GNU Classpath (0.20) | |
Frames | No Frames |
1: /* ProtectionDomain.java -- A security domain 2: Copyright (C) 1998, 2003, 2004 Free Software Foundation, Inc. 3: 4: This file is part of GNU Classpath. 5: 6: GNU Classpath is free software; you can redistribute it and/or modify 7: it under the terms of the GNU General Public License as published by 8: the Free Software Foundation; either version 2, or (at your option) 9: any later version. 10: 11: GNU Classpath is distributed in the hope that it will be useful, but 12: WITHOUT ANY WARRANTY; without even the implied warranty of 13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14: General Public License for more details. 15: 16: You should have received a copy of the GNU General Public License 17: along with GNU Classpath; see the file COPYING. If not, write to the 18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 19: 02110-1301 USA. 20: 21: Linking this library statically or dynamically with other modules is 22: making a combined work based on this library. Thus, the terms and 23: conditions of the GNU General Public License cover the whole 24: combination. 25: 26: As a special exception, the copyright holders of this library give you 27: permission to link this library with independent modules to produce an 28: executable, regardless of the license terms of these independent 29: modules, and to copy and distribute the resulting executable under 30: terms of your choice, provided that you also meet, for each linked 31: independent module, the terms and conditions of the license of that 32: module. An independent module is a module which is not derived from 33: or based on this library. If you modify this library, you may extend 34: this exception to your version of the library, but you are not 35: obligated to do so. If you do not wish to do so, delete this 36: exception statement from your version. */ 37: 38: package java.security; 39: 40: import gnu.classpath.SystemProperties; 41: 42: /** 43: * <p>This <code>ProtectionDomain</code> class encapsulates the characteristics 44: * of a domain, which encloses a set of classes whose instances are granted a 45: * set of permissions when being executed on behalf of a given set of 46: * <i>Principals</i>. 47: * 48: * <p>A static set of permissions can be bound to a <code>ProtectionDomain</code> 49: * when it is constructed; such permissions are granted to the domain regardless 50: * of the {@link Policy} in force. However, to support dynamic security 51: * policies, a <code>ProtectionDomain</code> can also be constructed such that 52: * it is dynamically mapped to a set of permissions by the current {@link 53: * Policy} whenever a permission is checked.</p> 54: * 55: * @author Aaron M. Renn (arenn@urbanophile.com) 56: * @version 0.0 57: */ 58: public class ProtectionDomain 59: { 60: /** This is the <code>CodeSource</code> for this protection domain. */ 61: private CodeSource code_source; 62: 63: /** This is the set of permissions granted to this domain. */ 64: private PermissionCollection perms; 65: 66: /** The {@link ClassLoader} associated with this domain. */ 67: private ClassLoader classloader; 68: 69: /** The array of Principals associated with this domain.. */ 70: private Principal[] principals; 71: 72: /** Post 1.4 the policy may be refreshed! use false for pre 1.4. */ 73: private boolean staticBinding; 74: 75: /** 76: * Creates a new <code>ProtectionDomain</code> with the given {@link 77: * CodeSource} and {@link Permissions}. If the permissions object is not 78: * <code>null</code>, then <code>setReadOnly()</code> will be called on the 79: * passed in {@link Permissions} object. The only permissions granted to this 80: * domain are the ones specified; the current {@link Policy} will not be 81: * consulted. 82: * 83: * @param codesource the codesource associated with this domain. 84: * @param permissions the permissions granted to this domain 85: */ 86: public ProtectionDomain(CodeSource codesource, PermissionCollection permissions) 87: { 88: this(codesource, permissions, null, null, true); 89: } 90: 91: /** 92: * <p>Creates a new ProtectionDomain qualified by the given CodeSource, 93: * Permissions, ClassLoader and array of Principals. If the permissions 94: * object is not null, then <code>setReadOnly()</code> will be called on the 95: * passed in Permissions object. The permissions granted to this domain are 96: * dynamic; they include both the static permissions passed to this 97: * constructor, and any permissions granted to this domain by the current 98: * Policy at the time a permission is checked.</p> 99: * 100: * <p>This constructor is typically used by {@link ClassLoader}s and {@link 101: * DomainCombiner}s which delegate to <code>Policy</code> to actively 102: * associate the permissions granted to this domain. This constructor affords 103: * the Policy provider the opportunity to augment the supplied 104: * PermissionCollection to reflect policy changes.</p> 105: * 106: * @param codesource the CodeSource associated with this domain. 107: * @param permissions the permissions granted to this domain. 108: * @param classloader the ClassLoader associated with this domain. 109: * @param principals the array of Principals associated with this domain. 110: * @since 1.4 111: * @see Policy#refresh() 112: * @see Policy#getPermissions(ProtectionDomain) 113: */ 114: public ProtectionDomain(CodeSource codesource, 115: PermissionCollection permissions, 116: ClassLoader classloader, Principal[] principals) 117: { 118: this(codesource, permissions, classloader, principals, false); 119: } 120: 121: private ProtectionDomain(CodeSource codesource, 122: PermissionCollection permissions, 123: ClassLoader classloader, Principal[] principals, 124: boolean staticBinding) 125: { 126: super(); 127: 128: code_source = codesource; 129: if (permissions != null) 130: { 131: perms = permissions; 132: perms.setReadOnly(); 133: } 134: 135: this.classloader = classloader; 136: this.principals = 137: (principals != null ? (Principal[]) principals.clone() : new Principal[0]); 138: this.staticBinding = staticBinding; 139: } 140: 141: /** 142: * Returns the {@link CodeSource} of this domain. 143: * 144: * @return the {@link CodeSource} of this domain which may be <code>null</code>. 145: * @since 1.2 146: */ 147: public final CodeSource getCodeSource() 148: { 149: return code_source; 150: } 151: 152: /** 153: * Returns the {@link ClassLoader} of this domain. 154: * 155: * @return the {@link ClassLoader} of this domain which may be 156: * <code>null</code>. 157: * @since 1.4 158: */ 159: public final ClassLoader getClassLoader() 160: { 161: return this.classloader; 162: } 163: 164: /** 165: * Returns an array of principals for this domain. 166: * 167: * @return returns a non-null array of principals for this domain. Changes to 168: * this array will have no impact on the <code>ProtectionDomain</code>. 169: * @since 1.4 170: */ 171: public final Principal[] getPrincipals() 172: { 173: return (Principal[]) principals.clone(); 174: } 175: 176: /** 177: * Returns the static permissions granted to this domain. 178: * 179: * @return the static set of permissions for this domain which may be 180: * <code>null</code>. 181: * @see Policy#refresh() 182: * @see Policy#getPermissions(ProtectionDomain) 183: */ 184: public final PermissionCollection getPermissions() 185: { 186: return perms; 187: } 188: 189: /** 190: * <p>Check and see if this <code>ProtectionDomain</code> implies the 191: * permissions expressed in the <code>Permission</code> object.</p> 192: * 193: * <p>The set of permissions evaluated is a function of whether the 194: * <code>ProtectionDomain</code> was constructed with a static set of 195: * permissions or it was bound to a dynamically mapped set of permissions.</p> 196: * 197: * <p>If the <code>ProtectionDomain</code> was constructed to a statically 198: * bound {@link PermissionCollection} then the permission will only be checked 199: * against the {@link PermissionCollection} supplied at construction.</p> 200: * 201: * <p>However, if the <code>ProtectionDomain</code> was constructed with the 202: * constructor variant which supports dynamically binding permissions, then 203: * the permission will be checked against the combination of the 204: * {@link PermissionCollection} supplied at construction and the current 205: * {@link Policy} binding. 206: * 207: * @param permission the {@link Permission} object to check. 208: * @return <code>true</code> if <code>permission</code> is implicit to this 209: * <code>ProtectionDomain</code>. 210: */ 211: public boolean implies(Permission permission) 212: { 213: if (staticBinding) 214: return (perms == null ? false : perms.implies(permission)); 215: // Else dynamically bound. Do we have it? 216: // NOTE: this will force loading of Policy.currentPolicy 217: return Policy.getCurrentPolicy().implies(this, permission); 218: } 219: 220: /** 221: * Convert a <code>ProtectionDomain</code> to a String. 222: * 223: * @return a string representation of the object. 224: */ 225: public String toString() 226: { 227: String linesep = SystemProperties.getProperty("line.separator"); 228: StringBuffer sb = new StringBuffer("ProtectionDomain (").append(linesep); 229: 230: if (code_source == null) 231: sb.append("CodeSource:null"); 232: else 233: sb.append(code_source); 234: 235: sb.append(linesep); 236: if (classloader == null) 237: sb.append("ClassLoader:null"); 238: else 239: sb.append(classloader); 240: 241: sb.append(linesep); 242: sb.append("Principals:"); 243: if (principals != null && principals.length > 0) 244: { 245: sb.append("["); 246: Principal pal; 247: for (int i = 0; i < principals.length; i++) 248: { 249: pal = principals[i]; 250: sb.append("'").append(pal.getName()) 251: .append("' of type ").append(pal.getClass().getName()); 252: if (i < principals.length-1) 253: sb.append(", "); 254: } 255: sb.append("]"); 256: } 257: else 258: sb.append("none"); 259: 260: sb.append(linesep); 261: if (!staticBinding) // include all but dont force loading Policy.currentPolicy 262: if (Policy.isLoaded()) 263: sb.append(Policy.getCurrentPolicy().getPermissions(this)); 264: else // fallback on this one's permissions 265: sb.append(perms); 266: else 267: sb.append(perms); 268: 269: return sb.append(linesep).append(")").append(linesep).toString(); 270: } 271: }
GNU Classpath (0.20) |