项目:jdk8u-jdk
文件:NonPublicProxyClass.java
public void run() throws Exception {
boolean hasAccess = loader != null || hasAccess();
try {
proxyClass = Proxy.getProxyClass(loader,interfaces);
if (!hasAccess) {
throw new RuntimeException("should have no permission to create proxy class");
}
} catch (AccessControlException e) {
if (hasAccess) {
throw e;
}
if (e.getPermission().getClass() != RuntimePermission.class ||
!e.getPermission().getName().equals("getClassLoader")) {
throw e;
}
return;
}
if (Modifier.isPublic(proxyClass.getModifiers())) {
throw new RuntimeException(proxyClass + " must be non-public");
}
newProxyInstance();
newInstanceFromConstructor(proxyClass);
}
项目:lams
文件:StdSchedulerFactory.java
/**
* Add all System properties to the given <code>props</code>. Will override
* any properties that already exist in the given <code>props</code>.
*/
private Properties overrideWithSysProps(Properties props) {
Properties sysProps = null;
try {
sysProps = System.getProperties();
} catch (AccessControlException e) {
getLog().warn(
"Skipping overriding quartz properties with System properties " +
"during initialization because of an AccessControlException. " +
"This is likely due to not having read/write access for " +
"java.util.PropertyPermission as required by java.lang.System.getProperties(). " +
"To resolve this warning,either add this permission to your policy file or " +
"use a non-default version of initialize().",e);
}
if (sysProps != null) {
props.putAll(sysProps);
}
return props;
}
private OrderedMap<String,Field> getStaticFields(Class type) {
if (staticFields.containsKey(type))
return staticFields.get(type);
Field[] fields = ClassReflection.getDeclaredFields(type);
OrderedMap<String,Field> nametoField = new OrderedMap(fields.length);
for (Field field : fields) {
if (!field.isstatic())
continue;
if (!field.isAccessible()) {
try {
field.setAccessible(true);
} catch (AccessControlException ex) {
continue;
}
}
nametoField.put(field.getName(),field);
}
staticFields.put(type,nametoField);
return nametoField;
}
/**
* Fix for 4179055: Need to assist resolving sun stubs; resolve
* class locally if it is a "permitted" sun class
*/
private Class<?> checkSunClass(String className,AccessControlException e)
throws AccessControlException
{
// ensure that we are giving out a stub for the correct reason
Permission perm = e.getPermission();
String name = null;
if (perm != null) {
name = perm.getName();
}
Class<?> resolvedClass = permittedSunClasses.get(className);
// if class not permitted,throw the SecurityException
if ((name == null) ||
(resolvedClass == null) ||
((!name.equals("accessClassInPackage.sun.rmi.server")) &&
(!name.equals("accessClassInPackage.sun.rmi.registry"))))
{
throw e;
}
return resolvedClass;
}
项目:openjdk-jdk10
文件:PrivilegedCallables.java
void test(String[] args) {
testPrivileged();
final Policy policy = new Policy();
Policy.setPolicy(policy);
policy.setPermissions(new RuntimePermission("getClassLoader"),new RuntimePermission("setContextClassLoader"),new RuntimePermission("stopThread"));
System.setSecurityManager(new SecurityManager());
testPrivileged();
policy.setPermissions(/* nothing */);
THROWS(AccessControlException.class,new F() {void f(){ privilegedCallableusingCurrentClassLoader(realCaller); }},new F() {void f(){ privilegedThreadFactory(); }});
policy.setPermissions(new RuntimePermission("setSecurityManager"));
System.setSecurityManager(null);
}
项目:openjdk-jdk10
文件:bug6484091.java
public static void main(String[] args) {
File dir = FileSystemView.getFileSystemView().getDefaultDirectory();
printDirContent(dir);
System.setSecurityManager(new SecurityManager());
// The next test cases use 'dir' obtained without SecurityManager
try {
printDirContent(dir);
throw new RuntimeException("Dir content was derived bypass SecurityManager");
} catch (AccessControlException e) {
// It's a successful situation
}
}
项目:hadoop
文件:ClientRMService.java
private String checkReservationACLs(String queueName,String auditConstant)
throws YarnException {
UserGroup@R_834_4045@ion callerUGI;
try {
callerUGI = UserGroup@R_834_404[email protected]();
} catch (IOException ie) {
RMAuditLogger.logFailure("UNKNowN",auditConstant,queueName,"ClientRMService","Error getting UGI");
throw RPCUtil.getremoteexception(ie);
}
// Check if user has access on the managed queue
if (!queueACLsManager.checkAccess(callerUGI,QueueACL.SUBMIT_APPLICATIONS,queueName)) {
RMAuditLogger.logFailure(
callerUGI.getShortUserName(),"User doesn't have permissions to "
+ QueueACL.SUBMIT_APPLICATIONS.toString(),AuditConstants.UNAUTHORIZED_USER);
throw RPCUtil.getremoteexception(new AccessControlException("User "
+ callerUGI.getShortUserName() + " cannot perform operation "
+ QueueACL.SUBMIT_APPLICATIONS.name() + " on queue" + queueName));
}
return callerUGI.getShortUserName();
}
项目:hadoop
文件:TestMoveApplication.java
@Test
public void testMoveRejectedByPermissions() throws Exception {
failMove = true;
// Submit application
final Application application = new Application("user1",resourceManager);
application.submit();
final ClientRMService clientRMService = resourceManager.getClientRMService();
try {
UserGroup@R_834_404[email protected]("otheruser").doAs(
new PrivilegedExceptionAction<MoveApplicationAcrossQueuesResponse>() {
@Override
public MoveApplicationAcrossQueuesResponse run() throws Exception {
return clientRMService.moveApplicationAcrossQueues(
MoveApplicationAcrossQueuesRequest.newInstance(
application.getApplicationId(),"newqueue"));
}
});
fail("Should have hit exception");
} catch (Exception ex) {
assertEquals(AccessControlException.class,ex.getCause().getCause().getClass());
}
}
项目:jdk8u-jdk
文件:SignedJarTest.java
public static void test(Permission perm,boolean expectException) {
boolean getException = (Boolean) AccessController.doPrivileged((PrivilegedAction) () -> {
try {
AccessController.checkPermission(perm);
return (Boolean) false;
} catch (AccessControlException ex) {
return (Boolean) true;
}
});
if (expectException ^ getException) {
String message = "Check Permission :" + perm + "\n ExpectException = "
+ expectException + "\n getException = " + getException;
throw new RuntimeException(message);
}
}
项目:jdk8u-jdk
文件:LimitedDoPrivilegedWithThread.java
public void runTest(AccessControlContext acc,Permission perm,boolean expectACE,int id) {
AccessController.doPrivileged(
(PrivilegedAction) () -> {
try {
AccessController.getContext().checkPermission(P1);
} catch (AccessControlException ace) {
catchACE = true;
}
if (catchACE ^ expectACE) {
throw new RuntimeException("test" + id + " Failed");
}
return null;
},acc,perm);
}
@Override
public java.lang.Object run() {
System.out.println("Try to read 'java.class.path' property");
AccessControlContext acc = AccessController.getContext();
Subject s = Subject.getSubject(acc);
System.out.println("principals = " + s.getPrincipals());
try {
System.out.println("java.class.path = "
+ System.getProperty("java.class.path"));
throw new RuntimeException(
"Test Failed: no AccessControlException thrown");
} catch (AccessControlException ace) {
System.out.println(
"AccessControlException thrown as expected: "
+ ace.getMessage());
}
return null;
}
项目:jdk8u-jdk
文件:NonPublicProxyClass.java
private void newProxyInstance() {
// expect newProxyInstance to succeed if it's in the same runtime package
int i = proxyClass.getName().lastIndexOf('.');
String pkg = (i != -1) ? proxyClass.getName().substring(0,i) : "";
boolean hasAccess = pkg.isEmpty() || hasAccess();
try {
Proxy.newProxyInstance(loader,interfaces,handler);
if (!hasAccess) {
throw new RuntimeException("ERROR: Proxy.newProxyInstance should fail " + proxyClass);
}
} catch (AccessControlException e) {
if (hasAccess) {
throw e;
}
if (e.getPermission().getClass() != ReflectPermission.class ||
!e.getPermission().getName().equals(NEW_PROXY_IN_PKG + pkg)) {
throw e;
}
}
}
项目:jdk8u-jdk
文件:TestSetResourceBundle.java
/**
* Test the LoggingPermission("control") is required.
* @param loggerName The logger to use.
*/
public static void testPermission(String loggerName) {
if (System.getSecurityManager() != null) {
throw new Error("Security manager is already set");
}
Policy.setPolicy(new SimplePolicy(TestCase.PERMISSION));
System.setSecurityManager(new SecurityManager());
final ResourceBundle bundle = ResourceBundle.getBundle(LIST_BUNDLE_NAME);
Logger foobar = Logger.getLogger(loggerName);
try {
foobar.setResourceBundle(bundle);
throw new RuntimeException("Permission not checked!");
} catch (AccessControlException x) {
if (x.getPermission() instanceof LoggingPermission) {
if ("control".equals(x.getPermission().getName())) {
System.out.println("Got expected exception: " + x);
return;
}
}
throw new RuntimeException("Unexpected exception: "+x,x);
}
}
/**
* Test that setting process-wide filter is checked by security manager.
*/
@Test
public void testGlobalFilter() throws Exception {
if (ObjectInputFilter.Config.getSerialFilter() == null) {
return;
}
try (ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
ObjectInputStream ois = new ObjectInputStream(bais)) {
ObjectInputFilter.Config.setSerialFilter(filter);
assertFalse(setSecurityManager,"When SecurityManager exists,without "
+ "java.security.SerializablePermission(serialFilter) Exception should be thrown");
Object o = ois.readobject();
} catch (AccessControlException ex) {
assertTrue(setSecurityManager);
assertTrue(ex.getMessage().contains("java.io.SerializablePermission"));
assertTrue(ex.getMessage().contains("serialFilter"));
}
}
/**
* Test that setting process-wide filter is checked by security manager.
*/
@Test
public void testGlobalFilter() throws Exception {
ObjectInputFilter global = ObjectInputFilter.Config.getSerialFilter();
try {
ObjectInputFilter.Config.setSerialFilter(filter);
assertFalse(setSecurityManager,without "
+ "java.io.SerializablePermission(serialFilter) "
+ "IllegalStateException should be thrown");
} catch (AccessControlException ex) {
assertTrue(setSecurityManager);
assertTrue(ex.getMessage().contains("java.io.SerializablePermission"));
assertTrue(ex.getMessage().contains("serialFilter"));
} catch (IllegalStateException ise) {
// ISE should occur only if global filter already set
Assert.assertNotNull(global,"Global filter should be non-null");
}
}
@Override
public java.lang.Object run() throws Exception {
System.out.println("Try to read 'java.class.path' property");
AccessControlContext acc = AccessController.getContext();
Subject s = Subject.getSubject(acc);
System.out.println("principals = " + s.getPrincipals());
try {
System.out.println("java.class.path = "
+ System.getProperty("java.class.path"));
throw new RuntimeException(
"Test Failed: no AccessControlException thrown");
} catch (AccessControlException ace) {
System.out.println(
"AccessControlException thrown as expected: "
+ ace.getMessage());
throw new ReadPropertyException(ace);
}
}
@Override
public void logged(LogEntry entry) {
if (entry.getException() != null &&
entry.getException() instanceof AccessControlException) {
String location = entry.getBundle().getLocation();
Permission javaPerm =
((AccessControlException) entry.getException()).getPermission();
org.onosproject.security.Permission permission = DefaultPolicyBuilder.getonosPermission(javaPerm);
if (permission == null) {
log.warn("Unsupported permission requested.");
return;
}
store.getApplicationIds(location).stream().filter(
appId -> store.isSecured(appId) &&
appAdminService.getState(appId) == ApplicationState.ACTIVE).forEach(appId -> {
store.requestPermission(appId,permission);
print("[POLICY VIOLATION] APP: %s / Bundle: %s / Permission: %s ",appId.name(),location,permission.toString());
});
}
}
/** Run the guarded business function,only if the current thread has access.
* This guarded function may throw a PrivilegedActionException which will contain
* the real exception
* @return Returns back the object that the guarded code returned
* @param functionName Name of the business function being guarded
* @param action An action object which will be executed,this should contain the guarded code
* @throws PrivilegedActionException This is the wrapped exception the the guarded code threw
* @throws AccessControlException This is thrown if the user doesn't have authorization for this function
*/
public static Object runFunction(String functionName,PrivilegedExceptionAction action)
throws PrivilegedActionException,AccessControlException {
if(hasAccess(functionName)) {
try {
return action.run();
} catch (Exception e) {
throw new PrivilegedActionException(e);
}
} else {
// Access Defined
log.info("Access Denied To Business Function: " + functionName);
throw new AccessControlException("Business Function:" + functionName);
}
}
项目:jaffa-framework
文件:AttachmentHandler.java
private void checkFunctionAccess(Attachment attachment,boolean forMaintenance) throws ApplicationExceptions,FrameworkException,AccessControlException {
if (attachment != null && attachment.getSerializedKey() != null) {
// Retrieve the domain object to which the attachment belongs
IPersistent attachTo = null;
try {
attachTo = PersistentHelper.loadFromSerializedKey(attachment.getUOW(),attachment.getSerializedKey());
} catch (Exception e) {
log.error("Exception thrown while retrieving the domain object to which the attachment belongs",e);
throw ExceptionHelper.throwAFR(e);
}
if(attachTo!=null) {
// Ensure that the user has access to the domain object's attachments
String function = "Attachment." + attachTo.getClass().getSimpleName() + (forMaintenance ? ".Maintenance" : ".Inquiry");
if (!SecurityManager.checkFunctionAccess(function)) {
String str = "Access to business-function '" + function + "' is required to be able to " + (forMaintenance ? "manage" : "view") + " attachments for the domain class " + attachTo.getClass().getName();
log.error(str);
throw new AccessControlException(str);
}
}
}
}
项目:jaffa-framework
文件:CxfFunctionGuardInterceptor.java
/**
* Checks if a caller has access to a method being invoked
*
* @param method Method being invoked
* @throws AccessControlException Thrown when the caller doesn't have access
*/
private void checkAccess(Method method) throws AccessControlException,ApplicationExceptions,FrameworkException {
String targetClassName = method.getDeclaringClass().getName();
// Get the rule map
Map<String,List<RuleMetaData>> ruleMap = getPropertyRuleMap(targetClassName,"function-guard");
if (ruleMap == null) {
return;
}
// Get the rules
List<RuleMetaData> rules = ruleMap.get(null);
if (rules == null) {
return;
}
// Check access for any rules that match
for (RuleMetaData rule : rules) {
if (match(method,rule)) {
checkAccess(method,targetClassName,rule);
}
}
}
项目:openjdk-jdk10
文件:MarshalInputStream.java
/**
* Fix for 4179055: Need to assist resolving sun stubs; resolve
* class locally if it is a "permitted" sun class
*/
private Class<?> checkSunClass(String className,throw the SecurityException
if ((name == null) ||
(resolvedClass == null) ||
((!name.equals("accessClassInPackage.sun.rmi.server")) &&
(!name.equals("accessClassInPackage.sun.rmi.registry"))))
{
throw e;
}
return resolvedClass;
}
项目:openjdk-jdk10
文件:SignedJarTest.java
public static void test(Permission perm,boolean expectException) {
boolean getException = (Boolean) AccessController.doPrivileged((PrivilegedAction) () -> {
try {
AccessController.checkPermission(perm);
return (Boolean) false;
} catch (AccessControlException ex) {
return (Boolean) true;
}
});
if (expectException ^ getException) {
String message = "Check Permission :" + perm + "\n ExpectException = "
+ expectException + "\n getException = " + getException;
throw new RuntimeException(message);
}
}
项目:openjdk-jdk10
文件:LimitedDoPrivilegedWithThread.java
public void runTest(AccessControlContext acc,perm);
}
项目:openjdk-jdk10
文件:NoAccess.java
static Class<?> findClass(Module module,String cn,Permission perm) {
try {
Class<?> c = Class.forName(module,cn);
if (c == null) {
throw new RuntimeException(cn + " not found in " + module);
}
if (c.getModule() != module) {
throw new RuntimeException(c.getModule() + " != " + module);
}
return c;
} catch (AccessControlException e) {
if (e.getPermission().equals(perm))
return null;
throw e;
}
}
项目:openjdk-jdk10
文件:NoGetClassLoaderAccess.java
static Class<?> findClass(Module module,String cn) {
try {
Class<?> c = Class.forName(module,cn);
if (c == null) {
throw new RuntimeException(cn + " not found in " + module);
}
if (c.getModule() != module) {
throw new RuntimeException(c.getModule() + " != " + module);
}
return c;
} catch (AccessControlException e) {
if (module != m3) {
if (e.getPermission().equals(GET_CLASSLOADER_PERMISSION))
return null;
}
throw e;
}
}
@Override
public Object run() {
AccessControlContext acc = AccessController.getContext();
Subject subject = Subject.getSubject(acc);
System.out.println("principals = " + subject.getPrincipals());
try {
Utils.writeFile(filename);
new File(filename).delete();
throw new RuntimeException(
"Test Failed: no AccessControlException thrown");
} catch (AccessControlException ace) {
System.out.println(
"AccessControlException thrown as expected: "
+ ace.getMessage());
}
ReadFromFileNegativeAction readFromFile
= new ReadFromFileNegativeAction(filename);
return Subject.doAs(subject,readFromFile);
}
项目:openjdk-jdk10
文件:NonPublicProxyClass.java
public void run() throws Exception {
boolean hasAccess = loader != null || hasAccess();
try {
proxyClass = Proxy.getProxyClass(loader,interfaces);
if (!hasAccess) {
throw new RuntimeException("should have no permission to create proxy class");
}
} catch (AccessControlException e) {
if (hasAccess) {
throw e;
}
if (e.getPermission().getClass() != RuntimePermission.class ||
!e.getPermission().getName().equals("getClassLoader")) {
throw e;
}
return;
}
if (Modifier.isPublic(proxyClass.getModifiers())) {
throw new RuntimeException(proxyClass + " must be non-public");
}
newProxyInstance();
newInstanceFromConstructor(proxyClass);
}
项目:openjdk-jdk10
文件:Version.java
private void checkPermission(Permission perm,boolean expectException) {
boolean getException = (Boolean) AccessController
.doPrivileged((PrivilegedAction) () -> {
try {
AccessController.checkPermission(perm);
return (Boolean) false;
} catch (AccessControlException ex) {
return (Boolean) true;
}
});
if (expectException ^ getException) {
String message = "Check Permission :" + perm + "\n ExpectException = "
+ expectException + "\n getException = " + getException;
throw new RuntimeException(message);
}
}
项目:openjdk-jdk10
文件:TestSetResourceBundle.java
/**
* Test the LoggingPermission("control") is required.
* @param loggerName The logger to use.
*/
public static void testPermission(String loggerName) {
if (System.getSecurityManager() != null) {
throw new Error("Security manager is already set");
}
Policy.setPolicy(new SimplePolicy(TestCase.PERMISSION));
System.setSecurityManager(new SecurityManager());
final ResourceBundle bundle = ResourceBundle.getBundle(LIST_BUNDLE_NAME);
Logger foobar = Logger.getLogger(loggerName);
try {
foobar.setResourceBundle(bundle);
throw new RuntimeException("Permission not checked!");
} catch (AccessControlException x) {
if (x.getPermission() instanceof LoggingPermission) {
if ("control".equals(x.getPermission().getName())) {
System.out.println("Got expected exception: " + x);
return;
}
}
throw new RuntimeException("Unexpected exception: "+x,x);
}
}
项目:firebase-admin-java
文件:RevivingScheduledExecutor.java
@VisibleForTesting
RevivingScheduledExecutor(
final ThreadFactory threadFactory,final String threadName,final long initialDelayMs,final long timeoutMs) {
super(0);
checkNotNull(threadFactory,"threadFactory must not be null");
INSTANCE_COUNTER.incrementAndGet();
this.initialDelayMs = initialDelayMs;
this.timeoutMs = timeoutMs;
setRemoveOnCancelPolicy(true);
setThreadFactory(
new ThreadFactory() {
@Override
public Thread newThread(Runnable r) {
logger.debug("Creating new thread for: {}",threadName);
Thread thread = threadFactory.newThread(r);
try {
thread.setName(threadName);
thread.setDaemon(true);
} catch (AccessControlException ignore) {
// Unsupported on App Engine.
}
if (requestedRestart.getAndSet(false)) {
afterRestart();
}
return thread;
}
});
}
项目:GitHub
文件:TypeUtils.java
static void setAccessible(AccessibleObject obj){
if(!setAccessibleEnable){
return;
}
if(obj.isAccessible()){
return;
}
try{
obj.setAccessible(true);
} catch(AccessControlException error){
setAccessibleEnable = false;
}
}
项目:incubator-netbeans
文件:DirectoryChooserUI.java
private static boolean canWrite(File f) {
boolean writeable = false;
if (f != null) {
try {
writeable = f.canWrite();
} catch (AccessControlException ex) {
writeable = false;
}
}
return writeable;
}
项目:tomcat7
文件:WebappClassLoaderBase.java
/**
* Refresh the system policy file,to pick up eventual changes.
*/
protected void refreshPolicy() {
try {
// The policy file may have been modified to adjust
// permissions,so we're reloading it when loading or
// reloading a Context
Policy policy = Policy.getPolicy();
policy.refresh();
} catch (AccessControlException e) {
// Some policy files may restrict this,even for the core,// so this exception is ignored
}
}
项目:fitnotifications
文件:ULocale.java
public static String getSystemProperty(String key) {
String val = null;
final String fkey = key;
if (System.getSecurityManager() != null) {
try {
val = AccessController.doPrivileged(new PrivilegedAction<String>() {
@Override
public String run() {
return System.getProperty(fkey);
}
});
} catch (AccessControlException e) {
// ignore
}
} else {
val = System.getProperty(fkey);
}
return val;
}
/**
* Get ICU configuration property value for the given name.
* @param name The configuration property name
* @param def The default value
* @return The configuration property value. If the property does not
* exist,<code>def</code> is returned.
*/
public static String get(String name,String def) {
String val = null;
final String fname = name;
if (System.getSecurityManager() != null) {
try {
val = AccessController.doPrivileged(new PrivilegedAction<String>() {
@Override
public String run() {
return System.getProperty(fname);
}
});
} catch (AccessControlException e) {
// ignore
// Todo log this message
}
} else {
val = System.getProperty(name);
}
if (val == null) {
val = CONfig_PROPS.getProperty(name,def);
}
return val;
}
/**
* gets a new default Configuration
* @return Configuration
*/
public static final Configuration getConfiguration() {
try {
String config = System.getProperty("jazzy.config"); // added by bd
if (config != null && config.length() > 0)
return getConfiguration(config);
} catch (AccessControlException e) {
e.printstacktrace();
}
return getConfiguration(null);
}
private static void makeAccessible (Field field){
if (!field.isAccessible()) {
try {
field.setAccessible(true);
} catch (AccessControlException ex) {
throw new GdxRuntimeException(String.format("Field %s cannot be made accessible",field.getName()));
}
}
}
private void makeAccessible (Field field) {
if (!field.isAccessible()) {
try {
field.setAccessible(true);
} catch (AccessControlException ex) {
throw new GdxRuntimeException(String.format("Field %s cannot be made accessible",field.getName()));
}
}
}
项目:jiracli
文件:HttpClient.java
private static void checkAccountLocked(HttpResponse response) {
Header header = response.getLastHeader("X-Authentication-Denied-Reason");
if (header != null) {
String info = Objects.toString(header.getValue(),"").trim();
throw new AccessControlException("Your account seems to be locked" + (info.isEmpty() ? "" : ": " + info));
}
}
项目:openjdk-jdk10
文件:BadPolicyFile.java
public static void main(String[] args) throws Exception {
URI uri = new File(System.getProperty("test.src","."),"BadPolicyFile.policy").toURI();
Policy.setPolicy(Policy.getInstance("JavaPolicy",new URIParameter(uri)));
System.setSecurityManager(new SecurityManager());
try {
String javahome = System.getProperty("java.home");
throw new Exception("Expected AccessControlException");
} catch (AccessControlException ace) {
System.out.println("Test PASSED");
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。