List of usage examples for java.lang SecurityManager checkPermission
public void checkPermission(Permission perm)
SecurityException
if the requested access, specified by the given permission, is not permitted based on the security policy currently in effect. From source file:eu.europa.ejusticeportal.dss.applet.DssApplet.java
/** * Check that all required privilege are granted, stop applet if not. *///from ww w.j a v a 2 s.c o m private void checkPrivileges() { try { final SecurityManager security = System.getSecurityManager(); if (security != null) { final Permission perm = new AllPermission(); // Throws a security exception if not allowed security.checkPermission(perm); } } catch (Exception ex) { ExceptionUtils.log(new UnexpectedException(ex, "Fail to check privileges."), LOG); initFailure(); } }
From source file:com.sshtools.j2ssh.forwarding.ForwardingClient.java
/** * * * @param fwd/*from www. j a va 2s .c om*/ * * @throws ForwardingConfigurationException */ public void addRemoteForwarding(ForwardingConfiguration fwd) throws ForwardingConfigurationException { // Check that the name does not exist if (remoteForwardings.containsKey(fwd.getName())) { throw new ForwardingConfigurationException("The remote forwaring configuration name already exists!"); } // Check that the address to bind and port are not already being used Iterator it = remoteForwardings.values().iterator(); ForwardingConfiguration config; while (it.hasNext()) { config = (ForwardingConfiguration) it.next(); if (config.getAddressToBind().equals(fwd.getAddressToBind()) && (config.getPortToBind() == fwd.getPortToBind())) { throw new ForwardingConfigurationException( "The remote forwarding address and port are already in use"); } } // Check the security mananger SecurityManager manager = System.getSecurityManager(); if (manager != null) { try { manager.checkPermission(new SocketPermission( fwd.getHostToConnect() + ":" + String.valueOf(fwd.getPortToConnect()), "connect")); } catch (SecurityException e) { throw new ForwardingConfigurationException("The security manager has denied connect permision on " + fwd.getHostToConnect() + ":" + String.valueOf(fwd.getPortToConnect())); } } // Create the configuration object remoteForwardings.put(fwd.getName(), fwd); }
From source file:com.sshtools.j2ssh.forwarding.ForwardingClient.java
/** * * * @param uniqueName// ww w .j a v a2 s .co m * @param addressToBind * @param portToBind * @param hostToConnect * @param portToConnect * * @throws ForwardingConfigurationException */ public ForwardingConfiguration addRemoteForwarding(String uniqueName, String addressToBind, int portToBind, String hostToConnect, int portToConnect) throws ForwardingConfigurationException { // Check that the name does not exist if (remoteForwardings.containsKey(uniqueName)) { throw new ForwardingConfigurationException("The remote forwaring configuration name already exists!"); } // Check that the address to bind and port are not already being used Iterator it = remoteForwardings.values().iterator(); ForwardingConfiguration config; while (it.hasNext()) { config = (ForwardingConfiguration) it.next(); if (config.getAddressToBind().equals(addressToBind) && (config.getPortToBind() == portToBind)) { throw new ForwardingConfigurationException( "The remote forwarding address and port are already in use"); } } // Check the security mananger SecurityManager manager = System.getSecurityManager(); if (manager != null) { try { manager.checkPermission( new SocketPermission(hostToConnect + ":" + String.valueOf(portToConnect), "connect")); } catch (SecurityException e) { throw new ForwardingConfigurationException("The security manager has denied connect permision on " + hostToConnect + ":" + String.valueOf(portToConnect)); } } // Create the configuration object ForwardingConfiguration cf = new ForwardingConfiguration(uniqueName, addressToBind, portToBind, hostToConnect, portToConnect); remoteForwardings.put(uniqueName, cf); return cf; }
From source file:com.sshtools.j2ssh.forwarding.ForwardingClient.java
/** * * * @param uniqueName/*from www. j a va 2 s. com*/ * @param addressToBind * @param portToBind * @param hostToConnect * @param portToConnect * * @return * * @throws ForwardingConfigurationException */ public ForwardingConfiguration addLocalForwarding(String uniqueName, String addressToBind, int portToBind, String hostToConnect, int portToConnect) throws ForwardingConfigurationException { // Check that the name does not exist if (localForwardings.containsKey(uniqueName)) { throw new ForwardingConfigurationException("The configuration name already exists!"); } // Check that the address to bind and port are not already being used Iterator it = localForwardings.values().iterator(); ForwardingConfiguration config; while (it.hasNext()) { config = (ForwardingConfiguration) it.next(); if (config.getAddressToBind().equals(addressToBind) && (config.getPortToBind() == portToBind)) { throw new ForwardingConfigurationException("The address and port are already in use"); } } // Check the security mananger SecurityManager manager = System.getSecurityManager(); if (manager != null) { try { manager.checkPermission( new SocketPermission(addressToBind + ":" + String.valueOf(portToBind), "accept,listen")); } catch (SecurityException e) { throw new ForwardingConfigurationException("The security manager has denied listen permision on " + addressToBind + ":" + String.valueOf(portToBind)); } } // Create the configuration object ForwardingConfiguration cf = new ClientForwardingListener(uniqueName, connection, addressToBind, portToBind, hostToConnect, portToConnect); localForwardings.put(uniqueName, cf); return cf; }
From source file:org.apache.accumulo.server.security.SecurityConstants.java
public static TCredentials getSystemCredentials() { SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(SYSTEM_CREDENTIALS_PERMISSION); }//from w w w . j a v a2 s . c om return systemCredentials; }
From source file:org.apache.accumulo.server.security.SystemCredentials.java
public static SystemCredentials get() { SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(SYSTEM_CREDENTIALS_PERMISSION); }/* w ww . j av a 2 s. com*/ if (SYSTEM_CREDS == null) { SYSTEM_CREDS = new SystemCredentials(); } return SYSTEM_CREDS; }
From source file:org.apache.cassandra.concurrent.ContinuationsExecutor.java
/** * If there is a security manager, makes sure caller has permission to shut * down threads in general (see shutdownPerm). If this passes, additionally * makes sure the caller is allowed to interrupt each worker thread. This * might not be true even if first check passed, if the SecurityManager * treats some threads specially.//from w ww . j a v a 2 s . com */ private void checkShutdownAccess() { SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkPermission(shutdownPerm); final ReentrantLock mainLock = this.mainLock; mainLock.lock(); try { for (Worker w : workers) security.checkAccess(w.thread); } finally { mainLock.unlock(); } } }
From source file:org.codice.ddf.cxf.client.impl.SecureCxfClientFactoryImpl.java
/** * Clients produced by this method will be secured with two-way ssl and the provided security * subject.//from ww w.j a v a 2 s .c o m * * <p>The returned client should NOT be reused between requests! This method should be called for * each new request in order to ensure that the security token is up-to-date each time. */ public final T getClientForSubject(Subject subject) { final java.lang.SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkPermission(CREATE_CLIENT_PERMISSION); } return AccessController.doPrivileged((PrivilegedAction<T>) () -> { String asciiString = clientFactory.getAddress(); T newClient = getNewClient(); if (!basicAuth && StringUtils.startsWithIgnoreCase(asciiString, HTTPS)) { if (subject instanceof ddf.security.Subject) { RestSecurity.setSubjectOnClient((ddf.security.Subject) subject, WebClient.client(newClient)); } } auditRemoteConnection(asciiString); return newClient; }); }
From source file:org.echocat.nodoodle.classloading.FileClassLoader.java
/** * This is a copy of {@link URLClassLoader#getPermissions(CodeSource)}. * * Returns the permissions for the given codesource object. * The implementation of this method first calls super.getPermissions * and then adds permissions based on the URL of the codesource. * <p>/*from ww w . j a va 2 s. c o m*/ * If the protocol of this URL is "jar", then the permission granted * is based on the permission that is required by the URL of the Jar * file. * <p> * If the protocol is "file" * and the path specifies a file, then permission to read that * file is granted. If protocol is "file" and the path is * a directory, permission is granted to read all files * and (recursively) all files and subdirectories contained in * that directory. * <p> * If the protocol is not "file", then * to connect to and accept connections from the URL's host is granted. * @param codesource the codesource * @return the permissions granted to the codesource */ @Override protected PermissionCollection getPermissions(CodeSource codesource) { final PermissionCollection perms = super.getPermissions(codesource); final URL url = codesource.getLocation(); Permission p; URLConnection urlConnection; try { urlConnection = url.openConnection(); p = urlConnection.getPermission(); } catch (IOException ignored) { p = null; urlConnection = null; } if (p instanceof FilePermission) { // if the permission has a separator char on the end, // it means the codebase is a directory, and we need // to add an additional permission to read recursively String path = p.getName(); if (path.endsWith(File.separator)) { path += "-"; p = new FilePermission(path, SecurityConstants.FILE_READ_ACTION); } } else if ((p == null) && (url.getProtocol().equals("file"))) { String path = url.getFile().replace('/', File.separatorChar); path = ParseUtil.decode(path); if (path.endsWith(File.separator)) { path += "-"; } p = new FilePermission(path, SecurityConstants.FILE_READ_ACTION); } else { URL locUrl = url; if (urlConnection instanceof JarURLConnection) { locUrl = ((JarURLConnection) urlConnection).getJarFileURL(); } final String host = locUrl.getHost(); if (host != null && (host.length() > 0)) { p = new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION); } } // make sure the person that created this class loader // would have this permission if (p != null) { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { final Permission fp = p; doPrivileged(new PrivilegedAction<Void>() { @Override public Void run() throws SecurityException { sm.checkPermission(fp); return null; } }, _acc); } perms.add(p); } return perms; }
From source file:org.eclipse.ecr.runtime.api.login.LoginComponent.java
@Override public LoginContext loginAs(final String username) throws LoginException { // login as system user is a privileged action try {//from w w w.jav a 2 s.c om return AccessController.doPrivileged(new PrivilegedExceptionAction<LoginContext>() { @Override public LoginContext run() throws LoginException { SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(new SystemLoginPermission()); } return systemLogin(username); } }); } catch (PrivilegedActionException e) { throw (LoginException) e.getException(); } }