com.groupbyinc.flux.bootstrap.Security.class Maven / Gradle / Ivy
???? 4? &com/groupbyinc/flux/bootstrap/Security java/lang/Object
Security.java java/util/Map$Entry
java/util/Map Entry :com/groupbyinc/flux/transport/TcpTransport$ProfileSettings *com/groupbyinc/flux/transport/TcpTransport
ProfileSettings Xcom/groupbyinc/flux/bootstrap/ElasticsearchUncaughtExceptionHandler$PrivilegedHaltAction Ccom/groupbyinc/flux/bootstrap/ElasticsearchUncaughtExceptionHandler PrivilegedHaltAction java/security/Policy$Parameters java/security/Policy
Parameters ()V
this (Lcom/groupbyinc/flux/bootstrap/Security; configure )(Lcom/groupbyinc/flux/env/Environment;Z)V java/io/IOException " &java/security/NoSuchAlgorithmException $ %com/groupbyinc/flux/bootstrap/JarHell & parseClassPath ()Ljava/util/Set; ( )
' * getCodebaseJarMap (Ljava/util/Set;)Ljava/util/Map; , -
. &com/groupbyinc/flux/bootstrap/ESPolicy 0 createPermissions B(Lcom/groupbyinc/flux/env/Environment;)Ljava/security/Permissions; 2 3
4 getPluginPermissions 6(Lcom/groupbyinc/flux/env/Environment;)Ljava/util/Map; 6 7
8 F(Ljava/util/Map;Ljava/security/PermissionCollection;Ljava/util/Map;Z)V :
1 ; setPolicy (Ljava/security/Policy;)V = >
? java/lang/String A java/lang/Class C getName ()Ljava/lang/String; E F
D G $ I \$ K replace D(Ljava/lang/CharSequence;Ljava/lang/CharSequence;)Ljava/lang/String; M N
B O com/groupbyinc/flux/cli/Command Q &com/groupbyinc/flux/secure_sm/SecureSM S ([Ljava/lang/String;)V U
T V java/lang/System X setSecurityManager (Ljava/lang/SecurityManager;)V Z [
Y \ selfTest ^
_ environment %Lcom/groupbyinc/flux/env/Environment; filterBadDefaults Z codebases 1Ljava/util/Map; Ljava/util/Map; classesThatCanExit [Ljava/lang/String; .Lcom/groupbyinc/flux/common/SuppressForbidden; reason
find URL path java/net/URISyntaxException m java/util/LinkedHashMap o
p
java/util/Set r iterator ()Ljava/util/Iterator; t u s v java/util/Iterator x hasNext ()Z z { y | next ()Ljava/lang/Object; ~ y ? java/net/URL ? toURI ()Ljava/net/URI; ? ?
? ? 'com/groupbyinc/flux/common/io/PathUtils ? get $(Ljava/net/URI;)Ljava/nio/file/Path; ? ?
? ? java/nio/file/Path ? getFileName ()Ljava/nio/file/Path; ? ? ? ? toString ? F ? ? .jar ? endsWith (Ljava/lang/String;)Z ? ?
B ? put 8(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object; ? ? ? java/lang/RuntimeException ? (Ljava/lang/Throwable;)V ?
? ? fileName Ljava/lang/String; e Ljava/net/URISyntaxException; url Ljava/net/URL; urls Ljava/util/Set; Ljava/util/Set; proper use of URL java/lang/Throwable ? java/util/HashMap ?
? java/util/LinkedHashSet ? #com/groupbyinc/flux/env/Environment ? pluginsFile ? ?
? ? *com/groupbyinc/flux/plugins/PluginsService ? findPluginDirs &(Ljava/nio/file/Path;)Ljava/util/List; ? ?
? ? (Ljava/util/Collection;)V ?
? ? modulesFile ? ?
? ? addAll (Ljava/util/Collection;)Z ? ? s ? plugin-security.policy ? resolve ((Ljava/lang/String;)Ljava/nio/file/Path; ? ? ? ? java/nio/file/LinkOption ? java/nio/file/Files ? exists 2(Ljava/nio/file/Path;[Ljava/nio/file/LinkOption;)Z ? ?
? ?
? *.jar ? newDirectoryStream G(Ljava/nio/file/Path;Ljava/lang/String;)Ljava/nio/file/DirectoryStream; ? ?
? ? java/nio/file/DirectoryStream ? ? v
toRealPath 1([Ljava/nio/file/LinkOption;)Ljava/nio/file/Path; ? ? ? ? toUri ? ? ? ? java/net/URI ? toURL ()Ljava/net/URL; ? ?
? ? add (Ljava/lang/Object;)Z ? ? s ? java/lang/IllegalStateException ? java/lang/StringBuilder ?
? duplicate module/plugin: ? append -(Ljava/lang/String;)Ljava/lang/StringBuilder; ? ?
? ? -(Ljava/lang/Object;)Ljava/lang/StringBuilder; ?
?
? ? (Ljava/lang/String;)V
? close ?
addSuppressed
?
?
readPolicy 5(Ljava/net/URL;Ljava/util/Map;)Ljava/security/Policy;
getFile F
? 5per-plugin permissions already granted for jar file: java/util/Collections unmodifiableMap (Ljava/util/Map;)Ljava/util/Map;
jar Ljava/nio/file/Path; jarStream 5Ljava/nio/file/DirectoryStream; Ljava/nio/file/DirectoryStream; policy Ljava/security/Policy;
policyFile plugin map 9Ljava/util/Map; pluginsAndModules %Ljava/util/Set; 3accesses fully qualified URLs to configure security java/util/ArrayList*
+ entrySet- ) . java/util/List0 getKey2 3 getValue5 6 codebase.8 -\d+\.\d+.*\.jar: < replaceFirst 8(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;>?
B@ equalsB ?
BC1 ?
? ? setPropertyG?
YH codebase property already set: J -> L , cannot set to N
JavaPolicyP java/security/URIParameterR (Ljava/net/URI;)V T
SU getInstance K(Ljava/lang/String;Ljava/security/Policy$Parameters;)Ljava/security/Policy;WX
Y1 v
clearProperty &(Ljava/lang/String;)Ljava/lang/String;\]
Y^ java/lang/Exception` "java/lang/IllegalArgumentExceptionb unable to parse policy file `d `f *(Ljava/lang/String;Ljava/lang/Throwable;)V h
ci previous name property
aliasProperty codebase 7Ljava/util/Map$Entry; Ljava/util/Map$Entry;
propertiesSet $Ljava/util/List; Ljava/util/List; Ljava/lang/Exception; java/security/Permissionsv
w addClasspathPermissions (Ljava/security/Permissions;)Vyz
{ addFilePermissions C(Ljava/security/Permissions;Lcom/groupbyinc/flux/env/Environment;)V}~
settings 0()Lcom/groupbyinc/flux/common/settings/Settings;??
?? addBindPermissions L(Ljava/security/Permissions;Lcom/groupbyinc/flux/common/settings/Settings;)V??
? Ljava/security/Permissions; isDirectory? ?
??
class.path?
read,readlink? 1com/groupbyinc/flux/bootstrap/FilePermissionUtils? addDirectoryPath V(Ljava/security/Permissions;Ljava/lang/String;Ljava/nio/file/Path;Ljava/lang/String;)V??
?? addSingleFilePath D(Ljava/security/Permissions;Ljava/nio/file/Path;Ljava/lang/String;)V??
?? path PATH_HOME_SETTING -Lcom/groupbyinc/flux/common/settings/Setting;?? ?? +com/groupbyinc/flux/common/settings/Setting?2 F
?? binFile? ?
?? libFile? ?
??
path.conf'?
configFile? ?
?? java.io.tmpdir? tmpFile? ?
?? read,readlink,write,delete? PATH_LOGS_SETTING?? ?? logsFile? ?
?? sharedDataFile? ?
?? PATH_SHARED_DATA_SETTING?? ?? java/util/HashSet?
? dataFiles ()[Ljava/nio/file/Path;??
?? [Ljava/nio/file/Path;? PATH_DATA_SETTING?? ?? path [? ] is duplicated by [? ]? unable to access [?
?i repoFiles??
?? PATH_REPO_SETTING?? ?? pidFile? ?
?? delete? realPath Ljava/io/IOException; dataFilesPaths addSocketPermissionForHttp??
? 'addSocketPermissionForTransportProfiles??
? addSocketPermissionForTribeNodes??
? .Lcom/groupbyinc/flux/common/settings/Settings; .com/groupbyinc/flux/http/HttpTransportSettings? SETTING_HTTP_PORT?? ?? B(Lcom/groupbyinc/flux/common/settings/Settings;)Ljava/lang/Object; ??
?? /com/groupbyinc/flux/common/transport/PortsRange? getPortRangeString? F
?? addSocketPermissionForPortRange 0(Ljava/security/Permissions;Ljava/lang/String;)V??
? httpRange getProfileSettings ?(Lcom/groupbyinc/flux/common/settings/Settings;)Ljava/util/Set;
portOrRange ? profile