private JarFile getCachedJarFile(URL url) {
    JarFile result = (JarFile) fileCache.get(url);

    /* if the JAR file is cached, the permission will always be there */
    if (result != null) {
      Permission perm = getPermission(result);
      if (perm != null) {
        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
          try {
            sm.checkPermission(perm);
          } catch (SecurityException se) {
            // fallback to checkRead/checkConnect for pre 1.2
            // security managers
            if ((perm instanceof java.io.FilePermission)
                && perm.getActions().indexOf("read") != -1) {
              sm.checkRead(perm.getName());
            } else if ((perm instanceof java.net.SocketPermission)
                && perm.getActions().indexOf("connect") != -1) {
              sm.checkConnect(url.getHost(), url.getPort());
            } else {
              throw se;
            }
          }
        }
      }
    }
    return result;
  }
Exemplo n.º 2
0
  private void exportAcl(Acl acl) {
    if (acl != null) {
      ArrayList<String> propval = new ArrayList<String>();
      for (Enumeration<AclEntry> ee = acl.entries(); ee.hasMoreElements(); ) {
        AclEntry ae = ee.nextElement();

        StringBuilder sb = new StringBuilder();

        sb.append("ALLOW \"");
        sb.append(ae.getPrincipal().getName());
        sb.append("\" ");

        for (Enumeration<Permission> permissions = ae.permissions();
            permissions.hasMoreElements(); ) {
          Permission perm = permissions.nextElement();

          sb.append(perm.getActions());
          sb.append(",");
        }

        propval.add(sb.toString());
      }

      exportProperty("wiki:acl", propval.toArray(new String[propval.size()]), STRING);
    }
  }
 /*
  * Check whether the resource URL should be returned.
  * Throw exception on failure.
  * Called internally within this file.
  */
 static void check(URL url) throws IOException {
   SecurityManager security = System.getSecurityManager();
   if (security != null) {
     URLConnection urlConnection = url.openConnection();
     Permission perm = urlConnection.getPermission();
     if (perm != null) {
       try {
         security.checkPermission(perm);
       } catch (SecurityException se) {
         // fallback to checkRead/checkConnect for pre 1.2
         // security managers
         if ((perm instanceof java.io.FilePermission) && perm.getActions().indexOf("read") != -1) {
           security.checkRead(perm.getName());
         } else if ((perm instanceof java.net.SocketPermission)
             && perm.getActions().indexOf("connect") != -1) {
           URL locUrl = url;
           if (urlConnection instanceof JarURLConnection) {
             locUrl = ((JarURLConnection) urlConnection).getJarFileURL();
           }
           security.checkConnect(locUrl.getHost(), locUrl.getPort());
         } else {
           throw se;
         }
       }
     }
   }
 }
Exemplo n.º 4
0
 /**
  * Set the set of permissions required for read-write access to a triple-collection, if the set is
  * non-empty the default TCPermisson is no longer required.
  *
  * @param GraphUri
  * @param permissionDescriptions
  */
 public void setRequiredReadWritePermissions(IRI GraphUri, Collection<Permission> permissions) {
   Collection<String> permissionStrings = new ArrayList<String>();
   for (Permission permission : permissions) {
     permissionStrings.add(permission.toString());
   }
   setRequiredReadWritePermissionStrings(GraphUri, permissionStrings);
 }
  /** readObject is called to restore the state of the BasicPermissionCollection from a stream. */
  private void readObject(java.io.ObjectInputStream in) throws IOException, ClassNotFoundException {
    // Don't call defaultReadObject()

    // Read in serialized fields
    ObjectInputStream.GetField gfields = in.readFields();

    // Get permissions
    Hashtable permissions = (Hashtable) gfields.get("permissions", null);
    perms = new HashMap(permissions.size() * 2);
    perms.putAll(permissions);

    // Get all_allowed
    all_allowed = gfields.get("all_allowed", false);

    // Get permClass
    permClass = (Class) gfields.get("permClass", null);

    if (permClass == null) {
      // set permClass
      Enumeration e = permissions.elements();
      if (e.hasMoreElements()) {
        Permission p = (Permission) e.nextElement();
        permClass = p.getClass();
      }
    }
  }
Exemplo n.º 6
0
 private boolean isImplied(Permission perm) {
   for (Permission p : ALLOWED_PERMISSIONS) {
     if (p.implies(perm)) {
       return true;
     }
   }
   return false;
 }
 public boolean implies(Permission permission) {
   for (Permission p : perms) {
     if (p.implies(permission)) {
       return true;
     }
   }
   return false;
 }
 private void dumpPerms(PermissionCollection perms) {
   if (DEBUG) {
     Enumeration<Permission> p = perms.elements();
     while (p.hasMoreElements()) {
       Permission pp = p.nextElement();
       System.out.println("   " + pp.getName() + "    " + pp.getActions());
     }
   }
 }
Exemplo n.º 9
0
 /**
  * This kludge is specific to get over AccessControlException thrown during Applet.stop() or
  * destroy() when static thread is suspended. Set a flag in AppletClassLoader to indicate that an
  * AccessControlException for RuntimePermission "modifyThread" or "modifyThreadGroup" had
  * occurred.
  */
 private void setExceptionStatus(AccessControlException e) {
   Permission p = e.getPermission();
   if (p instanceof RuntimePermission) {
     if (p.getName().startsWith("modifyThread")) {
       if (loader == null) loader = getClassLoader(getCodeBase(), getClassLoaderCacheKey());
       loader.setExceptionStatus();
     }
   }
 }
Exemplo n.º 10
0
 public void add(Permission p) {
   Class c = p.getClass();
   PermissionCollection pc = collections.get(c);
   if (pc == null) {
     pc = p.newPermissionCollection();
     if (pc == null) {
       pc = new MyPermissionCollection();
     }
     collections.put(c, pc);
   }
   pc.add(p);
 }
Exemplo n.º 11
0
 /**
  * Test policy with null codesource.
  *
  * <p>This can happen when restricting privileges with doPrivileged, even though
  * ProtectionDomain's ctor javadocs might make you think that the policy won't be consulted.
  */
 public void testNullCodeSource() throws Exception {
   assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
   // create a policy with AllPermission
   Permission all = new AllPermission();
   PermissionCollection allCollection = all.newPermissionCollection();
   allCollection.add(all);
   ESPolicy policy = new ESPolicy(allCollection);
   // restrict ourselves to NoPermission
   PermissionCollection noPermissions = new Permissions();
   assertFalse(
       policy.implies(
           new ProtectionDomain(null, noPermissions), new FilePermission("foo", "read")));
 }
 @Override
 public void checkPermission(Permission permission) {
   if (permission instanceof java.lang.RuntimePermission) {
     // except setSecurityManager
     String permissionName = permission.getName();
     if ("setSecurityManager".equals(permissionName)) {
       processSetSecurityManagerAction();
     }
   } else if (permission instanceof java.security.UnresolvedPermission) {
     throw new SecurityException("java.security.UnresolvedPermission is not allowed.");
   } else if (permission instanceof java.awt.AWTPermission) {
     throw new SecurityException("java.awt.AWTPermission is not allowed.");
   } else if (permission instanceof javax.security.auth.AuthPermission) {
     throw new SecurityException("javax.security.auth.AuthPermission is not allowed.");
   } else if (permission instanceof javax.security.auth.PrivateCredentialPermission) {
     throw new SecurityException(
         "javax.security.auth.PrivateCredentialPermission is not allowed.");
   } else if (permission instanceof javax.security.auth.kerberos.DelegationPermission) {
     throw new SecurityException(
         "javax.security.auth.kerberos.DelegationPermission is not allowed.");
   } else if (permission instanceof javax.security.auth.kerberos.ServicePermission) {
     throw new SecurityException("javax.security.auth.kerberos.ServicePermission is not allowed.");
   } else if (permission instanceof javax.sound.sampled.AudioPermission) {
     throw new SecurityException("javax.sound.sampled.AudioPermission is not allowed.");
   }
 }
 public boolean implies(Permission permission) {
   if (permission.getClass().getSimpleName().equals("URLPermission")) {
     return isAllowed(URL_PERMISSION);
   } else {
     return isAllowed(permission);
   }
 }
  @Override
  public boolean implies(Permission permission) {

    if (permission == null || this.getClass() != permission.getClass()) {
      return false;
    }

    PrivateCredentialPermission that = (PrivateCredentialPermission) permission;

    if (!("*".equals(credentialClass)
        || credentialClass //$NON-NLS-1$
            .equals(that.getCredentialClass()))) {
      return false;
    }

    if (that.offset == 0) {
      return true;
    }

    CredOwner[] thisCo = set;
    CredOwner[] thatCo = that.set;
    int thisPrincipalsSize = offset;
    int thatPrincipalsSize = that.offset;
    for (int i = 0, j; i < thisPrincipalsSize; i++) {
      for (j = 0; j < thatPrincipalsSize; j++) {
        if (thisCo[i].implies(thatCo[j])) {
          break;
        }
      }
      if (j == thatCo.length) {
        return false;
      }
    }
    return true;
  }
    public void checkPermission(Permission perm) throws SecurityException {

      final String name = perm.getName().trim();
      if (name.startsWith("exitVM")) {
        calledExit = true;
        throw new RuntimeException("CALLED EXIT");
      }
    }
  /**
   * Check and see if this set of permissions implies the permissions expressed in "permission".
   *
   * @param p the Permission object to compare
   * @return true if "permission" is a proper subset of a permission in the set, false if not.
   */
  public boolean implies(Permission permission) {
    if (!(permission instanceof BasicPermission)) return false;

    BasicPermission bp = (BasicPermission) permission;

    // random subclasses of BasicPermission do not imply each other
    if (bp.getClass() != permClass) return false;

    // short circuit if the "*" Permission was added
    if (all_allowed) return true;

    // strategy:
    // Check for full match first. Then work our way up the
    // path looking for matches on a.b..*

    String path = bp.getName();
    // System.out.println("check "+path);

    Permission x = (Permission) perms.get(path);

    if (x != null) {
      // we have a direct hit!
      return x.implies(permission);
    }

    // work our way up the tree...
    int last, offset;

    offset = path.length() - 1;

    while ((last = path.lastIndexOf(".", offset)) != -1) {

      path = path.substring(0, last + 1) + "*";
      // System.out.println("check "+path);
      x = (Permission) perms.get(path);

      if (x != null) {
        return x.implies(permission);
      }
      offset = last - 1;
    }

    // we don't have to check for "*" as it was already checked
    // at the top (all_allowed), so we just return false
    return false;
  }
 private boolean isJvmciPermission(Permission perm) {
   String name = perm.getName();
   boolean isJvmciRuntime =
       perm instanceof RuntimePermission
           && (JVMCI_SERVICES.equals(name) || name.startsWith(JVMCI_RT_PERM_START));
   boolean isJvmciProperty =
       perm instanceof PropertyPermission && name.startsWith(JVMCI_PROP_START);
   return isJvmciRuntime || isJvmciProperty;
 }
 public void compact() {
   if (isReadOnly()) {
     throw new SecurityException("ClusterPermissionCollection is read-only!");
   }
   final Iterator<Permission> iter = perms.iterator();
   while (iter.hasNext()) {
     final Permission perm = iter.next();
     boolean implies = false;
     for (Permission p : perms) {
       if (p != perm && p.implies(perm)) {
         implies = true;
         break;
       }
     }
     if (implies) {
       iter.remove();
     }
   }
   setReadOnly();
 }
 @Override
 public void handlePermission(Permission permission) {
   if (!isRuntimePermissionWhitelisted(permission.getName())) {
     throwSecurityException(permission);
     if (LOG.isDebugEnabled()) {
       LOG.debug(Arrays.toString(Thread.currentThread().getStackTrace()));
     }
   } else {
     return;
   }
 }
  public void add(Permission permission) {
    if (isReadOnly()) {
      throw new SecurityException("ClusterPermissionCollection is read-only!");
    }
    boolean shouldAdd =
        (permClass != null && permClass.equals(permission.getClass()))
            || (permission instanceof ClusterPermission);

    if (shouldAdd && !implies(permission)) {
      perms.add(permission);
    }
  }
Exemplo n.º 21
0
  @Override
  public AuthorizationProperty generateAuthorizationProperty(Object... arguments) {

    if ((arguments == null) || (arguments.length != 1) || !(arguments[0] instanceof Permission)) {

      return null;
    }

    Permission permission = (Permission) arguments[0];

    String name = permission.getName();

    String key = null;
    String value = null;

    if (name.startsWith(RUNTIME_PERMISSION_GET_ENV)) {
      key = "security-manager-environment-variables";

      value = name.substring(RUNTIME_PERMISSION_GET_ENV.length() + 1);

      // Since we are using a regular expression, we cannot allow a lone *
      // as the rule

      if (value.equals(StringPool.STAR)) {
        value = StringPool.DOUBLE_BACK_SLASH + value;
      }
    } else {
      return null;
    }

    AuthorizationProperty authorizationProperty = new AuthorizationProperty();

    authorizationProperty.setKey(key);
    authorizationProperty.setValue(value);

    return authorizationProperty;
  }
Exemplo n.º 22
0
 public boolean implies(Permission p) {
   String pactions = p.getActions();
   boolean implied = true;
   for (int n = 0; n < actions.length(); n++) {
     char a = actions.charAt(n);
     char pa = pactions.charAt(n);
     if ((a != '-' && pa != '-' && pa != a)) {
       implied = false;
       break;
     } else if (a == '-' && pa != '-') {
       implied = false;
       break;
     }
   }
   return implied;
 }
Exemplo n.º 23
0
 public void checkPermission(Permission p) {
   // liveconnect SocketPermission resolve takes
   // FOREVER (like 6 seconds) in Safari
   // Java does like 50 of these on the first JS call
   // 6*50=300 seconds!
   // Opera freaks out though if we deny resolve
   if (isActive
       && !isOpera
       && java.net.SocketPermission.class.isInstance(p)
       && p.getActions().matches(".*resolve.*")) {
     throw new SecurityException(
         "DOH: liveconnect resolve locks up Safari. Denying resolve request.");
   } else {
     oldsecurity.checkPermission(p);
   }
 }
Exemplo n.º 24
0
  public boolean implies(Permission permission) {
    String name = permission.getName();

    if (name.equals(NET_PERMISSION_GET_PROXY_SELECTOR)) {
      if (!hasGetProxySelector()) {
        logSecurityException(_log, "Attempted to get proxy selector");

        return false;
      }
    } else if (name.equals(NET_PERMISSION_SPECIFY_STREAM_HANDLER)) {

      // TODO

    }

    return true;
  }
  /**
   * Checks if the specified permission is "implied" by this object.
   *
   * <p>More specifically, this method returns true if:
   *
   * <p>
   *
   * <ul>
   *   <li><i>p</i>'s class is the same as this object's class, and
   *       <p>
   *   <li><i>p</i>'s name equals or (in the case of wildcards) is implied by this object's name.
   *       For example, "a.b.*" implies "a.b.c".
   * </ul>
   *
   * @param p the permission to check against.
   * @return true if the passed permission is equal to or implied by this permission, false
   *     otherwise.
   */
  public boolean implies(Permission p) {
    if ((p == null) || (p.getClass() != getClass())) return false;

    BasicPermission that = (BasicPermission) p;

    if (this.wildcard) {
      if (that.wildcard)
        // one wildcard can imply another
        return that.path.startsWith(path);
      else
        // make sure ap.path is longer so a.b.* doesn't imply a.b
        return (that.path.length() > this.path.length()) && that.path.startsWith(this.path);
    } else {
      if (that.wildcard) {
        // a non-wildcard can't imply a wildcard
        return false;
      } else {
        return this.path.equals(that.path);
      }
    }
  }
Exemplo n.º 26
0
  public AgentSecurityManager(boolean debugPerm, PROTOCOL proto) {
    this.debugPerm = debugPerm;

    if (debugPerm) {
      permUsed = Collections.newSetFromMap(new ConcurrentHashMap<String, Boolean>());
      permCreated = Collections.newSetFromMap(new ConcurrentHashMap<String, Boolean>());
      Runtime.getRuntime()
          .addShutdownHook(
              new Thread() {
                public void run() {
                  for (String i : new HashSet<String>(permCreated)) {
                    if (permUsed.contains(i + " =")) {
                      permCreated.remove(i);
                    }
                  }
                  for (String i : permCreated) {
                    permUsed.add(i + " +");
                  }

                  for (String p : new TreeSet<String>(permUsed)) {
                    System.out.println(p);
                  }
                }
              });
    } else {
      permUsed = null;
      permCreated = null;
    }

    // Add the java home to readable files
    Permission newPerm =
        new FilePermission(System.getProperty("java.home") + File.separator + "-", "read");
    allowed.add(newPerm);
    if (debugPerm) {
      permCreated.add(newPerm.toString());
    }

    Map<String, Set<Permission>> permsSets;
    try {
      permsSets = getPermsSets();
    } catch (SecurityException e) {
      throw new RuntimeException(e);
    } catch (IllegalArgumentException e) {
      throw new RuntimeException(e);
    } catch (ClassNotFoundException e) {
      throw new RuntimeException(e);
    } catch (NoSuchMethodException e) {
      throw new RuntimeException(e);
    } catch (InstantiationException e) {
      throw new RuntimeException(e);
    } catch (IllegalAccessException e) {
      throw new RuntimeException(e);
    } catch (InvocationTargetException e) {
      throw new RuntimeException(e);
    }

    for (Permission i : permsSets.get("common")) {
      allowed.add(i);
      if (debugPerm) {
        permCreated.add(i.toString());
      }
    }

    for (Permission i : permsSets.get("forprobes")) {
      allowed.add(i);
      if (debugPerm) {
        permCreated.add(i.toString());
      }
    }

    for (Permission i : permsSets.get(proto.name())) {
      allowed.add(i);
      if (debugPerm) {
        permCreated.add(i.toString());
      }
    }

    allowed.setReadOnly();
  }
Exemplo n.º 27
0
 public void checkPermission(Permission perm) {
   // They can be an undefined number of security.provider.*
   // Used by jmxmp
   if (perm instanceof java.security.SecurityPermission
       && perm.getName().startsWith("getProperty.security.provider")) {
     if (debugPerm) {
       permUsed.add(perm.toString() + " =");
     }
     return;
   }
   if (perm instanceof java.io.FilePermission && "read".equals(perm.getActions())) {
     String name = perm.getName();
     if (filesallowed.contains(name)) {
       if (debugPerm) {
         permUsed.add(perm.toString() + " =");
       }
       return;
     }
     // Already allowed, don't check any more
     if (allowed.implies(perm)) {
       if (debugPerm) {
         permUsed.add(perm.toString() + " =");
       }
       filesallowed.add(name);
       return;
     }
     // Perhaps it's in the allowed /proc/<pid>/... files
     if (procinfoPattern.matcher(name).matches() && "read".equals(perm.getActions())) {
       if (debugPerm) {
         permUsed.add(
             "(\"java.io.FilePermission\" \"" + procinfoPattern.pattern() + "\" \"read\") =");
       }
       return;
     }
     // Or it's block device
     if (diskPattern.matcher(name).matches() && "read".equals(perm.getActions())) {
       if (debugPerm) {
         permUsed.add("(\"java.io.FilePermission\" \"" + diskPattern.pattern() + "\" \"read\") =");
       }
       filesallowed.add(name);
       return;
     }
     // Only non hidden folder are allowed, for file system usage
     // If it call itself, privileges will be set to true,
     // so it can check isDirectory and isHidden
     PrivilegHolder privileged = Privilege.get();
     if (privileged.privileged) {
       return;
     } else {
       File fullpath = new File(name);
       privileged.privileged = true;
       boolean allowed = false;
       try {
         allowed = fullpath.isDirectory() && !fullpath.isHidden();
       } catch (Exception e) {
         throw new RuntimeException(e);
       } finally {
         privileged.privileged = false;
       }
       if (allowed) {
         if (debugPerm) {
           permUsed.add(perm.toString() + " =");
         }
         filesallowed.add(name);
         return;
       }
     }
   }
   if (allowed.implies(perm)) {
     if (debugPerm) {
       permUsed.add(perm.toString() + " =");
     }
     return;
   }
   try {
     super.checkPermission(perm);
     // Was acceped, but we should add it anyway
     // Some accepted permissions make jrdsagent failed anyway
     permUsed.add(perm.toString() + " ?");
   } catch (SecurityException e) {
     if (debugPerm) {
       permUsed.add(perm.toString() + " -");
     } else {
       throw e;
     }
   }
 }
  /** @tests javax.security.auth.SubjectDomainCombiner#combine() */
  @TestTargetNew(
      level = TestLevel.COMPLETE,
      notes = "both currentDomains and assignedDomains are not null",
      method = "combine",
      args = {ProtectionDomain[].class, ProtectionDomain[].class})
  public void test_combine_01() {

    URL url;
    try {
      url = new URL(locationUrl);
    } catch (MalformedURLException mue) {
      throw new Error(mue);
    }
    CodeSource cs = new CodeSource(url, (java.security.cert.Certificate[]) null);

    class MyClassLoader extends ClassLoader {
      public MyClassLoader() {
        super();
      }
    }

    ClassLoader current_pd_cl = new MyClassLoader();
    ClassLoader assigned_pd_cl = new MyClassLoader();

    // current domains
    ProtectionDomain[] current_pd =
        createProtectionDomains(cs, current_pd_cl, currentDomainX500names, currentDomainPerms);

    // assigned domains
    ProtectionDomain[] assigned_pd =
        createProtectionDomains(cs, assigned_pd_cl, assignedDomainX500names, assignedDomainPerms);

    // subject
    Subject s = createSubject();

    // combine
    SubjectDomainCombiner c = new SubjectDomainCombiner(s);

    ProtectionDomain[] r_pd = c.combine(current_pd, assigned_pd);
    if (DEBUG) {
      System.out.println("=========== c_pd");
      dumpPD(current_pd);
      System.out.println("=========== a_pd");
      dumpPD(assigned_pd);
      System.out.println("=========== r_pd");
      dumpPD(r_pd);
      System.out.println("===========");
    }

    for (int i = 0; i < r_pd.length; i++) {
      ProtectionDomain pd = r_pd[i];
      // check CodeSource
      assertTrue("code source mismatch", pd.getCodeSource().equals(cs));
      boolean cpd = false;
      // check ClassLoader
      if (pd.getClassLoader().equals(current_pd_cl)) {
        cpd = true;
      } else if (pd.getClassLoader().equals(assigned_pd_cl)) {
        cpd = false;
      } else {
        fail("class loader mismatch");
      }

      // check principals
      Principal[] principals = pd.getPrincipals();
      String[] names;
      if (cpd == true) names = SubjectX500names;
      else names = assignedDomainX500names;

      for (int j = 0; j < principals.length; j++) {
        if (contains(names, principals[j].getName()) == false)
          fail("principal mismatch (" + j + ") " + principals[j].getName());
      }

      // check permissions
      PermissionCollection perms = pd.getPermissions();

      Enumeration<Permission> p = perms.elements();
      while (p.hasMoreElements()) {
        Permission pp = p.nextElement();

        String pn = pp.getName();

        if (cpd == true) {
          if (contains(currentDomainPerms, pn) == false)
            fail("current domains permissions mismatch " + pn);
        } else {
          if (contains(assignedDomainPerms, pn) == false)
            fail("assigned domains permissions mismatch " + pn);
        }
      }
    }
  }
Exemplo n.º 29
0
  public void testEvaluateCombinativePermissionCollection() throws Throwable {
    PermissionUtils.setCachesEnabled(true);
    PermissionUtils.createCaches();

    Subject subject = new Subject();

    JGuardCredential nameA = new JGuardCredential(NAME, USER_A);
    JGuardCredential nameB = new JGuardCredential(NAME, USER_B);
    JGuardCredential companyA = new JGuardCredential(COMPANY, COMPANY_A);
    JGuardCredential companyB = new JGuardCredential(COMPANY, COMPANY_B);
    JGuardCredential age = new JGuardCredential(AGE, DUMMY_AGE);

    subject.getPublicCredentials().add(nameA);
    subject.getPublicCredentials().add(nameB);
    subject.getPublicCredentials().add(companyA);
    subject.getPublicCredentials().add(companyB);
    subject.getPublicCredentials().add(age);

    if (logger.isDebugEnabled()) {
      logger.debug("---- logging subject ----");
      logger.debug(subject.toString());
    }

    UserPrincipal userPrincipal = new UserPrincipal(subject);

    ProtectionDomain protectionDomain =
        new ProtectionDomain(null, new Permissions(), null, new Principal[] {userPrincipal});

    PermissionCollection pc = new Permissions();
    Permission p1 = new FilePermission("file://home", "read");
    Permission p2 =
        new FilePermission("file://home/user/${subject.publicCredentials.name}", "read");
    Permission p3 =
        new FilePermission("file://home/user/${subject.publicCredentials.company}", "read");
    Permission p4 =
        new FilePermission(
            "file://home/user/${subject.publicCredentials.name}/"
                + "${subject.publicCredentials.company}/${subject.publicCredentials.age}",
            "read");
    Permission p5 =
        new FilePermission(
            "file://home/user/${subject.publicCredentials.company}/${subject.publicCredentials.company}",
            "read");
    Permission p6 =
        new URLPermission(
            "index",
            "http://www.website.com/index.html?name=${subject.publicCredentials.name}&company=${subject.publicCredentials.company}&age=${subject.publicCredentials.age}");

    pc.add(p1);
    pc.add(p2);
    pc.add(p3);
    pc.add(p4);
    pc.add(p5);
    pc.add(p6);

    if (logger.isDebugEnabled()) {
      logger.debug("---- logging unresolved permissions ----");
      Enumeration unresolvedPermEnum = pc.elements();
      while (unresolvedPermEnum.hasMoreElements()) {
        logger.debug(unresolvedPermEnum.nextElement().toString());
      }
    }

    PermissionCollection expectedPc = new Permissions();
    Permission expectedP1 = new FilePermission("file://home", "read");
    Permission expectedP2a = new FilePermission("file://home/user/userA", "read");
    Permission expectedP2b = new FilePermission("file://home/user/userB", "read");
    Permission expectedP3a = new FilePermission("file://home/user/companyA", "read");
    Permission expectedP3b = new FilePermission("file://home/user/companyB", "read");
    Permission expectedP4a = new FilePermission("file://home/user/userA/companyA/100", "read");
    Permission expectedP4b = new FilePermission("file://home/user/userA/companyB/100", "read");
    Permission expectedP4c = new FilePermission("file://home/user/userB/companyA/100", "read");
    Permission expectedP4d = new FilePermission("file://home/user/userB/companyB/100", "read");
    Permission expectedP5a = new FilePermission("file://home/user/companyA/companyA", "read");
    Permission expectedP5b = new FilePermission("file://home/user/companyA/companyB", "read");
    Permission expectedP5c = new FilePermission("file://home/user/companyB/companyA", "read");
    Permission expectedP5d = new FilePermission("file://home/user/companyB/companyB", "read");
    Permission expectedP6a =
        new URLPermission(
            "index", "http://www.website.com/index.html?name=userA&company=companyA&age=100");
    Permission expectedP6b =
        new URLPermission(
            "index", "http://www.website.com/index.html?name=userA&company=companyB&age=100");
    Permission expectedP6c =
        new URLPermission(
            "index", "http://www.website.com/index.html?name=userB&company=companyA&age=100");
    Permission expectedP6d =
        new URLPermission(
            "index", "http://www.website.com/index.html?name=userB&company=companyB&age=100");

    expectedPc.add(expectedP1);
    expectedPc.add(expectedP2a);
    expectedPc.add(expectedP2b);
    expectedPc.add(expectedP3a);
    expectedPc.add(expectedP3b);
    expectedPc.add(expectedP4a);
    expectedPc.add(expectedP4b);
    expectedPc.add(expectedP4c);
    expectedPc.add(expectedP4d);
    expectedPc.add(expectedP5a);
    expectedPc.add(expectedP5b);
    expectedPc.add(expectedP5c);
    expectedPc.add(expectedP5d);
    expectedPc.add(expectedP6a);
    expectedPc.add(expectedP6b);
    expectedPc.add(expectedP6c);
    expectedPc.add(expectedP6d);

    // getting resolved permissions
    PermissionCollection resolvedPc =
        PrincipalUtils.evaluatePermissionCollection(protectionDomain, pc);

    if (logger.isDebugEnabled()) {
      logger.debug("---- logging expected permissions ----");
      Enumeration expectedPermEnum = expectedPc.elements();
      while (expectedPermEnum.hasMoreElements()) {
        logger.debug(expectedPermEnum.nextElement().toString());
      }

      logger.debug("---- logging resolved permissions ----");
    }

    int collectionSize = 0;
    Enumeration permEnum = resolvedPc.elements();
    while (permEnum.hasMoreElements()) {
      Permission resolvedPerm = (Permission) permEnum.nextElement();
      logger.debug("verify implies for " + resolvedPerm.toString());
      System.out.println("verify implies for " + resolvedPerm.toString());
      assertTrue(expectedPc.implies(resolvedPerm));
      collectionSize++;
    }
    assertEquals(17, collectionSize);
    System.out.println("END EVALUATE COMBINATIVE PERMISSION TEST");
  }
Exemplo n.º 30
0
  public void testEvaluatePermissionCollection() throws Throwable {
    PermissionUtils.setCachesEnabled(true);
    PermissionUtils.createCaches();

    Subject subjectA = new Subject();

    JGuardCredential nameA = new JGuardCredential(NAME, USER_A);
    JGuardCredential companyA = new JGuardCredential(COMPANY, COMPANY_A);

    subjectA.getPublicCredentials().add(nameA);
    subjectA.getPublicCredentials().add(companyA);

    if (logger.isDebugEnabled()) {
      logger.debug("---- logging subject ----");
      logger.debug(subjectA.toString());
    }

    UserPrincipal userPrincipal = new UserPrincipal(subjectA);

    ProtectionDomain protectionDomain =
        new ProtectionDomain(null, new Permissions(), null, new Principal[] {userPrincipal});

    PermissionCollection pc = new Permissions();
    Permission p1 = new FilePermission("file://home", "read");
    Permission p2 =
        new FilePermission("file://home/user/${subject.publicCredentials.name}", "read");
    Permission p3 =
        new FilePermission("file://home/user/${subject.publicCredentials.company}", "read");
    Permission p4 =
        new FilePermission(
            "file://home/user/${subject.publicCredentials.name}/"
                + "${subject.publicCredentials.company}/${subject.publicCredentials.name}/"
                + "${subject.publicCredentials.name}/${subject.publicCredentials.company}",
            "read");
    Permission p5 = new FilePermission("file://home/user/${subject.publicCredentials.age}", "read");
    Permission p6 =
        new URLPermission(
            "index", "http://www.website.com/index.html?name=${subject.publicCredentials.name}");
    Permission p7 =
        new URLPermission(
            "index2", "http://www.web�site.com/index.html?name=${subject.publicCredentials.name}");

    pc.add(p1);
    pc.add(p2);
    pc.add(p3);
    pc.add(p4);
    pc.add(p5);
    pc.add(p6);
    pc.add(p7);

    if (logger.isDebugEnabled()) {
      logger.debug("---- logging unresolved permissions ----");
      Enumeration unresolvedPermEnum = pc.elements();
      while (unresolvedPermEnum.hasMoreElements()) {
        logger.debug(unresolvedPermEnum.nextElement().toString());
      }
    }

    PermissionCollection expectedPc = new Permissions();
    Permission expectedP1 = new FilePermission("file://home", "read");
    Permission expectedP2 = new FilePermission("file://home/user/userA", "read");
    Permission expectedP3 = new FilePermission("file://home/user/companyA", "read");
    Permission expectedP4 =
        new FilePermission("file://home/user/userA/companyA/userA/userA/companyA", "read");
    Permission expectedP6 =
        new URLPermission("index", "http://www.website.com/index.html?name=userA");
    Permission expectedP7 =
        new URLPermission("index2", "http://www.web�site.com/index.html?name=userA");

    expectedPc.add(expectedP1);
    expectedPc.add(expectedP2);
    expectedPc.add(expectedP3);
    expectedPc.add(expectedP4);
    expectedPc.add(expectedP6);
    expectedPc.add(expectedP7);

    // getting resolved permissions
    PermissionCollection resolvedPc =
        PrincipalUtils.evaluatePermissionCollection(protectionDomain, pc);

    if (logger.isDebugEnabled()) {
      logger.debug("---- logging expected permissions ----");
      Enumeration expectedPermEnum = expectedPc.elements();
      while (expectedPermEnum.hasMoreElements()) {
        logger.debug(expectedPermEnum.nextElement().toString());
      }

      logger.debug("---- logging resolved permissions ----");
    }

    int collectionSize = 0;
    Enumeration permEnum = resolvedPc.elements();
    while (permEnum.hasMoreElements()) {
      Permission resolvedPerm = (Permission) permEnum.nextElement();
      logger.debug("verify implies for " + resolvedPerm.toString());
      System.out.println("verify implies for " + resolvedPerm.toString());
      assertTrue(expectedPc.implies(resolvedPerm));
      collectionSize++;
    }
    assertEquals(6, collectionSize);
    System.out.println("END EVALUATE PERMISSION TEST");
  }