geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jdil...@apache.org
Subject svn commit: r663505 - /geronimo/gshell/trunk/gshell-plugin/src/main/java/org/apache/geronimo/gshell/application/ApplicationSecurityManager.java
Date Thu, 05 Jun 2008 08:59:31 GMT
Author: jdillon
Date: Thu Jun  5 01:59:31 2008
New Revision: 663505

URL: http://svn.apache.org/viewvc?rev=663505&view=rev
Log:
Add permission logging and checks for more stuff which application/commands must not do

Modified:
    geronimo/gshell/trunk/gshell-plugin/src/main/java/org/apache/geronimo/gshell/application/ApplicationSecurityManager.java

Modified: geronimo/gshell/trunk/gshell-plugin/src/main/java/org/apache/geronimo/gshell/application/ApplicationSecurityManager.java
URL: http://svn.apache.org/viewvc/geronimo/gshell/trunk/gshell-plugin/src/main/java/org/apache/geronimo/gshell/application/ApplicationSecurityManager.java?rev=663505&r1=663504&r2=663505&view=diff
==============================================================================
--- geronimo/gshell/trunk/gshell-plugin/src/main/java/org/apache/geronimo/gshell/application/ApplicationSecurityManager.java
(original)
+++ geronimo/gshell/trunk/gshell-plugin/src/main/java/org/apache/geronimo/gshell/application/ApplicationSecurityManager.java
Thu Jun  5 01:59:31 2008
@@ -17,9 +17,14 @@
  * under the License.
  */
 
+
 package org.apache.geronimo.gshell.application;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import java.security.Permission;
+import java.util.PropertyPermission;
 
 /**
  * Custom security manager to prevent commands from doing bad things.
@@ -29,6 +34,8 @@
 public class ApplicationSecurityManager
     extends SecurityManager
 {
+    private final Logger log = LoggerFactory.getLogger(getClass());
+
     private final SecurityManager parent;
 
     public ApplicationSecurityManager(final SecurityManager parent) {
@@ -42,25 +49,35 @@
     }
 
     public void checkPermission(final Permission perm) {
+        assert perm != null;
+
+        log.trace("Checking permission of: {}", perm);
+
+        //
+        // TODO: See if there is a more efficent and/or recommended way to implement custom
permission handling
+        //
+
+        if (perm instanceof RuntimePermission) {
+            // Prevent System.exit()
+            if (perm.implies(new RuntimePermission("exitVM"))) {
+                throw new SecurityException();
+            }
+
+            // Prevent unhijacking of the system streams
+            if (perm.implies(new RuntimePermission("setIO"))) {
+                throw new SecurityException();
+            }
+        }
+
+        if (perm instanceof PropertyPermission) {
+            // Never allow application to change ${gshell.home}
+            if (perm.implies(new PropertyPermission("gshell.home", "write"))) {
+                throw new SecurityException();
+            }
+        }
+        
         if (parent != null) {
             parent.checkPermission(perm);
         }
     }
-
-    /**
-     * Prevent any command or component from forcing the VM to exit.
-     *
-     * @throws SecurityException Always throws {@link SecurityException}.
-     */
-    public void checkExit(final int code) {
-        throw new SecurityException("Use of System.exit() is forbidden!");
-    }
-
-    //
-    // TODO: Never allow application to change ${gshell.home}
-    //
-
-    //
-    // TODO: Add check for RuntimePermission("setIO"), to prevent unhijacking of the system
streams
-
 }
\ No newline at end of file



Mime
View raw message