List of usage examples for java.security Policy getPermissions
public PermissionCollection getPermissions(ProtectionDomain domain)
From source file:com.thoughtworks.acceptance.SecurityManagerTest.java
protected void setUp() throws Exception { super.setUp(); System.setSecurityManager(null); source = new CodeSource(new File("target").toURI().toURL(), (Certificate[]) null); sm = new DynamicSecurityManager(); Policy policy = Policy.getPolicy(); sm.setPermissions(source, policy.getPermissions(source)); sm.addPermission(source, new RuntimePermission("setSecurityManager")); File mainClasses = new File(System.getProperty("user.dir"), "target/classes/-"); File testClasses = new File(System.getProperty("user.dir"), "target/test-classes/-"); String[] javaClassPath = StringUtils.split(System.getProperty("java.class.path"), File.pathSeparatorChar); File javaHome = new File(System.getProperty("java.home"), "-"); // necessary permission start here sm.addPermission(source, new FilePermission(mainClasses.toString(), "read")); sm.addPermission(source, new FilePermission(testClasses.toString(), "read")); sm.addPermission(source, new FilePermission(javaHome.toString(), "read")); for (int i = 0; i < javaClassPath.length; ++i) { if (javaClassPath[i].endsWith(".jar")) { sm.addPermission(source, new FilePermission(javaClassPath[i], "read")); }/*from w w w . j a v a 2 s . co m*/ } }
From source file:org.apache.jasper.compiler.JspRuntimeContext.java
/** * Method used to initialize SecurityManager data. *///from w ww .ja va 2s . c om private void initSecurity() { // Setup the PermissionCollection for this web app context // based on the permissions configured for the root of the // web app context directory, then add a file read permission // for that directory. Policy policy = Policy.getPolicy(); if (policy != null) { try { // Get the permissions for the web app context String docBase = context.getRealPath("/"); if (docBase == null) { docBase = options.getScratchDir().toString(); } String codeBase = docBase; if (!codeBase.endsWith(File.separator)) { codeBase = codeBase + File.separator; } File contextDir = new File(codeBase); URL url = contextDir.getCanonicalFile().toURL(); codeSource = new CodeSource(url, null); permissionCollection = policy.getPermissions(codeSource); // Create a file read permission for web app context directory if (!docBase.endsWith(File.separator)) { permissionCollection.add(new FilePermission(docBase, "read")); docBase = docBase + File.separator; } else { permissionCollection .add(new FilePermission(docBase.substring(0, docBase.length() - 1), "read")); } docBase = docBase + "-"; permissionCollection.add(new FilePermission(docBase, "read")); // Create a file read permission for web app tempdir (work) // directory String workDir = options.getScratchDir().toString(); if (!workDir.endsWith(File.separator)) { permissionCollection.add(new FilePermission(workDir, "read")); workDir = workDir + File.separator; } workDir = workDir + "-"; permissionCollection.add(new FilePermission(workDir, "read")); // Allow the JSP to access org.apache.jasper.runtime.HttpJspBase permissionCollection.add(new RuntimePermission("accessClassInPackage.org.apache.jasper.runtime")); if (parentClassLoader instanceof URLClassLoader) { URL[] urls = parentClassLoader.getURLs(); String jarUrl = null; String jndiUrl = null; for (int i = 0; i < urls.length; i++) { if (jndiUrl == null && urls[i].toString().startsWith("jndi:")) { jndiUrl = urls[i].toString() + "-"; } if (jarUrl == null && urls[i].toString().startsWith("jar:jndi:")) { jarUrl = urls[i].toString(); jarUrl = jarUrl.substring(0, jarUrl.length() - 2); jarUrl = jarUrl.substring(0, jarUrl.lastIndexOf('/')) + "/-"; } } if (jarUrl != null) { permissionCollection.add(new FilePermission(jarUrl, "read")); permissionCollection.add(new FilePermission(jarUrl.substring(4), "read")); } if (jndiUrl != null) permissionCollection.add(new FilePermission(jndiUrl, "read")); } } catch (Exception e) { context.log("Security Init for context failed", e); } } }
From source file:org.tinygroup.jspengine.compiler.JspRuntimeContext.java
/** * Method used to initialize SecurityManager data. *//*from ww w.jav a2 s.co m*/ private void initSecurity() { // Setup the PermissionCollection for this web app context // based on the permissions configured for the root of the // web app context directory, then add a file read permission // for that directory. Policy policy = Policy.getPolicy(); if (policy != null) { try { // Get the permissions for the web app context String docBase = context.getRealPath("/"); if (docBase == null) { docBase = options.getScratchDir().toString(); } String codeBase = docBase; if (!codeBase.endsWith(File.separator)) { codeBase = codeBase + File.separator; } File contextDir = new File(codeBase); URL url = contextDir.getCanonicalFile().toURL(); codeSource = new CodeSource(url, (Certificate[]) null); permissionCollection = policy.getPermissions(codeSource); // Create a file read permission for web app context directory if (!docBase.endsWith(File.separator)) { permissionCollection.add(new FilePermission(docBase, "read")); docBase = docBase + File.separator; } else { permissionCollection .add(new FilePermission(docBase.substring(0, docBase.length() - 1), "read")); } docBase = docBase + "-"; permissionCollection.add(new FilePermission(docBase, "read")); // Create a file read permission for web app tempdir (work) // directory String workDir = options.getScratchDir().toString(); if (!workDir.endsWith(File.separator)) { permissionCollection.add(new FilePermission(workDir, "read")); workDir = workDir + File.separator; } workDir = workDir + "-"; permissionCollection.add(new FilePermission(workDir, "read")); // Allow the JSP to access // org.tinygroup.jspengine.runtime.HttpJspBase permissionCollection .add(new RuntimePermission("accessClassInPackage.org.tinygroup.jspengine.runtime")); if (parentClassLoader instanceof URLClassLoader) { URL[] urls = ((URLClassLoader) parentClassLoader).getURLs(); String jarUrl = null; String jndiUrl = null; for (int i = 0; i < urls.length; i++) { if (jndiUrl == null && urls[i].toString().startsWith("jndi:")) { jndiUrl = urls[i].toString() + "-"; } if (jarUrl == null && urls[i].toString().startsWith("jar:jndi:")) { jarUrl = urls[i].toString(); jarUrl = jarUrl.substring(0, jarUrl.length() - 2); jarUrl = jarUrl.substring(0, jarUrl.lastIndexOf('/')) + "/-"; } } if (jarUrl != null) { permissionCollection.add(new FilePermission(jarUrl, "read")); permissionCollection.add(new FilePermission(jarUrl.substring(4), "read")); } if (jndiUrl != null) permissionCollection.add(new FilePermission(jndiUrl, "read")); } } catch (Exception e) { context.log("Security Init for context failed", e); } } }