List of usage examples for java.security AccessControlContext AccessControlContext
public AccessControlContext(ProtectionDomain[] context)
From source file:azkaban.execapp.FlowRunner.java
private boolean evaluateExpression(final String expression) { boolean result = false; final ScriptEngineManager sem = new ScriptEngineManager(); final ScriptEngine se = sem.getEngineByName("JavaScript"); // Restrict permission using the two-argument form of doPrivileged() try {/*from w ww. java 2 s .c o m*/ final Object object = AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws ScriptException { return se.eval(expression); } }, new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, null) }) // no permissions ); if (object != null) { result = (boolean) object; } } catch (final Exception e) { this.logger.error("Failed to evaluate the expression.", e); } this.logger.info("Evaluate expression result: " + result); return result; }
From source file:org.jwebsocket.util.Tools.java
/** * Executes a privileged action in sandbox. * * @param aPermissions The security permissions. * @param aAction The action to execute/ * @return//from www . ja v a 2s . c o m */ public static Object doPrivileged(PermissionCollection aPermissions, PrivilegedAction aAction) { ProtectionDomain lProtectionDomain = new ProtectionDomain(new CodeSource(null, (Certificate[]) null), aPermissions); AccessControlContext lSecureContext = new AccessControlContext( new ProtectionDomain[] { lProtectionDomain }); return AccessController.doPrivileged(aAction, lSecureContext); }
From source file:org.rhq.bindings.ScriptEngineFactory.java
/** * This method is similar to the {@link #getScriptEngine(String, PackageFinder, StandardBindings)} method * but additionally applies a security wrapper on the returned script engine so that the scripts execute * with the provided java permissions.// www . j av a 2 s.c om * * @see #getScriptEngine(String, PackageFinder, StandardBindings) */ public static ScriptEngine getSecuredScriptEngine(final String language, final PackageFinder packageFinder, final StandardBindings bindings, final PermissionCollection permissions) throws ScriptException, IOException { CodeSource src = new CodeSource(new URL("http://rhq-project.org/scripting"), (Certificate[]) null); ProtectionDomain scriptDomain = new ProtectionDomain(src, permissions); AccessControlContext ctx = new AccessControlContext(new ProtectionDomain[] { scriptDomain }); try { return AccessController.doPrivileged(new PrivilegedExceptionAction<ScriptEngine>() { @Override public ScriptEngine run() throws Exception { //This might seem a bit excessive but is necessary due to the //change in security handling in the rhino script engine //that occured in Java6u27 (due to a CVE desribed here: //https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3544) //In Java 6u26 and earlier, it was enough to wrap a script engine //in the sandbox and everything would work. //Java 6u27 introduced new behavior where the rhino script engine //remembers the access control context with which it has been //constructed and combines that with the callers protection domain //when a script is executed. Because this class has all perms and //all the code in RHQ that called ScriptEngine.eval* also //had all perms, the scripts would never be sandboxed even if the call //was pushed through the SandboxedScriptEngine. //This means that the below wrapping is necessary for the security //to work in java6 pre u27 while the surrounding privileged block //is necessary for the security to be applied in java6 u27 and later. return new SandboxedScriptEngine(getScriptEngine(language, packageFinder, bindings), permissions); } }, ctx); } catch (PrivilegedActionException e) { Throwable cause = e.getCause(); if (cause instanceof IOException) { throw (IOException) cause; } else if (cause instanceof ScriptException) { throw (ScriptException) cause; } else { throw new ScriptException(e); } } }