/** * Returns the {@code PermissionCollection} for the specified {@code * CodeSource}. * * @param codesource * the code source. * @return the {@code PermissionCollection} for the specified {@code * CodeSource}. */ protected PermissionCollection getPermissions(CodeSource codesource) { // Do nothing by default, ProtectionDomain will take care about // permissions in dynamic return new Permissions(); }
void clearPermissions() { perms = new Permissions(); }
void clearPermissions() { perms = new Permissions(); }
@Override public void delete() throws PolicyContextException { synchronized (this) { // prevents concurrent state changes transitionTo(State.DELETED); this.uncheckedPermissions = new Permissions(); this.excludedPermissions = new Permissions(); this.rolePermissions.clear(); this.linkedPolicies.remove(this); } }
void clearPermissions() { perms = new Permissions(); } @Override
@Override public void removeUncheckedPolicy() throws PolicyContextException { synchronized (this) { // prevents concurrent state changes checkIfInOpenState(); this.uncheckedPermissions = new Permissions(); } }
@Override public void removeExcludedPolicy() throws PolicyContextException { synchronized (this) { // prevents concurrent state changes checkIfInOpenState(); this.excludedPermissions = new Permissions(); } }
void clearPermissions() { perms = new Permissions(); } public PermissionCollection getPermissions(CodeSource cs) {
/** * Get a read-only collection of the given permissions. * * @param permissions the permissions to assign * @return the read-only collection */ public static PermissionCollection readOnlyCollectionOf(Permission... permissions) { final int length = permissions.length; if (length == 0) { return EMPTY_PERMISSION_COLLECTION; } else { Permissions collection = new Permissions(); addAll(collection, Arrays.asList(permissions)); collection.setReadOnly(); return collection; } } }
protected PermissionCollection getPermissions(CodeSource codeSource) { PermissionCollection perms; try { try { perms = super.getPermissions(codeSource); } catch (SecurityException e) { // We lied about our CodeSource and that makes URLClassLoader unhappy. perms = new Permissions(); } ProtectionDomain myDomain = AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() { public ProtectionDomain run() { return getClass().getProtectionDomain(); } }); PermissionCollection myPerms = myDomain.getPermissions(); if (myPerms != null) { for (Enumeration<Permission> elements = myPerms.elements(); elements.hasMoreElements();) { perms.add(elements.nextElement()); } } } catch (Throwable e) { // We lied about our CodeSource and that makes URLClassLoader unhappy. perms = new Permissions(); } perms.setReadOnly(); return perms; }
@Override public void addToRole(String roleName, Permission permission) throws PolicyContextException { checkNotNullParam("roleName", roleName); checkNotNullParam("permission", permission); synchronized (this) { // prevents state change while adding checkIfInOpenState(); this.rolePermissions.computeIfAbsent(roleName, s -> new Permissions()).add(permission); } }
classData, 0, classData.length, targetClassLoader, new ProtectionDomain(new CodeSource(null, (Certificate[]) null), new Permissions()));
public PermissionCollection getPermissions(CodeSource codesource) { Permissions p = new Permissions(); p.add(new AllPermission()); // enable everything return p; } public void refresh() {
public PermissionCollection getPermissions(CodeSource codesource) { Permissions p = new Permissions(); p.add(new AllPermission()); // enable everything return p; } public void refresh() {
@Before public void setUp() throws Exception { final ProtectionDomain empty = new ProtectionDomain(null, new Permissions()); provider = new SecurityContextProvider() { private final AccessControlContext acc = new AccessControlContext( new ProtectionDomain[] { empty }); @Override public AccessControlContext getAccessControlContext() { return acc; } }; DefaultResourceLoader drl = new DefaultResourceLoader(); Resource config = drl .getResource("/org/springframework/beans/factory/support/security/callbacks.xml"); beanFactory = new DefaultListableBeanFactory(); new XmlBeanDefinitionReader(beanFactory).loadBeanDefinitions(config); beanFactory.setSecurityContextProvider(provider); }
beanFactory.setSecurityContextProvider(null); Permissions perms = new Permissions(); perms.add(new AuthPermission("getSubject")); ProtectionDomain pd = new ProtectionDomain(null, perms);
@Override public PermissionCollection getPermissions(CodeSource codesource) { // code should not rely on this method, or at least use it correctly: // https://bugs.openjdk.java.net/browse/JDK-8014008 // return them a new empty permissions object so jvisualvm etc work for (StackTraceElement element : Thread.currentThread().getStackTrace()) { if ("sun.rmi.server.LoaderHandler".equals(element.getClassName()) && "loadClass".equals(element.getMethodName())) { return new Permissions(); } } // return UNSUPPORTED_EMPTY_COLLECTION since it is safe. return super.getPermissions(codesource); }
granted = new java.security.Permissions(); for (final Permissions.Permission p : revokedPermissions) { if (p.getClassName() == null) {
throw new UnsupportedOperationException("JavaPolicy implementation does not support retrieving permissions"); PermissionCollection actualPermissions = new Permissions(); for (Permission permission : Collections.list(permissions.elements())) { if (!emptyPolicy.implies(PluginSecurity.class.getProtectionDomain(), permission)) {
/** returns dynamic Permissions to configured paths and bind ports */ static Permissions createPermissions(Environment environment) throws IOException { Permissions policy = new Permissions(); addClasspathPermissions(policy); addFilePermissions(policy, environment); addBindPermissions(policy, environment.settings()); return policy; }