private boolean isImplied(Permission perm) {
for (Permission p : ALLOWED_PERMISSIONS) {
if (p.implies(perm)) {
return true;
}
}
return false;
}
/**
* This kludge is specific to get over AccessControlException thrown during Applet.stop() or
* destroy() when static thread is suspended. Set a flag in AppletClassLoader to indicate that an
* AccessControlException for RuntimePermission "modifyThread" or "modifyThreadGroup" had
* occurred.
*/
private void setExceptionStatus(AccessControlException e) {
Permission p = e.getPermission();
if (p instanceof RuntimePermission) {
if (p.getName().startsWith("modifyThread")) {
if (loader == null) loader = getClassLoader(getCodeBase(), getClassLoaderCacheKey());
loader.setExceptionStatus();
}
}
}
// Returns every permission on the resource granted to the user.
public Set<Permission> authorize(AuthenticatedUser user, IResource resource) {
if (user.isSuper()) return Permission.ALL;
UntypedResultSet result;
try {
ResultMessage.Rows rows =
authorizeStatement.execute(
QueryState.forInternalCalls(),
new QueryOptions(
ConsistencyLevel.ONE,
Lists.newArrayList(
ByteBufferUtil.bytes(user.getName()),
ByteBufferUtil.bytes(resource.getName()))));
result = UntypedResultSet.create(rows.result);
} catch (RequestValidationException e) {
throw new AssertionError(e); // not supposed to happen
} catch (RequestExecutionException e) {
logger.warn("CassandraAuthorizer failed to authorize {} for {}", user, resource);
return Permission.NONE;
}
if (result.isEmpty() || !result.one().has(PERMISSIONS)) return Permission.NONE;
Set<Permission> permissions = EnumSet.noneOf(Permission.class);
for (String perm : result.one().getSet(PERMISSIONS, UTF8Type.instance))
permissions.add(Permission.valueOf(perm));
return permissions;
}
// 'of' can be null - in that case everyone's permissions have been requested. Otherwise only
// single user's.
// If the user requesting 'LIST PERMISSIONS' is not a superuser OR his username doesn't match
// 'of', we
// throw UnauthorizedException. So only a superuser can view everybody's permissions. Regular
// users are only
// allowed to see their own permissions.
public Set<PermissionDetails> list(
AuthenticatedUser performer, Set<Permission> permissions, IResource resource, String of)
throws RequestValidationException, RequestExecutionException {
if (!performer.isSuper() && !performer.getName().equals(of))
throw new UnauthorizedException(
String.format(
"You are not authorized to view %s's permissions", of == null ? "everyone" : of));
Set<PermissionDetails> details = new HashSet<PermissionDetails>();
for (UntypedResultSet.Row row : process(buildListQuery(resource, of))) {
if (row.has(PERMISSIONS)) {
for (String p : row.getSet(PERMISSIONS, UTF8Type.instance)) {
Permission permission = Permission.valueOf(p);
if (permissions.contains(permission))
details.add(
new PermissionDetails(
row.getString(USERNAME),
DataResource.fromName(row.getString(RESOURCE)),
permission));
}
}
}
return details;
}
public void checkPermission(Permission p) {
// liveconnect SocketPermission resolve takes
// FOREVER (like 6 seconds) in Safari
// Java does like 50 of these on the first JS call
// 6*50=300 seconds!
// Opera freaks out though if we deny resolve
if (isActive
&& !isOpera
&& java.net.SocketPermission.class.isInstance(p)
&& p.getActions().matches(".*resolve.*")) {
throw new SecurityException(
"DOH: liveconnect resolve locks up Safari. Denying resolve request.");
} else {
oldsecurity.checkPermission(p);
}
}
@Override
public String serialize(final Permission permission) {
Gson gson = new Gson();
return gson.toJson(permission, permission.getClass());
}
/**
* get the context for the AppletClassLoader we are creating. the context is granted permission to
* create the class loader, connnect to the codebase, and whatever else the policy grants to all
* codebases.
*/
private AccessControlContext getAccessControlContext(final URL codebase) {
PermissionCollection perms =
AccessController.doPrivileged(
new PrivilegedAction<PermissionCollection>() {
@Override
public PermissionCollection run() {
Policy p = java.security.Policy.getPolicy();
if (p != null) {
return p.getPermissions(
new CodeSource(null, (java.security.cert.Certificate[]) null));
} else {
return null;
}
}
});
if (perms == null) perms = new Permissions();
// XXX: this is needed to be able to create the classloader itself!
perms.add(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);
Permission p;
java.net.URLConnection urlConnection = null;
try {
urlConnection = codebase.openConnection();
p = urlConnection.getPermission();
} catch (java.io.IOException ioe) {
p = null;
}
if (p != null) perms.add(p);
if (p instanceof FilePermission) {
String path = p.getName();
int endIndex = path.lastIndexOf(File.separatorChar);
if (endIndex != -1) {
path = path.substring(0, endIndex + 1);
if (path.endsWith(File.separator)) {
path += "-";
}
perms.add(new FilePermission(path, SecurityConstants.FILE_READ_ACTION));
}
} else {
URL locUrl = codebase;
if (urlConnection instanceof JarURLConnection) {
locUrl = ((JarURLConnection) urlConnection).getJarFileURL();
}
String host = locUrl.getHost();
if (host != null && (host.length() > 0))
perms.add(new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
}
ProtectionDomain domain =
new ProtectionDomain(
new CodeSource(codebase, (java.security.cert.Certificate[]) null), perms);
AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] {domain});
return acc;
}
/**
* Check and see if this set of permissions implies the permissions expressed in "permission".
*
* @param p the Permission object to compare
* @return always returns true.
*/
public boolean implies(Permission permission) {
return ((permission instanceof RuntimePermission && permission.equals(exitVMPermission))
? false
: all_allowed);
}
public boolean implies(Permission p) {
if (p instanceof RuntimePermission && p.equals(exitVMPermission)) {
return false;
} else return true;
}
