Package org.wildfly.security.manager

Class WildFlySecurityManager

    • Field Detail

      • SECURITY_MANAGER_PERMISSION

        private static final Permission SECURITY_MANAGER_PERMISSION

      • PROPERTIES_PERMISSION

        private static final Permission PROPERTIES_PERMISSION

      • ENVIRONMENT_PERMISSION

        private static final Permission ENVIRONMENT_PERMISSION

      • GET_CLASS_LOADER_PERMISSION

        private static final Permission GET_CLASS_LOADER_PERMISSION

      • SET_CLASS_LOADER_PERMISSION

        private static final Permission SET_CLASS_LOADER_PERMISSION

      • ACCESS_DECLARED_MEMBERS_PERMISSION

        private static final Permission ACCESS_DECLARED_MEMBERS_PERMISSION

      • LOG_ONLY

        private static final boolean LOG_ONLY

      • unsafe

        private static final sun.misc.Unsafe unsafe

      • pdStackOffset

        private static final long pdStackOffset

      • hasGetCallerClass

        private static final boolean hasGetCallerClass

      • usingStackWalker

        private static final boolean usingStackWalker

      • ATOMIC_FIELD_UPDATER_TYPES

        private static final Class<?>[] ATOMIC_FIELD_UPDATER_TYPES

    • Constructor Detail

      • WildFlySecurityManager

        public WildFlySecurityManager()
                       throws SecurityException
        Construct a new instance. If the caller does not have permission to do so, this method will throw an exception.
        Throws:
        SecurityException - if the caller does not have permission to create a security manager instance

    • Method Detail

      • getCallerClass

        static Class<?> getCallerClass​(int n)

      • getCallStack

        static Class<?>[] getCallStack()

      • isChecking

        public static boolean isChecking()
        Determine whether the security manager is currently checking permissions.
        Returns:
        true if the security manager is currently checking permissions

      • findAccessDenial

        public static ProtectionDomain findAccessDenial​(Permission permission,
                                                ProtectionDomain... domains)
        Find the protection domain in the given list which denies a permission, or null if the permission check would pass.
        Parameters:
        permission - the permission to test
        domains - the protection domains to try
        Returns:
        the first denying protection domain, or null if there is none

      • tryCheckPermission

        public static boolean tryCheckPermission​(Permission permission,
                                         ProtectionDomain... domains)
        Try a permission check. Any violations will be logged to the org.wildfly.security.access category at a DEBUG level.
        Parameters:
        permission - the permission to check
        domains - the protection domains to try
        Returns:
        true if the access check succeeded, false otherwise

      • implies

        public boolean implies​(Permission permission)
        Description copied from interface: PermissionVerifier
        Determine if the permission is verified by this object.
        Specified by:
        implies in interface PermissionVerifier
        Parameters:
        permission - the permission to verify (must not be null)
        Returns:
        true if the permission is implied by this verifier, false otherwise

      • doCheck

        private static boolean doCheck()

      • isAssignableToOneOf

        private static boolean isAssignableToOneOf​(Class<?> test,
                                           Class<?>... expect)

      • checkMemberAccess

        @Deprecated
public void checkMemberAccess​(Class<?> clazz,
                              int which)
        Deprecated.

      • doChecked

        public static <T> T doChecked​(PrivilegedAction<T> action)
        Perform an action with permission checking enabled. If permission checking is already enabled, the action is simply run.
        Type Parameters:
        T - the action return type
        Parameters:
        action - the action to perform
        Returns:
        the return value of the action

      • doChecked

        public static <T> T doChecked​(PrivilegedExceptionAction<T> action)
                       throws PrivilegedActionException
        Perform an action with permission checking enabled. If permission checking is already enabled, the action is simply run.
        Type Parameters:
        T - the action return type
        Parameters:
        action - the action to perform
        Returns:
        the return value of the action
        Throws:
        PrivilegedActionException - if the action threw an exception

      • doChecked

        public static <T> T doChecked​(PrivilegedAction<T> action,
                              AccessControlContext context)
        Perform an action with permission checking enabled. If permission checking is already enabled, the action is simply run.
        Type Parameters:
        T - the action return type
        Parameters:
        action - the action to perform
        context - the access control context to use
        Returns:
        the return value of the action

      • doChecked

        public static <T> T doChecked​(PrivilegedExceptionAction<T> action,
                              AccessControlContext context)
                       throws PrivilegedActionException
        Perform an action with permission checking enabled. If permission checking is already enabled, the action is simply run.
        Type Parameters:
        T - the action return type
        Parameters:
        action - the action to perform
        context - the access control context to use
        Returns:
        the return value of the action
        Throws:
        PrivilegedActionException - if the action threw an exception

      • doChecked

        public static <T,​P> T doChecked​(P parameter,
                                      ParametricPrivilegedAction<T,​P> action)
        Perform an action with permission checking enabled. If permission checking is already enabled, the action is simply run.
        Type Parameters:
        T - the action return type
        P - the action parameter type
        Parameters:
        parameter - the parameter to pass to the action
        action - the action to perform
        Returns:
        the return value of the action

      • doChecked

        public static <T,​P> T doChecked​(P parameter,
                                      ParametricPrivilegedExceptionAction<T,​P> action)
                               throws PrivilegedActionException
        Perform an action with permission checking enabled. If permission checking is already enabled, the action is simply run.
        Type Parameters:
        T - the action return type
        P - the action parameter type
        Parameters:
        parameter - the parameter to pass to the action
        action - the action to perform
        Returns:
        the return value of the action
        Throws:
        PrivilegedActionException - if the action threw an exception

      • doChecked

        public static <T,​P> T doChecked​(P parameter,
                                      ParametricPrivilegedAction<T,​P> action,
                                      AccessControlContext context)
        Perform an action with permission checking enabled. If permission checking is already enabled, the action is simply run.
        Type Parameters:
        T - the action return type
        P - the action parameter type
        Parameters:
        parameter - the parameter to pass to the action
        action - the action to perform
        context - the access control context to use
        Returns:
        the return value of the action

      • doChecked

        public static <T,​P> T doChecked​(P parameter,
                                      ParametricPrivilegedExceptionAction<T,​P> action,
                                      AccessControlContext context)
                               throws PrivilegedActionException
        Perform an action with permission checking enabled. If permission checking is already enabled, the action is simply run.
        Type Parameters:
        T - the action return type
        P - the action parameter type
        Parameters:
        parameter - the parameter to pass to the action
        action - the action to perform
        context - the access control context to use
        Returns:
        the return value of the action
        Throws:
        PrivilegedActionException - if the action threw an exception

      • doUnchecked

        public static <T> T doUnchecked​(PrivilegedAction<T> action)
        Perform an action with permission checking disabled. If permission checking is already disabled, the action is simply run. The immediate caller must have the doUnchecked runtime permission.
        Type Parameters:
        T - the action return type
        Parameters:
        action - the action to perform
        Returns:
        the return value of the action

      • doUnchecked

        public static <T> T doUnchecked​(PrivilegedExceptionAction<T> action)
                         throws PrivilegedActionException
        Perform an action with permission checking disabled. If permission checking is already disabled, the action is simply run. The caller must have the doUnchecked runtime permission.
        Type Parameters:
        T - the action return type
        Parameters:
        action - the action to perform
        Returns:
        the return value of the action
        Throws:
        PrivilegedActionException - if the action threw an exception

      • doUnchecked

        public static <T> T doUnchecked​(PrivilegedAction<T> action,
                                AccessControlContext context)
        Perform an action with permission checking disabled. If permission checking is already disabled, the action is simply run. The immediate caller must have the doUnchecked runtime permission.
        Type Parameters:
        T - the action return type
        Parameters:
        action - the action to perform
        context - the access control context to use
        Returns:
        the return value of the action

      • doUnchecked

        public static <T> T doUnchecked​(PrivilegedExceptionAction<T> action,
                                AccessControlContext context)
                         throws PrivilegedActionException
        Perform an action with permission checking disabled. If permission checking is already disabled, the action is simply run. The caller must have the doUnchecked runtime permission.
        Type Parameters:
        T - the action return type
        Parameters:
        action - the action to perform
        context - the access control context to use
        Returns:
        the return value of the action
        Throws:
        PrivilegedActionException - if the action threw an exception

      • doUnchecked

        public static <T,​P> T doUnchecked​(P parameter,
                                        ParametricPrivilegedAction<T,​P> action)
        Perform an action with permission checking disabled. If permission checking is already disabled, the action is simply run. The immediate caller must have the doUnchecked runtime permission.
        Type Parameters:
        T - the action return type
        P - the action parameter type
        Parameters:
        parameter - the parameter to pass to the action
        action - the action to perform
        Returns:
        the return value of the action

      • doUnchecked

        public static <T,​P> T doUnchecked​(P parameter,
                                        ParametricPrivilegedExceptionAction<T,​P> action)
                                 throws PrivilegedActionException
        Perform an action with permission checking disabled. If permission checking is already disabled, the action is simply run. The caller must have the doUnchecked runtime permission.
        Type Parameters:
        T - the action return type
        P - the action parameter type
        Parameters:
        parameter - the parameter to pass to the action
        action - the action to perform
        Returns:
        the return value of the action
        Throws:
        PrivilegedActionException - if the action threw an exception

      • doUnchecked

        public static <T,​P> T doUnchecked​(P parameter,
                                        ParametricPrivilegedAction<T,​P> action,
                                        AccessControlContext context)
        Perform an action with permission checking disabled. If permission checking is already disabled, the action is simply run. The immediate caller must have the doUnchecked runtime permission.
        Type Parameters:
        T - the action return type
        P - the action parameter type
        Parameters:
        parameter - the parameter to pass to the action
        action - the action to perform
        context - the access control context to use
        Returns:
        the return value of the action

      • doUnchecked

        public static <T,​P> T doUnchecked​(P parameter,
                                        ParametricPrivilegedExceptionAction<T,​P> action,
                                        AccessControlContext context)
                                 throws PrivilegedActionException
        Perform an action with permission checking disabled. If permission checking is already disabled, the action is simply run. The caller must have the doUnchecked runtime permission.
        Type Parameters:
        T - the action return type
        P - the action parameter type
        Parameters:
        parameter - the parameter to pass to the action
        action - the action to perform
        context - the access control context to use
        Returns:
        the return value of the action
        Throws:
        PrivilegedActionException - if the action threw an exception

      • checkPropertyReadPermission

        private static void checkPropertyReadPermission​(Class<?> clazz,
                                                String propertyName)

      • checkEnvPropertyReadPermission

        private static void checkEnvPropertyReadPermission​(Class<?> clazz,
                                                   String propertyName)

      • checkPropertyWritePermission

        private static void checkPropertyWritePermission​(Class<?> clazz,
                                                 String propertyName)

      • checkPDPermission

        private static void checkPDPermission​(Class<?> clazz,
                                      Permission permission)

      • getPropertyPrivileged

        public static String getPropertyPrivileged​(String name,
                                           String def)
        Get a property, doing a faster permission check that skips having to execute a privileged action frame.
        Parameters:
        name - the property name
        def - the default value if the property is not found
        Returns:
        the property value, or the default value

      • def

        private static <T> T def​(T test,
                         T def)

      • getEnvPropertyPrivileged

        public static String getEnvPropertyPrivileged​(String name,
                                              String def)
        Get an environmental property, doing a faster permission check that skips having to execute a privileged action frame.
        Parameters:
        name - the property name
        def - the default value if the property is not found
        Returns:
        the property value, or the default value

      • setPropertyPrivileged

        public static String setPropertyPrivileged​(String name,
                                           String value)
        Set a property, doing a faster permission check that skips having to execute a privileged action frame.
        Parameters:
        name - the property name
        value - the value ot set
        Returns:
        the previous property value, or null if there was none

      • clearPropertyPrivileged

        public static String clearPropertyPrivileged​(String name)
        Clear a property, doing a faster permission check that skips having to execute a privileged action frame.
        Parameters:
        name - the property name
        Returns:
        the previous property value, or null if there was none

      • getCurrentContextClassLoaderPrivileged

        public static ClassLoader getCurrentContextClassLoaderPrivileged()
        Get the current thread's context class loader, doing a faster permission check that skips having to execute a privileged action frame.
        Returns:
        the context class loader

      • setCurrentContextClassLoaderPrivileged

        public static ClassLoader setCurrentContextClassLoaderPrivileged​(ClassLoader newClassLoader)
        Set the current thread's context class loader, doing a faster permission check that skips having to execute a privileged action frame.
        Parameters:
        newClassLoader - the new class loader to set
        Returns:
        the previously set context class loader

      • setCurrentContextClassLoaderPrivileged

        public static ClassLoader setCurrentContextClassLoaderPrivileged​(Class<?> clazz)
        Set the current thread's context class loader, doing a faster permission check that skips having to execute a privileged action frame.
        Parameters:
        clazz - the class whose class loader is the new class loader to set
        Returns:
        the previously set context class loader

      • getSystemPropertiesPrivileged

        public static Properties getSystemPropertiesPrivileged()
        Get the system properties map, doing a faster permission check that skips having to execute a privileged action frame.
        Returns:
        the system property map

      • getSystemEnvironmentPrivileged

        public static Map<String,​String> getSystemEnvironmentPrivileged()
        Get the system environment map, doing a faster permission check that skips having to execute a privileged action frame.
        Returns:
        the system environment map

      • getClassLoaderPrivileged

        public static ClassLoader getClassLoaderPrivileged​(Class<?> clazz)
        Get the class loader for a class, doing a faster permission check that skips having to execute a privileged action frame.
        Parameters:
        clazz - the class to check
        Returns:
        the class loader

      • doPrivilegedWithParameter

        public static <T,​P> T doPrivilegedWithParameter​(P parameter,
                                                      ParametricPrivilegedAction<T,​P> action)
        Execute a parametric privileged action with the given parameter in a privileged context.
        Type Parameters:
        T - the action result type
        P - the parameter type
        Parameters:
        parameter - the parameter to send in to the action
        action - the action to execute
        Returns:
        the action result

      • doPrivilegedWithParameter

        public static <T,​P> T doPrivilegedWithParameter​(P parameter,
                                                      ParametricPrivilegedExceptionAction<T,​P> action)
                                               throws PrivilegedActionException
        Execute a parametric privileged action with the given parameter in a privileged context.
        Type Parameters:
        T - the action result type
        P - the parameter type
        Parameters:
        parameter - the parameter to send in to the action
        action - the action to execute
        Returns:
        the action result
        Throws:
        PrivilegedActionException

      • doPrivilegedWithParameter

        public static <T,​P> T doPrivilegedWithParameter​(P parameter,
                                                      ParametricPrivilegedAction<T,​P> action,
                                                      AccessControlContext accessControlContext)
        Execute a parametric privileged action with the given parameter with the given context.
        Type Parameters:
        T - the action result type
        P - the parameter type
        Parameters:
        parameter - the parameter to send in to the action
        action - the action to execute
        accessControlContext - the context to use
        Returns:
        the action result

      • doPrivilegedWithParameter

        public static <T,​P> T doPrivilegedWithParameter​(P parameter,
                                                      ParametricPrivilegedExceptionAction<T,​P> action,
                                                      AccessControlContext accessControlContext)
                                               throws PrivilegedActionException
        Execute a parametric privileged action with the given parameter with the given context.
        Type Parameters:
        T - the action result type
        P - the parameter type
        Parameters:
        parameter - the parameter to send in to the action
        action - the action to execute
        accessControlContext - the context to use
        Returns:
        the action result
        Throws:
        PrivilegedActionException

      • getCallerAccessControlContext

        private static AccessControlContext getCallerAccessControlContext()