Java FilePermission类代码示例

import java.io.FilePermission; //导入依赖的package包/类
/**
 * @bug 8165116
 * Verifies that redirect works properly when extension function is enabled
 *
 * @param xml the XML source
 * @param xsl the stylesheet that redirect output to a file
 * @param output the output file
 * @param redirect the redirect file
 * @throws Exception if the test fails
 **/
@Test(dataProvider = "redirect")
public void testRedirect(String xml, String xsl, String output, String redirect) throws Exception {

    TransformerFactory tf = TransformerFactory.newInstance();
    tf.setFeature(ORACLE_ENABLE_EXTENSION_FUNCTION, true);
    Transformer t = tf.newTransformer(new StreamSource(new StringReader(xsl)));

    //Transform the xml
    tryRunWithTmpPermission(
            () -> t.transform(new StreamSource(new StringReader(xml)), new StreamResult(new StringWriter())),
            new FilePermission(output, "write"), new FilePermission(redirect, "write"));

    // Verifies that the output is redirected successfully
    String userDir = getSystemProperty("user.dir");
    Path pathOutput = Paths.get(userDir, output);
    Path pathRedirect = Paths.get(userDir, redirect);
    Assert.assertTrue(Files.exists(pathOutput));
    Assert.assertTrue(Files.exists(pathRedirect));
    System.out.println("Output to " + pathOutput + " successful.");
    System.out.println("Redirect to " + pathRedirect + " successful.");
    Files.deleteIfExists(pathOutput);
    Files.deleteIfExists(pathRedirect);
}
 

import java.io.FilePermission; //导入依赖的package包/类
private static void check(List<String> files, String expected) {

        StringBuilder actual = new StringBuilder();
        files.forEach(f -> {
            StringBuilder result = new StringBuilder();
            FilePermission fp1 = new FilePermission(f, "read");
            FilePermission fp2 = new FilePermission(
                    new File(f).getAbsolutePath(), "read");
            result.append(fp1.equals(fp2));
            result.append(fp1.implies(fp2));
            result.append(fp1.hashCode() == fp2.hashCode());
            System.out.println(fp1 + " Vs. " + fp2 + " : Result: " + result);
            actual.append(result);
        });
        if (!expected.equals(actual.toString())) {
            throw new RuntimeException("Failed: " + expected + "/" + actual);
        }
    }
 

import java.io.FilePermission; //导入依赖的package包/类
/**
 * checks exact file permissions, meaning those and only those for that path.
 */
static void assertExactPermissions(FilePermission expected, PermissionCollection actual) {
    String target = expected.getName(); // see javadocs
    Set<String> permissionSet = asSet(expected.getActions().split(","));
    boolean read = permissionSet.remove("read");
    boolean readlink = permissionSet.remove("readlink");
    boolean write = permissionSet.remove("write");
    boolean delete = permissionSet.remove("delete");
    boolean execute = permissionSet.remove("execute");
    assertTrue("unrecognized permission: " + permissionSet, permissionSet.isEmpty());
    assertEquals(read, actual.implies(new FilePermission(target, "read")));
    assertEquals(readlink, actual.implies(new FilePermission(target, "readlink")));
    assertEquals(write, actual.implies(new FilePermission(target, "write")));
    assertEquals(delete, actual.implies(new FilePermission(target, "delete")));
    assertEquals(execute, actual.implies(new FilePermission(target, "execute")));
}
 

import java.io.FilePermission; //导入依赖的package包/类
/**
 * Returns the list of permissions for the running test.
 * 
 * @return
 */
protected List<Permission> getTestPermissions() {
	List<Permission> perms = new ArrayList<Permission>();
	perms.add(new PackagePermission("*", PackagePermission.EXPORT));
	perms.add(new PackagePermission("*", PackagePermission.IMPORT));
	perms.add(new BundlePermission("*", BundlePermission.HOST));
	perms.add(new BundlePermission("*", BundlePermission.PROVIDE));
	perms.add(new BundlePermission("*", BundlePermission.REQUIRE));
	perms.add(new ServicePermission("*", ServicePermission.REGISTER));
	perms.add(new ServicePermission("*", ServicePermission.GET));
	perms.add(new PropertyPermission("*", "read,write"));
	// required by Spring
	perms.add(new RuntimePermission("*", "accessDeclaredMembers"));
	perms.add(new ReflectPermission("*", "suppressAccessChecks"));
	// logging permission
	perms.add(new FilePermission("-", "write"));
	perms.add(new FilePermission("-", "read"));
	return perms;
}
 

import java.io.FilePermission; //导入依赖的package包/类
protected List<Permission> getIAndTPermissions() {
	List<Permission> perms = new ArrayList<Permission>();
	// export package
	perms.add(new PackagePermission("*", PackagePermission.EXPORT));
	perms.add(new PackagePermission("*", PackagePermission.IMPORT));
	perms.add(new BundlePermission("*", BundlePermission.FRAGMENT));
	perms.add(new BundlePermission("*", BundlePermission.PROVIDE));
	perms.add(new ServicePermission("*", ServicePermission.REGISTER));
	perms.add(new ServicePermission("*", ServicePermission.GET));
	perms.add(new PropertyPermission("*", "read,write"));

	// required by Spring
	perms.add(new RuntimePermission("*", "accessDeclaredMembers"));
	perms.add(new ReflectPermission("*", "suppressAccessChecks"));

	// logging permission
	perms.add(new FilePermission("-", "write"));
	perms.add(new FilePermission("-", "read"));

	return perms;
}
 

import java.io.FilePermission; //导入依赖的package包/类
public SimplePolicy(TestCase test) {
    basic = new Permissions();
    control = new Permissions();
    control.add(new LoggingPermission("control", null));

    // These permissions are required to call updateConfiguration(Function)
    control.add(new PropertyPermission("java.util.logging.config.file", "read"));
    control.add(new PropertyPermission("java.home", "read"));
    control.add(new FilePermission(
            Paths.get(System.getProperty("user.dir", "."),"-").toString(), "read"));
    control.add(new FilePermission(
            Paths.get(System.getProperty("java.home"),"conf","-").toString(), "read"));

    // these are used for configuring the test itself...
    all = new Permissions();
    all.add(new java.security.AllPermission());

}
 

import java.io.FilePermission; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
    if (args.length == 0) {
        test("p1", "read", "write", "delete", "execute");
        test("p2", "read,write", "delete,execute");
        test("p3", "read,write,delete", "execute");
        test("p4", "read,write,delete,execute");
    } else {
        SecurityManager sm = System.getSecurityManager();
        for (String arg : args) {
            // Use bits to create powerset of ALL_ACTIONS
            IntStream.range(1, 16)
                    .mapToObj(n -> IntStream.range(0, 4)
                            .filter(x -> (n & (1 << x)) != 0)
                            .mapToObj(x -> ALL_ACTIONS[x])
                            .collect(Collectors.joining(",")))
                    .forEach(a -> sm.checkPermission(
                            new FilePermission(arg, a)));
        }
    }
}
 

import java.io.FilePermission; //导入依赖的package包/类
public CachedFile(File tempFile)
{
	this.tempFile = tempFile;

	final Permissions filePermissions = new Permissions();
	final FilePermission crudPermission = new FilePermission(tempFile.getAbsolutePath(), "read,write,delete");
	filePermissions.add(crudPermission);
	debug("filePermissions Added FilePermission for 'read', 'write', 'delete' on " + tempFile.getAbsolutePath());
	filePermissionContext = new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain(null,
		filePermissions)});

	final Permissions openPermissions = new Permissions();
	openPermissions.add(crudPermission);
	debug("openPermissions Added FilePermission for 'read', 'write', 'delete' on " + tempFile.getAbsolutePath());
	openPermissions.add(new FilePermission("<<ALL FILES>>", "execute"));
	debug("openPermissions Added FilePermission for 'execute' on <<ALL FILES>>");
	openPermissions.add(new AWTPermission("showWindowWithoutWarningBanner"));
	debug("openPermissions Added AWTPermission for 'showWindowWithoutWarningBanner'");
	openPermissionContext = new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain(null,
		openPermissions)});

	setAsSynced();
}
 

import java.io.FilePermission; //导入依赖的package包/类
public static ProxyClassesDumper getInstance(String path) {
    if (null == path) {
        return null;
    }
    try {
        path = path.trim();
        final Path dir = Paths.get(path.length() == 0 ? "." : path);
        AccessController.doPrivileged(new PrivilegedAction<Void>() {
                @Override
                public Void run() {
                    validateDumpDir(dir);
                    return null;
                }
            }, null, new FilePermission("<<ALL FILES>>", "read, write"));
        return new ProxyClassesDumper(dir);
    } catch (InvalidPathException ex) {
        PlatformLogger.getLogger(ProxyClassesDumper.class.getName())
                      .warning("Path " + path + " is not valid - dumping disabled", ex);
    } catch (IllegalArgumentException iae) {
        PlatformLogger.getLogger(ProxyClassesDumper.class.getName())
                      .warning(iae.getMessage() + " - dumping disabled");
    }
    return null;
}
 

import java.io.FilePermission; //导入依赖的package包/类
/**
 * Creates one of the well-known permissions directly instead of
 * via reflection. Keep list short to not penalize non-JDK-defined
 * permissions.
 */
private static final Permission getKnownInstance(Class<?> claz,
    String name, String actions) {
    if (claz.equals(FilePermission.class)) {
        return new FilePermission(name, actions);
    } else if (claz.equals(SocketPermission.class)) {
        return new SocketPermission(name, actions);
    } else if (claz.equals(RuntimePermission.class)) {
        return new RuntimePermission(name, actions);
    } else if (claz.equals(PropertyPermission.class)) {
        return new PropertyPermission(name, actions);
    } else if (claz.equals(NetPermission.class)) {
        return new NetPermission(name, actions);
    } else if (claz.equals(AllPermission.class)) {
        return SecurityConstants.ALL_PERMISSION;
    } else {
        return null;
    }
}
 

import java.io.FilePermission; //导入依赖的package包/类
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
    UnixPath link = UnixPath.toUnixPath(obj1);
    // permission check
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
            SecurityConstants.FILE_READLINK_ACTION);
        sm.checkPermission(perm);
    }
    try {
        byte[] target = readlink(link);
        return new UnixPath(link.getFileSystem(), target);
    } catch (UnixException x) {
       if (x.errno() == UnixConstants.EINVAL)
            throw new NotLinkException(link.getPathForExceptionMessage());
        x.rethrowAsIOException(link);
        return null;    // keep compiler happy
    }
}
 

import java.io.FilePermission; //导入依赖的package包/类
public static void main(String[] args) throws Exception {

        boolean test1;
        boolean test2;

        String here = System.getProperty("user.dir");
        File abs = new File(here, "x");
        FilePermission fp1 = new FilePermission("x", "read");
        FilePermission fp2 = new FilePermission(abs.toString(), "read");
        test1 = fp1.equals(fp2);

        try {
            System.getSecurityManager().checkPermission(fp2);
            test2 = true;
        } catch (SecurityException se) {
            test2 = false;
        }

        if (test1 != Boolean.parseBoolean(args[0]) ||
                test2 != Boolean.parseBoolean(args[1])) {
            throw new Exception("Test failed: " + test1 + " " + test2);
        }
    }
 

import java.io.FilePermission; //导入依赖的package包/类
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 

import java.io.FilePermission; //导入依赖的package包/类
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    permissions = new Permissions();
    permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
    permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
    permissions.add(new PropertyPermission("user.dir", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 

import java.io.FilePermission; //导入依赖的package包/类
public static ProxyClassesDumper getInstance(String path) {
    if (null == path) {
        return null;
    }
    try {
        path = path.trim();
        final Path dir = Paths.get(path.length() == 0 ? "." : path);
        AccessController.doPrivileged(new PrivilegedAction<>() {
                @Override
                public Void run() {
                    validateDumpDir(dir);
                    return null;
                }
            }, null, new FilePermission("<<ALL FILES>>", "read, write"));
        return new ProxyClassesDumper(dir);
    } catch (InvalidPathException ex) {
        PlatformLogger.getLogger(ProxyClassesDumper.class.getName())
                      .warning("Path " + path + " is not valid - dumping disabled", ex);
    } catch (IllegalArgumentException iae) {
        PlatformLogger.getLogger(ProxyClassesDumper.class.getName())
                      .warning(iae.getMessage() + " - dumping disabled");
    }
    return null;
}