1 /* 2 * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 8047771 27 * @summary check permissions and principals from various modules 28 * @modules java.desktop 29 * java.logging 30 * java.management 31 * java.security.jgss 32 * java.smartcardio 33 * java.sql 34 * java.xml 35 * java.xml.bind 36 * java.xml.ws 37 * jdk.attach 38 * jdk.jdi 39 * jdk.net 40 * jdk.security.auth 41 * jdk.security.jgss 42 * @run main/othervm/java.security.policy==modules.policy Modules 43 */ 44 45 import java.security.AccessController; 46 import java.security.Permission; 47 import java.security.Principal; 48 import java.security.PrivilegedAction; 49 import java.util.Arrays; 50 import java.util.Collections; 51 import java.util.HashSet; 52 import java.util.Set; 53 import javax.security.auth.Subject; 54 55 public class Modules { 56 57 private final static Permission[] perms = new Permission[] { 58 // java.base module 59 new java.io.SerializablePermission("enableSubstitution"), 60 new java.lang.reflect.ReflectPermission("suppressAccessChecks"), 61 new java.nio.file.LinkPermission("hard"), 62 new javax.net.ssl.SSLPermission("getSSLSessionContext"), 63 new javax.security.auth.AuthPermission("doAsPrivileged"), 64 new javax.security.auth.PrivateCredentialPermission("* * \"*\"", 65 "read"), 66 // java.base module (@jdk.Exported Permissions) 67 new jdk.net.NetworkPermission("setOption.SO_FLOW_SLA"), 68 // java.desktop module 69 new java.awt.AWTPermission("createRobot"), 70 new javax.sound.sampled.AudioPermission("play"), 71 // java.logging module 72 new java.util.logging.LoggingPermission("control", ""), 73 // java.management module 74 new java.lang.management.ManagementPermission("control"), 75 new javax.management.MBeanPermission("*", "getAttribute"), 76 new javax.management.MBeanServerPermission("createMBeanServer"), 77 new javax.management.MBeanTrustPermission("register"), 78 new javax.management.remote.SubjectDelegationPermission("*"), 79 // java.security.jgss module 80 new javax.security.auth.kerberos.DelegationPermission("\"*\" \"*\""), 81 new javax.security.auth.kerberos.ServicePermission("*", "accept"), 82 // java.sql module 83 new java.sql.SQLPermission("setLog"), 84 // java.xml.bind module 85 new javax.xml.bind.JAXBPermission("setDatatypeConverter"), 86 // java.xml.ws module 87 new javax.xml.ws.WebServicePermission("publishEndpoint"), 88 // java.smartcardio module 89 new javax.smartcardio.CardPermission("*", "*"), 90 // jdk.attach module (@jdk.Exported Permissions) 91 new com.sun.tools.attach.AttachPermission("attachVirtualMachine"), 92 // jdk.jdi module (@jdk.Exported Permissions) 93 new com.sun.jdi.JDIPermission("virtualMachineManager"), 94 // jdk.security.jgss module (@jdk.Exported Permissions) 95 new com.sun.security.jgss.InquireSecContextPermission("*"), 96 }; 97 98 private final static Principal[] princs = new Principal[] { 99 // java.base module 100 new javax.security.auth.x500.X500Principal("CN=Duke"), 101 // java.management module 102 new javax.management.remote.JMXPrincipal("Duke"), 103 // java.security.jgss module 104 new javax.security.auth.kerberos.KerberosPrincipal("duke@openjdk.org"), 105 new com.sun.security.auth.UserPrincipal("Duke"), 106 new com.sun.security.auth.NTDomainPrincipal("openjdk.org"), 107 new com.sun.security.auth.NTSid( 108 "S-1-5-21-3623811015-3361044348-30300820-1013"), 109 new com.sun.security.auth.NTUserPrincipal("Duke"), 110 new com.sun.security.auth.UnixNumericUserPrincipal("0"), 111 new com.sun.security.auth.UnixPrincipal("duke"), 112 }; 113 114 public static void main(String[] args) throws Exception { 115 116 for (Permission perm : perms) { 117 AccessController.checkPermission(perm); 118 } 119 120 Permission princPerm = new java.util.PropertyPermission("user.home", 121 "read"); 122 Set<Principal> princSet = new HashSet<>(Arrays.asList(princs)); 123 Subject subject = new Subject(true, princSet, Collections.emptySet(), 124 Collections.emptySet()); 125 PrivilegedAction<Void> pa = () -> { 126 AccessController.checkPermission(princPerm); 127 return null; 128 }; 129 Subject.doAsPrivileged(subject, pa, null); 130 } 131 }