certificate[]) null);
                Policy p = java.security.Policy.getPolicy();
                if (p != null) {
                    return p.getPermissions(codesource);
                } else {
                    return new Permissions();
                }
            }
        });

    /*
     * Anyone can connect to the registry and the registry can connect
     * to and possibly download stubs from anywhere. Downloaded stubs and
     * related classes themselves are more tightly limited by RMI.
     */
    perms.add(new SocketPermission("*", "connect,accept"));
    perms.add(new SocketPermission("localhost:"+port, "listen,accept"));

    perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
    perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));

    perms.add(new FilePermission("<<ALL FILES>>", "read"));

    /*
     * Create an AccessControlContext that consists of a single
     * protection domain with only the permissions calculated above.
     */
    ProtectionDomain pd = new ProtectionDomain(
        new CodeSource(null,
            (java.security.cert.Certificate[]) null), perms);
    return new AccessControlContext(new ProtectionDomain[] { pd });
}
项目:elasticsearch_my    文件:ClassPermissionTests.java   
public void testPermissionCollectionWildcards() {
    ClassPermission lang = new ClassPermission("java.lang.*");
    PermissionCollection collection = lang.newPermissionCollection();
    collection.add(lang);
    assertTrue(collection.implies(new ClassPermission("java.lang.Math")));
    assertFalse(collection.implies(new ClassPermission("pkg.MyClass")));
}
项目:elasticsearch_my    文件:ESPolicyTests.java   
/** 
 * test restricting privileges to no permissions actually works
 */
public void testRestrictPrivileges() {
    assumeTrue("test requires security manager", System.getSecurityManager() != null);
    try {
        System.getProperty("user.home");
    } catch (SecurityException e) {
        fail("this test needs to be fixed: user.home not available by policy");
    }

    PermissionCollection noPermissions = new Permissions();
    AccessControlContext noPermissionsAcc = new AccessControlContext(
        new ProtectionDomain[] {
            new ProtectionDomain(null, noPermissions)
        }
    );
    try {
        AccessController.doPrivileged(new PrivilegedAction<Void>() {
            public Void run() {
                System.getProperty("user.home");
                fail("access should have been denied");
                return null;
            }
        }, noPermissionsAcc);
    } catch (SecurityException expected) {
        // expected exception
    }
}
项目:jdk8u-jdk    文件:LoaderHandler.java   
/**
 * Return the permissions to be granted to code loaded from the
 * given code source.
 */
protected PermissionCollection getPermissions(CodeSource codesource) {
    PermissionCollection perms = super.getPermissions(codesource);
    /*
     * Grant the same permissions that URLClassLoader would grant.
     */
    return perms;
}
项目:openjdk-jdk10    文件:ClassDeclaredFieldsTest.java   
public PermissionsBuilder addAll(PermissionCollection col) {
    if (col != null) {
        for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
            perms.add(e.nextElement());
        }
    }
    return this;
}
项目:openjdk-jdk10    文件:SimpleUpdateConfigurationTest.java   
public PermissionsBuilder addAll(PermissionCollection col) {
    if (col != null) {
        for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
            perms.add(e.nextElement());
        }
    }
    return this;
}
项目:openjdk-jdk10    文件:JarURL.java   
public static void main(String[] args) throws Exception {
    String userDir = System.getProperty("user.dir");
    String jarURL = "jar:file:" + userDir + File.separator + "foo.jar!/";
    URL codeSourceURL = new URL(jarURL);
    CodeSource cs = new CodeSource(codeSourceURL, new Certificate[0]);
    PermissionCollection perms = Policy.getPolicy().getPermissions(cs);
    if (!perms.implies(new AllPermission()))
        throw new Exception("FAILED: " + codeSourceURL
                            + " not granted AllPermission");
}
项目:openjdk-jdk10    文件:SimpleUpdateConfigWithInputStreamTest.java   
public PermissionCollection permissions() {
    PermissionsBuilder builder = new PermissionsBuilder();
    if (allowAll.get().get()) {
        builder.addAll(all);
    } else {
        builder.addAll(basic);
        if (allowControl.get().get()) {
            builder.addAll(control);
        }
    }
    return builder.toPermissions();
}
项目:OpenJSharp    文件:LoaderHandler.java   
/**
 * Return the permissions to be granted to code loaded from the
 * given code source.
 */
protected PermissionCollection getPermissions(CodeSource codesource) {
    PermissionCollection perms = super.getPermissions(codesource);
    /*
     * Grant the same permissions that URLClassLoader would grant.
     */
    return perms;
}
项目:OpenJSharp    文件:RegistryImpl.java   
/**
 * Generates an AccessControlContext with minimal permissions.
 * The approach used here is taken from the similar method
 * getAccessControlContext() in the sun.applet.AppletPanel class.
 */
private static AccessControlContext getAccessControlContext(int port) {
    // begin with permissions granted to all code in current policy
    PermissionCollection perms = AccessController.doPrivileged(
        new java.security.PrivilegedAction<PermissionCollection>() {
            public PermissionCollection run() {
                CodeSource codesource = new CodeSource(null,
                    (java.security.cert.Certificate[]) null);
                Policy p = java.security.Policy.getPolicy();
                if (p != null) {
                    return p.getPermissions(codesource);
                } else {
                    return new Permissions();
                }
            }
        });

    /*
     * Anyone can connect to the registry and the registry can connect
     * to and possibly download stubs from anywhere. Downloaded stubs and
     * related classes themselves are more tightly limited by RMI.
     */
    perms.add(new SocketPermission("*", "connect,accept"));
    perms.add(new SocketPermission("localhost:"+port, "listen,accept"));

    perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
    perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));

    perms.add(new FilePermission("<<ALL FILES>>", "read"));

    /*
     * Create an AccessControlContext that consists of a single
     * protection domain with only the permissions calculated above.
     */
    ProtectionDomain pd = new ProtectionDomain(
        new CodeSource(null,
            (java.security.cert.Certificate[]) null), perms);
    return new AccessControlContext(new ProtectionDomain[] { pd });
}
项目:jdk8u-jdk    文件:FieldSetAccessibleTest.java   
public PermissionsBuilder addAll(PermissionCollection col) {
    if (col != null) {
        for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
            perms.add(e.nextElement());
        }
    }
    return this;
}
项目:openjdk-jdk10    文件:Activation.java   
private static void checkPermission(PermissionCollection perms,
                                    Permission p)
    throws AccessControlException
{
    if (!perms.implies(p)) {
        throw new AccessControlException(
           "access denied " + p.toString());
    }
}
项目:openjdk-jdk10    文件:CustomLoggerTest.java   
@Override
public PermissionCollection getPermissions(ProtectionDomain domain) {
    return new PermissionsBuilder().addAll(permissions()).toPermissions();
}
项目:openjdk-jdk10    文件:XPathExFuncTest.java   
@Override
public PermissionCollection getPermissions(ProtectionDomain pd) {
    return perms;
}
项目:lazycat    文件:JasperLoader.java   
public JasperLoader(URL[] urls, ClassLoader parent, PermissionCollection permissionCollection) {
    super(urls, parent);
    this.permissionCollection = permissionCollection;
    this.parent = parent;
    this.securityManager = System.getSecurityManager();
}
项目:openjdk-jdk10    文件:BaseLoggerFinderTest.java   
@Override
public PermissionCollection getPermissions(ProtectionDomain domain) {
    return new PermissionsBuilder().addAll(getPermissions()).toPermissions();
}
项目:jdk8u-jdk    文件:XPathExFuncTest.java   
@Override
public PermissionCollection getPermissions(ProtectionDomain pd) {
    return perms;
}
项目:openjdk-jdk10    文件:BasicPermissionCollection.java   
public static void main(String[] args) throws Exception {

        int testFail = 0;

        TestPermission perm = new TestPermission("foo");
        PermissionCollection perms = perm.newPermissionCollection();

        // test 1
        System.out.println("test 1: add throws IllegalArgumentExc");
        try {
            perms.add(new SecurityPermission("createAccessControlContext"));
            System.err.println("Expected IllegalArgumentException");
            testFail++;
        } catch (IllegalArgumentException iae) {}

        // test 2
        System.out.println("test 2: implies returns false for wrong class");
        if (perms.implies(new SecurityPermission("getPolicy"))) {
            System.err.println("Expected false, returned true");
            testFail++;
        }

        // test 3
        System.out.println("test 3: implies returns true for match on name");
        perms.add(new TestPermission("foo"));
        if (!perms.implies(new TestPermission("foo"))) {
            System.err.println("Expected true, returned false");
            testFail++;
        }

        // test 4
        System.out.println("test 4: implies returns true for wildcard match");
        perms.add(new TestPermission("bar.*"));
        if (!perms.implies(new TestPermission("bar.foo"))) {
            System.err.println("Expected true, returned false");
            testFail++;
        }

        // test 5
        System.out.println
            ("test 5: implies returns false for invalid wildcard");
        perms.add(new TestPermission("baz*"));
        if (perms.implies(new TestPermission("baz.foo"))) {
            System.err.println("Expected false, returned true");
            testFail++;
        }

        // test 6
        System.out.println
            ("test 6: implies returns true for deep wildcard match");
        if (!perms.implies(new TestPermission("bar.foo.baz"))) {
            System.err.println("Expected true, returned false");
            testFail++;
        }

        // test 7
        System.out.println
            ("test 7: implies returns true for all wildcard match");
        perms.add(new TestPermission("*"));
        if (!perms.implies(new TestPermission("yes"))) {
            System.err.println("Expected true, returned false");
            testFail++;
        }

        // test 8
        System.out.println("test 8: elements returns correct number of perms");
        int numPerms = 0;
        Enumeration<Permission> e = perms.elements();
        while (e.hasMoreElements()) {
            numPerms++;
            System.out.println(e.nextElement());
        }
        if (numPerms != 4) {
            System.err.println("Expected 4, got " + numPerms);
            testFail++;
        }

        if (testFail > 0) {
            throw new Exception(testFail + " test(s) failed");
        }
    }
项目:jdk8u-jdk    文件:FieldSetAccessibleTest.java   
@Override
public PermissionCollection getPermissions(CodeSource codesource) {
    return new PermissionsBuilder().addAll(allowAll.get().get()
            ? allPermissions : permissions).toPermissions();
}
项目:incubator-netbeans    文件:ExecutionEngine.java   
/** Creates new PermissionCollection for given CodeSource and given PermissionCollection.
 * @param cs a CodeSource
 * @param io an InputOutput
 * @return PermissionCollection for given CodeSource and InputOutput
 */
protected final PermissionCollection createPermissions(CodeSource cs, InputOutput io) {
    PermissionCollection pc = Policy.getPolicy().getPermissions(cs);
    ThreadGroup grp = Thread.currentThread().getThreadGroup();
    return new IOPermissionCollection(io, pc, (grp instanceof TaskThreadGroup ? (TaskThreadGroup) grp: null));
}
项目:incubator-netbeans    文件:ClassLoaderSupport.java   
@Override
@NonNull
protected PermissionCollection getPermissions(final CodeSource codesource) {
    return allPermission;
}