Package org.wildfly.security.manager

Class WildFlySecurityManager

java.lang.Object
java.lang.SecurityManager
org.wildfly.security.manager.WildFlySecurityManager
All Implemented Interfaces:
PermissionVerifier
@MetaInfServices(java.lang.SecurityManager.class) public final class WildFlySecurityManager extends SecurityManager implements PermissionVerifier
The security manager. This security manager implementation can be switched on and off on a per-thread basis, and additionally logs access violations in a way that should be substantially clearer than most JDK implementations.
Author:
David M. Lloyd

  • Constructor Details

    • WildFlySecurityManager

      public WildFlySecurityManager() throws SecurityException
      Construct a new instance. If the caller does not have permission to do so, this method will throw an exception.
      Throws:
      SecurityException - if the caller does not have permission to create a security manager instance

  • Method Details

    • install

      @Deprecated public static void install() throws SecurityException
      Deprecated.
      Throws:
      SecurityException

    • isChecking

      public static boolean isChecking()
      Determine whether the security manager is currently checking permissions.
      Returns:
      true if the security manager is currently checking permissions

    • checkPermission

      public void checkPermission(Permission perm) throws SecurityException
      Perform a permission check.
      Specified by:
      checkPermission in interface PermissionVerifier
      Overrides:
      checkPermission in class SecurityManager
      Parameters:
      perm - the permission to check
      Throws:
      SecurityException - if the check fails

    • checkPermission

      public void checkPermission(Permission perm, Object context) throws SecurityException
      Perform a permission check.
      Overrides:
      checkPermission in class SecurityManager
      Parameters:
      perm - the permission to check
      context - the security context to use for the check (must be an AccessControlContext instance)
      Throws:
      SecurityException - if the check fails

    • findAccessDenial

      public static ProtectionDomain findAccessDenial(Permission permission, ProtectionDomain... domains)
      Find the protection domain in the given list which denies a permission, or null if the permission check would pass.
      Parameters:
      permission - the permission to test
      domains - the protection domains to try
      Returns:
      the first denying protection domain, or null if there is none

    • tryCheckPermission

      public static boolean tryCheckPermission(Permission permission, ProtectionDomain... domains)
      Try a permission check. Any violations will be logged to the org.wildfly.security.access category at a DEBUG level.
      Parameters:
      permission - the permission to check
      domains - the protection domains to try
      Returns:
      true if the access check succeeded, false otherwise

    • implies

      public boolean implies(Permission permission)
      Description copied from interface: PermissionVerifier
      Determine if the permission is verified by this object.
      Specified by:
      implies in interface PermissionVerifier
      Parameters:
      permission - the permission to verify (must not be null)
      Returns:
      true if the permission is implied by this verifier, false otherwise

    • checkPermission

      public void checkPermission(Permission perm, AccessControlContext context) throws SecurityException
      Perform a permission check.
      Parameters:
      perm - the permission to check
      context - the security context to use for the check
      Throws:
      SecurityException - if the check fails

    • checkCreateClassLoader

      public void checkCreateClassLoader()
      Overrides:
      checkCreateClassLoader in class SecurityManager

    • checkAccess

      public void checkAccess(Thread t)
      Overrides:
      checkAccess in class SecurityManager

    • checkAccess

      public void checkAccess(ThreadGroup g)
      Overrides:
      checkAccess in class SecurityManager

    • checkExit

      public void checkExit(int status)
      Overrides:
      checkExit in class SecurityManager

    • checkExec

      public void checkExec(String cmd)
      Overrides:
      checkExec in class SecurityManager

    • checkLink

      public void checkLink(String lib)
      Overrides:
      checkLink in class SecurityManager

    • checkRead

      public void checkRead(FileDescriptor fd)
      Overrides:
      checkRead in class SecurityManager

    • checkRead

      public void checkRead(String file)
      Overrides:
      checkRead in class SecurityManager

    • checkRead

      public void checkRead(String file, Object context)
      Overrides:
      checkRead in class SecurityManager

    • checkWrite

      public void checkWrite(FileDescriptor fd)
      Overrides:
      checkWrite in class SecurityManager

    • checkWrite

      public void checkWrite(String file)
      Overrides:
      checkWrite in class SecurityManager

    • checkDelete

      public void checkDelete(String file)
      Overrides:
      checkDelete in class SecurityManager

    • checkConnect

      public void checkConnect(String host, int port)
      Overrides:
      checkConnect in class SecurityManager

    • checkConnect

      public void checkConnect(String host, int port, Object context)
      Overrides:
      checkConnect in class SecurityManager

    • checkListen

      public void checkListen(int port)
      Overrides:
      checkListen in class SecurityManager

    • checkAccept

      public void checkAccept(String host, int port)
      Overrides:
      checkAccept in class SecurityManager

    • checkMulticast

      public void checkMulticast(InetAddress maddr)
      Overrides:
      checkMulticast in class SecurityManager

    • checkMulticast

      @Deprecated public void checkMulticast(InetAddress maddr, byte ttl)
      Deprecated.
      Overrides:
      checkMulticast in class SecurityManager

    • checkPropertiesAccess

      public void checkPropertiesAccess()
      Overrides:
      checkPropertiesAccess in class SecurityManager

    • checkPropertyAccess

      public void checkPropertyAccess(String key)
      Overrides:
      checkPropertyAccess in class SecurityManager

    • checkPrintJobAccess

      public void checkPrintJobAccess()
      Overrides:
      checkPrintJobAccess in class SecurityManager

    • checkPackageAccess

      public void checkPackageAccess(String pkg)
      Overrides:
      checkPackageAccess in class SecurityManager

    • checkPackageDefinition

      public void checkPackageDefinition(String pkg)
      Overrides:
      checkPackageDefinition in class SecurityManager

    • checkSetFactory

      public void checkSetFactory()
      Overrides:
      checkSetFactory in class SecurityManager

    • checkMemberAccess

      @Deprecated public void checkMemberAccess(Class<?> clazz, int which)
      Deprecated.

    • checkSecurityAccess

      public void checkSecurityAccess(String target)
      Overrides:
      checkSecurityAccess in class SecurityManager

    • doChecked

      public static <T> T doChecked(PrivilegedAction<T> action)
      Perform an action with permission checking enabled. If permission checking is already enabled, the action is simply run.
      Type Parameters:
      T - the action return type
      Parameters:
      action - the action to perform
      Returns:
      the return value of the action

    • doChecked

      public static <T> T doChecked(PrivilegedExceptionAction<T> action) throws PrivilegedActionException
      Perform an action with permission checking enabled. If permission checking is already enabled, the action is simply run.
      Type Parameters:
      T - the action return type
      Parameters:
      action - the action to perform
      Returns:
      the return value of the action
      Throws:
      PrivilegedActionException - if the action threw an exception

    • doChecked

      public static <T> T doChecked(PrivilegedAction<T> action, AccessControlContext context)
      Perform an action with permission checking enabled. If permission checking is already enabled, the action is simply run.
      Type Parameters:
      T - the action return type
      Parameters:
      action - the action to perform
      context - the access control context to use
      Returns:
      the return value of the action

    • doChecked

      public static <T> T doChecked(PrivilegedExceptionAction<T> action, AccessControlContext context) throws PrivilegedActionException
      Perform an action with permission checking enabled. If permission checking is already enabled, the action is simply run.
      Type Parameters:
      T - the action return type
      Parameters:
      action - the action to perform
      context - the access control context to use
      Returns:
      the return value of the action
      Throws:
      PrivilegedActionException - if the action threw an exception

    • doChecked

      public static <T, P> T doChecked(P parameter, ParametricPrivilegedAction<T,P> action)
      Perform an action with permission checking enabled. If permission checking is already enabled, the action is simply run.
      Type Parameters:
      T - the action return type
      P - the action parameter type
      Parameters:
      parameter - the parameter to pass to the action
      action - the action to perform
      Returns:
      the return value of the action

    • doChecked

      public static <T, P> T doChecked(P parameter, ParametricPrivilegedExceptionAction<T,P> action) throws PrivilegedActionException
      Perform an action with permission checking enabled. If permission checking is already enabled, the action is simply run.
      Type Parameters:
      T - the action return type
      P - the action parameter type
      Parameters:
      parameter - the parameter to pass to the action
      action - the action to perform
      Returns:
      the return value of the action
      Throws:
      PrivilegedActionException - if the action threw an exception

    • doChecked

      public static <T, P> T doChecked(P parameter, ParametricPrivilegedAction<T,P> action, AccessControlContext context)
      Perform an action with permission checking enabled. If permission checking is already enabled, the action is simply run.
      Type Parameters:
      T - the action return type
      P - the action parameter type
      Parameters:
      parameter - the parameter to pass to the action
      action - the action to perform
      context - the access control context to use
      Returns:
      the return value of the action

    • doChecked

      public static <T, P> T doChecked(P parameter, ParametricPrivilegedExceptionAction<T,P> action, AccessControlContext context) throws PrivilegedActionException
      Perform an action with permission checking enabled. If permission checking is already enabled, the action is simply run.
      Type Parameters:
      T - the action return type
      P - the action parameter type
      Parameters:
      parameter - the parameter to pass to the action
      action - the action to perform
      context - the access control context to use
      Returns:
      the return value of the action
      Throws:
      PrivilegedActionException - if the action threw an exception

    • doUnchecked

      public static <T> T doUnchecked(PrivilegedAction<T> action)
      Perform an action with permission checking disabled. If permission checking is already disabled, the action is simply run. The immediate caller must have the doUnchecked runtime permission.
      Type Parameters:
      T - the action return type
      Parameters:
      action - the action to perform
      Returns:
      the return value of the action

    • doUnchecked

      public static <T> T doUnchecked(PrivilegedExceptionAction<T> action) throws PrivilegedActionException
      Perform an action with permission checking disabled. If permission checking is already disabled, the action is simply run. The caller must have the doUnchecked runtime permission.
      Type Parameters:
      T - the action return type
      Parameters:
      action - the action to perform
      Returns:
      the return value of the action
      Throws:
      PrivilegedActionException - if the action threw an exception

    • doUnchecked

      public static <T> T doUnchecked(PrivilegedAction<T> action, AccessControlContext context)
      Perform an action with permission checking disabled. If permission checking is already disabled, the action is simply run. The immediate caller must have the doUnchecked runtime permission.
      Type Parameters:
      T - the action return type
      Parameters:
      action - the action to perform
      context - the access control context to use
      Returns:
      the return value of the action

    • doUnchecked

      public static <T> T doUnchecked(PrivilegedExceptionAction<T> action, AccessControlContext context) throws PrivilegedActionException
      Perform an action with permission checking disabled. If permission checking is already disabled, the action is simply run. The caller must have the doUnchecked runtime permission.
      Type Parameters:
      T - the action return type
      Parameters:
      action - the action to perform
      context - the access control context to use
      Returns:
      the return value of the action
      Throws:
      PrivilegedActionException - if the action threw an exception

    • doUnchecked

      public static <T, P> T doUnchecked(P parameter, ParametricPrivilegedAction<T,P> action)
      Perform an action with permission checking disabled. If permission checking is already disabled, the action is simply run. The immediate caller must have the doUnchecked runtime permission.
      Type Parameters:
      T - the action return type
      P - the action parameter type
      Parameters:
      parameter - the parameter to pass to the action
      action - the action to perform
      Returns:
      the return value of the action

    • doUnchecked

      public static <T, P> T doUnchecked(P parameter, ParametricPrivilegedExceptionAction<T,P> action) throws PrivilegedActionException
      Perform an action with permission checking disabled. If permission checking is already disabled, the action is simply run. The caller must have the doUnchecked runtime permission.
      Type Parameters:
      T - the action return type
      P - the action parameter type
      Parameters:
      parameter - the parameter to pass to the action
      action - the action to perform
      Returns:
      the return value of the action
      Throws:
      PrivilegedActionException - if the action threw an exception

    • doUnchecked

      public static <T, P> T doUnchecked(P parameter, ParametricPrivilegedAction<T,P> action, AccessControlContext context)
      Perform an action with permission checking disabled. If permission checking is already disabled, the action is simply run. The immediate caller must have the doUnchecked runtime permission.
      Type Parameters:
      T - the action return type
      P - the action parameter type
      Parameters:
      parameter - the parameter to pass to the action
      action - the action to perform
      context - the access control context to use
      Returns:
      the return value of the action

    • doUnchecked

      public static <T, P> T doUnchecked(P parameter, ParametricPrivilegedExceptionAction<T,P> action, AccessControlContext context) throws PrivilegedActionException
      Perform an action with permission checking disabled. If permission checking is already disabled, the action is simply run. The caller must have the doUnchecked runtime permission.
      Type Parameters:
      T - the action return type
      P - the action parameter type
      Parameters:
      parameter - the parameter to pass to the action
      action - the action to perform
      context - the access control context to use
      Returns:
      the return value of the action
      Throws:
      PrivilegedActionException - if the action threw an exception

    • getPropertyPrivileged

      public static String getPropertyPrivileged(String name, String def)
      Get a property, doing a faster permission check that skips having to execute a privileged action frame.
      Parameters:
      name - the property name
      def - the default value if the property is not found
      Returns:
      the property value, or the default value

    • getEnvPropertyPrivileged

      public static String getEnvPropertyPrivileged(String name, String def)
      Get an environmental property, doing a faster permission check that skips having to execute a privileged action frame.
      Parameters:
      name - the property name
      def - the default value if the property is not found
      Returns:
      the property value, or the default value

    • setPropertyPrivileged

      public static String setPropertyPrivileged(String name, String value)
      Set a property, doing a faster permission check that skips having to execute a privileged action frame.
      Parameters:
      name - the property name
      value - the value ot set
      Returns:
      the previous property value, or null if there was none

    • clearPropertyPrivileged

      public static String clearPropertyPrivileged(String name)
      Clear a property, doing a faster permission check that skips having to execute a privileged action frame.
      Parameters:
      name - the property name
      Returns:
      the previous property value, or null if there was none

    • getCurrentContextClassLoaderPrivileged

      public static ClassLoader getCurrentContextClassLoaderPrivileged()
      Get the current thread's context class loader, doing a faster permission check that skips having to execute a privileged action frame.
      Returns:
      the context class loader

    • setCurrentContextClassLoaderPrivileged

      public static ClassLoader setCurrentContextClassLoaderPrivileged(ClassLoader newClassLoader)
      Set the current thread's context class loader, doing a faster permission check that skips having to execute a privileged action frame.
      Parameters:
      newClassLoader - the new class loader to set
      Returns:
      the previously set context class loader

    • setCurrentContextClassLoaderPrivileged

      public static ClassLoader setCurrentContextClassLoaderPrivileged(Class<?> clazz)
      Set the current thread's context class loader, doing a faster permission check that skips having to execute a privileged action frame.
      Parameters:
      clazz - the class whose class loader is the new class loader to set
      Returns:
      the previously set context class loader

    • getSystemPropertiesPrivileged

      public static Properties getSystemPropertiesPrivileged()
      Get the system properties map, doing a faster permission check that skips having to execute a privileged action frame.
      Returns:
      the system property map

    • getSystemEnvironmentPrivileged

      public static Map<String,String> getSystemEnvironmentPrivileged()
      Get the system environment map, doing a faster permission check that skips having to execute a privileged action frame.
      Returns:
      the system environment map

    • getClassLoaderPrivileged

      public static ClassLoader getClassLoaderPrivileged(Class<?> clazz)
      Get the class loader for a class, doing a faster permission check that skips having to execute a privileged action frame.
      Parameters:
      clazz - the class to check
      Returns:
      the class loader

    • doPrivilegedWithParameter

      public static <T, P> T doPrivilegedWithParameter(P parameter, ParametricPrivilegedAction<T,P> action)
      Execute a parametric privileged action with the given parameter in a privileged context.
      Type Parameters:
      T - the action result type
      P - the parameter type
      Parameters:
      parameter - the parameter to send in to the action
      action - the action to execute
      Returns:
      the action result

    • doPrivilegedWithParameter

      public static <T, P> T doPrivilegedWithParameter(P parameter, ParametricPrivilegedExceptionAction<T,P> action) throws PrivilegedActionException
      Execute a parametric privileged action with the given parameter in a privileged context.
      Type Parameters:
      T - the action result type
      P - the parameter type
      Parameters:
      parameter - the parameter to send in to the action
      action - the action to execute
      Returns:
      the action result
      Throws:
      PrivilegedActionException

    • doPrivilegedWithParameter

      public static <T, P> T doPrivilegedWithParameter(P parameter, ParametricPrivilegedAction<T,P> action, AccessControlContext accessControlContext)
      Execute a parametric privileged action with the given parameter with the given context.
      Type Parameters:
      T - the action result type
      P - the parameter type
      Parameters:
      parameter - the parameter to send in to the action
      action - the action to execute
      accessControlContext - the context to use
      Returns:
      the action result

    • doPrivilegedWithParameter

      public static <T, P> T doPrivilegedWithParameter(P parameter, ParametricPrivilegedExceptionAction<T,P> action, AccessControlContext accessControlContext) throws PrivilegedActionException
      Execute a parametric privileged action with the given parameter with the given context.
      Type Parameters:
      T - the action result type
      P - the parameter type
      Parameters:
      parameter - the parameter to send in to the action
      action - the action to execute
      accessControlContext - the context to use
      Returns:
      the action result
      Throws:
      PrivilegedActionException