You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@avalon.apache.org by ni...@apache.org on 2004/01/05 16:42:31 UTC
cvs commit: avalon-sandbox/security/src/tests Component.java ComponentImpl.java InnerContainer.java InnerContainerImpl.java Main.java OuterContainer.java OuterContainerImpl.java
niclas 2004/01/05 07:42:31
Added: security build.properties build.xml run.sh security.policy
security/src/tests Component.java ComponentImpl.java
InnerContainer.java InnerContainerImpl.java
Main.java OuterContainer.java
OuterContainerImpl.java
Log:
A little test to figure out how to do nested codebase level security.
Revision Changes Path
1.1 avalon-sandbox/security/build.properties
Index: build.properties
===================================================================
java.dir=src/tests
build.classes=build/classes
build.debug=on
build.optimize=off
build.deprecation=on
1.1 avalon-sandbox/security/build.xml
Index: build.xml
===================================================================
<project name="security" default="all" basedir="." >
<target name="prepare" >
<property file="build.properties" />
</target>
<target name="compile" depends="prepare" >
<mkdir dir="${build.classes}" />
<javac
srcdir="${java.dir}"
destdir="${build.classes}"
debug="${build.debug}"
optimize="${build.optimize}"
deprecation="${build.deprecation}">
</javac>
</target>
<target name="package" depends="compile" >
<jar jarfile="main.jar" basedir="${build.classes}" includes="Main.class, OuterContainer.class" />
<jar jarfile="outer.jar" basedir="${build.classes}" includes="OuterContainerImpl*.class, InnerContainer.class" />
<jar jarfile="inner.jar" basedir="${build.classes}" includes="InnerContainerImpl*.class, Component.class" />
<jar jarfile="component.jar" basedir="${build.classes}" includes="ComponentImpl.class" />
</target>
<target name="all" depends="package" />
<target name="clean" depends="prepare" >
<delete dir="build/" />
<delete file="main.jar" />
<delete file="outer.jar" />
<delete file="inner.jar" />
<delete file="component.jar" />
</target>
</project>
1.1 avalon-sandbox/security/run.sh
Index: run.sh
===================================================================
#!/bin/sh
#
java -Djava.security.policy=security.policy \
-Djava.security.manager= -cp main.jar Main
1.1 avalon-sandbox/security/security.policy
Index: security.policy
===================================================================
grant {
permission java.security.AllPermission;
};
1.1 avalon-sandbox/security/src/tests/Component.java
Index: Component.java
===================================================================
public interface Component
{
void doProtectedMethod();
}
1.1 avalon-sandbox/security/src/tests/ComponentImpl.java
Index: ComponentImpl.java
===================================================================
import java.security.*;
public class ComponentImpl
implements Component
{
public void doProtectedMethod()
{
Permission perm = new RuntimePermission( "doProtected" );
AccessController.checkPermission( perm );
System.out.println( "Phase 1 OK. <-- Custom Permission in Component passed." );
try
{
String s = System.getProperty( "java.home" );
System.out.println( "JavaHome=" + s );
System.out.println( "Phase 2 failed." );
} catch( SecurityException e )
{
System.out.println( "Phase 2 OK. <-- Component reads a non-allowed property, and is denied" );
}
}
}
1.1 avalon-sandbox/security/src/tests/InnerContainer.java
Index: InnerContainer.java
===================================================================
public interface InnerContainer
{
void doThatMethod() throws Exception;
}
1.1 avalon-sandbox/security/src/tests/InnerContainerImpl.java
Index: InnerContainerImpl.java
===================================================================
import java.io.*;
import java.net.*;
import java.security.*;
import java.util.*;
public class InnerContainerImpl
implements InnerContainer
{
private Component m_Component;
private AccessControlContext m_AccContext;
public InnerContainerImpl()
throws Exception
{
ClassLoader parentCL = getClass().getClassLoader();
File f = new File( System.getProperty( "user.dir" ), "component.jar" );
CodeSource cs = new CodeSource( f.toURL(), null );
Permissions p = new Permissions();
Permission perm = new RuntimePermission( "doProtected" );
p.add( perm );
ProtectionDomain pd = new ProtectionDomain( cs, p );
ProtectionDomain[] domains = new ProtectionDomain[] { pd };
m_AccContext = new AccessControlContext( domains );
m_Component = (Component) Main.instantiate( f, "ComponentImpl", parentCL );
}
public void doThatMethod() throws Exception
{
String s = System.getProperty( "java.home" );
System.out.println( "Phase 0 OK. <-- Container reads an allowed Property, and passed." );
AccessController.doPrivileged( new PrivilegedExceptionAction()
{
public Object run() throws Exception
{
m_Component.doProtectedMethod();
return null;
}
}, m_AccContext );
try
{
s = System.getProperty( "java.vendor" );
System.out.println( "Java Vendor=" + s );
} catch( SecurityException e )
{
System.out.println( "Phase 3 OK. <-- Container reads a non-allowed Property, and is denied." );
}
}
}
1.1 avalon-sandbox/security/src/tests/Main.java
Index: Main.java
===================================================================
import java.io.*;
import java.net.*;
import java.security.*;
import java.util.*;
public class Main
{
static public void main( String[] args )
throws Exception
{
System.out.println( "Starting." );
ClassLoader parentCL = Main.class.getClassLoader();
File f = new File( System.getProperty( "user.dir" ), "outer.jar" );
OuterContainer container = (OuterContainer) instantiate( f, "OuterContainerImpl", parentCL );
container.doThisMethod();
System.out.println( "Finishing." );
}
static public Object instantiate( File jarFile, String classname, ClassLoader parent )
throws Exception
{
URL url = jarFile.toURL();
URL[] urls = new URL[] { url };
URLClassLoader cl = new URLClassLoader( urls, parent );
Class cls = cl.loadClass( classname );
return cls.newInstance();
}
}
1.1 avalon-sandbox/security/src/tests/OuterContainer.java
Index: OuterContainer.java
===================================================================
public interface OuterContainer
{
void doThisMethod() throws Exception;
}
1.1 avalon-sandbox/security/src/tests/OuterContainerImpl.java
Index: OuterContainerImpl.java
===================================================================
import java.io.*;
import java.net.*;
import java.security.*;
import java.util.*;
public class OuterContainerImpl
implements OuterContainer
{
private InnerContainer m_Inner;
private AccessControlContext m_AccContext;
public OuterContainerImpl()
throws Exception
{
ClassLoader parentCL = getClass().getClassLoader();
File f = new File( System.getProperty( "user.dir" ), "inner.jar" );
CodeSource cs = new CodeSource( f.toURL(), null );
Permissions p = new Permissions();
Permission perm = new RuntimePermission( "doProtected" );
p.add( perm );
perm = new PropertyPermission( "java.home", "read" );
p.add( perm );
ProtectionDomain pd = new ProtectionDomain( cs, p );
ProtectionDomain[] domains = new ProtectionDomain[] { pd };
m_AccContext = new AccessControlContext( domains );
m_Inner = (InnerContainer) Main.instantiate( f, "InnerContainerImpl", parentCL );
}
public void doThisMethod() throws Exception
{
AccessController.doPrivileged( new PrivilegedExceptionAction()
{
public Object run() throws Exception
{
m_Inner.doThatMethod();
return null;
}
}, m_AccContext );
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: cvs-unsubscribe@avalon.apache.org
For additional commands, e-mail: cvs-help@avalon.apache.org