Modules.java revision 14606:bc3775e25b52 
1/*
2 * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24/*
25 * @test
26 * @bug 8047771
27 * @summary check permissions and principals from various modules
28 * @modules java.desktop
29 *          java.logging
30 *          java.management
31 *          java.security.jgss
32 *          java.smartcardio
33 *          java.sql
34 *          java.xml
35 *          java.xml.bind
36 *          jdk.attach
37 *          jdk.jdi
38 *          jdk.net
39 *          jdk.security.auth
40 *          jdk.security.jgss
41 * @compile -addmods java.xml.ws,java.smartcardio Modules.java
42 * @run main/othervm/java.security.policy==modules.policy
43 *     -addmods java.xml.ws,java.smartcardio Modules
44 */
45
46import java.security.AccessController;
47import java.security.Permission;
48import java.security.Principal;
49import java.security.PrivilegedAction;
50import java.util.Arrays;
51import java.util.Collections;
52import java.util.HashSet;
53import java.util.Set;
54import javax.security.auth.Subject;
55
56public class Modules {
57
58    private final static Permission[] perms = new Permission[] {
59        // java.base module
60        new java.io.SerializablePermission("enableSubstitution"),
61        new java.lang.reflect.ReflectPermission("suppressAccessChecks"),
62        new java.nio.file.LinkPermission("hard"),
63        new javax.net.ssl.SSLPermission("getSSLSessionContext"),
64        new javax.security.auth.AuthPermission("doAsPrivileged"),
65        new javax.security.auth.PrivateCredentialPermission("* * \"*\"",
66                                                            "read"),
67        // java.base module (@jdk.Exported Permissions)
68        new jdk.net.NetworkPermission("setOption.SO_FLOW_SLA"),
69        // java.desktop module
70        new java.awt.AWTPermission("createRobot"),
71        new javax.sound.sampled.AudioPermission("play"),
72        // java.logging module
73        new java.util.logging.LoggingPermission("control", ""),
74        // java.management module
75        new java.lang.management.ManagementPermission("control"),
76        new javax.management.MBeanPermission("*", "getAttribute"),
77        new javax.management.MBeanServerPermission("createMBeanServer"),
78        new javax.management.MBeanTrustPermission("register"),
79        new javax.management.remote.SubjectDelegationPermission("*"),
80        // java.security.jgss module
81        new javax.security.auth.kerberos.DelegationPermission("\"*\" \"*\""),
82        new javax.security.auth.kerberos.ServicePermission("*", "accept"),
83        // java.sql module
84        new java.sql.SQLPermission("setLog"),
85        // java.xml.bind module
86        new javax.xml.bind.JAXBPermission("setDatatypeConverter"),
87        // java.xml.ws module
88        new javax.xml.ws.WebServicePermission("publishEndpoint"),
89        // java.smartcardio module
90        new javax.smartcardio.CardPermission("*", "*"),
91        // jdk.attach module (@jdk.Exported Permissions)
92        new com.sun.tools.attach.AttachPermission("attachVirtualMachine"),
93        // jdk.jdi module (@jdk.Exported Permissions)
94        new com.sun.jdi.JDIPermission("virtualMachineManager"),
95        // jdk.security.jgss module (@jdk.Exported Permissions)
96        new com.sun.security.jgss.InquireSecContextPermission("*"),
97    };
98
99    private final static Principal[] princs = new Principal[] {
100        // java.base module
101        new javax.security.auth.x500.X500Principal("CN=Duke"),
102        // java.management module
103        new javax.management.remote.JMXPrincipal("Duke"),
104        // java.security.jgss module
105        new javax.security.auth.kerberos.KerberosPrincipal("duke@openjdk.org"),
106        new com.sun.security.auth.UserPrincipal("Duke"),
107        new com.sun.security.auth.NTDomainPrincipal("openjdk.org"),
108        new com.sun.security.auth.NTSid(
109            "S-1-5-21-3623811015-3361044348-30300820-1013"),
110        new com.sun.security.auth.NTUserPrincipal("Duke"),
111        new com.sun.security.auth.UnixNumericUserPrincipal("0"),
112        new com.sun.security.auth.UnixPrincipal("duke"),
113    };
114
115    public static void main(String[] args) throws Exception {
116
117        for (Permission perm : perms) {
118            AccessController.checkPermission(perm);
119        }
120
121        Permission princPerm = new java.util.PropertyPermission("user.home",
122                                                                "read");
123        Set<Principal> princSet = new HashSet<>(Arrays.asList(princs));
124        Subject subject = new Subject(true, princSet, Collections.emptySet(),
125                                      Collections.emptySet());
126        PrivilegedAction<Void> pa = () -> {
127            AccessController.checkPermission(princPerm);
128            return null;
129        };
130        Subject.doAsPrivileged(subject, pa, null);
131    }
132}
133