protected void plainConnect() throws IOException { synchronized (this) { if (connected) { return; } } SocketPermission p = URLtoSocketPermission(this.url); if (p != null) { try { AccessController.doPrivilegedWithCombiner( new PrivilegedExceptionAction<Void>() { public Void run() throws IOException { plainConnect0(); return null; } }, null, p ); } catch (PrivilegedActionException e) { throw (IOException) e.getException(); } } else { // run without additional permission plainConnect0(); } }
/** * Executes the provided operation against this store */ // we can do FS ops with only two elevated permissions: // 1) hadoop dynamic proxy is messy with access rules // 2) allow hadoop to add credentials to our Subject <V> V execute(Operation<V> operation) throws IOException { SpecialPermission.check(); if (closed) { throw new AlreadyClosedException("HdfsBlobStore is closed: " + this); } try { return AccessController.doPrivileged((PrivilegedExceptionAction<V>) () -> operation.run(fileContext), null, new ReflectPermission("suppressAccessChecks"), new AuthPermission("modifyPrivateCredentials"), new SocketPermission("*", "connect")); } catch (PrivilegedActionException pae) { throw (IOException) pae.getException(); } }
/** * Creates one of the well-known permissions directly instead of * via reflection. Keep list short to not penalize non-JDK-defined * permissions. */ private static final Permission getKnownInstance(Class<?> claz, String name, String actions) { if (claz.equals(FilePermission.class)) { return new FilePermission(name, actions); } else if (claz.equals(SocketPermission.class)) { return new SocketPermission(name, actions); } else if (claz.equals(RuntimePermission.class)) { return new RuntimePermission(name, actions); } else if (claz.equals(PropertyPermission.class)) { return new PropertyPermission(name, actions); } else if (claz.equals(NetPermission.class)) { return new NetPermission(name, actions); } else if (claz.equals(AllPermission.class)) { return SecurityConstants.ALL_PERMISSION; } else { return null; } }
protected void plainConnect() throws IOException { synchronized (this) { if (connected) { return; } } SocketPermission p = URLtoSocketPermission(this.url); if (p != null) { try { AccessController.doPrivileged( new PrivilegedExceptionAction<Void>() { public Void run() throws IOException { plainConnect0(); return null; } }, null, p ); } catch (PrivilegedActionException e) { throw (IOException) e.getException(); } } else { // run without additional permission plainConnect0(); } }
@Override public synchronized OutputStream getOutputStream() throws IOException { connecting = true; SocketPermission p = URLtoSocketPermission(this.url); if (p != null) { try { return AccessController.doPrivileged( new PrivilegedExceptionAction<OutputStream>() { public OutputStream run() throws IOException { return getOutputStream0(); } }, null, p ); } catch (PrivilegedActionException e) { throw (IOException) e.getException(); } } else { return getOutputStream0(); } }
@Override public synchronized InputStream getInputStream() throws IOException { connecting = true; SocketPermission p = URLtoSocketPermission(this.url); if (p != null) { try { return AccessController.doPrivileged( new PrivilegedExceptionAction<InputStream>() { public InputStream run() throws IOException { return getInputStream0(); } }, null, p ); } catch (PrivilegedActionException e) { throw (IOException) e.getException(); } } else { return getInputStream0(); } }
/** * Get an applet by name. */ @Override public Applet getApplet(String name) { AppletSecurity security = (AppletSecurity)System.getSecurityManager(); name = name.toLowerCase(); SocketPermission panelSp = new SocketPermission(panel.getCodeBase().getHost(), "connect"); for (Enumeration e = appletPanels.elements() ; e.hasMoreElements() ;) { AppletPanel p = (AppletPanel)e.nextElement(); String param = p.getParameter("name"); if (param != null) { param = param.toLowerCase(); } if (name.equals(param) && p.getDocumentBase().equals(panel.getDocumentBase())) { SocketPermission sp = new SocketPermission(p.getCodeBase().getHost(), "connect"); if (panelSp.implies(sp)) { return p.applet; } } } return null; }
/** * Return an enumeration of all the accessible * applets on this page. */ @Override public Enumeration getApplets() { AppletSecurity security = (AppletSecurity)System.getSecurityManager(); Vector v = new Vector(); SocketPermission panelSp = new SocketPermission(panel.getCodeBase().getHost(), "connect"); for (Enumeration e = appletPanels.elements() ; e.hasMoreElements() ;) { AppletPanel p = (AppletPanel)e.nextElement(); if (p.getDocumentBase().equals(panel.getDocumentBase())) { SocketPermission sp = new SocketPermission(p.getCodeBase().getHost(), "connect"); if (panelSp.implies(sp)) { v.addElement(p.applet); } } } return v.elements(); }
public final Permission getPermission() throws IOException { int hostPort; URL url = getURL(); String hostName = url.getHost(); if (url.getPort() != -1) { hostPort = url.getPort(); } else { hostPort = HttpUrl.defaultPort(url.getProtocol()); } if (usingProxy()) { InetSocketAddress proxyAddress = (InetSocketAddress) this.client.getProxy().address(); hostName = proxyAddress.getHostName(); hostPort = proxyAddress.getPort(); } return new SocketPermission(hostName + ":" + hostPort, "connect, resolve"); }
@Override public synchronized OutputStream getOutputStream() throws IOException { connecting = true; SocketPermission p = URLtoSocketPermission(this.url); if (p != null) { try { return AccessController.doPrivilegedWithCombiner( new PrivilegedExceptionAction<OutputStream>() { public OutputStream run() throws IOException { return getOutputStream0(); } }, null, p ); } catch (PrivilegedActionException e) { throw (IOException) e.getException(); } } else { return getOutputStream0(); } }
@Override public synchronized InputStream getInputStream() throws IOException { connecting = true; SocketPermission p = URLtoSocketPermission(this.url); if (p != null) { try { return AccessController.doPrivilegedWithCombiner( new PrivilegedExceptionAction<InputStream>() { public InputStream run() throws IOException { return getInputStream0(); } }, null, p ); } catch (PrivilegedActionException e) { throw (IOException) e.getException(); } } else { return getInputStream0(); } }
static void trySockPC() throws Exception { try { SocketPermission p0= new SocketPermission("example.com","connect"); PermissionCollection pc = p0.newPermissionCollection(); pc.setReadOnly(); // this should lock out future adds // SocketPermission p1= new SocketPermission("example.net","connect"); pc.add(p1); throw new Exception("Failed...SocketPermission added to readonly SocketPermissionCollection."); } catch (SecurityException se) { System.out.println("SocketPermissionCollection passed"); } }
/** * Creates one of the well-known permissions in the java.base module * directly instead of via reflection. Keep list short to not penalize * permissions from other modules. */ private static Permission getKnownPermission(Class<?> claz, String name, String actions) { if (claz.equals(FilePermission.class)) { return new FilePermission(name, actions); } else if (claz.equals(SocketPermission.class)) { return new SocketPermission(name, actions); } else if (claz.equals(RuntimePermission.class)) { return new RuntimePermission(name, actions); } else if (claz.equals(PropertyPermission.class)) { return new PropertyPermission(name, actions); } else if (claz.equals(NetPermission.class)) { return new NetPermission(name, actions); } else if (claz.equals(AllPermission.class)) { return SecurityConstants.ALL_PERMISSION; } else if (claz.equals(SecurityPermission.class)) { return new SecurityPermission(name, actions); } else { return null; } }
protected void plainConnect() throws IOException { synchronized (this) { if (connected) { return; } } SocketPermission p = URLtoSocketPermission(this.url); if (p != null) { try { AccessController.doPrivilegedWithCombiner( new PrivilegedExceptionAction<>() { public Void run() throws IOException { plainConnect0(); return null; } }, null, p ); } catch (PrivilegedActionException e) { throw (IOException) e.getException(); } } else { // run without additional permission plainConnect0(); } }
@Override public synchronized OutputStream getOutputStream() throws IOException { connecting = true; SocketPermission p = URLtoSocketPermission(this.url); if (p != null) { try { return AccessController.doPrivilegedWithCombiner( new PrivilegedExceptionAction<>() { public OutputStream run() throws IOException { return getOutputStream0(); } }, null, p ); } catch (PrivilegedActionException e) { throw (IOException) e.getException(); } } else { return getOutputStream0(); } }
@Override public synchronized InputStream getInputStream() throws IOException { connecting = true; SocketPermission p = URLtoSocketPermission(this.url); if (p != null) { try { return AccessController.doPrivilegedWithCombiner( new PrivilegedExceptionAction<>() { public InputStream run() throws IOException { return getInputStream0(); } }, null, p ); } catch (PrivilegedActionException e) { throw (IOException) e.getException(); } } else { return getInputStream0(); } }
private static SocketPermission getSocketPermissionFor(URI url) { if (System.getSecurityManager() == null) { return null; } StringBuilder sb = new StringBuilder(); String host = url.getHost(); sb.append(host); int port = url.getPort(); if (port == -1) { String scheme = url.getScheme(); if ("http".equals(scheme)) { sb.append(":80"); } else { // scheme must be https sb.append(":443"); } } else { sb.append(':') .append(Integer.toString(port)); } String target = sb.toString(); return new SocketPermission(target, "connect"); }
/** * Get an applet by name. */ @Override public Applet getApplet(String name) { AppletSecurity security = (AppletSecurity)System.getSecurityManager(); name = name.toLowerCase(); SocketPermission panelSp = new SocketPermission(panel.getCodeBase().getHost(), "connect"); for (Enumeration<AppletPanel> e = appletPanels.elements() ; e.hasMoreElements() ;) { AppletPanel p = e.nextElement(); String param = p.getParameter("name"); if (param != null) { param = param.toLowerCase(); } if (name.equals(param) && p.getDocumentBase().equals(panel.getDocumentBase())) { SocketPermission sp = new SocketPermission(p.getCodeBase().getHost(), "connect"); if (panelSp.implies(sp)) { return p.applet; } } } return null; }
/** * Return an enumeration of all the accessible * applets on this page. */ @Override public Enumeration<Applet> getApplets() { AppletSecurity security = (AppletSecurity)System.getSecurityManager(); Vector<Applet> v = new Vector<>(); SocketPermission panelSp = new SocketPermission(panel.getCodeBase().getHost(), "connect"); for (Enumeration<AppletPanel> e = appletPanels.elements() ; e.hasMoreElements() ;) { AppletPanel p = e.nextElement(); if (p.getDocumentBase().equals(panel.getDocumentBase())) { SocketPermission sp = new SocketPermission(p.getCodeBase().getHost(), "connect"); if (panelSp.implies(sp)) { v.addElement(p.applet); } } } return v.elements(); }
private static SocketPermission getSocketPermissionFor(URI url) { if (System.getSecurityManager() == null) return null; StringBuilder sb = new StringBuilder(); String host = url.getHost(); sb.append(host); int port = url.getPort(); if (port == -1) { String scheme = url.getScheme(); if ("http".equals(scheme)) { sb.append(":80"); } else { // scheme must be https sb.append(":443"); } } else { sb.append(':') .append(Integer.toString(port)); } String target = sb.toString(); return new SocketPermission(target, "connect"); }
