8048147: Privilege tests with JAAS Subject.doAs
authorasmotrak
Fri, 20 Mar 2015 16:01:59 +0800
changeset 29529 54be38d2d0d1
parent 29528 d1a052f7ccef
child 29530 bfd405c818db
8048147: Privilege tests with JAAS Subject.doAs Reviewed-by: weijun
jdk/test/javax/security/auth/Subject/doAs/NestedActions.java
jdk/test/javax/security/auth/Subject/doAs/policy.expect.ace
jdk/test/javax/security/auth/Subject/doAs/policy.expect.pae
jdk/test/javax/security/auth/Subject/doAs/policy.one.principal
jdk/test/javax/security/auth/Subject/doAs/policy.two.principals
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/security/auth/Subject/doAs/NestedActions.java	Fri Mar 20 16:01:59 2015 +0800
@@ -0,0 +1,541 @@
+/*
+ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.BufferedOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.jar.JarEntry;
+import java.util.jar.JarOutputStream;
+import java.util.jar.Manifest;
+import javax.security.auth.Subject;
+import javax.security.auth.x500.X500Principal;
+import jdk.testlibrary.ProcessTools;
+
+/**
+ * @test
+ * @bug 8048147
+ * @summary Check if proper AccessControlException is thrown
+ *          in case of nested Subject.doAs() invocations
+ *          when one of protection domains doesn't have permissions
+ *
+ * @library /lib/testlibrary
+ *
+ * @run main NestedActions jar NestedActionsACE.jar
+ *              NestedActionsACE.class Utils.class
+ * @run main NestedActions jar NestedActionsPAE.jar
+ *              NestedActionsPAE.class Utils.class
+ * @run main NestedActions jar NestedActionsOnePrincipal.jar
+ *              NestedActionsOnePrincipal.class Utils.class
+ * @run main NestedActions jar NestedActionsTwoPrincipals.jar
+ *              NestedActionsTwoPrincipals.class Utils.class
+ * @run main NestedActions jar WriteToFileAction.jar
+ *              WriteToFileAction.class
+ * @run main NestedActions jar WriteToFileNegativeAction.jar
+ *              WriteToFileNegativeAction.class
+ * @run main NestedActions jar WriteToFileExceptionAction.jar
+ *              WriteToFileExceptionAction.class
+ * @run main NestedActions jar ReadFromFileAction.jar
+ *              ReadFromFileAction.class
+ * @run main NestedActions jar ReadFromFileNegativeAction.jar
+ *              ReadFromFileNegativeAction.class
+ * @run main NestedActions jar ReadFromFileExceptionAction.jar
+ *              ReadFromFileExceptionAction.class
+ * @run main NestedActions jar ReadPropertyAction.jar
+ *              ReadPropertyAction.class
+ * @run main NestedActions jar ReadPropertyNegativeAction.jar
+ *              ReadPropertyNegativeAction.class
+ * @run main NestedActions jar ReadPropertyExceptionAction.jar
+ *              ReadPropertyExceptionAction.class ReadPropertyException.class
+ *
+ * @run main NestedActions NestedActionsACE policy.expect.ace
+ *              NestedActionsACE.jar WriteToFileNegativeAction.jar
+ *              ReadFromFileNegativeAction.jar ReadPropertyNegativeAction.jar
+ * @run main NestedActions NestedActionsPAE policy.expect.pae
+ *              NestedActionsPAE.jar WriteToFileExceptionAction.jar
+ *              ReadFromFileExceptionAction.jar ReadPropertyExceptionAction.jar
+ * @run main NestedActions NestedActionsOnePrincipal policy.one.principal
+ *              NestedActionsOnePrincipal.jar WriteToFileAction.jar
+ *              ReadFromFileAction.jar ReadPropertyAction.jar
+ * @run main NestedActions NestedActionsTwoPrincipals policy.two.principals
+ *              NestedActionsTwoPrincipals.jar WriteToFileAction.jar
+ *              ReadFromFileAction.jar ReadPropertyAction.jar
+ */
+public class NestedActions {
+
+    static final String file = "NestedActions.tmp";
+    static final String PS = System.getProperty("path.separator");
+    static final String FS = System.getProperty("file.separator");
+    static final String TEST_CLASSES = System.getProperty("test.classes");
+    static final String TEST_SOURCES = System.getProperty("test.src");
+    static final String JAVA_OPTS = System.getProperty("test.java.opts");
+    static final String JAVA = System.getProperty("java.home")
+            + FS + "bin" + FS + "java";
+
+    public static void main(String[] args) throws IOException {
+        if (args.length > 0) {
+            if ("jar".equals(args[0]) && args.length > 2) {
+                createJar(args[1],
+                    Arrays.copyOfRange(args, 2, args.length));
+            } else {
+                runJava(args);
+            }
+        } else {
+            throw new RuntimeException("Wrong parameters");
+        }
+    }
+
+    static void createJar(String dest, String... files) throws IOException {
+        System.out.println("Create " + dest + " with the following content:");
+        try (JarOutputStream jos = new JarOutputStream(
+                new FileOutputStream(dest), new Manifest())) {
+            for (String file : files) {
+                System.out.println("  " + file);
+                jos.putNextEntry(new JarEntry(file));
+                try (FileInputStream fis = new FileInputStream(
+                        TEST_CLASSES + FS + file)) {
+                    fis.transferTo(jos);
+                }
+            }
+        }
+    }
+
+    static void runJava(String[] args) {
+        if (args == null || args.length < 3) {
+            throw new IllegalArgumentException("wrong parameters");
+        }
+
+        List<String> cmds = new ArrayList<>();
+        cmds.add(JAVA);
+        StringBuilder sb = new StringBuilder();
+        cmds.add("-classpath");
+        for (int i=2; i<args.length; i++) {
+            sb.append(args[i]).append(PS);
+        }
+        cmds.add(sb.toString());
+        if (JAVA_OPTS != null && !JAVA_OPTS.isEmpty()) {
+            cmds.add(JAVA_OPTS);
+        }
+        cmds.add("-Djava.security.manager");
+        cmds.add("-Djava.security.policy=" + TEST_SOURCES + FS + args[1]);
+        cmds.add(args[0]);
+        try {
+            ProcessTools.executeCommand(cmds.toArray(new String[cmds.size()]))
+                    .shouldHaveExitValue(0);
+        } catch (Throwable e) {
+            throw new RuntimeException(e);
+        }
+    }
+}
+
+/**
+ * Test for nested Subject.doAs() invocation:
+ *
+ * WriteToFileAction (CN=Duke principal) ->
+ *      ReadFromFileAction (CN=Duke principal) ->
+ *          ReadPropertyAction (CN=Duke principal)
+ *
+ * The test expects AccessControllException.
+ */
+class NestedActionsACE {
+
+    public static void main(String args[]) {
+        Subject subject = new Subject();
+        subject.getPrincipals().add(new X500Principal("CN=Duke"));
+        WriteToFileNegativeAction writeToFile
+                = new WriteToFileNegativeAction(NestedActions.file);
+        Subject.doAs(subject, writeToFile);
+    }
+}
+
+/**
+ * Test for nested Subject.doAs() invocation:
+ *
+ * WriteToFileAction (CN=Duke principal) ->
+ *      ReadFromFileAction (CN=Duke principal) ->
+ *          ReadPropertyAction (CN=Duke principal)
+ *
+ * The test expects PrivilegedActionException
+ * that caused by AccessControlEception.
+ */
+class NestedActionsPAE {
+
+    public static void main(String args[]) {
+        Subject subject = new Subject();
+        subject.getPrincipals().add(new X500Principal("CN=Duke"));
+        try {
+            WriteToFileExceptionAction writeToFile =
+                    new WriteToFileExceptionAction(NestedActions.file);
+            Subject.doAs(subject, writeToFile);
+            throw new RuntimeException(
+                    "Test failed: no PrivilegedActionException thrown");
+        } catch (PrivilegedActionException pae) {
+            System.out.println(
+                    "PrivilegedActionException thrown as expected: "
+                    + pae);
+
+            // check if AccessControlException caused PrivilegedActionException
+            Throwable exception = pae.getException();
+            do {
+                if (!(exception instanceof PrivilegedActionException)) {
+                    break;
+                }
+                exception = ((PrivilegedActionException) exception).
+                        getException();
+            } while (true);
+
+            if (!(exception instanceof ReadPropertyException)) {
+                throw new RuntimeException(
+                        "Test failed: PrivilegedActionException "
+                        + "was not caused by ReadPropertyException");
+            }
+
+            exception = exception.getCause();
+            if (!(exception instanceof AccessControlException)) {
+                throw new RuntimeException(
+                        "Test failed: PrivilegedActionException "
+                        + "was not caused by ReadPropertyException");
+            }
+
+            System.out.println(
+                    "Test passed: PrivilegedActionException "
+                    + "was caused by AccessControlException");
+        }
+    }
+}
+
+/**
+ * Test for nested Subject.doAs() invocation:
+ *
+ * WriteToFileAction (CN=Duke principal) ->
+ *      ReadFromFileAction (CN=Duke principal) ->
+ *          ReadPropertyAction (CN=Duke principal)
+ */
+class NestedActionsOnePrincipal {
+
+    public static void main(String args[]) {
+        Subject subject = new Subject();
+        subject.getPrincipals().add(new X500Principal("CN=Duke"));
+        WriteToFileAction writeToFile =
+                new WriteToFileAction(NestedActions.file);
+        Subject.doAs(subject, writeToFile);
+    }
+}
+
+/**
+ * Test for nested Subject.doAs() invocation:
+ *
+ * WriteToFileAction (CN=Duke principal) ->
+ *      ReadFromFileAction (CN=Duke principal) ->
+ *          ReadPropertyAction (CN=Java principal)
+ */
+class NestedActionsTwoPrincipals {
+
+    public static void main(String args[]) {
+        Subject subject = new Subject();
+        subject.getPrincipals().add(new X500Principal("CN=Duke"));
+        Subject anotherSubject = new Subject();
+        anotherSubject.getPrincipals().add(new X500Principal("CN=Java"));
+        ReadFromFileAction readFromFile
+                = new ReadFromFileAction(NestedActions.file, anotherSubject);
+        WriteToFileAction writeToFile
+                = new WriteToFileAction(NestedActions.file, readFromFile);
+        Subject.doAs(subject, writeToFile);
+    }
+}
+
+/**
+ * Helper class.
+ */
+class Utils {
+
+    static void readFile(String filename) {
+        System.out.println("ReadFromFileAction: try to read " + filename);
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        System.out.println("principals = " + subject.getPrincipals());
+        try (FileInputStream fis = new FileInputStream(filename)) {
+            // do nothing
+        } catch (IOException e) {
+            throw new RuntimeException("Unexpected IOException", e);
+        }
+    }
+
+    static void writeFile(String filename) {
+        System.out.println("WriteToFileAction: try to write to " + filename);
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        System.out.println("principals = " + subject.getPrincipals());
+        try (BufferedOutputStream bos = new BufferedOutputStream(
+                new FileOutputStream(filename))) {
+            bos.write(0);
+            bos.flush();
+        } catch (IOException e) {
+            throw new RuntimeException("Unexpected IOException", e);
+        }
+    }
+
+}
+
+class WriteToFileAction implements PrivilegedAction {
+
+    private final String filename;
+    private final PrivilegedAction nextAction;
+
+    WriteToFileAction(String filename, PrivilegedAction nextAction) {
+        this.filename = filename;
+        this.nextAction = nextAction;
+    }
+
+    WriteToFileAction(String filename) {
+        this(filename, new ReadFromFileAction(filename));
+    }
+
+    @Override
+    public Object run() {
+        Utils.writeFile(filename);
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        return Subject.doAs(subject, nextAction);
+    }
+
+}
+
+class ReadFromFileAction implements PrivilegedAction {
+
+    private final String filename;
+    private final Subject anotherSubject;
+
+    ReadFromFileAction(String filename) {
+        this(filename, null);
+    }
+
+    ReadFromFileAction(String filename, Subject anotherSubject) {
+        this.filename = filename;
+        this.anotherSubject = anotherSubject;
+    }
+
+    @Override
+    public Object run() {
+        Utils.readFile(filename);
+
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        ReadPropertyAction readProperty = new ReadPropertyAction();
+        if (anotherSubject != null) {
+            return Subject.doAs(anotherSubject, readProperty);
+        } else {
+            return Subject.doAs(subject, readProperty);
+        }
+    }
+
+}
+
+class ReadPropertyAction implements PrivilegedAction {
+
+    @Override
+    public java.lang.Object run() {
+        System.out.println("ReadPropertyAction: "
+                + "try to read 'java.class.path' property");
+
+        AccessControlContext acc = AccessController.getContext();
+        Subject s = Subject.getSubject(acc);
+        System.out.println("principals = " + s.getPrincipals());
+        System.out.println("java.class.path = "
+                + System.getProperty("java.class.path"));
+
+        return null;
+    }
+
+}
+
+class WriteToFileNegativeAction implements PrivilegedAction {
+
+    private final String filename;
+
+    public WriteToFileNegativeAction(String filename) {
+        this.filename = filename;
+    }
+
+    @Override
+    public Object run() {
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        System.out.println("principals = " + subject.getPrincipals());
+
+        try {
+            Utils.writeFile(filename);
+            new File(filename).delete();
+            throw new RuntimeException(
+                    "Test failed: no AccessControlException thrown");
+        } catch (AccessControlException ace) {
+            System.out.println(
+                    "AccessControlException thrown as expected: "
+                    + ace.getMessage());
+        }
+
+        ReadFromFileNegativeAction readFromFile
+                = new ReadFromFileNegativeAction(filename);
+        return Subject.doAs(subject, readFromFile);
+    }
+
+}
+
+class ReadFromFileNegativeAction implements PrivilegedAction {
+
+    private final String filename;
+
+    public ReadFromFileNegativeAction(String filename) {
+        this.filename = filename;
+    }
+
+    @Override
+    public Object run() {
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        System.out.println("principals = " + subject.getPrincipals());
+
+        try {
+            Utils.readFile(filename);
+            throw new RuntimeException(
+                    "Test failed: no AccessControlException thrown");
+        } catch (AccessControlException ace) {
+            System.out.println(
+                    "AccessControlException thrown as expected: "
+                    + ace.getMessage());
+        }
+
+        ReadPropertyNegativeAction readProperty =
+                new ReadPropertyNegativeAction();
+        return Subject.doAs(subject, readProperty);
+    }
+
+}
+
+class ReadPropertyNegativeAction implements PrivilegedAction {
+
+    @Override
+    public java.lang.Object run() {
+        System.out.println("Try to read 'java.class.path' property");
+
+        AccessControlContext acc = AccessController.getContext();
+        Subject s = Subject.getSubject(acc);
+        System.out.println("principals = " + s.getPrincipals());
+
+        try {
+            System.out.println("java.class.path = "
+                    + System.getProperty("java.class.path"));
+            throw new RuntimeException(
+                    "Test failed: no AccessControlException thrown");
+        } catch (AccessControlException ace) {
+            System.out.println(
+                    "AccessControlException thrown as expected: "
+                    + ace.getMessage());
+        }
+
+        return null;
+    }
+
+}
+
+class WriteToFileExceptionAction implements PrivilegedExceptionAction {
+
+    private final String filename;
+
+    WriteToFileExceptionAction(String filename) {
+        this.filename = filename;
+    }
+
+    @Override
+    public Object run() throws Exception {
+        Utils.writeFile(filename);
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        ReadFromFileExceptionAction readFromFile =
+                new ReadFromFileExceptionAction(filename);
+        return Subject.doAs(subject, readFromFile);
+    }
+
+}
+
+class ReadFromFileExceptionAction implements PrivilegedExceptionAction {
+
+    private final String filename;
+
+    ReadFromFileExceptionAction(String filename) {
+        this.filename = filename;
+    }
+
+    @Override
+    public Object run() throws Exception {
+        Utils.readFile(filename);
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        ReadPropertyExceptionAction readProperty =
+                new ReadPropertyExceptionAction();
+        return Subject.doAs(subject, readProperty);
+    }
+
+}
+
+class ReadPropertyExceptionAction implements PrivilegedExceptionAction {
+
+    @Override
+    public java.lang.Object run() throws Exception {
+        System.out.println("Try to read 'java.class.path' property");
+
+        AccessControlContext acc = AccessController.getContext();
+        Subject s = Subject.getSubject(acc);
+        System.out.println("principals = " + s.getPrincipals());
+
+        try {
+            System.out.println("java.class.path = "
+                    + System.getProperty("java.class.path"));
+            throw new RuntimeException(
+                    "Test failed: no AccessControlException thrown");
+        } catch (AccessControlException ace) {
+            System.out.println(
+                    "AccessControlException thrown as expected: "
+                    + ace.getMessage());
+            throw new ReadPropertyException(ace);
+        }
+    }
+
+}
+
+class ReadPropertyException extends Exception {
+
+    ReadPropertyException(Throwable cause) {
+        super(cause);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/security/auth/Subject/doAs/policy.expect.ace	Fri Mar 20 16:01:59 2015 +0800
@@ -0,0 +1,27 @@
+// this code has limited permissions that should cause ACE
+grant codeBase "file:NestedActionsACE.jar" {
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "modifyPrincipals";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission java.util.PropertyPermission "path.separator", "read";
+    permission java.util.PropertyPermission "file.separator", "read";
+    permission java.util.PropertyPermission "test.classes", "read";
+    permission java.util.PropertyPermission "test.src", "read";
+    permission java.util.PropertyPermission "test.java.opts", "read";
+    permission java.util.PropertyPermission "java.home", "read";
+};
+
+grant codeBase "file:WriteToFileNegativeAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:ReadFromFileNegativeAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:ReadPropertyNegativeAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission java.security.AllPermission;
+};
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/security/auth/Subject/doAs/policy.expect.pae	Fri Mar 20 16:01:59 2015 +0800
@@ -0,0 +1,19 @@
+grant codeBase "file:NestedActionsPAE.jar" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:WriteToFileExceptionAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:ReadFromFileExceptionAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission java.security.AllPermission;
+};
+
+// this code has limited permissions that should cause ACE
+grant codeBase "file:ReadPropertyExceptionAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission javax.security.auth.AuthPermission "getSubject";
+};
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/security/auth/Subject/doAs/policy.one.principal	Fri Mar 20 16:01:59 2015 +0800
@@ -0,0 +1,36 @@
+grant codeBase "file:NestedActionsOnePrincipal.jar" {
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "modifyPrincipals";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission java.util.PropertyPermission "path.separator", "read";
+    permission java.util.PropertyPermission "file.separator", "read";
+    permission java.util.PropertyPermission "test.classes", "read";
+    permission java.util.PropertyPermission "test.src", "read";
+    permission java.util.PropertyPermission "test.java.opts", "read";
+    permission java.util.PropertyPermission "java.home", "read";
+    permission java.util.PropertyPermission "java.class.path", "read";
+    permission java.io.FilePermission "NestedActions.tmp", "read,write";
+};
+
+grant codeBase "file:WriteToFileAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission java.util.PropertyPermission "java.class.path", "read";
+    permission java.io.FilePermission "NestedActions.tmp", "read,write";
+};
+
+grant codeBase "file:ReadFromFileAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission java.util.PropertyPermission "java.class.path", "read";
+    permission java.io.FilePermission "NestedActions.tmp", "read";
+};
+
+grant codeBase "file:ReadPropertyAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission java.util.PropertyPermission "java.class.path", "read";
+};
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/security/auth/Subject/doAs/policy.two.principals	Fri Mar 20 16:01:59 2015 +0800
@@ -0,0 +1,37 @@
+grant codeBase "file:NestedActionsTwoPrincipals.jar" {
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "modifyPrincipals";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission java.util.PropertyPermission "path.separator", "read";
+    permission java.util.PropertyPermission "file.separator", "read";
+    permission java.util.PropertyPermission "test.classes", "read";
+    permission java.util.PropertyPermission "test.src", "read";
+    permission java.util.PropertyPermission "test.java.opts", "read";
+    permission java.util.PropertyPermission "java.home", "read";
+    permission java.util.PropertyPermission "java.class.path", "read";
+    permission java.io.FilePermission "NestedActions.tmp", "read,write,delete";
+};
+
+grant codeBase "file:WriteToFileAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission javax.security.auth.AuthPermission "modifyPrincipals";
+    permission java.util.PropertyPermission "java.class.path", "read";
+    permission java.io.FilePermission "NestedActions.tmp", "read,write";
+};
+
+grant codeBase "file:ReadFromFileAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke"{
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission java.util.PropertyPermission "java.class.path", "read";
+    permission java.io.FilePermission "NestedActions.tmp", "read";
+};
+
+grant codeBase "file:ReadPropertyAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Java" {
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission java.util.PropertyPermission "java.class.path", "read";
+};
\ No newline at end of file