下面列出了怎么用java.security.PermissionCollection的API类实例代码及写法,或者点击链接到github查看源代码。
/**
* Prints warning message if installed Policy is the default Policy
* implementation and globally granted permissions do not include
* AllPermission or any ExecPermissions/ExecOptionPermissions.
*/
static void checkConfiguration() {
Policy policy =
AccessController.doPrivileged(new PrivilegedAction<Policy>() {
public Policy run() {
return Policy.getPolicy();
}
});
if (!(policy instanceof PolicyFile)) {
return;
}
PermissionCollection perms = getExecPermissions();
for (Enumeration<Permission> e = perms.elements();
e.hasMoreElements();)
{
Permission p = e.nextElement();
if (p instanceof AllPermission ||
p instanceof ExecPermission ||
p instanceof ExecOptionPermission)
{
return;
}
}
System.err.println(getTextResource("rmid.exec.perms.inadequate"));
}
/**
* Prints warning message if installed Policy is the default Policy
* implementation and globally granted permissions do not include
* AllPermission or any ExecPermissions/ExecOptionPermissions.
*/
static void checkConfiguration() {
Policy policy =
AccessController.doPrivileged(new PrivilegedAction<Policy>() {
public Policy run() {
return Policy.getPolicy();
}
});
if (!(policy instanceof PolicyFile)) {
return;
}
PermissionCollection perms = getExecPermissions();
for (Enumeration<Permission> e = perms.elements();
e.hasMoreElements();)
{
Permission p = e.nextElement();
if (p instanceof AllPermission ||
p instanceof ExecPermission ||
p instanceof ExecOptionPermission)
{
return;
}
}
System.err.println(getTextResource("rmid.exec.perms.inadequate"));
}
/**
*
*/
private PermissionCollection makeImplicitPermissionCollection(FrameworkContext fw, Bundle b) {
// NYI, perhaps we should optimize this collection.
final Permissions pc = new Permissions();
if (dataRoot != null) {
pc.add(new FilePermission(dataRoot.getPath(), "read,write"));
pc.add(new FilePermission((new File(dataRoot, "-")).getPath(),
"read,write,delete"));
}
final StringBuffer sb = new StringBuffer("(id=");
sb.append(b.getBundleId());
sb.append(")");
pc.add(new AdminPermission(sb.toString(),
AdminPermission.RESOURCE + "," +
AdminPermission.METADATA + "," +
AdminPermission.CLASS));
pc.add(new PropertyPermission("org.osgi.framework.*", "read"));
pc.add(new CapabilityPermission(ExecutionEnvironmentNamespace.EXECUTION_ENVIRONMENT_NAMESPACE,
CapabilityPermission.REQUIRE));
return pc;
}
/** @return an IOPermissionCollection or <tt>null</tt> if not found */
static IOPermissionCollection getIOPermissionCollection(AccessControlContext acc) {
try {
ProtectionDomain[] pds = getDomains(acc);
PermissionCollection pc;
for (int i = 0; i < pds.length; i++) {
pc = pds[i].getPermissions();
if (pc instanceof IOPermissionCollection) {
return (IOPermissionCollection) pc;
}
}
return null;
} catch (final Exception e) {
javax.swing.SwingUtilities.invokeLater(new Runnable() {
public void run() {
Logger.getLogger(AccController.class.getName()).log(Level.WARNING, null, e);
}
});
return null;
}
}
/**
* allow any classes loaded from classpath to exit the VM.
*/
protected PermissionCollection getPermissions(CodeSource codesource)
{
PermissionCollection perms = super.getPermissions(codesource);
perms.add(new RuntimePermission("exitVM"));
return perms;
}
public PermissionsBuilder addAll(PermissionCollection col) {
if (col != null) {
for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
perms.add(e.nextElement());
}
}
return this;
}
/**
* Return the permissions to be granted to code loaded from the
* given code source.
*/
protected PermissionCollection getPermissions(CodeSource codesource) {
PermissionCollection perms = super.getPermissions(codesource);
/*
* Grant the same permissions that URLClassLoader would grant.
*/
return perms;
}
private static void checkPermission(PermissionCollection perms,
Permission p)
throws AccessControlException
{
if (!perms.implies(p)) {
throw new AccessControlException(
"access denied " + p.toString());
}
}
/**
* Return the permissions to be granted to code loaded from the
* given code source.
*/
protected PermissionCollection getPermissions(CodeSource codesource) {
PermissionCollection perms = super.getPermissions(codesource);
/*
* Grant the same permissions that URLClassLoader would grant.
*/
return perms;
}
/**
* Generates an AccessControlContext with minimal permissions.
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
private static AccessControlContext getAccessControlContext(int port) {
// begin with permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new java.security.PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource = new CodeSource(null,
(java.security.cert.Certificate[]) null);
Policy p = java.security.Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
/*
* Anyone can connect to the registry and the registry can connect
* to and possibly download stubs from anywhere. Downloaded stubs and
* related classes themselves are more tightly limited by RMI.
*/
perms.add(new SocketPermission("*", "connect,accept"));
perms.add(new SocketPermission("localhost:"+port, "listen,accept"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
perms.add(new FilePermission("<<ALL FILES>>", "read"));
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(
new CodeSource(null,
(java.security.cert.Certificate[]) null), perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
/**
* Generates an AccessControlContext with minimal permissions.
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
private static AccessControlContext getAccessControlContext(int port) {
// begin with permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new java.security.PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource = new CodeSource(null,
(java.security.cert.Certificate[]) null);
Policy p = java.security.Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
/*
* Anyone can connect to the registry and the registry can connect
* to and possibly download stubs from anywhere. Downloaded stubs and
* related classes themselves are more tightly limited by RMI.
*/
perms.add(new SocketPermission("*", "connect,accept"));
perms.add(new SocketPermission("localhost:"+port, "listen,accept"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
perms.add(new FilePermission("<<ALL FILES>>", "read"));
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(
new CodeSource(null,
(java.security.cert.Certificate[]) null), perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
/**
* allow any classes loaded from classpath to exit the VM.
*/
protected PermissionCollection getPermissions(CodeSource codesource)
{
PermissionCollection perms = super.getPermissions(codesource);
perms.add(new RuntimePermission("exitVM"));
return perms;
}
/**
* Return the permissions to be granted to code loaded from the
* given code source.
*/
protected PermissionCollection getPermissions(CodeSource codesource) {
PermissionCollection perms = super.getPermissions(codesource);
/*
* Grant the same permissions that URLClassLoader would grant.
*/
return perms;
}
public PermissionsBuilder addAll(PermissionCollection col) {
if (col != null) {
for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
perms.add(e.nextElement());
}
}
return this;
}
/**
* allow any classes loaded from classpath to exit the VM.
*/
protected PermissionCollection getPermissions(CodeSource codesource)
{
PermissionCollection perms = super.getPermissions(codesource);
perms.add(new RuntimePermission("exitVM"));
return perms;
}
public PermissionsBuilder addAll(PermissionCollection col) {
if (col != null) {
for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
perms.add(e.nextElement());
}
}
return this;
}
public static void main(String[] args) throws Exception {
Policy policy = Policy.getPolicy();
PermissionCollection perms = policy.getPermissions((CodeSource)null);
if (perms.elements().hasMoreElements()) {
System.err.println(perms);
throw new Exception("PermissionCollection is not empty");
}
}
public PermissionsBuilder addAll(PermissionCollection col) {
if (col != null) {
for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
perms.add(e.nextElement());
}
}
return this;
}
/**
*
*/
private PermissionCollection getPerms() {
if (framework.props.isDoubleCheckedLockingSafe) {
if (systemPermissions == null) {
synchronized (this) {
return getPerms0();
}
}
return systemPermissions;
} else {
synchronized (this) {
return getPerms0();
}
}
}
/**
*/
ConditionalPermission(Condition [] conds, PermissionCollection perms, String access,
ConditionalPermissionInfoImpl cpi) {
conditions = conds;
permissions = perms;
this.access = access;
parent = cpi;
}
@Override
protected PermissionCollection getPermissions(CodeSource codesource) {
Permissions pc = new Permissions();
pc.add(new FilePermission("data/-", "read")); // Can read everything from data dir
pc.add(new FilePermission(String.format("data/%s/-", spec.getModid()), "read,write,delete")); // Can write everything inside addon data dir
return pc;
}
public PermissionsBuilder addAll(PermissionCollection col) {
if (col != null) {
for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
perms.add(e.nextElement());
}
}
return this;
}
public static void main(String[] args) throws Exception {
String userDir = System.getProperty("user.dir");
String jarURL = "jar:file:" + userDir + File.separator + "foo.jar!/";
URL codeSourceURL = new URL(jarURL);
CodeSource cs = new CodeSource(codeSourceURL, new Certificate[0]);
PermissionCollection perms = Policy.getPolicy().getPermissions(cs);
if (!perms.implies(new AllPermission()))
throw new Exception("FAILED: " + codeSourceURL
+ " not granted AllPermission");
}
public PermissionsBuilder addAll(PermissionCollection col) {
if (col != null) {
for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
perms.add(e.nextElement());
}
}
return this;
}
public static String getClassSecurityInfo(final Class cl)
{
// Returns a String which looks similar to:
// PermissionCollection [email protected] ...
// (java.io.FilePermission <<ALL FILES>> ....)
// (java.io.FilePermission /export0/sunwappserv/lib/- ...)
// ... other permissions ...
// Domain ProtectionDomain (file:/export0/sunwappserv/lib-)
// [email protected] (
// (java.io.FilePermission <<ALL FILES>> ...)
// (java.io.FilePermission /var/tmp//- ...)
String result =
(String)AccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
StringBuffer sb = new StringBuffer(500);
ProtectionDomain pd = cl.getProtectionDomain();
Policy policy = Policy.getPolicy();
PermissionCollection pc = policy.getPermissions(pd);
sb.append("\nPermissionCollection ");
sb.append(pc.toString());
// Don't need to add 'Protection Domain' string, it's
// in ProtectionDomain.toString() already.
sb.append(pd.toString());
return sb.toString();
}
});
return result;
}
@Override
public PermissionCollection getPermissions(ProtectionDomain pd) {
return perms;
}
protected PermissionCollection engineGetPermissions(ProtectionDomain d) {
return pf.getPermissions(d);
}
public PermissionCollection getExcludedPermissions() {
return excludedPermissions;
}
@Override
public PermissionCollection getPermissions(CodeSource cs) {
return perms;
}
@Override
public PermissionCollection getPermissions(ProtectionDomain domain) {
return permissions;
}