GNU Classpath (0.19) | ||
Frames | No Frames |
1: /* ProtectionDomain.java -- A security domain 2: Copyright (C) 1998, 2003, 2004 Free Software Foundation, Inc. 3: 4: This file is part of GNU Classpath. 5: 6: GNU Classpath is free software; you can redistribute it and/or modify 7: it under the terms of the GNU General Public License as published by 8: the Free Software Foundation; either version 2, or (at your option) 9: any later version. 10: 11: GNU Classpath is distributed in the hope that it will be useful, but 12: WITHOUT ANY WARRANTY; without even the implied warranty of 13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14: General Public License for more details. 15: 16: You should have received a copy of the GNU General Public License 17: along with GNU Classpath; see the file COPYING. If not, write to the 18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 19: 02110-1301 USA. 20: 21: Linking this library statically or dynamically with other modules is 22: making a combined work based on this library. Thus, the terms and 23: conditions of the GNU General Public License cover the whole 24: combination. 25: 26: As a special exception, the copyright holders of this library give you 27: permission to link this library with independent modules to produce an 28: executable, regardless of the license terms of these independent 29: modules, and to copy and distribute the resulting executable under 30: terms of your choice, provided that you also meet, for each linked 31: independent module, the terms and conditions of the license of that 32: module. An independent module is a module which is not derived from 33: or based on this library. If you modify this library, you may extend 34: this exception to your version of the library, but you are not 35: obligated to do so. If you do not wish to do so, delete this 36: exception statement from your version. */ 37: 38: package java.security; 39: 40: /** 41: * <p>This <code>ProtectionDomain</code> class encapsulates the characteristics 42: * of a domain, which encloses a set of classes whose instances are granted a 43: * set of permissions when being executed on behalf of a given set of 44: * <i>Principals</i>. 45: * 46: * <p>A static set of permissions can be bound to a <code>ProtectionDomain</code> 47: * when it is constructed; such permissions are granted to the domain regardless 48: * of the {@link Policy} in force. However, to support dynamic security 49: * policies, a <code>ProtectionDomain</code> can also be constructed such that 50: * it is dynamically mapped to a set of permissions by the current {@link 51: * Policy} whenever a permission is checked.</p> 52: * 53: * @author Aaron M. Renn (arenn@urbanophile.com) 54: * @version 0.0 55: */ 56: public class ProtectionDomain 57: { 58: /** This is the <code>CodeSource</code> for this protection domain. */ 59: private CodeSource code_source; 60: 61: /** This is the set of permissions granted to this domain. */ 62: private PermissionCollection perms; 63: 64: /** The {@link ClassLoader} associated with this domain. */ 65: private ClassLoader classloader; 66: 67: /** The array of Principals associated with this domain.. */ 68: private Principal[] principals; 69: 70: /** Post 1.4 the policy may be refreshed! use false for pre 1.4. */ 71: private boolean staticBinding; 72: 73: /** 74: * Creates a new <code>ProtectionDomain</code> with the given {@link 75: * CodeSource} and {@link Permissions}. If the permissions object is not 76: * <code>null</code>, then <code>setReadOnly()</code> will be called on the 77: * passed in {@link Permissions} object. The only permissions granted to this 78: * domain are the ones specified; the current {@link Policy} will not be 79: * consulted. 80: * 81: * @param codesource the codesource associated with this domain. 82: * @param permissions the permissions granted to this domain 83: */ 84: public ProtectionDomain(CodeSource codesource, PermissionCollection permissions) 85: { 86: this(codesource, permissions, null, null, true); 87: } 88: 89: /** 90: * <p>Creates a new ProtectionDomain qualified by the given CodeSource, 91: * Permissions, ClassLoader and array of Principals. If the permissions 92: * object is not null, then <code>setReadOnly()</code> will be called on the 93: * passed in Permissions object. The permissions granted to this domain are 94: * dynamic; they include both the static permissions passed to this 95: * constructor, and any permissions granted to this domain by the current 96: * Policy at the time a permission is checked.</p> 97: * 98: * <p>This constructor is typically used by {@link ClassLoader}s and {@link 99: * DomainCombiner}s which delegate to <code>Policy</code> to actively 100: * associate the permissions granted to this domain. This constructor affords 101: * the Policy provider the opportunity to augment the supplied 102: * PermissionCollection to reflect policy changes.</p> 103: * 104: * @param codesource the CodeSource associated with this domain. 105: * @param permissions the permissions granted to this domain. 106: * @param classloader the ClassLoader associated with this domain. 107: * @param principals the array of Principals associated with this domain. 108: * @since 1.4 109: * @see Policy#refresh() 110: * @see Policy#getPermissions(ProtectionDomain) 111: */ 112: public ProtectionDomain(CodeSource codesource, 113: PermissionCollection permissions, 114: ClassLoader classloader, Principal[] principals) 115: { 116: this(codesource, permissions, classloader, principals, false); 117: } 118: 119: private ProtectionDomain(CodeSource codesource, 120: PermissionCollection permissions, 121: ClassLoader classloader, Principal[] principals, 122: boolean staticBinding) 123: { 124: super(); 125: 126: code_source = codesource; 127: if (permissions != null) 128: { 129: perms = permissions; 130: perms.setReadOnly(); 131: } 132: 133: this.classloader = classloader; 134: this.principals = 135: (principals != null ? (Principal[]) principals.clone() : new Principal[0]); 136: this.staticBinding = staticBinding; 137: } 138: 139: /** 140: * Returns the {@link CodeSource} of this domain. 141: * 142: * @return the {@link CodeSource} of this domain which may be <code>null</code>. 143: * @since 1.2 144: */ 145: public final CodeSource getCodeSource() 146: { 147: return code_source; 148: } 149: 150: /** 151: * Returns the {@link ClassLoader} of this domain. 152: * 153: * @return the {@link ClassLoader} of this domain which may be 154: * <code>null</code>. 155: * @since 1.4 156: */ 157: public final ClassLoader getClassLoader() 158: { 159: return this.classloader; 160: } 161: 162: /** 163: * Returns an array of principals for this domain. 164: * 165: * @return returns a non-null array of principals for this domain. Changes to 166: * this array will have no impact on the <code>ProtectionDomain</code>. 167: * @since 1.4 168: */ 169: public final Principal[] getPrincipals() 170: { 171: return (Principal[]) principals.clone(); 172: } 173: 174: /** 175: * Returns the static permissions granted to this domain. 176: * 177: * @return the static set of permissions for this domain which may be 178: * <code>null</code>. 179: * @see Policy#refresh() 180: * @see Policy#getPermissions(ProtectionDomain) 181: */ 182: public final PermissionCollection getPermissions() 183: { 184: return perms; 185: } 186: 187: /** 188: * <p>Check and see if this <code>ProtectionDomain</code> implies the 189: * permissions expressed in the <code>Permission</code> object.</p> 190: * 191: * <p>The set of permissions evaluated is a function of whether the 192: * <code>ProtectionDomain</code> was constructed with a static set of 193: * permissions or it was bound to a dynamically mapped set of permissions.</p> 194: * 195: * <p>If the <code>ProtectionDomain</code> was constructed to a statically 196: * bound {@link PermissionCollection} then the permission will only be checked 197: * against the {@link PermissionCollection} supplied at construction.</p> 198: * 199: * <p>However, if the <code>ProtectionDomain</code> was constructed with the 200: * constructor variant which supports dynamically binding permissions, then 201: * the permission will be checked against the combination of the 202: * {@link PermissionCollection} supplied at construction and the current 203: * {@link Policy} binding. 204: * 205: * @param permission the {@link Permission} object to check. 206: * @return <code>true</code> if <code>permission</code> is implicit to this 207: * <code>ProtectionDomain</code>. 208: */ 209: public boolean implies(Permission permission) 210: { 211: if (staticBinding) 212: return (perms == null ? false : perms.implies(permission)); 213: // Else dynamically bound. Do we have it? 214: // NOTE: this will force loading of Policy.currentPolicy 215: return Policy.getCurrentPolicy().implies(this, permission); 216: } 217: 218: /** 219: * Convert a <code>ProtectionDomain</code> to a String. 220: * 221: * @return a string representation of the object. 222: */ 223: public String toString() 224: { 225: String linesep = System.getProperty("line.separator"); 226: StringBuffer sb = new StringBuffer("ProtectionDomain (").append(linesep); 227: 228: if (code_source == null) 229: sb.append("CodeSource:null"); 230: else 231: sb.append(code_source); 232: 233: sb.append(linesep); 234: if (classloader == null) 235: sb.append("ClassLoader:null"); 236: else 237: sb.append(classloader); 238: 239: sb.append(linesep); 240: sb.append("Principals:"); 241: if (principals != null && principals.length > 0) 242: { 243: sb.append("["); 244: Principal pal; 245: for (int i = 0; i < principals.length; i++) 246: { 247: pal = principals[i]; 248: sb.append("'").append(pal.getName()) 249: .append("' of type ").append(pal.getClass().getName()); 250: if (i < principals.length-1) 251: sb.append(", "); 252: } 253: sb.append("]"); 254: } 255: else 256: sb.append("none"); 257: 258: sb.append(linesep); 259: if (!staticBinding) // include all but dont force loading Policy.currentPolicy 260: if (Policy.isLoaded()) 261: sb.append(Policy.getCurrentPolicy().getPermissions(this)); 262: else // fallback on this one's permissions 263: sb.append(perms); 264: else 265: sb.append(perms); 266: 267: return sb.append(linesep).append(")").append(linesep).toString(); 268: } 269: }
GNU Classpath (0.19) |