io.soluble.pjb.bridge.JavaBridgeSecurityManager Maven / Gradle / Ivy
Show all versions of php-java-bridge Show documentation
/*-*- mode: Java; tab-width:8 -*-*/
package io.soluble.pjb.bridge;
/*
* Copyright (C) 2003-2007 Jost Boekemeier
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR
* OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*/
import java.security.Permission;
/**
* A custom security manager for the PHP/Java Bridge.
*
* Example:
* PHP_HOME=/usr/lib/php/modules java -Dio.soluble.pjb.bridge.base=${PHP_HOME} -Djava.security.policy=${PHP_HOME}/javabridge.policy -jar ${PHP_HOME}/JavaBridge.jar
*
* Example options for eclipse:
*
* -Dio.soluble.pjb.bridge.base=${workspace_loc}${project_path}/
* -Djava.security.policy=${workspace_loc}${project_path}/javabridge.policy
*
*
* @author jostb
*/
public class JavaBridgeSecurityManager extends SecurityManager {
protected static final Permission MODIFY_THREADGROUP_PERMISSION = new RuntimePermission("modifyThreadGroup");
protected static final Permission MODIFY_THREAD_PERMISSION = new RuntimePermission("modifyThread");
/**
* {@inheritDoc}
* Internal groups may pass, user groups are checked against the javabridge.policy
file.
*/
@Override
public void checkAccess(ThreadGroup g) {
if (g == null) {
throw new NullPointerException("thread group can't be null");
}
// one of our request-handling thread groups, check only if called from an application thread
if ((g instanceof AppThreadPool.Group) && ((AppThreadPool.Group) g).isLocked)
checkPermission(MODIFY_THREADGROUP_PERMISSION);
// an application thread group, check this one
else if (g instanceof AppThreadPool.AppGroup)
checkPermission(MODIFY_THREADGROUP_PERMISSION);
// a system thread group
// disabled: Sun jdk1.5 calls checkAccess from a system thread
// running with our(!) privileges:
// at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:288)
// at java.lang.Thread.init(Thread.java:310)
// at java.lang.Thread.(Thread.java:429)
// at sun.misc.Signal.dispatch(Signal.java:199)
// This is probably a bug.
// However, this means that we must not check system thread groups.
// If we do, dispatch will fail and the VM cannot
// react to signals like SIGTERM or Control-C.
//else super.checkAccess(g);
}
/**
* All user threads belong to the "JavaBridgeThreadPoolAppGroup" and all internal threads
* to "JavaBridgeThreadPoolGroup".
*
* @return The current thread group
*/
@Override
public ThreadGroup getThreadGroup() {
try {
AppThreadPool.Delegate delegate = (AppThreadPool.Delegate) Thread.currentThread();
return delegate.getAppGroup();
} catch (ClassCastException e) {
// must be a system thread
return super.getThreadGroup();
}
}
/**
* {@inheritDoc}
* System.exit(...)
can by switched off by removing
* permission java.lang.RuntimePermission "exitVM";
* from the policy file.
*/
@Override
public void checkExit(int status) {
//super.checkExit(status);
// from Sun's Launcher.java
// protected PermissionCollection getPermissions(CodeSource codesource)
// {
// PermissionCollection perms = super.getPermissions(codesource);
// perms.add(new RuntimePermission("exitVM"));
//return perms;
// so switch off exitVM once and for all:
throw new SecurityException("exitVM disabled by JavaBridgeSecurityManager.java");
}
}