GNU Classpath (0.18) | ||
Frames | No Frames |
1: /* AccessController.java --- Access control context and permission checker 2: Copyright (C) 2001, 2004 Free Software Foundation, Inc. 3: 4: This file is part of GNU Classpath. 5: 6: GNU Classpath is free software; you can redistribute it and/or modify 7: it under the terms of the GNU General Public License as published by 8: the Free Software Foundation; either version 2, or (at your option) 9: any later version. 10: 11: GNU Classpath is distributed in the hope that it will be useful, but 12: WITHOUT ANY WARRANTY; without even the implied warranty of 13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14: General Public License for more details. 15: 16: You should have received a copy of the GNU General Public License 17: along with GNU Classpath; see the file COPYING. If not, write to the 18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 19: 02110-1301 USA. 20: 21: Linking this library statically or dynamically with other modules is 22: making a combined work based on this library. Thus, the terms and 23: conditions of the GNU General Public License cover the whole 24: combination. 25: 26: As a special exception, the copyright holders of this library give you 27: permission to link this library with independent modules to produce an 28: executable, regardless of the license terms of these independent 29: modules, and to copy and distribute the resulting executable under 30: terms of your choice, provided that you also meet, for each linked 31: independent module, the terms and conditions of the license of that 32: module. An independent module is a module which is not derived from 33: or based on this library. If you modify this library, you may extend 34: this exception to your version of the library, but you are not 35: obligated to do so. If you do not wish to do so, delete this 36: exception statement from your version. */ 37: 38: package java.security; 39: 40: /** 41: * Access control context and permission checker. 42: * Can check permissions in the access control context of the current thread 43: * through the <code>checkPermission()</code> method. 44: * Manipulates the access control context for code that needs to be executed 45: * the protection domain of the calling class (by explicitly ignoring the 46: * context of the calling code) in the <code>doPrivileged()</code> methods. 47: * And provides a <code>getContext()</code> method which gives the access 48: * control context of the current thread that can be used for checking 49: * permissions at a later time and/or in another thread. 50: * 51: * @author Mark Wielaard (mark@klomp.org) 52: * @since 1.2 53: */ 54: public final class AccessController 55: { 56: /** 57: * This class only has static methods so there is no public contructor. 58: */ 59: private AccessController() 60: { 61: } 62: 63: /** 64: * Checks wether the access control context of the current thread allows 65: * the given Permission. Throws an <code>AccessControlException</code> 66: * when the permission is not allowed in the current context. Otherwise 67: * returns silently without throwing an exception. 68: * 69: * @param perm the permission to be checked. 70: * @exception AccessControlException thrown if the current context does not 71: * allow the given permission. 72: */ 73: public static void checkPermission(Permission perm) 74: throws AccessControlException 75: { 76: getContext().checkPermission(perm); 77: } 78: 79: /** 80: * Calls the <code>run()</code> method of the given action with as 81: * (initial) access control context only the protection domain of the 82: * calling class. Calls to <code>checkPermission()</code> in the 83: * <code>run()</code> method ignore all earlier protection domains of 84: * classes in the call chain. Note that the protection domains of classes 85: * called by the code in the <code>run()</code> method are not ignored. 86: * 87: * @param action the <code>PrivilegedAction</code> whose <code>run()</code> 88: * should be be called. 89: * @return the result of the <code>action.run()</code> method. 90: */ 91: public static Object doPrivileged(PrivilegedAction action) 92: { 93: VMAccessController.pushContext(null); 94: try 95: { 96: return action.run(); 97: } 98: finally 99: { 100: VMAccessController.popContext(); 101: } 102: } 103: 104: /** 105: * Calls the <code>run()</code> method of the given action with as 106: * (initial) access control context the given context combined with the 107: * protection domain of the calling class. Calls to 108: * <code>checkPermission()</code> in the <code>run()</code> method ignore 109: * all earlier protection domains of classes in the call chain, but add 110: * checks for the protection domains given in the supplied context. 111: * 112: * @param action the <code>PrivilegedAction</code> whose <code>run()</code> 113: * should be be called. 114: * @param context the <code>AccessControlContext</code> whose protection 115: * domains should be added to the protection domain of the calling class. 116: * @return the result of the <code>action.run()</code> method. 117: */ 118: public static Object doPrivileged(PrivilegedAction action, 119: AccessControlContext context) 120: { 121: VMAccessController.pushContext(context); 122: try 123: { 124: return action.run(); 125: } 126: finally 127: { 128: VMAccessController.popContext(); 129: } 130: } 131: 132: /** 133: * Calls the <code>run()</code> method of the given action with as 134: * (initial) access control context only the protection domain of the 135: * calling class. Calls to <code>checkPermission()</code> in the 136: * <code>run()</code> method ignore all earlier protection domains of 137: * classes in the call chain. Note that the protection domains of classes 138: * called by the code in the <code>run()</code> method are not ignored. 139: * If the <code>run()</code> method throws an exception then this method 140: * will wrap that exception in an <code>PrivilegedActionException</code>. 141: * 142: * @param action the <code>PrivilegedExceptionAction</code> whose 143: * <code>run()</code> should be be called. 144: * @return the result of the <code>action.run()</code> method. 145: * @exception PrivilegedActionException wrapped around any exception that 146: * is thrown in the <code>run()</code> method. 147: */ 148: public static Object doPrivileged(PrivilegedExceptionAction action) 149: throws PrivilegedActionException 150: { 151: VMAccessController.pushContext(null); 152: try 153: { 154: return action.run(); 155: } 156: catch (Exception e) 157: { 158: throw new PrivilegedActionException(e); 159: } 160: finally 161: { 162: VMAccessController.popContext(); 163: } 164: } 165: 166: /** 167: * Calls the <code>run()</code> method of the given action with as 168: * (initial) access control context the given context combined with the 169: * protection domain of the calling class. Calls to 170: * <code>checkPermission()</code> in the <code>run()</code> method ignore 171: * all earlier protection domains of classes in the call chain, but add 172: * checks for the protection domains given in the supplied context. 173: * If the <code>run()</code> method throws an exception then this method 174: * will wrap that exception in an <code>PrivilegedActionException</code>. 175: * 176: * @param action the <code>PrivilegedExceptionAction</code> whose 177: * <code>run()</code> should be be called. 178: * @param context the <code>AccessControlContext</code> whose protection 179: * domains should be added to the protection domain of the calling class. 180: * @return the result of the <code>action.run()</code> method. 181: * @exception PrivilegedActionException wrapped around any exception that 182: * is thrown in the <code>run()</code> method. 183: */ 184: public static Object doPrivileged(PrivilegedExceptionAction action, 185: AccessControlContext context) 186: throws PrivilegedActionException 187: { 188: VMAccessController.pushContext(context); 189: try 190: { 191: return action.run(); 192: } 193: catch (Exception e) 194: { 195: throw new PrivilegedActionException(e); 196: } 197: finally 198: { 199: VMAccessController.popContext(); 200: } 201: } 202: 203: /** 204: * Returns the complete access control context of the current thread. 205: * The returned object encompasses all {@link ProtectionDomain} objects 206: * for all classes in the current call stack, or the set of protection 207: * domains until the last call to {@link 208: * #doPrivileged(java.security.PrivilegedAction)}. 209: * 210: * <p>Additionally, if a call was made to {@link 211: * #doPrivileged(java.security.PrivilegedAction,java.security.AccessControlContext)} 212: * that supplied an {@link AccessControlContext}, then that context 213: * will be intersected with the calculated one. 214: * 215: * @return The context. 216: */ 217: public static AccessControlContext getContext() 218: { 219: return VMAccessController.getContext(); 220: } 221: }
GNU Classpath (0.18) |