Package java.security

Examples of java.security.PermissionCollection


  /* (non-Javadoc)
   * @see java.security.Policy#getPermissions(java.security.CodeSource)
   */
  @Override
  public PermissionCollection getPermissions(CodeSource codeSource) {
    PermissionCollection result = new Permissions();
    return result;
  }
View Full Code Here


  @Override
  public PermissionCollection getPermissions(ProtectionDomain domain) {
    Principal[] principals = domain.getPrincipals();
    GVSPrincipal[] gvsPrincipals = getGVSPrincipals(principals);

    PermissionCollection result = new Permissions();
    
    /*if (gvsPrincipals.length == 0) {
        //allow everything
        result.add(new GVSImpersonatePermission());
        result.add(new GVSSetClockPermission());
    } else {*/
      //Resource userRes = gvsPrincipals[0].getUserResource();
      //This variant ensures up-to-date authorization
      for (GVSPrincipal principal : gvsPrincipals) {
        if (principal == SuperUserGVSPrincipal.instance) {
          result.add(new GVSImpersonatePermission());
          result.add(new GVSSetClockPermission());
        }
        Resource userRes = getUserResource(principal.getUserName());
        if (userRes.hasProperty(RDF.type, AUTHORIZATION.ClockMaster));
        StmtIterator impersonateStmt = userRes.listProperties(AUTHORIZATION.mayImpersonate);
        while (impersonateStmt.hasNext()) {
          result.add(new GVSImpersonatePermission(new SourceImpl(impersonateStmt.nextStatement().getResource().toString())));
        }
      }
     
    //}
    return result;
View Full Code Here

  /* (non-Javadoc)
   * @see java.security.Policy#getPermissions(java.security.CodeSource)
   */
  @Override
  public PermissionCollection getPermissions(CodeSource arg0) {
    PermissionCollection result = new Permissions();
    result.add(new GVSImpersonatePermission());
    result.add(new GVSSetClockPermission());
    return result;
  }
View Full Code Here

        File file = new File( root, name );
        return file;
    }

    public static boolean isSecure(String root, File file) throws IOException {
        PermissionCollection rootDirectory;
        if( root.endsWith( File.separator ) ) {
            FilePermission fp = new FilePermission( root + "-", "read" );
            rootDirectory = fp.newPermissionCollection();
            rootDirectory.add( fp );
            rootDirectory.add( new FilePermission( root.substring( 0, root.length() - 1 ), "read" ) );
        } else {
            FilePermission fp = new FilePermission( root, "read" );
            rootDirectory = fp.newPermissionCollection();
            rootDirectory.add( fp );
            rootDirectory.add( new FilePermission( root + File.separator + "-", "read" ) );
        }
        return ( rootDirectory.implies( new FilePermission( file.getCanonicalPath(), "read" ) ) );
    }
View Full Code Here

    }

    // add downloaded jars to the classpath with required permissions
    classLoader = new URLClassLoader(urls) {
      protected PermissionCollection getPermissions (CodeSource codesource) {
        PermissionCollection perms = null;

        try {
          // getPermissions from original classloader is important as it checks for signed jars and shows any security dialogs needed
          Method method = SecureClassLoader.class.getDeclaredMethod("getPermissions", new Class[] { CodeSource.class });
          method.setAccessible(true);
          perms = (PermissionCollection)method.invoke(getClass().getClassLoader(), new Object[] {codesource});

          String host = getCodeBase().getHost();

              if (host != null && (host.length() > 0)) {
                // add permission for downloaded jars to access host they were from
                perms.add(new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
              }
              else if ( "file".equals(codesource.getLocation().getProtocol()) ) {
                // if running locally add file permission
                String path = codesource.getLocation().getFile().replace('/', File.separatorChar);
                  perms.add(new FilePermission(path, SecurityConstants.FILE_READ_ACTION));
              }

            } catch (Exception e) {
          e.printStackTrace();
        }
View Full Code Here

          hasPermissions = true;
          getParents();

          Permissions perms = new Permissions();
          for (int i=0; i<_groups.length; i++) {
            PermissionCollection groupCol = _groups[i].getCombinedPermissions();
            if (groupCol != null) {
              for (Enumeration enu = groupCol.elements(); enu.hasMoreElements(); ) {
                perms.add((Permission)enu.nextElement());
              }
            }
          }
          //combine own permissions
View Full Code Here

 
    try {
      connImpl = getConnection();
      ctx = (DirContext)connImpl.getConnection();

      PermissionCollection storage = LDAPRealm.loadPermissions(ctx, dn);
      boolean found = false;
      for (Enumeration enu=storage.elements(); enu.hasMoreElements(); ) {
        if (perm.equals(enu.nextElement())) {
          _zone.log().error("--addPermission() we already have: "+perm);
          found = true;
        }
      }
      storage.add(perm);
      if (!found) {
        LDAPRealm.savePermissions(ctx, dn, storage);
        _zone.log().error("--addPermissions() perm added: "+perm);
      }
      return storage;
View Full Code Here

 
    try {
      connImpl = getConnection();
      ctx = (DirContext)connImpl.getConnection();

      PermissionCollection storage = LDAPRealm.loadPermissions(ctx, dn);
      PermissionCollection altered = new Permissions();
     
      boolean found = false;
      for (Enumeration enu=storage.elements(); enu.hasMoreElements(); ) {
        Permission p = (Permission)enu.nextElement();
        if (perm.equals(p)) {
          found = true;
        } else {
          altered.add(p);
        }
      }
      if (found) {
        LDAPRealm.savePermissions(ctx, dn, altered);
        _zone.log().error("--removePermissions() perm removed: "+altered);
View Full Code Here

        if (!hasPermissions) {
          hasPermissions = true;
          getParents();
          Permissions perms = new Permissions();
          for (int i=0; i<parents.length; i++) {
            PermissionCollection parentCol = parents[i].getCombinedPermissions();
            if (parentCol != null) {
              for (Enumeration enu = parentCol.elements(); enu.hasMoreElements(); ) {
                perms.add((Permission)enu.nextElement());
              }
            }
          }
          //combine own permissions
View Full Code Here

     * @param codesource the codesource
     * @return the permissions granted to the codesource
     */
    protected PermissionCollection getPermissions(CodeSource codesource)
    {
  PermissionCollection perms = super.getPermissions(codesource);

  URL url = codesource.getLocation();

  Permission p;
  URLConnection urlConnection;

  try {
      urlConnection = url.openConnection();
      p = urlConnection.getPermission();
  } catch (java.io.IOException ioe) {
      p = null;
      urlConnection = null;
  }

  if (p instanceof FilePermission) {
      // if the permission has a separator char on the end,
      // it means the codebase is a directory, and we need
      // to add an additional permission to read recursively
      String path = p.getName();
      if (path.endsWith(File.separator)) {
    path += "-";
    p = new FilePermission(path, SecurityConstants.FILE_READ_ACTION);
      }
  } else if ((p == null) && (url.getProtocol().equals("file"))) {
      String path = url.getFile().replace('/', File.separatorChar);
            path = ParseUtil.decode(path);
      if (path.endsWith(File.separator))
    path += "-";
      p =  new FilePermission(path, SecurityConstants.FILE_READ_ACTION);
  } else {
      URL locUrl = url;
      if (urlConnection instanceof JarURLConnection) {
    locUrl = ((JarURLConnection)urlConnection).getJarFileURL();
      }
      String host = locUrl.getHost();
      if (host != null && (host.length() > 0))
    p = new SocketPermission(host,
           SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION);
  }
  // make sure the person that created this class loader
  // would have this permission

  if (p != null) {
      final SecurityManager sm = System.getSecurityManager();
      if (sm != null) {
    final Permission fp = p;
    AccessController.doPrivileged(new PrivilegedAction() {
        public Object run() throws SecurityException {
      sm.checkPermission(fp);
      return null;
        }
    }, acc);
      }
      perms.add(p);
  }
  return perms;
    }
View Full Code Here

TOP

Related Classes of java.security.PermissionCollection

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.