Examples of PolicyFile

com.getperka.flatpack.policy.pst.PolicyFile
The root node for interpreting a policy file.
gnu.java.security.PolicyFile
org.apache.sentry.provider.file.PolicyFile
PolicyFile creator. Written specifically to be used with tests. Specifically due to the fact that methods that would typically return true or false to indicate success or failure these methods throw an unchecked exception. This is because in a test if you mean to remove a user from the policy file, the user should absolutely be there. If not, the test is mis-behaving.
sun.security.provider.PolicyFile
he code is comes from "foo.com" and is running as "Duke", // grant it read/write to all files in /tmp. grant codeBase "foo.com", principal foo.com.Principal "Duke" { permission java.io.FilePermission "/tmp/*", "read,write"; }; // grant any code running as "Duke" permission to read // the "java.vendor" Property. grant principal foo.com.Principal "Duke" { permission java.util.PropertyPermission "java.vendor"; This Policy implementation supports special handling of any permission that contains the string, "${{self}}", as part of its target name. When such a permission is evaluated (such as during a security check), ${{self}} is replaced with one or more Principal class/name pairs. The exact replacement performed depends upon the contents of the grant clause to which the permission belongs.
If the grant clause does not contain any principal information, the permission will be ignored (permissions containing ${{self}} in their target names are only valid in the context of a principal-based grant clause). For example, BarPermission will always be ignored in the following grant clause:
```
 grant codebase "www.foo.com", signedby "duke" { permission BarPermission "... ${{self}} ..."; }; 
```
If the grant clause contains principal information, ${{self}} will be replaced with that same principal information. For example, ${{self}} in BarPermission will be replaced by javax.security.auth.x500.X500Principal "cn=Duke" in the following grant clause:
```
 grant principal javax.security.auth.x500.X500Principal "cn=Duke" { permission BarPermission "... ${{self}} ..."; }; 
```
If there is a comma-separated list of principals in the grant clause, then ${{self}} will be replaced by the same comma-separated list or principals. In the case where both the principal class and name are wildcarded in the grant clause, ${{self}} is replaced with all the principals associated with the Subject in the current AccessControlContext.
For PrivateCredentialPermissions, you can also use "self" instead of "${{self}}". However the use of "self" is deprecated in favour of "${{self}}". @see java.security.CodeSource @see java.security.Permissions @see java.security.ProtectionDomain

Examples of com.getperka.flatpack.policy.pst.PolicyFile

      return false;
    }


    @Override
    public boolean visit(PolicyFile x) {
      PolicyFile n = new PolicyFile();
      n.setAllows(clone(x.getAllows()));
      n.setPackagePolicies(clone(x.getPackagePolicies()));
      n.setTypePolicies(clone(x.getTypePolicies()));
      n.setVerbs(clone(x.getVerbs()));
      stack.push(n);
      return false;
    }

View Full Code Here

Examples of com.getperka.flatpack.policy.pst.PolicyFile


  /**
   * The top-level parse rule.
   */
  public Rule PolicyFile() {
    Var<PolicyFile> x = new Var<PolicyFile>(new PolicyFile());
    return Sequence(
        PolicyBlock(x),
        EOI);
  }

View Full Code Here

Examples of com.getperka.flatpack.policy.pst.PolicyFile

   * Parse the test file, and shuffle the elements to ensure that there aren't any test dependencies
   * on the particulars of how the contents of the file are ordered.
   */
  @Test
  public void testShuffle() {
    PolicyFile policyFile = loadTestPolicy();


    final Random r = new Random(0);
    for (int i = 0; i < 10; i++) {
      policyFile.accept(new PolicyVisitor() {


        /**
         * Shuffle nested lists.
         */
        @Override
        public void traverse(List<? extends PolicyNode> list) {
          if (list != null) {
            Collections.shuffle(list, r);
          }
          super.traverse(list);
        }


        /**
         * Don't re-order the internal state of an Ident.
         */
        @Override
        public boolean visit(Ident<?> x) {
          return false;
        }
      });


      try {
        doTest(policyFile.toSource());
      } catch (IllegalArgumentException e) {
        System.err.println(i + " Failing source:\n" + policyFile.toSource());
        throw e;
      }
    }
  }

View Full Code Here

Examples of com.getperka.flatpack.policy.pst.PolicyFile

  }


  @Test
  public void test() throws IOException {
    String contents = FileUtils.readAllText(getClass().getResourceAsStream("test.policy"));
    PolicyFile p = (PolicyFile) testRule(parser.PolicyFile(), contents);


    // Test print-parse-print to make sure nothing is getting lost
    String string = p.toSource();
    PolicyFile p2 = (PolicyFile) testRule(parser.PolicyFile(), string);
    assertEquals(string, p2.toSource());
  }

View Full Code Here

Examples of com.getperka.flatpack.policy.pst.PolicyFile

  }


  @Test
  public void testCloner() throws IOException {
    String contents = FileUtils.readAllText(getClass().getResourceAsStream("test.policy"));
    PolicyFile p = (PolicyFile) testRule(parser.PolicyFile(), contents);
    PolicyFile p2 = new PolicyCloner().clone(p);


    assertEquals(p.toSource(), p2.toSource());
  }

View Full Code Here

Examples of gnu.java.security.PolicyFile


    /**
     * Initialize this instance.
     */
    public JNodePolicy(ExtensionPoint permissionsEp) {
        this.policyFile = new PolicyFile(ClassLoader
            .getSystemResource("/org/jnode/security/jnode.policy"));
        this.codeSource2Permissions = new HashMap<CodeSource, PermissionCollection>();
        this.permissionsEp = permissionsEp;
        loadExtensions();
    }

View Full Code Here

Examples of org.apache.sentry.provider.file.PolicyFile

  /**
   * Tests that users in two groups work correctly
   **/
  @Test
  public void testAdmin5() throws Exception {
    policyFile = new PolicyFile();
    policyFile
        .addRolesToGroup("admin_group1", ADMINGROUP)
        .addRolesToGroup("admin_group2", ADMINGROUP)
        .addPermissionsToRole(ADMINGROUP, "server=server1")
        .addGroupsToUser("admin1", "admin_group1", "admin_group2")

View Full Code Here

Examples of org.apache.sentry.provider.file.PolicyFile

  /**
   * Tests that user with two roles the most powerful role takes effect
   **/
  @Test
  public void testGroup2() throws Exception {
    policyFile = new PolicyFile();
    policyFile
        .addRolesToGroup("group1", ADMINGROUP, "analytics")
        .addPermissionsToRole(ADMINGROUP, "server=server1")
        .addPermissionsToRole("analytics", "server=server1->db=" + dbName)
        .addGroupsToUser("user1", "group1")

View Full Code Here

Examples of org.apache.sentry.provider.file.PolicyFile

  /**
   * Tests that user names with special characters are handled correctly
   **/
  @Test
  public void testGroup7() throws Exception {
    policyFile = new PolicyFile();
    policyFile
        .addRolesToGroup("group1", ADMINGROUP)
        .addPermissionsToRole(ADMINGROUP, "server=server1")
        .addGroupsToUser("user1~!@#$%^&*()+-", "group1")
        .addGroupsToUser("user2", "group1")

View Full Code Here

Examples of org.apache.sentry.provider.file.PolicyFile

  }
  @Test
  public void testPerDbFileCannotContainUsersOrDatabases() throws Exception {
    PolicyEngine policy;
    ImmutableSet<String> permissions;
    PolicyFile policyFile;
    // test sanity
    policyFile = PolicyFile.setAdminOnServer1("admin");
    policyFile.addGroupsToUser("admin1", "admin");
    policyFile.write(globalPolicyFile);
    policyFile.write(otherPolicyFile);
    policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
    permissions = policy.getPermissions(
        Arrays.asList(new Authorizable[] {
            new Server("server1")
    }), Lists.newArrayList("admin")).get("admin");
    Assert.assertEquals(permissions.toString(), "[server=server1]");
    // test to ensure [users] fails parsing of per-db file
    policyFile.addDatabase("other", otherPolicyFile.getPath());
    policyFile.write(globalPolicyFile);
    policyFile.write(otherPolicyFile);
    policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
    permissions = policy.getPermissions(
        Arrays.asList(new Authorizable[] {
            new Server("server1")
    }), Lists.newArrayList("admin")).get("admin");
    Assert.assertEquals(permissions.toString(), "[server=server1]");
    // test to ensure [databases] fails parsing of per-db file
    // by removing the user mapping from the per-db policy file
    policyFile.removeGroupsFromUser("admin1", "admin")
      .write(otherPolicyFile);
    policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
    permissions = policy.getPermissions(
        Arrays.asList(new Authorizable[] {
            new Server("server1")

View Full Code Here

0 1 2 3 4

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.