Examples of java.io.FilePermission

java.io.FilePermission
This class represents access to a file or directory. A FilePermission consists of a pathname and a set of actions valid for that pathname.
Pathname is the pathname of the file or directory granted the specified actions. A pathname that ends in "/*" (where "/" is the file separator character, File.separatorChar) indicates all the files and directories contained in that directory. A pathname that ends with "/-" indicates (recursively) all files and subdirectories contained in that directory. A pathname consisting of the special token "<<ALL FILES>>" matches any file.
Note: A pathname consisting of a single "*" indicates all the files in the current directory, while a pathname consisting of a single "-" indicates all the files in the current directory and (recursively) all files and subdirectories contained in the current directory.
The actions to be granted are passed to the constructor in a string containing a list of one or more comma-separated keywords. The possible keywords are "read", "write", "execute", and "delete". Their meaning is defined as follows:

read
read permission
write
write permission
execute
execute permission. Allows Runtime.exec to be called. Corresponds to SecurityManager.checkExec.
delete
delete permission. Allows File.delete to be called. Corresponds to SecurityManager.checkDelete.

The actions string is converted to lowercase before processing.
Be careful when granting FilePermissions. Think about the implications of granting read and especially write access to various files and directories. The "<<ALL FILES>>" permission with write action is especially dangerous. This grants permission to write to the entire file system. One thing this effectively allows is replacement of the system binary, including the JVM runtime environment.
Please note: Code can always read a file from the same directory it's in (or a subdirectory of that directory); it does not need explicit permission to do so. @see java.security.Permission @see java.security.Permissions @see java.security.PermissionCollection @version 1.80 05/11/17 @author Marianne Mueller @author Roland Schemers @since 1.2 @serial exclude

      resp.setContentType("text/html");
    
    // Allow user to only read any file in docs directory
    final String aHome = System.getenv("ACCUMULO_HOME");
    PermissionCollection pc = new Permissions();
    pc.add(new FilePermission(aHome + "/docs/-", "read"));
    
    AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] {new ProtectionDomain(null, pc)});
    
    IOException e = AccessController.doPrivileged(new PrivilegedAction<IOException>() {

View Full Code Here

                    int dirEnd = path.lastIndexOf(File.separator);
                    if (dirEnd != -1){
                        // Include trailing file separator
                        path = path.substring(0, dirEnd + 1);
                        path += "-";
                        dirPerm = new FilePermission(path, "read");
                        perms.add(dirPerm);
                    }
                }
            }
        }

View Full Code Here

            (File) servletContext.getAttribute(Globals.WORK_DIR_ATTR);
        if (workDir != null) {
            try {
                String workDirPath = workDir.getCanonicalPath();
                classLoader.addPermission
                    (new FilePermission(workDirPath, "read,write"));
                classLoader.addPermission
                    (new FilePermission(workDirPath + File.separator + "-", 
                                        "read,write,delete"));
            } catch (IOException e) {
                // Ignore
            }
        }

View Full Code Here

                }
                permission = new JndiPermission(path + "*");
                addPermission(permission);
            } else {
                if (!path.endsWith(File.separator)) {
                    permission = new FilePermission(path, "read");
                    addPermission(permission);
                    path = path + File.separator;
                }
                permission = new FilePermission(path + "-", "read");
                addPermission(permission);
            }
        }
    }

View Full Code Here

        final LocalFile localFile = (LocalFile) fileObject;
        final File file = localFile.getLocalFile();
        final SecurityManager sm = System.getSecurityManager();
        if (sm != null)
        {
            final FilePermission requiredPerm = new FilePermission(file.getAbsolutePath(), "read");
            sm.checkPermission(requiredPerm);
        }
        return file;
    }

View Full Code Here

                codeSource = new CodeSource(url,null);
                permissionCollection = policy.getPermissions(codeSource);


                // Create a file read permission for web app context directory
                docBase = docBase + "-";
                permissionCollection.add(new FilePermission(docBase,"read"));


                // Create a file read permission for web app tempdir (work) directory
                String workDir = options.getScratchDir().toString();
                if (workDir.endsWith(File.separator)) {
                    workDir = workDir + "-";
                } else {
                    workDir = workDir + File.separator + "-";
                }
                permissionCollection.add(new FilePermission(workDir,"read"));


                // Allow the JSP to access org.apache.jasper.runtime.HttpJspBase
                permissionCollection.add( new RuntimePermission(
                    "accessClassInPackage.org.apache.jasper.runtime") );


                if (parentClassLoader instanceof URLClassLoader) {
                    URL [] urls = parentClassLoader.getURLs();
                    String jarUrl = null;
                    String jndiUrl = null;
                    for (int i=0; i<urls.length; i++) {
                        if (jndiUrl == null
                                && urls[i].toString().startsWith("jndi:") ) {
                            jndiUrl = urls[i].toString() + "-";
                        }
                        if (jarUrl == null
                                && urls[i].toString().startsWith("jar:jndi:")
                                ) {
                            jarUrl = urls[i].toString();
                            jarUrl = jarUrl.substring(0,jarUrl.length() - 2);
                            jarUrl = jarUrl.substring(0,
                                     jarUrl.lastIndexOf('/')) + "/-";
                        }
                    }
                    if (jarUrl != null) {
                        permissionCollection.add(
                                new FilePermission(jarUrl,"read"));
                        permissionCollection.add(
                                new FilePermission(jarUrl.substring(4),"read"));
                    }
                    if (jndiUrl != null)
                        permissionCollection.add(
                                new FilePermission(jndiUrl,"read") );
                }
            } catch(Exception e) {
                context.log("Security Init for context failed",e);
            }
        }

View Full Code Here

                permissionCollection = policy.getPermissions(codeSource);


                // Create a file read permission for web app context directory
                if (!docBase.endsWith(File.separator)){
                    permissionCollection.add
                        (new FilePermission(docBase,"read"));
                    docBase = docBase + File.separator;
                } else {
                    permissionCollection.add
                        (new FilePermission
                            (docBase.substring(0,docBase.length() - 1),"read"));
                }
                docBase = docBase + "-";
                permissionCollection.add(new FilePermission(docBase,"read"));


                // Create a file read permission for web app tempdir (work)
                // directory
                String workDir = options.getScratchDir().toString();
                if (!workDir.endsWith(File.separator)){
                    permissionCollection.add
                        (new FilePermission(workDir,"read"));
                    workDir = workDir + File.separator;
                }
                workDir = workDir + "-";
                permissionCollection.add(new FilePermission(workDir,"read"));


                // Allow the JSP to access org.apache.jasper.runtime.HttpJspBase
                permissionCollection.add( new RuntimePermission(
                    "accessClassInPackage.org.apache.jasper.runtime") );


                if (parentClassLoader instanceof URLClassLoader) {
                    URL [] urls = ((URLClassLoader) parentClassLoader).getURLs();
                    String jarUrl = null;
                    String jndiUrl = null;
                    for (int i=0; i<urls.length; i++) {
                        if (jndiUrl == null
                                && urls[i].toString().startsWith("jndi:") ) {
                            jndiUrl = urls[i].toString() + "-";
                        }
                        if (jarUrl == null
                                && urls[i].toString().startsWith("jar:jndi:")
                                ) {
                            jarUrl = urls[i].toString();
                            jarUrl = jarUrl.substring(0,jarUrl.length() - 2);
                            jarUrl = jarUrl.substring(0,
                                     jarUrl.lastIndexOf('/')) + "/-";
                        }
                    }
                    if (jarUrl != null) {
                        permissionCollection.add(
                                new FilePermission(jarUrl,"read"));
                        permissionCollection.add(
                                new FilePermission(jarUrl.substring(4),"read"));
                    }
                    if (jndiUrl != null)
                        permissionCollection.add(
                                new FilePermission(jndiUrl,"read") );
                }
            } catch(Exception e) {
                context.log("Security Init for context failed",e);
            }
        }

View Full Code Here


      String library_name = "blah";
      String library_path = "/path/to/libnothing.so";


      Permission[] executeCommand = new Permission[] {
  new FilePermission(sCommand, "execute")};
      Permission[] modifyThreadOrGroup = new Permission[] {
  new RuntimePermission("modifyThread"),
  new RuntimePermission("modifyThreadGroup")};


      Permission[] exitVM = new Permission[] {

View Full Code Here

  {
    File file = new File(harness.getSourceDirectory(), "ChangeLog");
    String path = file.getPath();
    
    Permission[] perm = new Permission[] {
  new FilePermission(path, "read")};
    Permission[] fdPerm = new Permission[] {
  new RuntimePermission("readFileDescriptor")};
    
    TestSecurityManager sm = new TestSecurityManager(harness);
    try {

View Full Code Here

    catch (FileNotFoundException e) {
      harness.debug(e);
      harness.check(false, "unexpected exception");
    }


    Permission rperm = new FilePermission(path, "read");
    Permission wperm = new FilePermission(path, "write");
    Permission rfdperm = new RuntimePermission("readFileDescriptor");
    Permission wfdperm = new RuntimePermission("writeFileDescriptor");


    String[] modes = new String[] {"r", "rw", "rws", "rwd"};

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of java.io.FilePermission

com.caucho.loader.DynamicClassLoader

com.google.appengine.tools.development.IsolatedAppClassLoader

com.sun.enterprise.security.perms.PermissionsProcessor

com.sun.jini.phoenix.ExecOptionPermission

com.sun.jini.phoenix.ExecPermission

com.sun.jini.tool.ClassServer

com.sun.jini.tool.ClassServer$Task

com.sun.jmx.remote.security.FileLoginModule

com.sun.media.jai.mlib.MediaLibAccessor

gnu.java.net.protocol.file.Connection

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.