java.security

Class ProtectionDomain


public class ProtectionDomain
extends Object

This ProtectionDomain class encapsulates the characteristics of a domain, which encloses a set of classes whose instances are granted a set of permissions when being executed on behalf of a given set of Principals.

A static set of permissions can be bound to a ProtectionDomain when it is constructed; such permissions are granted to the domain regardless of the Policy in force. However, to support dynamic security policies, a ProtectionDomain can also be constructed such that it is dynamically mapped to a set of permissions by the current Policy whenever a permission is checked.

Constructor Summary

ProtectionDomain(CodeSource codesource, PermissionCollection permissions)
Creates a new ProtectionDomain with the given CodeSource and Permissions.
ProtectionDomain(CodeSource codesource, PermissionCollection permissions, ClassLoader classloader, Principal[] principals)
Creates a new ProtectionDomain qualified by the given CodeSource, Permissions, ClassLoader and array of Principals.

Method Summary

ClassLoader
getClassLoader()
Returns the ClassLoader of this domain.
CodeSource
getCodeSource()
Returns the CodeSource of this domain.
PermissionCollection
getPermissions()
Returns the static permissions granted to this domain.
Principal[]
getPrincipals()
Returns an array of principals for this domain.
boolean
implies(Permission permission)
Check and see if this ProtectionDomain implies the permissions expressed in the Permission object.

The set of permissions evaluated is a function of whether the ProtectionDomain was constructed with a static set of permissions or it was bound to a dynamically mapped set of permissions.

If the ProtectionDomain was constructed to a statically bound PermissionCollection then the permission will only be checked against the PermissionCollection supplied at construction.

However, if the ProtectionDomain was constructed with the constructor variant which supports dynamically binding permissions, then the permission will be checked against the combination of the PermissionCollection supplied at construction and the current Policy binding.

String
toString()
Convert a ProtectionDomain to a String.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ProtectionDomain

public ProtectionDomain(CodeSource codesource,
                        PermissionCollection permissions)
Creates a new ProtectionDomain with the given CodeSource and Permissions. If the permissions object is not null, then setReadOnly() will be called on the passed in Permissions object. The only permissions granted to this domain are the ones specified; the current Policy will not be consulted.
Parameters:
codesource - the codesource associated with this domain.
permissions - the permissions granted to this domain

ProtectionDomain

public ProtectionDomain(CodeSource codesource,
                        PermissionCollection permissions,
                        ClassLoader classloader,
                        Principal[] principals)
Creates a new ProtectionDomain qualified by the given CodeSource, Permissions, ClassLoader and array of Principals. If the permissions object is not null, then setReadOnly() will be called on the passed in Permissions object. The permissions granted to this domain are dynamic; they include both the static permissions passed to this constructor, and any permissions granted to this domain by the current Policy at the time a permission is checked.

This constructor is typically used by ClassLoaders and DomainCombiners which delegate to Policy to actively associate the permissions granted to this domain. This constructor affords the Policy provider the opportunity to augment the supplied PermissionCollection to reflect policy changes.

Parameters:
codesource - the CodeSource associated with this domain.
permissions - the permissions granted to this domain.
classloader - the ClassLoader associated with this domain.
principals - the array of Principals associated with this domain.
Since:
1.4

Method Details

getClassLoader

public final ClassLoader getClassLoader()
Returns the ClassLoader of this domain.
Returns:
the ClassLoader of this domain which may be null.
Since:
1.4

getCodeSource

public final CodeSource getCodeSource()
Returns the CodeSource of this domain.
Returns:
the CodeSource of this domain which may be null.
Since:
1.2

getPermissions

public final PermissionCollection getPermissions()
Returns the static permissions granted to this domain.
Returns:
the static set of permissions for this domain which may be null.

getPrincipals

public final Principal[] getPrincipals()
Returns an array of principals for this domain.
Returns:
returns a non-null array of principals for this domain. Changes to this array will have no impact on the ProtectionDomain.
Since:
1.4

implies

public boolean implies(Permission permission)
Check and see if this ProtectionDomain implies the permissions expressed in the Permission object.

The set of permissions evaluated is a function of whether the ProtectionDomain was constructed with a static set of permissions or it was bound to a dynamically mapped set of permissions.

If the ProtectionDomain was constructed to a statically bound PermissionCollection then the permission will only be checked against the PermissionCollection supplied at construction.

However, if the ProtectionDomain was constructed with the constructor variant which supports dynamically binding permissions, then the permission will be checked against the combination of the PermissionCollection supplied at construction and the current Policy binding.

Parameters:
permission - the Permission object to check.
Returns:
true if permission is implicit to this ProtectionDomain.

toString

public String toString()
Convert a ProtectionDomain to a String.
Overrides:
toString in interface Object
Returns:
a string representation of the object.

ProtectionDomain.java -- A security domain Copyright (C) 1998, 2003, 2004 Free Software Foundation, Inc. This file is part of GNU Classpath. GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Classpath; see the file COPYING. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.