Package org.apache.openjpa.lib.util

Class J2DoPrivHelper

  • public abstract class J2DoPrivHelper
extends Object
    Helper class to obtain the Privilege(Exception)Action object to perform Java 2 doPrivilege security sensitive function call in the following methods:
    • AccessibleObject.setAccessible
    • Class.forName
    • Class.getClassLoader
    • Class.getDeclaredField
    • Class.getDeclaredFields
    • Class.getDeclaredMethod
    • Class.getDeclaredMethods
    • Class.getProtectionDomain
    • Class.getResource
    • Class.newInstance
    • ClassLoader.getParent
    • ClassLoader.getResource
    • ClassLoader.getResources
    • ClassLoader.getSystemClassLoader
    • File.deleteOnExit
    • File.delete
    • File.exists
    • File.getAbsoluteFile
    • File.getAbsolutePath
    • File.getCanonicalPath
    • File.listFiles
    • File.length
    • File.isDirectory
    • File.mkdirs
    • File.renameTo
    • File.toURL
    • FileInputStream new
    • FileOutputStream new
    • System.getProperties
    • InetAddress.getByName
    • MultiClassLoader new
    • ServerSocket new
    • Socket new
    • Socket.accept
    • System.getProperty
    • Thread.getContextClassLoader
    • Thread.setContextClassLoader
    • Thread new
    • TemporaryClassLoader new
    • URL.openStream
    • URLConnection.getContent
    • ZipFile new
    • AnnotatedElement.getAnnotations
    • AnnotatedElement.getDeclaredAnnotations
    • AnnotatedElement.isAnnotationPresent
    • jakarta.validation.Validator.validate
    • jakarta.validation.Validation.buildDefaultValidatorFactory
    If these methods are used, the following sample usage patterns should be followed to ensure proper privilege is granted: 
     1) No security risk method call. E.g.

    private static final String SEP = J2DoPrivHelper.getLineSeparator();

 2) Methods with no exception thrown. PrivilegedAction is returned from
    J2DoPrivHelper.*Action(). E.g.

    ClassLoader loader = AccessController.doPrivileged(
                             J2DoPrivHelper.getClassLoaderAction(clazz));

    ClassLoader loader = (ClassLoader) (System.getSecurityManager() == null)
                         ? clazz.getClassLoader()
                         : AccessController.doPrivileged(
                             J2DoPrivHelper.getClassLoaderAction(clazz));
 3) Methods with exception thrown. PrivilegedExceptionAction is returned
    from J2DoPrivHelper.*Action(). E.g.

    try {
      method = AccessController.doPrivileged(
        J2DoPrivHelper.getDeclaredMethodAction(clazz, name, parameterType));
    } catch (PrivilegedActionException pae) {
      throw (NoSuchMethodException) pae.getException();
    }

    try {
      method = (System.getSecurityManager() == null)
        ? clazz.getDeclaredMethod(name,parameterType)
        : AccessController.doPrivileged(
            J2DoPrivHelper.getDeclaredMethodAction(
              clazz, name, parameterType));
    } catch (PrivilegedActionException pae) {
        throw (NoSuchMethodException) pae.getException()
    }
    Author:
    Albert Lee

    • Constructor Detail

      • J2DoPrivHelper

        public J2DoPrivHelper()

    • Method Detail

      • getLineSeparator

        public static String getLineSeparator()
        Return the value of the "line.separator" system property. Requires security policy: 'permission java.util.PropertyPermission "read";'

      • getPathSeparator

        public static String getPathSeparator()
        Return the value of the "path.separator" system property. Requires security policy: 'permission java.util.PropertyPermission "read";'

      • setAccessibleAction

        public static PrivilegedAction<Object> setAccessibleAction​(AccessibleObject aObj,
                                                           boolean flag)
        Return a PrivilegeAction object for aObj.setAccessible(). Requires security policy: 'permission java.lang.reflect.ReflectPermission "suppressAccessChecks";'

      • getForNameAction

        public static PrivilegedExceptionAction<Class<?>> getForNameAction​(String className,
                                                                   boolean initializeBoolean,
                                                                   ClassLoader classLoader)
        Return a PrivilegeAction object for Class.forName(). Notes: doPriv of Class.forName call is required only if the input classloader argument is null. E.g. Class.forName("x", false, Collection.class.getClassLoader()); Requires security policy: 'permission java.lang.RuntimePermission "getClassLoader";'
        Returns:
        Class

      • getClassLoaderAction

        public static PrivilegedAction<ClassLoader> getClassLoaderAction​(Class<?> clazz)
        Return a PrivilegeAction object for clazz.getClassloader(). Notes: No doPrivilege wrapping is required in the caller if: "the caller's class loader is not null and the caller's class loader is not the same as or an ancestor of the class loader for the class whose class loader is requested". E.g. this.getClass().getClassLoader(); Requires security policy: 'permission java.lang.RuntimePermission "getClassLoader";'
        Returns:
        Classloader

      • getDeclaredFieldAction

        public static PrivilegedExceptionAction<Field> getDeclaredFieldAction​(Class<?> clazz,
                                                                      String name)
        Return a PrivilegedExceptionAction object for clazz.getDeclaredField(). Requires security policy: 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
        Returns:
        Field
        Throws:
        NoSuchFieldException

      • getDeclaredFieldsAction

        public static PrivilegedAction<Field[]> getDeclaredFieldsAction​(Class<?> clazz)
        Return a PrivilegeAction object for class.getDeclaredFields(). Requires security policy: 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
        Returns:
        Field[]

      • getDeclaredMethodAction

        public static PrivilegedExceptionAction<Method> getDeclaredMethodAction​(Class<?> clazz,
                                                                        String name,
                                                                        Class<?>[] parameterTypes)
        Return a PrivilegedExceptionAction object for clazz.getDeclaredMethod(). Requires security policy 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
        Returns:
        Method
        Throws:
        NoSuchMethodException

      • getDeclaredMethodsAction

        public static PrivilegedAction<Method[]> getDeclaredMethodsAction​(Class<?> clazz)
        Return a PrivilegeAction object for clazz.getDeclaredMethods(). Requires security policy: 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
        Returns:
        Method[]

      • getResourceAction

        public static PrivilegedAction<URL> getResourceAction​(Class<?> clazz,
                                                      String resource)
        Return a PrivilegeAction object for clazz.getResource(). Requires security policy: 'permission java.io.FilePermission "read";'
        Returns:
        URL

      • getProtectionDomainAction

        public static PrivilegedAction<ProtectionDomain> getProtectionDomainAction​(Class<?> clazz)
        Return a PrivilegeAction object for class.getProtectionDomain(). Requires security policy: 'permission java.lang.RuntimePermission "getProtectionDomain";'
        Returns:
        ProtectionDomain

      • getParentAction

        public static PrivilegedAction<ClassLoader> getParentAction​(ClassLoader loader)
        Return a PrivilegeAction object for loader.getParent(). Requires security policy: 'permission java.lang.RuntimePermission "getClassLoader";'
        Returns:
        ClassLoader

      • getResourceAction

        public static PrivilegedAction<URL> getResourceAction​(ClassLoader loader,
                                                      String resource)
        Return a PrivilegeAction object for loader.getResource(). Requires security policy: 'permission java.io.FilePermission "read";'
        Returns:
        URL

      • getSystemClassLoaderAction

        public static PrivilegedAction<ClassLoader> getSystemClassLoaderAction()
        Return a PrivilegeAction object for ClassLoader.getSystemClassLoader(). Requires security policy: 'permission java.lang.RuntimePermission "getClassLoader";'
        Returns:
        ClassLoader

      • deleteAction

        public static PrivilegedAction<Boolean> deleteAction​(File f)
        Return a PrivilegeAction object for f.delete(). Requires security policy: 'permission java.io.FilePermission "delete";'
        Returns:
        Boolean

      • existsAction

        public static PrivilegedAction<Boolean> existsAction​(File f)
        Return a PrivilegeAction object for f.exists(). Requires security policy: 'permission java.io.FilePermission "read";'
        Returns:
        Boolean

      • deleteOnExitAction

        public static PrivilegedAction<Boolean> deleteOnExitAction​(File f)
        Return a PrivilegeAction object for f.deleteOnExit(). Requires security policy: 'permission java.io.FilePermission "delete";'

      • getAbsoluteFileAction

        public static PrivilegedAction<File> getAbsoluteFileAction​(File f)
        Return a PrivilegeAction object for f.getAbsoluteFile(). Requires security policy: 'permission java.util.PropertyPermission "read";'
        Returns:
        File

      • getAbsolutePathAction

        public static PrivilegedAction<String> getAbsolutePathAction​(File f)
        Return a PrivilegeAction object for f.getAbsolutePath(). Requires security policy: 'permission java.util.PropertyPermission "read";'
        Returns:
        String

      • getCanonicalPathAction

        public static PrivilegedExceptionAction<String> getCanonicalPathAction​(File f)
                                                                throws IOException
        Return a PrivilegedExceptionAction object for f.getCanonicalPath(). Requires security policy: 'permission java.util.PropertyPermission "read";'
        Returns:
        String
        Throws:
        IOException

      • isDirectoryAction

        public static PrivilegedAction<Boolean> isDirectoryAction​(File f)
        Return a PrivilegeAction object for f.isDirectory(). Requires security policy: 'permission java.io.FilePermission "read";'
        Returns:
        Boolean

      • isFileAction

        public static PrivilegedAction<Boolean> isFileAction​(File f)
        Return a PrivilegeAction object for f.isFile(). Requires security policy: 'permission java.io.FilePermission "read";'
        Returns:
        Boolean

      • lengthAction

        public static PrivilegedAction<Long> lengthAction​(File f)
        Return a PrivilegeAction object for f.length(). Requires security policy: 'permission java.io.FilePermission "read";'
        Returns:
        Long

      • listFilesAction

        public static PrivilegedAction<File[]> listFilesAction​(File f)
        Return a PrivilegeAction object for f.listFiles(). Requires security policy: 'permission java.io.FilePermission "read";'
        Returns:
        File[]

      • mkdirsAction

        public static PrivilegedAction<Boolean> mkdirsAction​(File f)
        Return a PrivilegeAction object for f.mkdirs(). Requires security policy: 'permission java.io.FilePermission "write";'
        Returns:
        Boolean

      • renameToAction

        public static PrivilegedAction<Boolean> renameToAction​(File from,
                                                       File to)
        Return a PrivilegeAction object for f.renameTo(). Requires security policy: 'permission java.io.FilePermission "write";'
        Returns:
        Boolean

      • newServerSocketAction

        public static PrivilegedExceptionAction<ServerSocket> newServerSocketAction​(int port)
                                                                     throws IOException
        Return a PrivilegedExceptionAction object for new ServerSocket(). Requires security policy: 'permission java.net.SocketPermission "listen";'
        Returns:
        ServerSocket
        Throws:
        IOException

      • getPropertiesAction

        public static PrivilegedAction<Properties> getPropertiesAction()
        Return a PrivilegeAction object for System.getProperties(). Requires security policy: 'permission java.util.PropertyPermission "read";'
        Returns:
        Properties

      • getPropertyAction

        public static PrivilegedAction<String> getPropertyAction​(String name)
        Return a PrivilegeAction object for System.getProperty(). Requires security policy: 'permission java.util.PropertyPermission "read";'
        Returns:
        String

      • getPropertyAction

        public static PrivilegedAction<String> getPropertyAction​(String name,
                                                         String def)
        Return a PrivilegeAction object for System.getProperty(). Requires security policy: 'permission java.util.PropertyPermission "read";'
        Returns:
        String

      • getContextClassLoaderAction

        public static PrivilegedAction<ClassLoader> getContextClassLoaderAction()
        Return a PrivilegeAction object for Thread.currentThread .getContextClassLoader(). Requires security policy: 'permission java.lang.RuntimePermission "getClassLoader";'
        Returns:
        ClassLoader

      • setContextClassLoaderAction

        public static PrivilegedAction<Boolean> setContextClassLoaderAction​(ClassLoader loader)
        Return a PrivilegeAction object for Thread.currentThread .setContextClassLoader(). Requires security policy: 'permission java.lang.RuntimePermission "setContextClassLoader";'
        Returns:
        ClassLoader

      • newDaemonThreadAction

        public static PrivilegedAction<Thread> newDaemonThreadAction​(Runnable target,
                                                             String name)
        Return a PrivilegedAction object for new Thread(). Requires security policy: 'permission java.lang.RuntimePermission "modifyThreadGroup";' 'permission java.lang.RuntimePermission "modifyThread";'
        Returns:
        Thread

      • newTemporaryClassLoaderAction

        public static PrivilegedAction<TemporaryClassLoader> newTemporaryClassLoaderAction​(ClassLoader parent)
        Return a PrivilegeAction object for new TemporaryClassLoader(). Requires security policy: 'permission java.lang.RuntimePermission "createClassLoader";'
        Returns:
        TemporaryClassLoader

      • newMultiClassLoaderAction

        public static PrivilegedAction<MultiClassLoader> newMultiClassLoaderAction()
        Return a PrivilegeAction object for new MultiClassLoader(). Requires security policy: 'permission java.lang.RuntimePermission "createClassLoader";'
        Returns:
        MultiClassLoader

      • getAnnotationsAction

        public static PrivilegedAction<Annotation[]> getAnnotationsAction​(AnnotatedElement element)
        Return a PrivilegeAction object for AnnotatedElement.getAnnotations(). Requires security policy: 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
        Returns:
        Annotation[]

      • getDeclaredAnnotationsAction

        public static PrivilegedAction<Annotation[]> getDeclaredAnnotationsAction​(AnnotatedElement element)
        Return a PrivilegeAction object for AnnotatedElement.getDeclaredAnnotations(). Requires security policy: 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
        Returns:
        Annotation[]

      • isAnnotationPresentAction

        public static PrivilegedAction<Boolean> isAnnotationPresentAction​(AnnotatedElement element,
                                                                  Class<? extends Annotation> annotationClazz)
        Return a PrivilegeAction object for AnnotatedElement.isAnnotationPresent(). Requires security policy: 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
        Returns:
        Boolean

      • getAnnotationAction

        public static <T extends AnnotationPrivilegedAction<T> getAnnotationAction​(AnnotatedElement element,
                                                                             Class<T> annotationClazz)
        Return a PrivilegedAction object for AnnotatedElement.getAnnotation(). Requires security policy: 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
        Returns:
        Annotation

      • validateAction

        public static <T> PrivilegedAction<Set<jakarta.validation.ConstraintViolation<T>>> validateAction​(jakarta.validation.Validator validator,
                                                                                                  T arg0,
                                                                                                  Class<?>[] groups)
        Return a PrivilegeAction object for jakarta.validation.Validator.validate(). Requires security policy: 'permission java.lang.RuntimePermission "accessDeclaredMemeber";'

      • buildDefaultValidatorFactoryAction

        public static <T> PrivilegedAction<jakarta.validation.ValidatorFactory> buildDefaultValidatorFactoryAction()
        Return a PrivilegeAction object for jakarta.validation.Validation.buildDefaultValidatorFactory(). Requires security policy: 'permission java.lang.RuntimePermission "createClassLoader";'