private void extractRolesFromProtectionDomain(ProtectionDomain domain, Set<String> roles) { Principal[] domainPrincipals = domain.getPrincipals(); if (domainPrincipals != null) { for (Principal principal : domainPrincipals) { roles.add(principal.getName()); } } }
/** * Find the protection domain in the given list which denies a permission, or {@code null} if the permission * check would pass. * * @param permission the permission to test * @param domains the protection domains to try * @return the first denying protection domain, or {@code null} if there is none */ public static ProtectionDomain findAccessDenial(final Permission permission, final ProtectionDomain... domains) { ProtectionDomain deniedDomain = null; if (domains != null) for (ProtectionDomain domain : domains) { if (! domain.implies(permission)) { final CodeSource codeSource = domain.getCodeSource(); final ClassLoader classLoader = domain.getClassLoader(); final Principal[] principals = domain.getPrincipals(); if (principals == null || principals.length == 0) { access.accessCheckFailed(permission, codeSource, classLoader); } else { access.accessCheckFailed(permission, codeSource, classLoader, Arrays.toString(principals)); } if (deniedDomain == null && ! LOG_ONLY) { deniedDomain = domain; } } } return deniedDomain; }
/** * Define a class given its bytes * * @param container the container from which the class data has been read * may be a directory or a jar/zip file. * * @param classData the bytecode data for the class * @param classname the name of the class * * @return the Class instance created from the given data * * @throws IOException if the class data cannot be read. */ protected Class defineClassFromData(File container, byte[] classData, String classname) throws IOException { definePackage(container, classname); ProtectionDomain currentPd = Project.class.getProtectionDomain(); String classResource = getClassFilename(classname); CodeSource src = new CodeSource(FILE_UTILS.getFileURL(container), getCertificates(container, classResource)); ProtectionDomain classesPd = new ProtectionDomain(src, currentPd.getPermissions(), this, currentPd.getPrincipals()); return defineClass(classname, classData, 0, classData.length, classesPd); }
/** * Define a class given its bytes * * @param container the container from which the class data has been read * may be a directory or a jar/zip file. * * @param classData the bytecode data for the class * @param classname the name of the class * * @return the Class instance created from the given data * * @throws IOException if the class data cannot be read. */ protected Class<?> defineClassFromData(final File container, final byte[] classData, final String classname) throws IOException { definePackage(container, classname); final ProtectionDomain currentPd = Project.class.getProtectionDomain(); final String classResource = getClassFilename(classname); final CodeSource src = new CodeSource(FILE_UTILS.getFileURL(container), getCertificates(container, classResource)); final ProtectionDomain classesPd = new ProtectionDomain(src, currentPd.getPermissions(), this, currentPd.getPrincipals()); return defineClass(classname, classData, 0, classData.length, classesPd); }
private static ProtectionDomain prepareDomain(ProtectionDomain domain, ClassLoader loader) { if (domain == null) { return null; } return new ProtectionDomain(domain.getCodeSource(), domain.getPermissions(), loader, domain.getPrincipals()); }
Principal[] principals = domain.getPrincipals(); if (principals != null && principals.length > 0) { if (principals.length == 1) {
private void extractRolesFromProtectionDomain(ProtectionDomain domain, Set<String> roles) { Principal[] domainPrincipals = domain.getPrincipals(); if (domainPrincipals != null) { for (Principal principal : domainPrincipals) { roles.add(principal.getName()); } } }
private void extractRolesFromProtectionDomain(ProtectionDomain domain, Set<String> roles) { Principal[] domainPrincipals = domain.getPrincipals(); if (domainPrincipals != null) { for (Principal principal : domainPrincipals) { roles.add(principal.getName()); } } }
private void extractRolesFromProtectionDomain(ProtectionDomain domain, Set<String> roles) { Principal[] domainPrincipals = domain.getPrincipals(); if (domainPrincipals != null) { for (Principal principal : domainPrincipals) { roles.add(principal.getName()); } } }
Principal[] getPrincipals(final ProtectionDomain pd){ if (pd instanceof SubjectDomain){ final Set<Principal> principals = ((SubjectDomain) pd).getSubject().getPrincipals(); // principals is a synchronized Set, always up to date. // Contention should be minimal even if Subject run on many threads. return principals.toArray(new Principal[principals.size()]); } return pd.getPrincipals(); }
@Override public boolean implies(ProtectionDomain domain, Permission permission) { // Only make checks for domains having principals if(domain.getPrincipals().length == 0) { return true; } return super.implies(domain, permission); }
DomainPermissions(ProtectionDomain pd) { Principal[] pra; principals = (pd != null && (pra = pd.getPrincipals()).length > 0) ? new HashSet(Arrays.asList(pra)) : Collections.EMPTY_SET; perms = cacheBasePerms ? basePolicy.getPermissions(pd) : null; }
private static ProtectionDomain prepareDomain(ProtectionDomain domain, ClassLoader loader) { if (domain == null) { return null; } return new ProtectionDomain(domain.getCodeSource(), domain.getPermissions(), loader, domain.getPrincipals()); }
private static ProtectionDomain prepareDomain(ProtectionDomain domain, ClassLoader loader) { if (domain == null) { return null; } return new ProtectionDomain(domain.getCodeSource(), domain.getPermissions(), loader, domain.getPrincipals()); }
private void getPermissions(Permissions permissions, ProtectionDomain domain) { CodeSource cs = domain.getCodeSource(); if (cs == null) return; // FIXME: should we // cs = AccessController.doPrivileged(new PerformURLConversionAction2( // true,cs,this)); cs = performUrlConversion(cs, true); // FIXME: add more actions? getPermissions(permissions, cs, domain.getPrincipals()); }
private static ProtectionDomain prepareDomain(ProtectionDomain domain, ClassLoader loader) { if (domain == null) { return null; } return new ProtectionDomain(domain.getCodeSource(), domain.getPermissions(), loader, domain.getPrincipals()); }
@Override public PermissionCollection getPermissions(final ProtectionDomain domain) { PermissionCollection result; Principal[] principals = domain.getPrincipals(); if (principals.length > 0) { result = new Permissions(); } else { result = originalPolicy.getPermissions(domain); } return result; } };
@Override public PermissionCollection getPermissions(final ProtectionDomain domain) { PermissionCollection result; Principal[] principals = domain.getPrincipals(); if (principals.length > 0) { result = new Permissions(); } else { result = originalPolicy.getPermissions(domain); } return result; } };
@Override public PermissionCollection getPermissions(final ProtectionDomain domain) { PermissionCollection result; Principal[] principals = domain.getPrincipals(); if (principals.length > 0) { result = new Permissions(); } else { result = originalPolicy.getPermissions(domain); } return result; } };
public boolean implies(ProtectionDomain domain, Permission permission) { if (excluded != null && excluded.implies(permission)) return false; if (unchecked != null && unchecked.implies(permission)) return true; Principal[] principals = domain.getPrincipals(); if (principals.length == 0) return false; for (int i = 0; i < principals.length; i++) { Principal principal = principals[i]; Permissions permissions = (Permissions) principalPermissionsMap.get(principal); if (permissions != null && permissions.implies(permission)) return true; } return false; }