Java 类javax.management.MBeanTrustPermission 实例源码

private static void checkMBeanTrustPermission(final Class<?> theClass)
    throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        Permission perm = new MBeanTrustPermission("register");
        PrivilegedAction<ProtectionDomain> act =
            new PrivilegedAction<ProtectionDomain>() {
                public ProtectionDomain run() {
                    return theClass.getProtectionDomain();
                }
            };
        ProtectionDomain pd = AccessController.doPrivileged(act);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });
        sm.checkPermission(perm, acc);
    }
}

private static void checkMBeanTrustPermission(final Class<?> theClass)
    throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        Permission perm = new MBeanTrustPermission("register");
        PrivilegedAction<ProtectionDomain> act =
            new PrivilegedAction<ProtectionDomain>() {
                public ProtectionDomain run() {
                    return theClass.getProtectionDomain();
                }
            };
        ProtectionDomain pd = AccessController.doPrivileged(act);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });
        sm.checkPermission(perm, acc);
    }
}

private static void checkMBeanTrustPermission(final Class<?> theClass)
    throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        Permission perm = new MBeanTrustPermission("register");
        PrivilegedAction<ProtectionDomain> act =
            new PrivilegedAction<ProtectionDomain>() {
                public ProtectionDomain run() {
                    return theClass.getProtectionDomain();
                }
            };
        ProtectionDomain pd = AccessController.doPrivileged(act);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });
        sm.checkPermission(perm, acc);
    }
}

private static void checkMBeanTrustPermission(final Class<?> theClass)
    throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        Permission perm = new MBeanTrustPermission("register");
        PrivilegedAction<ProtectionDomain> act =
            new PrivilegedAction<ProtectionDomain>() {
                public ProtectionDomain run() {
                    return theClass.getProtectionDomain();
                }
            };
        ProtectionDomain pd = AccessController.doPrivileged(act);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });
        sm.checkPermission(perm, acc);
    }
}

private static void checkMBeanTrustPermission(final Class<?> theClass)
    throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        Permission perm = new MBeanTrustPermission("register");
        PrivilegedAction<ProtectionDomain> act =
            new PrivilegedAction<ProtectionDomain>() {
                public ProtectionDomain run() {
                    return theClass.getProtectionDomain();
                }
            };
        ProtectionDomain pd = AccessController.doPrivileged(act);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });
        sm.checkPermission(perm, acc);
    }
}

private static void checkMBeanTrustPermission(final Class<?> theClass)
    throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        Permission perm = new MBeanTrustPermission("register");
        PrivilegedAction<ProtectionDomain> act =
            new PrivilegedAction<ProtectionDomain>() {
                public ProtectionDomain run() {
                    return theClass.getProtectionDomain();
                }
            };
        ProtectionDomain pd = AccessController.doPrivileged(act);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });
        sm.checkPermission(perm, acc);
    }
}

private static void checkMBeanTrustPermission(final Class<?> theClass)
    throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        Permission perm = new MBeanTrustPermission("register");
        PrivilegedAction<ProtectionDomain> act =
            new PrivilegedAction<ProtectionDomain>() {
                public ProtectionDomain run() {
                    return theClass.getProtectionDomain();
                }
            };
        ProtectionDomain pd = AccessController.doPrivileged(act);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });
        sm.checkPermission(perm, acc);
    }
}

private static void checkMBeanTrustPermission(final Class<?> theClass)
    throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        Permission perm = new MBeanTrustPermission("register");
        PrivilegedAction<ProtectionDomain> act =
            new PrivilegedAction<ProtectionDomain>() {
                public ProtectionDomain run() {
                    return theClass.getProtectionDomain();
                }
            };
        ProtectionDomain pd = AccessController.doPrivileged(act);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });
        sm.checkPermission(perm, acc);
    }
}

private static void checkMBeanTrustPermission(final Class<?> theClass)
    throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        Permission perm = new MBeanTrustPermission("register");
        PrivilegedAction<ProtectionDomain> act =
            new PrivilegedAction<ProtectionDomain>() {
                public ProtectionDomain run() {
                    return theClass.getProtectionDomain();
                }
            };
        ProtectionDomain pd = AccessController.doPrivileged(act);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });
        sm.checkPermission(perm, acc);
    }
}

private static void checkMBeanTrustPermission(final Class<?> theClass)
    throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        Permission perm = new MBeanTrustPermission("register");
        PrivilegedAction<ProtectionDomain> act =
            new PrivilegedAction<ProtectionDomain>() {
                public ProtectionDomain run() {
                    return theClass.getProtectionDomain();
                }
            };
        ProtectionDomain pd = AccessController.doPrivileged(act);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });
        sm.checkPermission(perm, acc);
    }
}

private static void checkMBeanTrustPermission(final Class<?> theClass)
    throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        Permission perm = new MBeanTrustPermission("register");
        PrivilegedAction<ProtectionDomain> act =
            new PrivilegedAction<ProtectionDomain>() {
                public ProtectionDomain run() {
                    return theClass.getProtectionDomain();
                }
            };
        ProtectionDomain pd = AccessController.doPrivileged(act);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });
        sm.checkPermission(perm, acc);
    }
}

public static void createServiceActivatorDeployment(File destination, String objectName, Class mbeanClass) throws IOException {
    final JavaArchive archive = ShrinkWrap.create(JavaArchive.class);
    archive.addClass(ServiceActivatorDeployment.class);
    archive.addClass(mbeanClass);
    archive.addAsServiceProvider(ServiceActivator.class, ServiceActivatorDeployment.class);
    StringBuilder sb = new StringBuilder();
    sb.append(ServiceActivatorDeployment.MBEAN_CLASS_NAME);
    sb.append('=');
    sb.append(mbeanClass.getName());
    sb.append("\n");
    sb.append(ServiceActivatorDeployment.MBEAN_OBJECT_NAME);
    sb.append('=');
    sb.append(objectName);
    sb.append("\n");
    archive.addAsManifestResource(PermissionUtils.createPermissionsXmlAsset(
            getMBeanPermission(mbeanClass, objectName, "registerMBean"),
            getMBeanPermission(mbeanClass, objectName, "unregisterMBean"),
            new MBeanTrustPermission("register")),
            "permissions.xml");
    archive.addAsManifestResource(new StringAsset("Dependencies: org.jboss.msc,org.jboss.as.jmx,org.jboss.as.server,org.jboss.as.controller\n"), "MANIFEST.MF");
    archive.addAsResource(new StringAsset(sb.toString()), ServiceActivatorDeployment.PROPERTIES_RESOURCE);
    archive.as(ZipExporter.class).exportTo(destination);
}

private static void checkMBeanTrustPermission(final Class<?> theClass)
    throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        Permission perm = new MBeanTrustPermission("register");
        PrivilegedAction<ProtectionDomain> act =
            new PrivilegedAction<ProtectionDomain>() {
                public ProtectionDomain run() {
                    return theClass.getProtectionDomain();
                }
            };
        ProtectionDomain pd = AccessController.doPrivileged(act);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });
        sm.checkPermission(perm, acc);
    }
}

private static void checkMBeanTrustPermission(final Class<?> theClass)
    throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        Permission perm = new MBeanTrustPermission("register");
        PrivilegedAction<ProtectionDomain> act =
            new PrivilegedAction<ProtectionDomain>() {
                public ProtectionDomain run() {
                    return theClass.getProtectionDomain();
                }
            };
        ProtectionDomain pd = AccessController.doPrivileged(act);
        AccessControlContext acc =
            new AccessControlContext(new ProtectionDomain[] { pd });
        sm.checkPermission(perm, acc);
    }
}

public void setPermissions() {
    col.add(new MBeanPermission("*#*[*:*]", "registerMBean"));
    col.add(new LoggingPermission("control", null));
    col.add(new SecurityPermission("*"));
    col.add(new PropertyPermission("*", "read,write"));
    col.add(new RuntimePermission("*"));
    col.add(new MBeanTrustPermission("*"));
}

private Main installSecurityPolicy() throws Exception {
  Config config = readConfig();
  List<Permission> permissions = new ArrayList<>();

  // Need access to the network interface/port to which we listen
  PortInfo listen = PortInfo.parseUrl(config.getString("listen.url", "http://localhost:8000"));
  permissions.add(new SocketPermission("*:" + listen.port(), "listen,resolve"));

  // Configurable list of servers to which we can connect
  String csv = config.getString("connect.outbound");
  if (csv != null) {
    for (String s : csv.split(",")) {
      permissions.add(new SocketPermission(s, "connect,resolve"));
    }
  }

  // For fake security we need to act as a client to our own embedded authentication
  if (config.getBooleanOrFalse("insecure.fake.security")) {
    permissions.add(new SocketPermission("localhost:" + listen.port(), "connect,resolve"));
  }

  // Connecting to centralized authentication server
  PortInfo authServer = PortInfo.parseUrl(config.getString("auth.server.base.uri"));
  if (authServer != null) {
    permissions.add(new SocketPermission(authServer.host() + ":" + authServer.port(), "connect,resolve"));
  }

  // These two are for hsqldb to store its database files
  permissions.add(new FilePermission(workDir() + "/.hsql", "read,write,delete"));
  permissions.add(new FilePermission(workDir() + "/.hsql/-", "read,write,delete"));

  // In case we are terminating SSL/TLS on the server
  permissions.add(new FilePermission(workDir() + "/local.ssl.jks", "read"));

  // Vert.x default directory for handling file uploads
  permissions.add(new FilePermission(workDir() + "/file-uploads", "read,write"));

  // The SAML implementation needs these four (xml parsing; write metadata into conf)
  permissions.add(new FilePermission(workDir() + "/conf", "read,write"));
  permissions.add(new FilePermission(workDir() + "/conf/-", "read,write"));
  permissions.add(new SecurityPermission("org.apache.xml.security.register"));
  permissions.add(new PropertyPermission("org.apache.xml.security.ignoreLineBreaks", "write"));

  // Oracle JDBC driver requires these
  Flavor flavor = Flavor.fromJdbcUrl(config.getString("database.url", "jdbc:postgresql:"));
  if (flavor == Flavor.oracle) {
    permissions.add(new MBeanServerPermission("createMBeanServer"));
    permissions.add(new ManagementPermission("control"));
    permissions.add(new MBeanPermission("*", "registerMBean"));
    permissions.add(new MBeanTrustPermission("register"));
  }

  setSecurityPolicy(permissions.toArray(new Permission[0]));
  return this;
}

protected boolean checkMBeanTrustPermission(MBeanTrustPermission perm) {
    return true;
}

public void setPermissions() {
    col.add(new SecurityPermission("*"));
    col.add(new PropertyPermission("*", "read"));
    col.add(new RuntimePermission("*"));
    col.add(new MBeanTrustPermission("*"));
}

public void setPermissions() {
    col.add(new SecurityPermission("*"));
    col.add(new PropertyPermission("*", "read"));
    col.add(new RuntimePermission("*"));
    col.add(new MBeanTrustPermission("*"));
}