List of usage examples for java.security Permission getActions
public abstract String getActions();
From source file:de.ingrid.usermanagement.jetspeed.IngridPermissionManager.java
/** * @see org.apache.jetspeed.security.PermissionManager#revokePermission(java.security.Principal, * java.security.Permission)//from w ww.j a v a 2 s . c o m */ public void revokePermission(Principal principal, Permission permission) throws SecurityException { String fullPath = SecurityHelper.getPreferencesFullPath(principal); ArgUtil.notNull(new Object[] { fullPath, permission }, new String[] { "fullPath", "permission" }, "revokePermission(java.security.Principal, java.security.Permission)"); // Remove permissions on principal. InternalPrincipal internalPrincipal = getInternalPrincipal(fullPath); if (null != internalPrincipal) { Collection internalPermissions = internalPrincipal.getPermissions(); if (null != internalPermissions) { boolean revokePermission = false; ArrayList newInternalPermissions = new ArrayList(); Iterator internalPermissionsIter = internalPermissions.iterator(); while (internalPermissionsIter.hasNext()) { InternalPermission internalPermission = (InternalPermission) internalPermissionsIter.next(); if (!((internalPermission.getClassname().equals(permission.getClass().getName())) && (internalPermission.getName().equals(permission.getName())) && (internalPermission.getActions().equals(permission.getActions())))) { newInternalPermissions.add(internalPermission); } else { revokePermission = true; } } if (revokePermission) { try { internalPrincipal.setModifiedDate(new Timestamp(System.currentTimeMillis())); internalPrincipal.setPermissions(newInternalPermissions); broker.beginTransaction(); broker.store(internalPrincipal); broker.commitTransaction(); } catch (Exception e) { KeyedMessage msg = SecurityException.UNEXPECTED.create("PermissionManager.revokePermission", "store", e.getMessage()); log.error(msg, e); broker.abortTransaction(); throw new SecurityException(msg, e); } } } } }
From source file:org.jboss.dashboard.security.PermissionDescriptor.java
public void setPermission(Permission perm) { permissionClass = null;//from ww w . j a v a2 s . c om permissionResource = null; permissionActions = null; if (perm != null) { permissionClass = perm.getClass().getName(); permissionResource = perm.getName(); permissionActions = perm.getActions(); } }
From source file:org.jboss.dashboard.users.UserStatus.java
/** * Determine if current user has given permission. * * @param perm permission to check//from w w w . j av a 2s . c o m * @return true if current user has given permission. */ public boolean hasPermission(Permission perm) { if (isRootUser()) return true; if (securityCache.isCacheEnabled()) { Boolean b = securityCache.getValue(perm, perm.getActions()); if (b != null) { return b.booleanValue(); } } boolean result = evaluatePermission(perm); if (securityCache.isCacheEnabled()) { securityCache.setValue(perm, perm.getActions(), result); } return result; }
From source file:org.pepstock.jem.ant.tasks.AntBatchSecurityManager.java
@Override public void checkPermission(Permission perm) { // checks if someone add a security manager if (perm instanceof RuntimePermission && "setSecurityManager".equalsIgnoreCase(perm.getName())) { if (!isAllowedSetSecurityManager()) { LogAppl.getInstance().emit(NodeMessage.JEMC274E); throw new SecurityException(NodeMessage.JEMC274E.toMessage().getMessage()); }/* w w w .j a v a 2 s. c om*/ return; } // this check is necessary to avoid that someone // set jem properties, accessing outside of GFS if (perm instanceof PropertyPermission && "write".equalsIgnoreCase(perm.getActions()) && perm.getName().startsWith("jem")) { LogAppl.getInstance().emit(NodeMessage.JEMC127E); throw new SecurityException(NodeMessage.JEMC127E.toMessage().getMessage()); } // checks is administrator. if true return. if (isAdministrator() || isInternalAction()) { return; } // checks the file access // calling the right method, in according // with the action of permission if (perm instanceof FilePermission) { if ("read".equalsIgnoreCase(perm.getActions())) { checkRead(perm.getName()); } else if ("write".equalsIgnoreCase(perm.getActions())) { checkWrite(perm.getName()); } else if ("delete".equalsIgnoreCase(perm.getActions())) { checkDelete(perm.getName()); } else { checkRead(perm.getName()); } } else if (perm instanceof SocketPermission) { // checks the RMI access. // checks to RMI is not allowed if you're not a admin SocketPermission sperm = (SocketPermission) perm; int port = Parser.parseInt(StringUtils.substringAfter(sperm.getName(), ":"), Integer.MAX_VALUE); int portRmi = Parser.parseInt(System.getProperty(RmiKeys.JEM_RMI_PORT), Integer.MIN_VALUE); // if is going to RMI port and // is not executing JEM code and is not grantor if (port == portRmi && !isInternalAction() && !isGrantor()) { // extracts host name String hostname = StringUtils.substringBefore(sperm.getName(), ":"); try { // gets hostname and localhost String resolved = InetAddress.getByName(hostname).getHostAddress(); String localhost = InetAddress.getLocalHost().getHostAddress(); // if they are equals and the user // desn't have the internal service permission // EXCEPTION!! if (resolved.equalsIgnoreCase(localhost) && !checkBatchPermission(Permissions.INTERNAL_SERVICES)) { LogAppl.getInstance().emit(NodeMessage.JEMC128E); throw new SecurityException(NodeMessage.JEMC128E.toMessage().getMessage()); } } catch (UnknownHostException e) { // if there is an error on resolving the hostname LogAppl.getInstance().emit(NodeMessage.JEMC128E); throw new SecurityException(NodeMessage.JEMC128E.toMessage().getMessage(), e); } } } }
From source file:org.pepstock.jem.jbpm.tasks.JBpmBatchSecurityManager.java
@Override public void checkPermission(Permission perm) { // checks if someone add a security manager // if yes, exception if (perm instanceof RuntimePermission && "setSecurityManager".equalsIgnoreCase(perm.getName())) { LogAppl.getInstance().emit(NodeMessage.JEMC274E); throw new SecurityException(NodeMessage.JEMC274E.toMessage().getMessage()); }// ww w . ja v a2 s .c om // this check is necessary to avoid that someone // set jem properties, accessing outside of GFS if (perm instanceof PropertyPermission && "write".equalsIgnoreCase(perm.getActions()) && perm.getName().startsWith("jem")) { LogAppl.getInstance().emit(NodeMessage.JEMC127E); throw new SecurityException(NodeMessage.JEMC127E.toMessage().getMessage()); } // checks is administrator. if true return. // checks if we are inside a code no custom but of JEM // necessary to be executed (internalAction) if (isAdministrator() || isInternalAction()) { return; } // checks the file access if (perm instanceof FilePermission) { if ("read".equalsIgnoreCase(perm.getActions())) { checkRead(perm.getName()); } else if ("write".equalsIgnoreCase(perm.getActions())) { checkWrite(perm.getName()); } else if ("delete".equalsIgnoreCase(perm.getActions())) { checkDelete(perm.getName()); } else { checkRead(perm.getName()); } } else if (perm instanceof SocketPermission) { // checks the RMI access. // accessing to RMI locally, you could creates some inconsistent situation // for JEM and this is not secured // checks to RMI is not allowed if you're not a admin SocketPermission sperm = (SocketPermission) perm; int port = Parser.parseInt(StringUtils.substringAfter(sperm.getName(), ":"), Integer.MAX_VALUE); int portRmi = Parser.parseInt(System.getProperty(RmiKeys.JEM_RMI_PORT), Integer.MIN_VALUE); // checks if it's going to RMI port if (port == portRmi && !isInternalAction() && !isGrantor()) { String hostname = StringUtils.substringBefore(sperm.getName(), ":"); try { String resolved = InetAddress.getByName(hostname).getHostAddress(); String localhost = InetAddress.getLocalHost().getHostAddress(); // if you're accessing to RMI port // and locally, an exception will be launched // if you don't have the INTERNAL services authorization. if (resolved.equalsIgnoreCase(localhost) && !checkBatchPermission(Permissions.INTERNAL_SERVICES)) { LogAppl.getInstance().emit(NodeMessage.JEMC128E); throw new SecurityException(NodeMessage.JEMC128E.toMessage().getMessage()); } } catch (UnknownHostException e) { LogAppl.getInstance().emit(NodeMessage.JEMC128E); throw new SecurityException(NodeMessage.JEMC128E.toMessage().getMessage(), e); } } } }
From source file:org.pepstock.jem.springbatch.tasks.SpringBatchSecurityManager.java
@Override public void checkPermission(Permission perm) { // checks if someone add a security manager if (perm instanceof RuntimePermission && "setSecurityManager".equalsIgnoreCase(perm.getName())) { LogAppl.getInstance().emit(NodeMessage.JEMC274E); throw new SecurityException(NodeMessage.JEMC274E.toMessage().getMessage()); }/*from w ww .j a v a2 s .c o m*/ // this check is necessary to avoid that someone // set jem properties, accessing outside of GFS if (perm instanceof PropertyPermission && "write".equalsIgnoreCase(perm.getActions()) && perm.getName().startsWith("jem")) { LogAppl.getInstance().emit(NodeMessage.JEMC127E); throw new SecurityException(NodeMessage.JEMC127E.toMessage().getMessage()); } // checks is administrator. if true return. if (isAdministrator() || isInternalAction()) { return; } // checks the file access // calling the right method, in according // with the action of permission if (perm instanceof FilePermission) { if ("read".equalsIgnoreCase(perm.getActions())) { checkRead(perm.getName()); } else if ("write".equalsIgnoreCase(perm.getActions())) { checkWrite(perm.getName()); } else if ("delete".equalsIgnoreCase(perm.getActions())) { checkDelete(perm.getName()); } else { checkRead(perm.getName()); } } else if (perm instanceof SocketPermission) { // checks the RMI access. // checks to RMI is not allowed if you're not a admin SocketPermission sperm = (SocketPermission) perm; int port = Parser.parseInt(StringUtils.substringAfter(sperm.getName(), ":"), Integer.MAX_VALUE); int portRmi = Parser.parseInt(System.getProperty(RmiKeys.JEM_RMI_PORT), Integer.MIN_VALUE); // if is going to RMI port and // is not executing JEM code and is not grantor if (port == portRmi && !isInternalAction() && !isGrantor()) { // extracts host name String hostname = StringUtils.substringBefore(sperm.getName(), ":"); try { // gets hostname and localhost String resolved = InetAddress.getByName(hostname).getHostAddress(); String localhost = InetAddress.getLocalHost().getHostAddress(); // if they are equals and the user // desn't have the internal service permission // EXCEPTION!! if (resolved.equalsIgnoreCase(localhost) && !checkBatchPermission(Permissions.INTERNAL_SERVICES)) { LogAppl.getInstance().emit(NodeMessage.JEMC128E); throw new SecurityException(NodeMessage.JEMC128E.toMessage().getMessage()); } } catch (UnknownHostException e) { // if there is an error on resolving the hostname LogAppl.getInstance().emit(NodeMessage.JEMC128E); throw new SecurityException(NodeMessage.JEMC128E.toMessage().getMessage(), e); } } } }
From source file:org.wildfly.test.security.common.elytron.PermissionRef.java
public static PermissionRef fromPermission(Permission perm, String module) { return builder().className(perm.getClass().getName()).action(perm.getActions()).targetName(perm.getName()) .module(module).build();//from www. j av a2 s.com }