List of usage examples for java.security PermissionCollection add
public abstract void add(Permission permission);
From source file:Main.java
public static void main(String[] args) { // Build property permissions collection PropertyPermission permission = new PropertyPermission("java.*", "read"); PermissionCollection permissions = permission.newPermissionCollection(); permissions.add(permission); permissions.add(new PropertyPermission("java.home.*", "read,write")); if (permissions.implies(new PropertyPermission("java.home", "read"))) { System.out.println("Has permissions on " + "java.home" + " for read"); }/*from w w w . j ava2s . co m*/ if (permissions.implies(new PropertyPermission("java.home", "write"))) { System.out.println("Has permissions on " + "java.home" + " for write"); } }
From source file:Main.java
public static void main(String[] args) throws IOException { // create new file permissions FilePermission fp = new FilePermission("C://test.txt", "read"); // create new permission collection PermissionCollection pc = fp.newPermissionCollection(); // add permission to the permission collection pc.add(fp); if (pc.implies(new FilePermission("C://test.txt", "read"))) { System.out.println("Permission for C://test.txt is read"); }//from www . j ava2s . c o m }
From source file:net.sf.keystore_explorer.crypto.jcepolicy.JcePolicyUtil.java
/** * Hack to disable crypto restrictions until Java 9 is out. * * See http://stackoverflow.com/a/22492582/2672392 */// ww w. j a v a 2s . c om public static void removeRestrictions() { try { Class<?> jceSecurityClass = Class.forName("javax.crypto.JceSecurity"); Class<?> cryptoPermissionsClass = Class.forName("javax.crypto.CryptoPermissions"); Class<?> cryptoAllPermissionClass = Class.forName("javax.crypto.CryptoAllPermission"); Field isRestrictedField = jceSecurityClass.getDeclaredField("isRestricted"); isRestrictedField.setAccessible(true); Field modifiersField = Field.class.getDeclaredField("modifiers"); modifiersField.setAccessible(true); modifiersField.setInt(isRestrictedField, isRestrictedField.getModifiers() & ~Modifier.FINAL); isRestrictedField.set(null, false); Field defaultPolicyField = jceSecurityClass.getDeclaredField("defaultPolicy"); defaultPolicyField.setAccessible(true); PermissionCollection defaultPolicy = (PermissionCollection) defaultPolicyField.get(null); Field permsField = cryptoPermissionsClass.getDeclaredField("perms"); permsField.setAccessible(true); ((Map<?, ?>) permsField.get(defaultPolicy)).clear(); Field cryptoAllPermissionInstanceField = cryptoAllPermissionClass.getDeclaredField("INSTANCE"); cryptoAllPermissionInstanceField.setAccessible(true); defaultPolicy.add((Permission) cryptoAllPermissionInstanceField.get(null)); } catch (Exception e) { // ignore } }
From source file:com.stratuscom.harvester.deployer.StarterServiceDeployer.java
private static Permission[] expandUmbrella(Permission[] perms) { PermissionCollection pc = new Permissions(); for (Permission p : perms) { pc.add(p); }/*from ww w. j av a 2 s .c o m*/ if (pc.implies(new UmbrellaGrantPermission())) { List l = Collections.list(pc.elements()); pc.add(new GrantPermission((Permission[]) l.toArray(new Permission[l.size()]))); } List<Permission> permList = new ArrayList<Permission>(); for (Enumeration<Permission> en = pc.elements(); en.hasMoreElements();) { permList.add(en.nextElement()); } return permList.toArray(new Permission[0]); }
From source file:jef.tools.security.EncrypterUtil.java
/** * ???// ww w .ja v a 2s .c o m * @return */ public static boolean removeCryptographyRestrictions() { if (!isRestrictedCryptography()) { return false; } try { /* * Do the following, but with reflection to bypass access checks: * * JceSecurity.isRestricted = false; * JceSecurity.defaultPolicy.perms.clear(); * JceSecurity.defaultPolicy.add(CryptoAllPermission.INSTANCE); */ final Class<?> jceSecurity = Class.forName("javax.crypto.JceSecurity"); final Class<?> cryptoPermissions = Class.forName("javax.crypto.CryptoPermissions"); final Class<?> cryptoAllPermission = Class.forName("javax.crypto.CryptoAllPermission"); final Field isRestrictedField = jceSecurity.getDeclaredField("isRestricted"); isRestrictedField.setAccessible(true); final Field modifiersField = Field.class.getDeclaredField("modifiers"); modifiersField.setAccessible(true); modifiersField.setInt(isRestrictedField, isRestrictedField.getModifiers() & ~Modifier.FINAL); isRestrictedField.set(null, false); final Field defaultPolicyField = jceSecurity.getDeclaredField("defaultPolicy"); defaultPolicyField.setAccessible(true); final PermissionCollection defaultPolicy = (PermissionCollection) defaultPolicyField.get(null); final Field perms = cryptoPermissions.getDeclaredField("perms"); perms.setAccessible(true); ((Map<?, ?>) perms.get(defaultPolicy)).clear(); final Field instance = cryptoAllPermission.getDeclaredField("INSTANCE"); instance.setAccessible(true); defaultPolicy.add((Permission) instance.get(null)); return true; } catch (final Exception e) { LogUtil.error("Failed to remove cryptography restrictions", e); return false; } }
From source file:com.orange.clara.cloud.servicedbdumper.task.boot.sequences.BootSequenceSecurity.java
public void removeEncryptionRestriction() { if (!isRestrictedCryptography()) { logger.info("Cryptography restrictions removal not needed"); return;/* w w w . ja v a 2s . c o m*/ } try { /* * Do the following, but with reflection to bypass access checks: * * JceSecurity.isRestricted = false; * JceSecurity.defaultPolicy.perms.clear(); * JceSecurity.defaultPolicy.add(CryptoAllPermission.INSTANCE); */ final Class<?> jceSecurity = Class.forName("javax.crypto.JceSecurity"); final Class<?> cryptoPermissions = Class.forName("javax.crypto.CryptoPermissions"); final Class<?> cryptoAllPermission = Class.forName("javax.crypto.CryptoAllPermission"); final Field isRestrictedField = jceSecurity.getDeclaredField("isRestricted"); isRestrictedField.setAccessible(true); final Field modifiersField = Field.class.getDeclaredField("modifiers"); modifiersField.setAccessible(true); modifiersField.setInt(isRestrictedField, isRestrictedField.getModifiers() & ~Modifier.FINAL); isRestrictedField.set(null, false); final Field defaultPolicyField = jceSecurity.getDeclaredField("defaultPolicy"); defaultPolicyField.setAccessible(true); final PermissionCollection defaultPolicy = (PermissionCollection) defaultPolicyField.get(null); final Field perms = cryptoPermissions.getDeclaredField("perms"); perms.setAccessible(true); ((Map<?, ?>) perms.get(defaultPolicy)).clear(); final Field instance = cryptoAllPermission.getDeclaredField("INSTANCE"); instance.setAccessible(true); defaultPolicy.add((Permission) instance.get(null)); logger.info("Successfully removed cryptography restrictions"); } catch (final Exception e) { logger.warn("Failed to remove cryptography restrictions", e); } }
From source file:com.seeburger.vfs2.util.VFSClassLoader.java
/** * Copies the permissions from src to dest. * @param src The source PermissionCollection. * @param dest The destination PermissionCollection. */// ww w . j a va 2 s. c om protected void copyPermissions(final PermissionCollection src, final PermissionCollection dest) { for (Enumeration<Permission> elem = src.elements(); elem.hasMoreElements();) { final Permission permission = elem.nextElement(); dest.add(permission); } }
From source file:org.apache.catalina.loader.WebappClassLoader.java
/** * Get the Permissions for a CodeSource. If this instance * of WebappClassLoader is for a web application context, * add read FilePermission or JndiPermissions for the base * directory (if unpacked),/*from w w w .j a v a2s. c o m*/ * the context URL, and jar file resources. * * @param codeSource where the code was loaded from * @return PermissionCollection for CodeSource */ protected PermissionCollection getPermissions(CodeSource codeSource) { String codeUrl = codeSource.getLocation().toString(); PermissionCollection pc; if ((pc = (PermissionCollection) loaderPC.get(codeUrl)) == null) { pc = super.getPermissions(codeSource); if (pc != null) { Iterator perms = permissionList.iterator(); while (perms.hasNext()) { Permission p = (Permission) perms.next(); pc.add(p); } loaderPC.put(codeUrl, pc); } } return (pc); }
From source file:org.apache.hadoop.security.authorize.ConfiguredPolicy.java
@Override public PermissionCollection getPermissions(ProtectionDomain domain) { PermissionCollection permissionCollection = super.getPermissions(domain); for (Principal principal : domain.getPrincipals()) { Set<Permission> principalPermissions = permissions.get(principal); if (principalPermissions != null) { for (Permission permission : principalPermissions) { permissionCollection.add(permission); }//from www .j av a2 s . c o m } for (Permission permission : allowedPermissions) { permissionCollection.add(permission); } } return permissionCollection; }
From source file:org.echocat.nodoodle.classloading.FileClassLoader.java
/** * This is a copy of {@link URLClassLoader#getPermissions(CodeSource)}. * * Returns the permissions for the given codesource object. * The implementation of this method first calls super.getPermissions * and then adds permissions based on the URL of the codesource. * <p>/* ww w. java2s. co m*/ * If the protocol of this URL is "jar", then the permission granted * is based on the permission that is required by the URL of the Jar * file. * <p> * If the protocol is "file" * and the path specifies a file, then permission to read that * file is granted. If protocol is "file" and the path is * a directory, permission is granted to read all files * and (recursively) all files and subdirectories contained in * that directory. * <p> * If the protocol is not "file", then * to connect to and accept connections from the URL's host is granted. * @param codesource the codesource * @return the permissions granted to the codesource */ @Override protected PermissionCollection getPermissions(CodeSource codesource) { final PermissionCollection perms = super.getPermissions(codesource); final URL url = codesource.getLocation(); Permission p; URLConnection urlConnection; try { urlConnection = url.openConnection(); p = urlConnection.getPermission(); } catch (IOException ignored) { p = null; urlConnection = null; } if (p instanceof FilePermission) { // if the permission has a separator char on the end, // it means the codebase is a directory, and we need // to add an additional permission to read recursively String path = p.getName(); if (path.endsWith(File.separator)) { path += "-"; p = new FilePermission(path, SecurityConstants.FILE_READ_ACTION); } } else if ((p == null) && (url.getProtocol().equals("file"))) { String path = url.getFile().replace('/', File.separatorChar); path = ParseUtil.decode(path); if (path.endsWith(File.separator)) { path += "-"; } p = new FilePermission(path, SecurityConstants.FILE_READ_ACTION); } else { URL locUrl = url; if (urlConnection instanceof JarURLConnection) { locUrl = ((JarURLConnection) urlConnection).getJarFileURL(); } final String host = locUrl.getHost(); if (host != null && (host.length() > 0)) { p = new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION); } } // make sure the person that created this class loader // would have this permission if (p != null) { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { final Permission fp = p; doPrivileged(new PrivilegedAction<Void>() { @Override public Void run() throws SecurityException { sm.checkPermission(fp); return null; } }, _acc); } perms.add(p); } return perms; }