Java ProtectionDomain类代码示例

import java.security.ProtectionDomain; //导入依赖的package包/类
public ProtectionDomain[] combine(ProtectionDomain[] current,
                                  ProtectionDomain[] assigned) {
    // Add a new ProtectionDomain with the null codesource/signers, and
    // the empty permission set, to the end of the array containing the
    // 'current' protections domains, i.e. the ones that will be augmented
    // with the permissions granted to the set of principals present in
    // the supplied subject.
    //
    ProtectionDomain[] newCurrent;
    if (current == null || current.length == 0) {
        newCurrent = new ProtectionDomain[1];
        newCurrent[0] = pdNoPerms;
    } else {
        newCurrent = new ProtectionDomain[current.length + 1];
        for (int i = 0; i < current.length; i++) {
            newCurrent[i] = current[i];
        }
        newCurrent[current.length] = pdNoPerms;
    }
    return super.combine(newCurrent, assigned);
}
 

import java.security.ProtectionDomain; //导入依赖的package包/类
public byte[] transform(ClassLoader loader, String className, Class classBeingRedefined,
                        ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {

    byte[] byteCode = classfileBuffer;

    if (className.equals("beans/Sleeping")) {

        try {
            ClassPool cp = ClassPool.getDefault();
            CtClass cc = cp.get("beans.Sleeping");
            CtMethod m = cc.getDeclaredMethod("sleepNow");
            m.addLocalVariable("elapsedTime", CtClass.longType);
            m.insertBefore("elapsedTime = System.currentTimeMillis();");
            m.insertAfter("{elapsedTime = System.currentTimeMillis() - elapsedTime;"
                    + "System.out.println(\"Method Executed in ms: \" + elapsedTime);}");
            byteCode = cc.toBytecode();
            cc.detach();
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }

    return byteCode;
}
 

import java.security.ProtectionDomain; //导入依赖的package包/类
@Override
    public byte[] transform(ClassLoader loader, String className, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {

        if(className.startsWith(TransformConfig.getInstance().getPackageScan())) {
            logger.log(Level.INFO, "-------------------CLASS---------------------");
            logger.log(Level.INFO, "className: " + className);
            ClassReader cr = new ClassReader(classfileBuffer);
            ClassWriter cw = new ClassWriter(ClassWriter.COMPUTE_FRAMES | ClassWriter.COMPUTE_MAXS);

            ClassVisitor classVisitor = new HookClassAdapter(Opcodes.ASM5, cw);
            cr.accept(classVisitor, ClassReader.SKIP_FRAMES);
//            try {
//                FileOutputStream fos = new FileOutputStream(new File("classMod.class"));
//                fos.write(cw.toByteArray());
//                fos.close();
//            } catch (IOException e) {
//                e.printStackTrace();
//            }

            return cw.toByteArray();
        }
        return null;

    }
 

import java.security.ProtectionDomain; //导入依赖的package包/类
private static void checkPerm(PolicyFile p, ProtectionDomain pd)
            throws Exception {
    boolean foundIt = false;
    Enumeration perms = p.getPermissions(pd).elements();
    while (perms.hasMoreElements()) {
        Permission perm = (Permission)perms.nextElement();
        if (!(perm instanceof AllPermission)) {
            throw new SecurityException("expected AllPermission");
        } else {
            foundIt = true;
        }
    }
    if (!foundIt) {
        throw new SecurityException("expected AllPermission");
    }
}
 

import java.security.ProtectionDomain; //导入依赖的package包/类
final void checkPackageAccess(Class<?> cls, ProtectionDomain pd) {
    final SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        if (ReflectUtil.isNonPublicProxyClass(cls)) {
            for (Class<?> intf: cls.getInterfaces()) {
                checkPackageAccess(intf, pd);
            }
            return;
        }

        final String name = cls.getName();
        final int i = name.lastIndexOf('.');
        if (i != -1) {
            AccessController.doPrivileged(new PrivilegedAction<Void>() {
                public Void run() {
                    sm.checkPackageAccess(name.substring(0, i));
                    return null;
                }
            }, new AccessControlContext(new ProtectionDomain[] {pd}));
        }
    }
    domains.add(pd);
}
 

import java.security.ProtectionDomain; //导入依赖的package包/类
public static void main(String[]args) throws Exception {
    final DomainCombiner dc = new DomainCombiner() {
        @Override
        public ProtectionDomain[] combine(ProtectionDomain[] currentDomains, ProtectionDomain[] assignedDomains) {
            return currentDomains; // basically a no-op
        }
    };

    // Get an instance of the saved ACC
    AccessControlContext saved = AccessController.getContext();
    // Simulate the stack ACC with a DomainCombiner attached
    AccessControlContext stack = new AccessControlContext(AccessController.getContext(), dc);

    // Now try to run JavaSecurityAccess.doIntersectionPrivilege() and assert
    // whether the DomainCombiner from the stack ACC is preserved
    boolean ret = SharedSecrets.getJavaSecurityAccess().doIntersectionPrivilege(new PrivilegedAction<Boolean>() {
        @Override
        public Boolean run() {
            return dc == AccessController.getContext().getDomainCombiner();
        }
    }, stack, saved);

    if (!ret) {
        System.exit(1);
    }
}
 

import java.security.ProtectionDomain; //导入依赖的package包/类
@Override
public byte[] transform(ClassLoader loader, String internalClassName, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {
	if (internalClassName != null && classfileBuffer != null) {
		try {
			String className = internalClassName.replace('/', '.');
			for (String prefix : ignores)
				if (className.startsWith(prefix)) return null;

			TransformHandle handle = new TransformHandle(className, classfileBuffer);
			units.forEach(handle::accept);
			if (handle.getResult().isPresent()) {
				byte[] classBuffer = handle.getResult().get();
				if (debug) {
					saveClassFile(className, classBuffer);
				}
				return classBuffer;
			} else {
				return null;
			}
		} catch (Throwable e) {
			log("unable to transform {0}: {1}", internalClassName, e);
			e.printStackTrace();
		}
	}
	return null;
}
 

import java.security.ProtectionDomain; //导入依赖的package包/类
@Override
public boolean implies(ProtectionDomain pd, Permission perm) {
    System.out.println("CustomPolicy.implies");

    // If the protection domain is the same as CustomPolicy, then
    // we return true. This is to prevent recursive permission checks
    // that lead to StackOverflow errors when the policy implementation
    // performs a sensitive operation that triggers a permission check,
    // for example, as below.
    if (pd == policyPd) {
        return true;
    }

    // Do something that triggers a permission check to make sure that
    // we don't cause a StackOverflow error.
    String home = AccessController.doPrivileged(
        (PrivilegedAction<String>) () -> System.getProperty("user.home"));

    return true;
}
 

import java.security.ProtectionDomain; //导入依赖的package包/类
private ClassLoader getClassLoader(final ObjectName name) {
    if(clr == null){
        return null;
    }
    // Restrict to getClassLoader permission only
    Permissions permissions = new Permissions();
    permissions.add(new MBeanPermission("*", null, name, "getClassLoader"));
    ProtectionDomain protectionDomain = new ProtectionDomain(null, permissions);
    ProtectionDomain[] domains = {protectionDomain};
    AccessControlContext ctx = new AccessControlContext(domains);
    ClassLoader loader = AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
        public ClassLoader run() {
            return clr.getClassLoader(name);
        }
    }, ctx);
    return loader;
}
 

import java.security.ProtectionDomain; //导入依赖的package包/类
/**
 * create a context that can read any directories (recursively)
 * mentioned in the class path. In the case of a jar, it has to
 * be the directory containing the jar, not just the jar, as jar
 * files might refer to other jar files.
 */

private static AccessControlContext getContext(File[] cp)
    throws java.net.MalformedURLException
{
    PathPermissions perms =
        new PathPermissions(cp);

    ProtectionDomain domain =
        new ProtectionDomain(new CodeSource(perms.getCodeBase(),
            (java.security.cert.Certificate[]) null),
        perms);

    AccessControlContext acc =
        new AccessControlContext(new ProtectionDomain[] { domain });

    return acc;
}
 

import java.security.ProtectionDomain; //导入依赖的package包/类
private ClassLoader(Void unused, ClassLoader parent) {
    this.parent = parent;
    if (ParallelLoaders.isRegistered(this.getClass())) {
        parallelLockMap = new ConcurrentHashMap<>();
        package2certs = new ConcurrentHashMap<>();
        domains =
            Collections.synchronizedSet(new HashSet<ProtectionDomain>());
        assertionLock = new Object();
    } else {
        // no finer-grained lock; lock on the classloader instance
        parallelLockMap = null;
        package2certs = new Hashtable<>();
        domains = new HashSet<>();
        assertionLock = this;
    }
}
 

import java.security.ProtectionDomain; //导入依赖的package包/类
private void attemptSetNullSecurityManager()
{
	final Permissions permissions = new Permissions();
	permissions.add(new RuntimePermission("setSecurityManager"));
	final AccessControlContext context = new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain(null,
		permissions)});
	AccessController.doPrivileged(new PrivilegedAction<Object>()
	{
		@Override
		public Object run()
		{
			LOGGER.info("About to call System.setSecurityManager(null)");
			System.setSecurityManager(null);
			LOGGER.info("Progressed beyond call to System.setSecurityManager(null)");
			return null;
		}
	}, context);
}
 

import java.security.ProtectionDomain; //导入依赖的package包/类
@Override
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
	String name = method.getName();
	if ("equals".equals(name)) {
		return proxy == args[0];
	}
	else if ("hashCode".equals(name)) {
		return hashCode();
	}
	else if ("toString".equals(name)) {
		return toString();
	}
	else if ("transform".equals(name)) {
		return transform((ClassLoader) args[0], (String) args[1], (Class<?>) args[2],
				(ProtectionDomain) args[3], (byte[]) args[4]);
	}
	else if ("unregisterClassLoader".equals(name)) {
		unregisterClassLoader((ClassLoader) args[0]);
		return null;
	}
	else {
		throw new IllegalArgumentException("Unknown method: " + method);
	}
}
 

import java.security.ProtectionDomain; //导入依赖的package包/类
@Override public byte[] transform(ClassLoader loader, String className,
        Class<?> classBeingRedefined,
        ProtectionDomain protectionDomain, byte[] classfileBuffer)
    throws IllegalClassFormatException {

    if (className.contains("TypeAnnotatedTestClass")) {
        try {
            // Here we remove and re-add the dummy fields. This shuffles the constant pool
            return asm(loader, className, classBeingRedefined, protectionDomain, classfileBuffer);
        } catch (Throwable e) {
            // The retransform native code that called this method does not propagate
            // exceptions. Instead of getting an uninformative generic error, catch
            // problems here and print it, then exit.
            e.printStackTrace();
            System.exit(1);
        }
    }
    return null;
}
 

import java.security.ProtectionDomain; //导入依赖的package包/类
private void postDefineClass(Class<?> c, ProtectionDomain pd)
{
    if (pd.getCodeSource() != null) {
        Certificate certs[] = pd.getCodeSource().getCertificates();
        if (certs != null)
            setSigners(c, certs);
    }
}