Java > Open Source Codes > org > apache > tools > ant > types > Permissions


1 /*
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18
19 package org.apache.tools.ant.types;
20
21 import java.security.UnresolvedPermission ;
22 import java.util.HashSet ;
23 import java.util.Iterator ;
24 import java.util.LinkedList ;
25 import java.util.List ;
26 import java.util.Set ;
27 import java.util.StringTokenizer ;
28
29 import org.apache.tools.ant.BuildException;
30 import org.apache.tools.ant.ExitException;
31
32 /**
33  * This class implements a security manager meant for usage by tasks that run inside the
34  * Ant VM. An examples are the Java Task and JUnitTask.
35  *
36  * The basic functionality is that nothing (except for a base set of permissions) is allowed, unless
37  * the permission is granted either explicitly or implicitly.
38  * If a permission is granted this can be overruled by explicitly revoking the permission.
39  *
40  * It is not permissible to add permissions (either granted or revoked) while the Security Manager
41  * is active (after calling setSecurityManager() but before calling restoreSecurityManager()).
42  *
43  * @since Ant 1.6
44  */
45 public class Permissions {
46
47     private List grantedPermissions = new LinkedList ();
48     private List revokedPermissions = new LinkedList ();
49     private java.security.Permissions granted = null;
50     private SecurityManager origSm = null;
51     private boolean active = false;
52     private boolean delegateToOldSM;
53
54     /**
55      * Create a set of Permissions. Equivalent to calling
56      * <code>new Permissions(false)</code>.
57      */
58     public Permissions() {
59         this(false);
60     }
61
62     /**
63      * Create a set of permissions.
64      * @param delegateToOldSM if <code>true</code> the old security manager
65      * will be used if the permission has not been explicitly granted or revoked
66      * in this instance.
67      */
68     public Permissions(boolean delegateToOldSM) {
69         this.delegateToOldSM = delegateToOldSM;
70     }
71
72     /**
73      * Adds a permission to be granted.
74      * @param perm The Permissions.Permission to be granted.
75      */
76     public void addConfiguredGrant(Permissions.Permission perm) {
77         grantedPermissions.add(perm);
78     }
79
80     /**
81      * Adds a permission to be revoked.
82      * @param perm The Permissions.Permission to be revoked
83      */
84     public void addConfiguredRevoke(Permissions.Permission perm) {
85         revokedPermissions.add(perm);
86     }
87
88     /**
89      * To be used by tasks wishing to use this security model before executing the part to be
90      * subject to these Permissions. Note that setting the SecurityManager too early may
91      * prevent your part from starting, as for instance changing classloaders may be prohibited.
92      * The classloader for the new situation is supposed to be present.
93      * @throws BuildException on error
94      */
95     public synchronized void setSecurityManager() throws BuildException {
96         origSm = System.getSecurityManager();
97         init();
98         System.setSecurityManager(new MySM());
99         active = true;
100     }
101
102     /**
103      * Initializes the list of granted permissions, checks the list of revoked permissions.
104      */
105     private void init() throws BuildException {
106         granted = new java.security.Permissions ();
107         for (Iterator i = revokedPermissions.listIterator(); i.hasNext();) {
108             Permissions.Permission p = (Permissions.Permission) i.next();
109             if (p.getClassName() == null) {
110                 throw new BuildException("Revoked permission " + p + " does not contain a class.");
111             }
112         }
113         for (Iterator i = grantedPermissions.listIterator(); i.hasNext();) {
114             Permissions.Permission p = (Permissions.Permission) i.next();
115             if (p.getClassName() == null) {
116                 throw new BuildException("Granted permission " + p + " does not contain a class.");
117             } else {
118                 java.security.Permission perm =
119                     new UnresolvedPermission (p.getClassName(), p.getName(), p.getActions(), null);
120                 granted.add(perm);
121             }
122         }
123         // Add base set of permissions
124 granted.add(new java.net.SocketPermission ("localhost:1024-", "listen"));
125         granted.add(new java.util.PropertyPermission ("java.version", "read"));
126         granted.add(new java.util.PropertyPermission ("java.vendor", "read"));
127         granted.add(new java.util.PropertyPermission ("java.vendor.url", "read"));
128         granted.add(new java.util.PropertyPermission ("java.class.version", "read"));
129         granted.add(new java.util.PropertyPermission ("os.name", "read"));
130         granted.add(new java.util.PropertyPermission ("os.version", "read"));
131         granted.add(new java.util.PropertyPermission ("os.arch", "read"));
132         granted.add(new java.util.PropertyPermission ("file.encoding", "read"));
133         granted.add(new java.util.PropertyPermission ("file.separator", "read"));
134         granted.add(new java.util.PropertyPermission ("path.separator", "read"));
135         granted.add(new java.util.PropertyPermission ("line.separator", "read"));
136         granted.add(new java.util.PropertyPermission ("java.specification.version", "read"));
137         granted.add(new java.util.PropertyPermission ("java.specification.vendor", "read"));
138         granted.add(new java.util.PropertyPermission ("java.specification.name", "read"));
139         granted.add(new java.util.PropertyPermission ("java.vm.specification.version", "read"));
140         granted.add(new java.util.PropertyPermission ("java.vm.specification.vendor", "read"));
141         granted.add(new java.util.PropertyPermission ("java.vm.specification.name", "read"));
142         granted.add(new java.util.PropertyPermission ("java.vm.version", "read"));
143         granted.add(new java.util.PropertyPermission ("java.vm.vendor", "read"));
144         granted.add(new java.util.PropertyPermission ("java.vm.name", "read"));
145     }
146
147     /**
148      * To be used by tasks that just finished executing the parts subject to these permissions.
149      */
150     public synchronized void restoreSecurityManager() {
151         active = false;
152         System.setSecurityManager(origSm);
153     }
154
155     /**
156      * This inner class implements the actual SecurityManager that can be used by tasks
157      * supporting Permissions.
158      */
159     private class MySM extends SecurityManager {
160
161         /**
162          * Exit is treated in a special way in order to be able to return the exit code
163          * towards tasks.
164          * An ExitException is thrown instead of a simple SecurityException to indicate the exit
165          * code.
166          * Overridden from java.lang.SecurityManager
167          * @param status The exit status requested.
168          */
169         public void checkExit(int status) {
170             java.security.Permission perm = new java.lang.RuntimePermission ("exitVM", null);
171             try {
172                 checkPermission(perm);
173             } catch (SecurityException e) {
174                 throw new ExitException(e.getMessage(), status);
175             }
176         }
177
178         /**
179          * The central point in checking permissions.
180          * Overridden from java.lang.SecurityManager
181          *
182          * @param perm The permission requested.
183          */
184         public void checkPermission(java.security.Permission perm) {
185             if (active) {
186                 if (delegateToOldSM && !perm.getName().equals("exitVM")) {
187                     boolean permOK = false;
188                     if (granted.implies(perm)) {
189                         permOK = true;
190                     }
191                     checkRevoked(perm);
192                     /*
193                      if the permission was not explicitly granted or revoked
194                      the original security manager will do its work
195                     */
196                     if (!permOK && origSm != null) {
197                         origSm.checkPermission(perm);
198                     }
199                 } else {
200                     if (!granted.implies(perm)) {
201                         throw new SecurityException ("Permission " + perm + " was not granted.");
202                     }
203                     checkRevoked(perm);
204                 }
205             }
206         }
207
208         /**
209          * throws an exception if this permission is revoked
210          * @param perm the permission being checked
211          */
212         private void checkRevoked(java.security.Permission perm) {
213             for (Iterator i = revokedPermissions.listIterator(); i.hasNext();) {
214                 if (((Permissions.Permission) i.next()).matches(perm)) {
215                     throw new SecurityException ("Permission " + perm + " was revoked.");
216                 }
217             }
218
219         }
220     }
221
222     /** Represents a permission. */
223     public static class Permission {
224         private String className;
225         private String name;
226         private String actionString;
227         private Set actions;
228
229         /**
230          * Set the class, mandatory.
231          * @param aClass The class name of the permission.
232          */
233         public void setClass(String aClass) {
234                 className = aClass.trim();
235         }
236
237         /**
238          * Get the class of the permission.
239          * @return The class name of the permission.
240          */
241         public String getClassName() {
242             return className;
243         }
244
245         /**
246          * Set the name of the permission.
247          * @param aName The name of the permission.
248          */
249         public void setName(String aName) {
250             name = aName.trim();
251         }
252
253         /**
254          * Get the name of the permission.
255          * @return The name of the permission.
256          */
257         public String getName() {
258             return name;
259         }
260
261         /**
262          * Set the actions.
263          * @param actions The actions of the permission.
264          */
265         public void setActions(String actions) {
266             actionString = actions;
267             if (actions.length() > 0) {
268                 this.actions = parseActions(actions);
269             }
270         }
271
272         /**
273          * Get the actions.
274          * @return The actions of the permission.
275          */
276         public String getActions() {
277             return actionString;
278         }
279
280         /**
281          * Learn whether the permission matches in case of a revoked permission.
282          * @param perm The permission to check against.
283          */
284         boolean matches(java.security.Permission perm) {
285             if (!className.equals(perm.getClass().getName())) {
286                 return false;
287             }
288             if (name != null) {
289                 if (name.endsWith("*")) {
290                     if (!perm.getName().startsWith(name.substring(0, name.length() - 1))) {
291                         return false;
292                     }
293                 } else {
294                     if (!name.equals(perm.getName())) {
295                         return false;
296                     }
297                 }
298             }
299             if (actions != null) {
300                 Set as = parseActions(perm.getActions());
301                 int size = as.size();
302                 as.removeAll(actions);
303                 if (as.size() == size) {
304                     // None of the actions revoked, so all allowed.
305 return false;
306                 }
307             }
308             return true;
309         }
310
311         /**
312          * Parses the actions into a set of separate strings.
313          * @param actions The actions to be parsed.
314          */
315         private Set parseActions(String actions) {
316             Set result = new HashSet ();
317             StringTokenizer tk = new StringTokenizer (actions, ",");
318             while (tk.hasMoreTokens()) {
319                 String item = tk.nextToken().trim();
320                 if (!item.equals("")) {
321                     result.add(item);
322                 }
323             }
324             return result;
325         }
326
327         /**
328          * Get a string description of the permissions.
329          * @return string description of the permissions.
330          */
331         public String toString() {
332             return ("Permission: " + className + " (\"" + name + "\", \"" + actions + "\")");
333         }
334     }
335 }
336

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags