public boolean implies(Permission permission) {
   if (permission.getClass().getSimpleName().equals("URLPermission")) {
     return isAllowed(URL_PERMISSION);
   } else {
     return isAllowed(permission);
   }
 }
  /** readObject is called to restore the state of the BasicPermissionCollection from a stream. */
  private void readObject(java.io.ObjectInputStream in) throws IOException, ClassNotFoundException {
    // Don't call defaultReadObject()

    // Read in serialized fields
    ObjectInputStream.GetField gfields = in.readFields();

    // Get permissions
    Hashtable permissions = (Hashtable) gfields.get("permissions", null);
    perms = new HashMap(permissions.size() * 2);
    perms.putAll(permissions);

    // Get all_allowed
    all_allowed = gfields.get("all_allowed", false);

    // Get permClass
    permClass = (Class) gfields.get("permClass", null);

    if (permClass == null) {
      // set permClass
      Enumeration e = permissions.elements();
      if (e.hasMoreElements()) {
        Permission p = (Permission) e.nextElement();
        permClass = p.getClass();
      }
    }
  }
  @Override
  public boolean implies(Permission permission) {

    if (permission == null || this.getClass() != permission.getClass()) {
      return false;
    }

    PrivateCredentialPermission that = (PrivateCredentialPermission) permission;

    if (!("*".equals(credentialClass)
        || credentialClass //$NON-NLS-1$
            .equals(that.getCredentialClass()))) {
      return false;
    }

    if (that.offset == 0) {
      return true;
    }

    CredOwner[] thisCo = set;
    CredOwner[] thatCo = that.set;
    int thisPrincipalsSize = offset;
    int thatPrincipalsSize = that.offset;
    for (int i = 0, j; i < thisPrincipalsSize; i++) {
      for (j = 0; j < thatPrincipalsSize; j++) {
        if (thisCo[i].implies(thatCo[j])) {
          break;
        }
      }
      if (j == thatCo.length) {
        return false;
      }
    }
    return true;
  }
Example #4
0
 public void add(Permission p) {
   Class c = p.getClass();
   PermissionCollection pc = collections.get(c);
   if (pc == null) {
     pc = p.newPermissionCollection();
     if (pc == null) {
       pc = new MyPermissionCollection();
     }
     collections.put(c, pc);
   }
   pc.add(p);
 }
  public void add(Permission permission) {
    if (isReadOnly()) {
      throw new SecurityException("ClusterPermissionCollection is read-only!");
    }
    boolean shouldAdd =
        (permClass != null && permClass.equals(permission.getClass()))
            || (permission instanceof ClusterPermission);

    if (shouldAdd && !implies(permission)) {
      perms.add(permission);
    }
  }
  /**
   * Checks if the specified permission is "implied" by this object.
   *
   * <p>More specifically, this method returns true if:
   *
   * <p>
   *
   * <ul>
   *   <li><i>p</i>'s class is the same as this object's class, and
   *       <p>
   *   <li><i>p</i>'s name equals or (in the case of wildcards) is implied by this object's name.
   *       For example, "a.b.*" implies "a.b.c".
   * </ul>
   *
   * @param p the permission to check against.
   * @return true if the passed permission is equal to or implied by this permission, false
   *     otherwise.
   */
  public boolean implies(Permission p) {
    if ((p == null) || (p.getClass() != getClass())) return false;

    BasicPermission that = (BasicPermission) p;

    if (this.wildcard) {
      if (that.wildcard)
        // one wildcard can imply another
        return that.path.startsWith(path);
      else
        // make sure ap.path is longer so a.b.* doesn't imply a.b
        return (that.path.length() > this.path.length()) && that.path.startsWith(this.path);
    } else {
      if (that.wildcard) {
        // a non-wildcard can't imply a wildcard
        return false;
      } else {
        return this.path.equals(that.path);
      }
    }
  }
  /**
   * Determines whether the access request indicated by the specified permission should be allowed
   * or denied, based on the security policy currently in effect, and the context in this object.
   * The request is allowed only if every ProtectionDomain in the context implies the permission.
   * Otherwise the request is denied.
   *
   * <p>This method quietly returns if the access request is permitted, or throws a suitable
   * AccessControlException otherwise.
   *
   * @param perm the requested permission.
   * @exception AccessControlException if the specified permission is not permitted, based on the
   *     current security policy and the context encapsulated by this object.
   * @exception NullPointerException if the permission to check for is null.
   */
  public void checkPermission(Permission perm) throws AccessControlException {
    boolean dumpDebug = false;

    if (perm == null) {
      throw new NullPointerException("permission can't be null");
    }
    if (getDebug() != null) {
      // If "codebase" is not specified, we dump the info by default.
      dumpDebug = !Debug.isOn("codebase=");
      if (!dumpDebug) {
        // If "codebase" is specified, only dump if the specified code
        // value is in the stack.
        for (int i = 0; context != null && i < context.length; i++) {
          if (context[i].getCodeSource() != null
              && context[i].getCodeSource().getLocation() != null
              && Debug.isOn("codebase=" + context[i].getCodeSource().getLocation().toString())) {
            dumpDebug = true;
            break;
          }
        }
      }

      dumpDebug &=
          !Debug.isOn("permission=")
              || Debug.isOn("permission=" + perm.getClass().getCanonicalName());

      if (dumpDebug && Debug.isOn("stack")) {
        Thread.currentThread().dumpStack();
      }

      if (dumpDebug && Debug.isOn("domain")) {
        if (context == null) {
          debug.println("domain (context is null)");
        } else {
          for (int i = 0; i < context.length; i++) {
            debug.println("domain " + i + " " + context[i]);
          }
        }
      }
    }

    /*
     * iterate through the ProtectionDomains in the context.
     * Stop at the first one that doesn't allow the
     * requested permission (throwing an exception).
     *
     */

    /* if ctxt is null, all we had on the stack were system domains,
    or the first domain was a Privileged system domain. This
    is to make the common case for system code very fast */

    if (context == null) return;

    for (int i = 0; i < context.length; i++) {
      if (context[i] != null && !context[i].implies(perm)) {
        if (dumpDebug) {
          debug.println("access denied " + perm);
        }

        if (Debug.isOn("failure") && debug != null) {
          // Want to make sure this is always displayed for failure,
          // but do not want to display again if already displayed
          // above.
          if (!dumpDebug) {
            debug.println("access denied " + perm);
          }
          Thread.currentThread().dumpStack();
          final ProtectionDomain pd = context[i];
          final Debug db = debug;
          AccessController.doPrivileged(
              new PrivilegedAction<Void>() {
                public Void run() {
                  db.println("domain that failed " + pd);
                  return null;
                }
              });
        }
        throw new AccessControlException("access denied " + perm, perm);
      }
    }

    // allow if all of them allowed access
    if (dumpDebug) {
      debug.println("access allowed " + perm);
    }

    return;
  }
Example #8
0
 /*     */ Permission resolve(Permission paramPermission, Certificate[] paramArrayOfCertificate)
       /*     */ {
   /* 230 */ if (this.certs != null)
   /*     */ {
     /* 232 */ if (paramArrayOfCertificate == null) {
       /* 233 */ return null;
       /*     */ }
     /*     */
     /* 238 */ for (int j = 0; j < this.certs.length; j++) {
       /* 239 */ int i = 0;
       /* 240 */ for (int k = 0; k < paramArrayOfCertificate.length; k++) {
         /* 241 */ if (this.certs[j].equals(paramArrayOfCertificate[k])) {
           /* 242 */ i = 1;
           /* 243 */ break;
           /*     */ }
         /*     */ }
       /* 246 */ if (i == 0) return null;
       /*     */ }
     /*     */ }
   /*     */ try
   /*     */ {
     /* 250 */ Class localClass = paramPermission.getClass();
     /*     */
     /* 252 */ if ((this.name == null) && (this.actions == null)) {
       /*     */ try {
         /* 254 */ Constructor localConstructor1 = localClass.getConstructor(PARAMS0);
         /* 255 */ return (Permission) localConstructor1.newInstance(new Object[0]);
         /*     */ } catch (NoSuchMethodException localNoSuchMethodException2) {
         /*     */ try {
           /* 258 */ Constructor localConstructor4 = localClass.getConstructor(PARAMS1);
           /* 259 */ return (Permission) localConstructor4.newInstance(new Object[] {this.name});
           /*     */ }
         /*     */ catch (NoSuchMethodException localNoSuchMethodException4) {
           /* 262 */ Constructor localConstructor6 = localClass.getConstructor(PARAMS2);
           /* 263 */ return (Permission)
               localConstructor6.newInstance(new Object[] {this.name, this.actions});
           /*     */ }
         /*     */ }
       /*     */ }
     /*     */
     /* 268 */ if ((this.name != null) && (this.actions == null)) {
       /*     */ try {
         /* 270 */ Constructor localConstructor2 = localClass.getConstructor(PARAMS1);
         /* 271 */ return (Permission) localConstructor2.newInstance(new Object[] {this.name});
         /*     */ }
       /*     */ catch (NoSuchMethodException localNoSuchMethodException3) {
         /* 274 */ Constructor localConstructor5 = localClass.getConstructor(PARAMS2);
         /* 275 */ return (Permission)
             localConstructor5.newInstance(new Object[] {this.name, this.actions});
         /*     */ }
       /*     */ }
     /*     */
     /* 279 */ Constructor localConstructor3 = localClass.getConstructor(PARAMS2);
     /* 280 */ return (Permission)
         localConstructor3.newInstance(new Object[] {this.name, this.actions});
     /*     */ }
   /*     */ catch (NoSuchMethodException localNoSuchMethodException1)
   /*     */ {
     /* 285 */ if (debug != null) {
       /* 286 */ debug.println(
           "NoSuchMethodException:\n  could not find proper constructor for " + this.type);
       /*     */
       /* 288 */ localNoSuchMethodException1.printStackTrace();
       /*     */ }
     /* 290 */ return null;
     /*     */ } catch (Exception localException) {
     /* 292 */ if (debug != null) {
       /* 293 */ debug.println("unable to instantiate " + this.name);
       /* 294 */ localException.printStackTrace();
       /*     */ }
     /*     */ }
   /* 296 */ return null;
   /*     */ }