|
Java example source code file (AcceptPermissions.java)
The AcceptPermissions.java Java example source code/* * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ /* * @test * @bug 9999999 * @summary default principal can act as anyone * @compile -XDignore.symbol.file AcceptPermissions.java * @run main/othervm AcceptPermissions two * @run main/othervm AcceptPermissions unbound */ import java.nio.file.Files; import java.nio.file.Paths; import java.nio.file.StandardOpenOption; import java.security.Permission; import javax.security.auth.kerberos.ServicePermission; import sun.security.jgss.GSSUtil; import java.util.*; public class AcceptPermissions extends SecurityManager { private static Map<Permission,String> perms = new HashMap<>(); @Override public void checkPermission(Permission perm) { if (!(perm instanceof ServicePermission)) { return; } ServicePermission sp = (ServicePermission)perm; if (!sp.getActions().equals("accept")) { return; } // We only care about accept ServicePermission in this test try { super.checkPermission(sp); } catch (SecurityException se) { if (perms.containsKey(sp)) { perms.put(sp, "checked"); } else { throw se; // We didn't expect this is needed } } } // Fills in permissions we are expecting private static void initPerms(String... names) { perms.clear(); for (String name: names) { perms.put(new ServicePermission( name + "@" + OneKDC.REALM, "accept"), "expected"); } } // Checks if they are all checked private static void checkPerms() { for (Map.Entry<Permission,String> entry: perms.entrySet()) { if (entry.getValue().equals("expected")) { throw new RuntimeException( "Expected but not used: " + entry.getKey()); } } } public static void main(String[] args) throws Exception { System.setSecurityManager(new AcceptPermissions()); new OneKDC(null).writeJAASConf(); String moreEntries = "two {\n" + " com.sun.security.auth.module.Krb5LoginModule required" + " principal=\"" + OneKDC.SERVER + "\" useKeyTab=true" + " isInitiator=false storeKey=true;\n" + " com.sun.security.auth.module.Krb5LoginModule required" + " principal=\"" + OneKDC.BACKEND + "\" useKeyTab=true" + " isInitiator=false storeKey=true;\n" + "};\n" + "unbound {" + " com.sun.security.auth.module.Krb5LoginModule required" + " principal=* useKeyTab=true" + " isInitiator=false storeKey=true;\n" + "};\n"; Files.write(Paths.get(OneKDC.JAAS_CONF), moreEntries.getBytes(), StandardOpenOption.APPEND); Context c, s; // In all cases, a ServicePermission on the acceptor name is needed // for a handshake. For default principal with no predictable name, // permission not needed (yet) for credentials creation. // Named principal initPerms(OneKDC.SERVER); c = Context.fromJAAS("client"); s = Context.fromJAAS("server"); c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); s.startAsServer(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); checkPerms(); initPerms(OneKDC.SERVER); Context.handshake(c, s); checkPerms(); // Named principal (even if there are 2 JAAS modules) initPerms(OneKDC.SERVER); c = Context.fromJAAS("client"); s = Context.fromJAAS(args[0]); c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); s.startAsServer(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); checkPerms(); initPerms(OneKDC.SERVER); Context.handshake(c, s); checkPerms(); // Default principal with a predictable name initPerms(OneKDC.SERVER); c = Context.fromJAAS("client"); s = Context.fromJAAS("server"); c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); checkPerms(); initPerms(OneKDC.SERVER); Context.handshake(c, s); checkPerms(); // Default principal with no predictable name initPerms(); // permission not needed for cred !!! c = Context.fromJAAS("client"); s = Context.fromJAAS(args[0]); c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); checkPerms(); initPerms(OneKDC.SERVER); // still needed for handshake !!! Context.handshake(c, s); checkPerms(); } } Other Java examples (source code examples)Here is a short list of links related to this Java AcceptPermissions.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2024 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.