下面列出了java.awt.event.ContainerListener#java.security.AccessController 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
private static AccessControlContext createContext(final Subject subject,
final AccessControlContext acc) {
return java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<AccessControlContext>() {
public AccessControlContext run() {
if (subject == null)
return new AccessControlContext(acc, null);
else
return new AccessControlContext
(acc,
new SubjectDomainCombiner(subject));
}
});
}
private static void initDBBRConstructor() {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
try {
Class<?> cl = Class.forName("java.nio.DirectByteBufferR");
Constructor<?> ctor = cl.getDeclaredConstructor(
new Class<?>[] { int.class,
long.class,
FileDescriptor.class,
Runnable.class });
ctor.setAccessible(true);
directByteBufferRConstructor = ctor;
} catch (ClassNotFoundException |
NoSuchMethodException |
IllegalArgumentException |
ClassCastException x) {
throw new InternalError(x);
}
return null;
}});
}
static void init() {
if (t == null) {
// Add a shutdown hook to remove the temp file.
AccessController.doPrivileged(
(PrivilegedAction<Void>) () -> {
/* The thread must be a member of a thread group
* which will not get GCed before VM exit.
* Make its parent the top-level thread group.
*/
ThreadGroup rootTG = ThreadGroupUtils.getRootThreadGroup();
t = new Thread(rootTG, TempFileDeletionHook::runHooks);
t.setContextClassLoader(null);
Runtime.getRuntime().addShutdownHook(t);
return null;
});
}
}
private static PasswordAuthentication
privilegedRequestPasswordAuthentication(
final String host,
final InetAddress addr,
final int port,
final String protocol,
final String prompt,
final String scheme,
final URL url,
final RequestorType authType) {
return java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<PasswordAuthentication>() {
public PasswordAuthentication run() {
if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
logger.finest("Requesting Authentication: host =" + host + " url = " + url);
}
PasswordAuthentication pass = Authenticator.requestPasswordAuthentication(
host, addr, port, protocol,
prompt, scheme, url, authType);
if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
logger.finest("Authentication returned: " + (pass != null ? pass.toString() : "null"));
}
return pass;
}
});
}
private void checkPackageAccess(Class<?> cls, ProtectionDomain pd) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (ReflectUtil.isNonPublicProxyClass(cls)) {
for (Class<?> intf: cls.getInterfaces()) {
checkPackageAccess(intf, pd);
}
return;
}
final String name = cls.getName();
final int i = name.lastIndexOf('.');
if (i != -1) {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
sm.checkPackageAccess(name.substring(0, i));
return null;
}
}, new AccessControlContext(new ProtectionDomain[] {pd}));
}
}
domains.add(pd);
}
public static InputStream getResourceAsStream(final ClassLoader cl,
final String name)
{
return (InputStream)
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
InputStream ris;
if (cl == null) {
ris = Object.class.getResourceAsStream("/"+name);
} else {
ris = cl.getResourceAsStream(name);
}
return ris;
}
});
}
public static ClassLoader getAppClassLoader(final ClassLoader extcl)
throws IOException
{
final String s = System.getProperty("java.class.path");
final File[] path = (s == null) ? new File[0] : getClassPath(s);
// Note: on bugid 4256530
// Prior implementations of this doPrivileged() block supplied
// a rather restrictive ACC via a call to the private method
// AppClassLoader.getContext(). This proved overly restrictive
// when loading classes. Specifically it prevent
// accessClassInPackage.sun.* grants from being honored.
//
return AccessController.doPrivileged(
new PrivilegedAction<AppClassLoader>() {
public AppClassLoader run() {
URL[] urls =
(s == null) ? new URL[0] : pathToURLs(path);
return new AppClassLoader(urls, extcl);
}
});
}
@Override
RMIConnection doNewClient(final Object credentials) throws IOException {
if (callerACC == null) {
throw new SecurityException("AccessControlContext cannot be null");
}
try {
return AccessController.doPrivileged(
new PrivilegedExceptionAction<RMIConnection>() {
public RMIConnection run() throws IOException {
return superDoNewClient(credentials);
}
}, callerACC);
} catch (PrivilegedActionException pae) {
throw (IOException) pae.getCause();
}
}
private static boolean isInstanceOf(final MBeanServer mbs,
final ObjectName name,
final String className) {
PrivilegedExceptionAction<Boolean> act =
new PrivilegedExceptionAction<Boolean>() {
public Boolean run() throws InstanceNotFoundException {
return mbs.isInstanceOf(name, className);
}
};
try {
return AccessController.doPrivileged(act);
} catch (Exception e) {
logger.fine("isInstanceOf", "failed: " + e);
logger.debug("isInstanceOf", e);
return false;
}
}
private static <U> U doPrivilegedIOWithReturn(Callable<U> function) throws IOException {
try {
return AccessController.doPrivileged(new PrivilegedExceptionAction<U>() {
@Override
public U run() throws Exception {
return function.call();
}
}, null);
} catch (PrivilegedActionException e) {
Throwable t = e.getCause();
if (t instanceof IOException) {
throw (IOException) t;
}
throw new IOException("Unexpected error during I/O operation. " + t.getMessage(), t);
}
}
public OutputStream getOutputStream() throws IOException {
if (!sc.isOpen())
throw new SocketException("Socket is closed");
if (!sc.isConnected())
throw new SocketException("Socket is not connected");
if (!sc.isOutputOpen())
throw new SocketException("Socket output is shutdown");
OutputStream os = null;
try {
os = AccessController.doPrivileged(
new PrivilegedExceptionAction<OutputStream>() {
public OutputStream run() throws IOException {
return Channels.newOutputStream(sc);
}
});
} catch (java.security.PrivilegedActionException e) {
throw (IOException)e.getException();
}
return os;
}
private void processRcfCheckpoint(
Optional<String> rcfCheckpoint,
String modelId,
String detectorId,
double[] point,
ActionListener<RcfResult> listener
) {
Optional<ModelState<RandomCutForest>> model = rcfCheckpoint
.map(checkpoint -> AccessController.doPrivileged((PrivilegedAction<RandomCutForest>) () -> rcfSerde.fromJson(checkpoint)))
.filter(rcf -> isHostingAllowed(detectorId, rcf))
.map(rcf -> new ModelState<>(rcf, modelId, detectorId, ModelType.RCF.getName(), clock.instant()));
if (model.isPresent()) {
forests.put(modelId, model.get());
getRcfResult(model.get(), point, listener);
} else {
throw new ResourceNotFoundException(detectorId, CommonErrorMessages.NO_CHECKPOINT_ERR_MSG + modelId);
}
}
static void stopEventDispatchThreads() {
for (AppContext appContext: getAppContexts()) {
if (appContext.isDisposed()) {
continue;
}
Runnable r = new PostShutdownEventRunnable(appContext);
// For security reasons EventQueue.postEvent should only be called
// on a thread that belongs to the corresponding thread group.
if (appContext != AppContext.getAppContext()) {
// Create a thread that belongs to the thread group associated
// with the AppContext and invokes EventQueue.postEvent.
PrivilegedAction<Thread> action = new CreateThreadAction(appContext, r);
Thread thread = AccessController.doPrivileged(action);
thread.start();
} else {
r.run();
}
}
}
/**
* Returns the position of the mouse pointer in this <code>Container</code>'s
* coordinate space if the <code>Container</code> is under the mouse pointer,
* otherwise returns <code>null</code>.
* This method is similar to {@link Component#getMousePosition()} with the exception
* that it can take the <code>Container</code>'s children into account.
* If <code>allowChildren</code> is <code>false</code>, this method will return
* a non-null value only if the mouse pointer is above the <code>Container</code>
* directly, not above the part obscured by children.
* If <code>allowChildren</code> is <code>true</code>, this method returns
* a non-null value if the mouse pointer is above <code>Container</code> or any
* of its descendants.
*
* @exception HeadlessException if GraphicsEnvironment.isHeadless() returns true
* @param allowChildren true if children should be taken into account
* @see Component#getMousePosition
* @return mouse coordinates relative to this <code>Component</code>, or null
* @since 1.5
*/
public Point getMousePosition(boolean allowChildren) throws HeadlessException {
if (GraphicsEnvironment.isHeadless()) {
throw new HeadlessException();
}
PointerInfo pi = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<PointerInfo>() {
public PointerInfo run() {
return MouseInfo.getPointerInfo();
}
}
);
synchronized (getTreeLock()) {
Component inTheSameWindow = findUnderMouseInWindow(pi);
if (isSameOrAncestorOf(inTheSameWindow, allowChildren)) {
return pointRelativeToComponent(pi.getLocation());
}
return null;
}
}
/**
* Returns the position of the mouse pointer in this <code>Container</code>'s
* coordinate space if the <code>Container</code> is under the mouse pointer,
* otherwise returns <code>null</code>.
* This method is similar to {@link Component#getMousePosition()} with the exception
* that it can take the <code>Container</code>'s children into account.
* If <code>allowChildren</code> is <code>false</code>, this method will return
* a non-null value only if the mouse pointer is above the <code>Container</code>
* directly, not above the part obscured by children.
* If <code>allowChildren</code> is <code>true</code>, this method returns
* a non-null value if the mouse pointer is above <code>Container</code> or any
* of its descendants.
*
* @exception HeadlessException if GraphicsEnvironment.isHeadless() returns true
* @param allowChildren true if children should be taken into account
* @see Component#getMousePosition
* @return mouse coordinates relative to this <code>Component</code>, or null
* @since 1.5
*/
public Point getMousePosition(boolean allowChildren) throws HeadlessException {
if (GraphicsEnvironment.isHeadless()) {
throw new HeadlessException();
}
PointerInfo pi = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<PointerInfo>() {
public PointerInfo run() {
return MouseInfo.getPointerInfo();
}
}
);
synchronized (getTreeLock()) {
Component inTheSameWindow = findUnderMouseInWindow(pi);
if (isSameOrAncestorOf(inTheSameWindow, allowChildren)) {
return pointRelativeToComponent(pi.getLocation());
}
return null;
}
}
/**
* Convenience function for getting system properties in a safe way
*
* @param name of integer property
* @param defValue the default value if unset
* @return integer property if set or default value
*/
public static int getIntProperty(final String name, final int defValue) {
checkPropertyName(name);
return AccessController.doPrivileged(
new PrivilegedAction<Integer>() {
@Override
public Integer run() {
try {
return Integer.getInteger(name, defValue);
} catch (final SecurityException e) {
// if no permission to read, assume the default value
return defValue;
}
}
}, READ_PROPERTY_ACC_CTXT);
}
static void init() {
if (t == null) {
// Add a shutdown hook to remove the temp file.
AccessController.doPrivileged(
(PrivilegedAction<Void>) () -> {
/* The thread must be a member of a thread group
* which will not get GCed before VM exit.
* Make its parent the top-level thread group.
*/
ThreadGroup rootTG = ThreadGroupUtils.getRootThreadGroup();
t = new Thread(rootTG, TempFileDeletionHook::runHooks);
t.setContextClassLoader(null);
Runtime.getRuntime().addShutdownHook(t);
return null;
});
}
}
@Override
public Object findAttribute(final String name) {
if (SecurityUtil.isPackageProtectionEnabled()) {
return AccessController.doPrivileged(
new PrivilegedAction<Object>() {
@Override
public Object run() {
if (name == null) {
throw new NullPointerException(Localizer
.getMessage("jsp.error.attribute.null_name"));
}
return doFindAttribute(name);
}
});
} else {
if (name == null) {
throw new NullPointerException(Localizer
.getMessage("jsp.error.attribute.null_name"));
}
return doFindAttribute(name);
}
}
private XRCompositeManager(XRSurfaceData surface) {
con = new XRBackendNative();
String gradProp =
AccessController.doPrivileged(new PrivilegedAction<String>() {
public String run() {
return System.getProperty("sun.java2d.xrgradcache");
}
});
enableGradCache = gradProp == null ||
!(gradProp.equalsIgnoreCase("false") ||
gradProp.equalsIgnoreCase("f"));
XRPaints.register(this);
initResources(surface);
maskBuffer = new MaskTileManager(this, surface.getXid());
textRenderer = new XRTextRenderer(this);
maskImage = new XRMaskImage(this, surface.getXid());
}
public void handle(final Callback[] callbacks)
throws java.io.IOException, UnsupportedCallbackException {
try {
java.security.AccessController.doPrivileged
(new java.security.PrivilegedExceptionAction<Void>() {
public Void run() throws java.io.IOException,
UnsupportedCallbackException {
ch.handle(callbacks);
return null;
}
}, acc);
} catch (java.security.PrivilegedActionException pae) {
if (pae.getException() instanceof java.io.IOException) {
throw (java.io.IOException)pae.getException();
} else {
throw (UnsupportedCallbackException)pae.getException();
}
}
}
public static ResourceBundle getBundle(final String baseName, final Locale locale) {
return AccessController.doPrivileged(new PrivilegedAction<ResourceBundle>() {
@Override
public ResourceBundle run() {
return ResourceBundle
.getBundle(baseName, locale, LocaleDataResourceBundleControl.INSTANCE);
}
});
}
private File[] getInstalledExtensions() throws IOException {
return AccessController.doPrivileged(
new PrivilegedAction<File[]>() {
public File[] run() {
try {
return getExtFiles(getExtDirs());
} catch(IOException e) {
debug("Cannot get list of installed extensions");
debugException(e);
return new File[0];
}
}
});
}
static void setAccessible(AccessibleObject object, boolean flag) {
if (System.getSecurityManager() == null) {
object.setAccessible(flag);
} else {
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
try {
object.setAccessible(flag);
} catch (SecurityException ex) {
ConfigLogging.log.failedToSetAccessible(ex, object.toString());
}
return null;
});
}
}
@Override
public Object executeExpression(final Object compiledExpression, final VariableResolverFactory factory) {
return AccessController.doPrivileged(new PrivilegedAction<Object>() {
@Override
public Object run() {
return MVEL.executeExpression(compiledExpression, factory);
}
}, KiePolicyHelper.getAccessContext());
}
private void stopListeningForOtherDrags() {
//System.out.println("Removing AWTEventListener");
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<Object>() {
public Object run() {
nativeContainer.getToolkit().removeAWTEventListener(LightweightDispatcher.this);
return null;
}
}
);
}
public ThreadGroup getThreadGroup() {
synchronized (threadGroupSynchronizer) {
if (threadGroup == null || threadGroup.isDestroyed()) {
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
threadGroup = new AppletThreadGroup(base + "-threadGroup");
// threadGroup.setDaemon(true);
// threadGroup is now destroyed by AppContext.dispose()
// Create the new AppContext from within a Thread belonging
// to the newly created ThreadGroup, and wait for the
// creation to complete before returning from this method.
AppContextCreator creatorThread = new AppContextCreator(threadGroup);
// Since this thread will later be used to launch the
// applet's AWT-event dispatch thread and we want the applet
// code executing the AWT callbacks to use their own class
// loader rather than the system class loader, explicitly
// set the context class loader to the AppletClassLoader.
creatorThread.setContextClassLoader(AppletClassLoader.this);
creatorThread.start();
try {
synchronized(creatorThread.syncObject) {
while (!creatorThread.created) {
creatorThread.syncObject.wait();
}
}
} catch (InterruptedException e) { }
appContext = creatorThread.appContext;
return null;
}
});
}
return threadGroup;
}
}
public boolean contains(Object o) {
final Iterator<E> e = iterator();
while (e.hasNext()) {
E next;
if (which != Subject.PRIV_CREDENTIAL_SET) {
next = e.next();
} else {
// For private credentials:
// If the caller does not have read permission for
// for o.getClass(), we throw a SecurityException.
// Otherwise we check the private cred set to see whether
// it contains the Object
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new PrivateCredentialPermission
(o.getClass().getName(),
subject.getPrincipals()));
}
next = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<E>() {
public E run() {
return e.next();
}
});
}
if (next == null) {
if (o == null) {
return true;
}
} else if (next.equals(o)) {
return true;
}
}
return false;
}
long getLastModified(final File f) {
return ((Long)
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
return new Long(f.lastModified());
}
})).longValue();
}
private static Package defineSystemPackage(final String iname,
final String fn)
{
return AccessController.doPrivileged(new PrivilegedAction<Package>() {
public Package run() {
String name = iname;
// Get the cached code source url for the file name
URL url = urls.get(fn);
if (url == null) {
// URL not found, so create one
File file = new File(fn);
try {
url = ParseUtil.fileToEncodedURL(file);
} catch (MalformedURLException e) {
}
if (url != null) {
urls.put(fn, url);
// If loading a JAR file, then also cache the manifest
if (file.isFile()) {
mans.put(fn, loadManifest(fn));
}
}
}
// Convert to "."-separated package name
name = name.substring(0, name.length() - 1).replace('/', '.');
Package pkg;
Manifest man = mans.get(fn);
if (man != null) {
pkg = new Package(name, man, url, null);
} else {
pkg = new Package(name, null, null, null,
null, null, null, null, null);
}
pkgs.put(name, pkg);
return pkg;
}
});
}
public AccessControlContext
delegatedContext(AccessControlContext authenticatedACC,
Subject delegatedSubject,
boolean removeCallerContext)
throws SecurityException {
if (System.getSecurityManager() != null && authenticatedACC == null) {
throw new SecurityException("Illegal AccessControlContext: null");
}
// Check if the subject delegation permission allows the
// authenticated subject to assume the identity of each
// principal in the delegated subject
//
Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
final Collection<Permission> permissions = new ArrayList<>(ps.size());
for(Principal p : ps) {
final String pname = p.getClass().getName() + "." + p.getName();
permissions.add(new SubjectDelegationPermission(pname));
}
PrivilegedAction<Void> action =
new PrivilegedAction<Void>() {
public Void run() {
for (Permission sdp : permissions) {
AccessController.checkPermission(sdp);
}
return null;
}
};
AccessController.doPrivileged(action, authenticatedACC);
return getDelegatedAcc(delegatedSubject, removeCallerContext);
}