1 /*
   2  * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /*
  25  * @test
  26  * @bug 8047771
  27  * @summary check permissions and principals from various modules
  28  * @modules java.desktop
  29  *          java.logging
  30  *          java.management
  31  *          java.security.jgss
  32  *          java.smartcardio
  33  *          java.sql
  34  *          java.xml
  35  *          java.xml.bind
  36  *          java.xml.ws
  37  *          jdk.attach
  38  *          jdk.jdi
  39  *          jdk.net
  40  *          jdk.security.auth
  41  *          jdk.security.jgss
  42  * @compile --add-modules=java.xml.ws,java.smartcardio Modules.java
  43  * @run main/othervm/java.security.policy==modules.policy Modules
  44  */
  45 
  46 import java.security.AccessController;
  47 import java.security.Permission;
  48 import java.security.Principal;
  49 import java.security.PrivilegedAction;
  50 import java.util.Arrays;
  51 import java.util.Collections;
  52 import java.util.HashSet;
  53 import java.util.Set;
  54 import javax.security.auth.Subject;
  55 
  56 public class Modules {
  57 
  58     private final static Permission[] perms = new Permission[] {
  59         // java.base module
  60         new java.io.SerializablePermission("enableSubstitution"),
  61         new java.lang.reflect.ReflectPermission("suppressAccessChecks"),
  62         new java.nio.file.LinkPermission("hard"),
  63         new javax.net.ssl.SSLPermission("getSSLSessionContext"),
  64         new javax.security.auth.AuthPermission("doAsPrivileged"),
  65         new javax.security.auth.PrivateCredentialPermission("* * \"*\"",
  66                                                             "read"),
  67         // java.base module (@jdk.Exported Permissions)
  68         new jdk.net.NetworkPermission("setOption.SO_FLOW_SLA"),
  69         // java.desktop module
  70         new java.awt.AWTPermission("createRobot"),
  71         new javax.sound.sampled.AudioPermission("play"),
  72         // java.logging module
  73         new java.util.logging.LoggingPermission("control", ""),
  74         // java.management module
  75         new java.lang.management.ManagementPermission("control"),
  76         new javax.management.MBeanPermission("*", "getAttribute"),
  77         new javax.management.MBeanServerPermission("createMBeanServer"),
  78         new javax.management.MBeanTrustPermission("register"),
  79         new javax.management.remote.SubjectDelegationPermission("*"),
  80         // java.security.jgss module
  81         new javax.security.auth.kerberos.DelegationPermission("\"*\" \"*\""),
  82         new javax.security.auth.kerberos.ServicePermission("*", "accept"),
  83         // java.sql module
  84         new java.sql.SQLPermission("setLog"),
  85         // java.xml.bind module
  86         new javax.xml.bind.JAXBPermission("setDatatypeConverter"),
  87         // java.xml.ws module
  88         new javax.xml.ws.WebServicePermission("publishEndpoint"),
  89         // java.smartcardio module
  90         new javax.smartcardio.CardPermission("*", "*"),
  91         // jdk.attach module (@jdk.Exported Permissions)
  92         new com.sun.tools.attach.AttachPermission("attachVirtualMachine"),
  93         // jdk.jdi module (@jdk.Exported Permissions)
  94         new com.sun.jdi.JDIPermission("virtualMachineManager"),
  95         // jdk.security.jgss module (@jdk.Exported Permissions)
  96         new com.sun.security.jgss.InquireSecContextPermission("*"),
  97     };
  98 
  99     private final static Principal[] princs = new Principal[] {
 100         // java.base module
 101         new javax.security.auth.x500.X500Principal("CN=Duke"),
 102         // java.management module
 103         new javax.management.remote.JMXPrincipal("Duke"),
 104         // java.security.jgss module
 105         new javax.security.auth.kerberos.KerberosPrincipal("duke@openjdk.org"),
 106         new com.sun.security.auth.UserPrincipal("Duke"),
 107         new com.sun.security.auth.NTDomainPrincipal("openjdk.org"),
 108         new com.sun.security.auth.NTSid(
 109             "S-1-5-21-3623811015-3361044348-30300820-1013"),
 110         new com.sun.security.auth.NTUserPrincipal("Duke"),
 111         new com.sun.security.auth.UnixNumericUserPrincipal("0"),
 112         new com.sun.security.auth.UnixPrincipal("duke"),
 113     };
 114 
 115     public static void main(String[] args) throws Exception {
 116 
 117         for (Permission perm : perms) {
 118             AccessController.checkPermission(perm);
 119         }
 120 
 121         Permission princPerm = new java.util.PropertyPermission("user.home",
 122                                                                 "read");
 123         Set<Principal> princSet = new HashSet<>(Arrays.asList(princs));
 124         Subject subject = new Subject(true, princSet, Collections.emptySet(),
 125                                       Collections.emptySet());
 126         PrivilegedAction<Void> pa = () -> {
 127             AccessController.checkPermission(princPerm);
 128             return null;
 129         };
 130         Subject.doAsPrivileged(subject, pa, null);
 131     }
 132 }