下面列出了java.util.logging.LoggingPermission#java.security.Permissions 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Before
public void setUp() throws Exception {
final ProtectionDomain empty = new ProtectionDomain(null,
new Permissions());
provider = new SecurityContextProvider() {
private final AccessControlContext acc = new AccessControlContext(
new ProtectionDomain[] { empty });
@Override
public AccessControlContext getAccessControlContext() {
return acc;
}
};
DefaultResourceLoader drl = new DefaultResourceLoader();
Resource config = drl
.getResource("/org/springframework/beans/factory/support/security/callbacks.xml");
beanFactory = new DefaultListableBeanFactory();
new XmlBeanDefinitionReader(beanFactory).loadBeanDefinitions(config);
beanFactory.setSecurityContextProvider(provider);
}
Permissions getPermissions() {
if (allowControl.get().get() || allowAccess.get().get() || allowAll.get().get()) {
PermissionsBuilder builder = new PermissionsBuilder()
.addAll(permissions);
if (allowControl.get().get()) {
builder.add(CONTROL);
}
if (allowAccess.get().get()) {
builder.add(ACCESS_LOGGER);
builder.add(ACCESS_LOGGING);
}
if (allowAll.get().get()) {
builder.addAll(allPermissions);
}
return builder.toPermissions();
}
return permissions;
}
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
this.allowAll = allowAll;
permissions = new Permissions();
permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
permissions.add(new PropertyPermission("user.dir", "read"));
permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
private ClassLoader getClassLoader(final ObjectName name) {
if(clr == null){
return null;
}
// Restrict to getClassLoader permission only
Permissions permissions = new Permissions();
permissions.add(new MBeanPermission("*", null, name, "getClassLoader"));
ProtectionDomain protectionDomain = new ProtectionDomain(null, permissions);
ProtectionDomain[] domains = {protectionDomain};
AccessControlContext ctx = new AccessControlContext(domains);
ClassLoader loader = AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
public ClassLoader run() {
return clr.getClassLoader(name);
}
}, ctx);
return loader;
}
/**
*/
@Override
public PermissionCollection getPermissions(CodeSource cs) {
if (null==cs) {
// Not a code source for a bundle, delegate to the default policy
return defaultPolicy.getPermissions(cs);
}
final URL u = cs.getLocation();
if (u != null && BundleURLStreamHandler.PROTOCOL.equals(u.getProtocol())) {
try {
final Long id = new Long(BundleURLStreamHandler.getId(u.getHost()));
//return getPermissions(id);
final PermissionCollection pc = ph.getPermissionCollection(id);
if (pc != null) {
return copy(pc);
}
} catch (final NumberFormatException ignore) { }
return new Permissions();
} else {
return defaultPolicy.getPermissions(cs);
}
}
public static void main(String... args) throws Exception {
if (args.length > 0 && args[0].equals("sm")) {
PermissionCollection perms = new Permissions();
perms.add(new RuntimePermission("getStackWalkerWithClassReference"));
Policy.setPolicy(new Policy() {
@Override
public boolean implies(ProtectionDomain domain, Permission p) {
return perms.implies(p);
}
});
System.setSecurityManager(new SecurityManager());
}
new GetCallerClassTest(StackWalker.getInstance(), true).test();
new GetCallerClassTest(StackWalker.getInstance(RETAIN_CLASS_REFERENCE), false).test();
new GetCallerClassTest(StackWalker.getInstance(EnumSet.of(RETAIN_CLASS_REFERENCE,
SHOW_HIDDEN_FRAMES)), false).test();
}
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
this.allowAll = allowAll;
permissions = new Permissions();
permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
permissions.add(new PropertyPermission("user.dir", "read"));
permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
private Loader(URL[] urls, ClassLoader parent) {
super(urls, parent);
this.parent = parent;
/*
* Precompute the permissions required to access the loader.
*/
permissions = new Permissions();
addPermissionsForURLs(urls, permissions, false);
/*
* Caching the value of class annotation string here assumes
* that the protected method addURL() is never called on this
* class loader.
*/
annotation = urlsToPath(urls);
}
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
this.allowAll = allowAll;
// Permission needed by the tested code exercised in the test
permissions = new Permissions();
permissions.add(new RuntimePermission("fileSystemProvider"));
permissions.add(new RuntimePermission("createClassLoader"));
permissions.add(new RuntimePermission("closeClassLoader"));
permissions.add(new RuntimePermission("getClassLoader"));
permissions.add(new RuntimePermission("accessDeclaredMembers"));
permissions.add(new ReflectPermission("suppressAccessChecks"));
permissions.add(new PropertyPermission("*", "read"));
permissions.add(new FilePermission("<<ALL FILES>>", "read"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
private static PermissionCollection getExecPermissions() {
/*
* The approach used here is taken from the similar method
* getLoaderAccessControlContext() in the class
* sun.rmi.server.LoaderHandler.
*/
// obtain permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource =
new CodeSource(null, (Certificate[]) null);
Policy p = Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
return perms;
}
@Before
public void setUp() throws Exception {
final ProtectionDomain empty = new ProtectionDomain(null,
new Permissions());
provider = new SecurityContextProvider() {
private final AccessControlContext acc = new AccessControlContext(
new ProtectionDomain[] { empty });
@Override
public AccessControlContext getAccessControlContext() {
return acc;
}
};
DefaultResourceLoader drl = new DefaultResourceLoader();
Resource config = drl
.getResource("/org/springframework/beans/factory/support/security/callbacks.xml");
beanFactory = new DefaultListableBeanFactory();
new XmlBeanDefinitionReader(beanFactory).loadBeanDefinitions(config);
beanFactory.setSecurityContextProvider(provider);
}
public SimplePolicy(ThreadLocal<AtomicBoolean> allowControl,
ThreadLocal<AtomicBoolean> allowAccess,
ThreadLocal<AtomicBoolean> allowAll) {
this.allowControl = allowControl;
this.allowAccess = allowAccess;
this.allowAll = allowAll;
permissions = new Permissions();
allPermissions = new PermissionsBuilder()
.add(new java.security.AllPermission())
.toPermissions();
}
@Override
protected PermissionCollection getPermissions(CodeSource codesource) {
final Permissions permCollection = new Permissions();
for (final Permission perm : SCRIPT_PERMISSIONS) {
permCollection.add(perm);
}
return permCollection;
}
public SimplePolicy(TestCase test) {
permissions = new Permissions();
if (test != TestCase.PERMISSION) {
permissions.add(new LoggingPermission("control", null));
}
// required for calling Locale.setDefault in the test.
permissions.add(new PropertyPermission("user.language", "write"));
}
private static AccessControlContext getAccessControlContext(Permission... ps) {
Permissions perms = new Permissions();
for (Permission p : ps) {
perms.add(p);
}
/*
*Create an AccessControlContext that consist a single protection domain
* with only the permissions calculated above
*/
ProtectionDomain pd = new ProtectionDomain(null, perms);
return new AccessControlContext(new ProtectionDomain[]{pd});
}
public void setUp() {
forbidden = new Permissions();
forbidden.add(new ReflectPermission("suppressAccessChecks"));
restrictiveSecurityManager = new SecurityManager() {
@Override
public void checkPermission(Permission perm) {
if (forbidden.implies(perm))
throw new AccessControlException(perm.getName());
}
};
}
static AccessControlContext contextWithPermissions(Permission ... perms) {
Permissions permissions = new Permissions();
for (Permission perm : perms)
permissions.add(perm);
return new AccessControlContext(
new ProtectionDomain[] { new ProtectionDomain(null, permissions) });
}
public static void main(String[] args) throws Exception {
/*
* If we delay setting the security manager until after the service
* configuration file has been installed, then this test still
* functions properly, but the -Djava.security.debug output is
* lacking, so to ease debugging, we'll set it early-- at the cost
* of having to specify the policy even when running standalone.
*/
TestLibrary.suggestSecurityManager(null);
ServiceConfiguration.installServiceConfigurationFile();
/*
* Execute use of RMIClassLoader within an AccessControlContext
* that has a protection domain with no permissions, to make sure
* that RMIClassLoader can still properly initialize itself.
*/
CodeSource codesource = new CodeSource(null, (Certificate[]) null);
Permissions perms = null;
ProtectionDomain pd = new ProtectionDomain(codesource, perms);
AccessControlContext acc =
new AccessControlContext(new ProtectionDomain[] { pd });
java.security.AccessController.doPrivileged(
new java.security.PrivilegedExceptionAction() {
public Object run() throws Exception {
TestProvider.exerciseTestProvider(
TestProvider2.loadClassReturn,
TestProvider2.loadProxyClassReturn,
TestProvider2.getClassLoaderReturn,
TestProvider2.getClassAnnotationReturn,
TestProvider2.invocations);
return null;
}
}, acc);
}
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
this.allowAll = allowAll;
// we don't actually need any permission to create our
// FileHandlers because we're passing invalid parameters
// which will make the creation fail...
permissions = new Permissions();
permissions.add(new RuntimePermission("accessClassInPackage.sun.misc"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
private static ProtectionDomain createMinimalPermissionDomain() {
// Generated classes need to have at least the permission to access Nashorn runtime and runtime.linker packages.
final Permissions permissions = new Permissions();
permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.objects"));
permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime"));
permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime.linker"));
return new ProtectionDomain(new CodeSource(null, (CodeSigner[])null), permissions);
}
private static AccessControlContext withPermissions(Permission ... perms){
Permissions col = new Permissions();
for (Permission thePerm : perms ) {
col.add(thePerm);
}
final ProtectionDomain pd = new ProtectionDomain(null, col);
return new AccessControlContext( new ProtectionDomain[] { pd });
}
private static ProtectionDomain createMinimalPermissionDomain() {
// Generated classes need to have at least the permission to access Nashorn runtime and runtime.linker packages.
final Permissions permissions = new Permissions();
permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.objects"));
permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime"));
permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime.linker"));
return new ProtectionDomain(new CodeSource(null, (CodeSigner[])null), permissions);
}
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
this.allowAll = allowAll;
// we don't actually need any permission to create our
// FileHandlers because we're passing invalid parameters
// which will make the creation fail...
permissions = new Permissions();
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
@Override
protected PermissionCollection getPermissions(final CodeSource codesource) {
final Permissions permCollection = new Permissions();
for (final Permission perm : SCRIPT_PERMISSIONS) {
permCollection.add(perm);
}
return permCollection;
}
static AccessControlContext createPermAccCtxt(final String... permNames) {
final Permissions perms = new Permissions();
for (final String permName : permNames) {
perms.add(new RuntimePermission(permName));
}
return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
public SimplePolicy(ThreadLocal<AtomicBoolean> allowControl, ThreadLocal<AtomicBoolean> allowAll) {
this.allowControl = allowControl;
this.allowAll = allowAll;
permissions = new Permissions();
// these are used for configuring the test itself...
controlPermissions = new Permissions();
controlPermissions.add(LOGGERFINDER_PERMISSION);
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
this.allowAll = allowAll;
// we don't actually need any permission to create our
// FileHandlers because we're passing invalid parameters
// which will make the creation fail...
permissions = new Permissions();
permissions.add(new RuntimePermission("accessClassInPackage.sun.misc"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
public SimplePolicy(TestCase test) {
permissions = new Permissions();
if (test != TestCase.PERMISSION) {
permissions.add(new LoggingPermission("control", null));
}
// required for calling Locale.setDefault in the test.
permissions.add(new PropertyPermission("user.language", "write"));
}
/** */
protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet,
Permissions sandboxPerms, boolean isClient) throws Exception {
return startGrid(getConfiguration(login,
new TestSecurityPluginProvider(login, "", prmSet, sandboxPerms, globalAuth))
.setClientMode(isClient));
}
public static void main(String[] args) throws Exception {
/*
* If we delay setting the security manager until after the service
* configuration file has been installed, then this test still
* functions properly, but the -Djava.security.debug output is
* lacking, so to ease debugging, we'll set it early-- at the cost
* of having to specify the policy even when running standalone.
*/
TestLibrary.suggestSecurityManager(null);
ServiceConfiguration.installServiceConfigurationFile();
/*
* Execute use of RMIClassLoader within an AccessControlContext
* that has a protection domain with no permissions, to make sure
* that RMIClassLoader can still properly initialize itself.
*/
CodeSource codesource = new CodeSource(null, (Certificate[]) null);
Permissions perms = null;
ProtectionDomain pd = new ProtectionDomain(codesource, perms);
AccessControlContext acc =
new AccessControlContext(new ProtectionDomain[] { pd });
java.security.AccessController.doPrivileged(
new java.security.PrivilegedExceptionAction() {
public Object run() throws Exception {
TestProvider.exerciseTestProvider(
TestProvider2.loadClassReturn,
TestProvider2.loadProxyClassReturn,
TestProvider2.getClassLoaderReturn,
TestProvider2.getClassAnnotationReturn,
TestProvider2.invocations);
return null;
}
}, acc);
}