net.jini.jeri
Class BasicJeriTrustVerifier

java.lang.Object
  extended by net.jini.jeri.BasicJeriTrustVerifier
All Implemented Interfaces:
TrustVerifier

public class BasicJeriTrustVerifier
extends Object
implements TrustVerifier

Trust verifier for dynamic proxies and object endpoints used in Jini extensible remote invocation (Jini ERI). This class is intended to be specified in a resource to configure the operation of Security.verifyObjectTrust.

Since:
2.0
Author:
Sun Microsystems, Inc.

Nested Class Summary
 
Nested classes/interfaces inherited from interface net.jini.security.TrustVerifier
TrustVerifier.Context
 
Constructor Summary
BasicJeriTrustVerifier()
          Creates an instance.
 
Method Summary
protected static boolean checkInvocationHandlerContent(BasicInvocationHandler handler, TrustVerifier.Context ctx)
          Returns true if the specified invocation handler's constraints and object endpoint are trusted; returns false otherwise.
protected  boolean hasTrustedClassLoader(Object proxy, TrustVerifier.Context ctx)
          Returns true if the class loader of the specified dynamic proxy's class is trusted by this verifier; returns false otherwise.
protected  boolean hasTrustedProxyClass(Object proxy, TrustVerifier.Context ctx)
          Returns true if the specified dynamic proxy's class is trusted by this verifier; returns false otherwise.
protected  boolean isTrustedInvocationHandler(InvocationHandler handler, TrustVerifier.Context ctx)
          Returns true if the specified invocation handler is trusted by this trust verifier; returns false otherwise.
 boolean isTrustedObject(Object obj, TrustVerifier.Context ctx)
          Returns true if the specified object is a trusted Jini ERI dynamic proxy or a trusted Jini ERI object endpoint; returns false otherwise.
protected  boolean isTrustedProxyInterface(Class intf, TrustVerifier.Context ctx)
          Returns true if the specified dynamic proxy interface is trusted by this verifier; returns false otherwise.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BasicJeriTrustVerifier

public BasicJeriTrustVerifier()
Creates an instance.

Method Detail

isTrustedObject

public boolean isTrustedObject(Object obj,
                               TrustVerifier.Context ctx)
                        throws RemoteException
Returns true if the specified object is a trusted Jini ERI dynamic proxy or a trusted Jini ERI object endpoint; returns false otherwise.

For the purposes of this verifier, the specified object is a trusted Jini ERI dynamic proxy if all of the following are true:

For the purposes of this verifier, the specified object is a trusted Jini ERI object endpoint if the object is an instance of BasicObjectEndpoint and its transport endpoint is trusted; that is, calling the specified context's isTrustedObject method with the transport endpoint returns true.

Specified by:
isTrustedObject in interface TrustVerifier
Parameters:
obj - the object in which to verify trust
ctx - the trust verifier context, to aid in verification of the specified object and its components
Returns:
true if the specified object is known to be trusted to correctly implement its contract; false otherwise
Throws:
SecurityException - if a security exception occurs
NullPointerException - if any argument is null
RemoteException - if a communication-related exception occurs

hasTrustedProxyClass

protected boolean hasTrustedProxyClass(Object proxy,
                                       TrustVerifier.Context ctx)
                                throws RemoteException
Returns true if the specified dynamic proxy's class is trusted by this verifier; returns false otherwise. The isTrustedObject method calls this method to verify that the proxy's class is trusted.

BasicJeriTrustVerifier implements this method to return true if all of the following are true:

A subclass can override this method to augment the set of trusted proxy classes for Jini ERI proxies.

Parameters:
proxy - the dynamic proxy
ctx - the trust verifier context, to aid in verification of the specified proxy's class
Returns:
true if the specified dynamic proxy's class is trusted by this verifier; returns false otherwise
Throws:
RemoteException - if a communication-related exception occurs
SecurityException - if a security exception occurs
NullPointerException - if any argument is null
Since:
2.1

hasTrustedClassLoader

protected boolean hasTrustedClassLoader(Object proxy,
                                        TrustVerifier.Context ctx)
                                 throws RemoteException
Returns true if the class loader of the specified dynamic proxy's class is trusted by this verifier; returns false otherwise. The default implementation of hasTrustedProxyClass calls this method to verify that the proxy's class loader is trusted.

BasicJeriTrustVerifier implements this method to return true if the specified proxy is an instance of a dynamic proxy class and the class loader of the specified proxy's class is either equal to or an ancestor of the class loader returned by the trust verifier context's getClassLoader method (or the current context class loader, if that method returns null).

A subclass can override this method to augment the set of trusted loaders for Jini ERI proxies.

Parameters:
proxy - the dynamic proxy
ctx - the trust verifier context, to aid in verification of the class loader of the specified proxy's class
Returns:
true if the class loader of the specified dynamic proxy's class is trusted by this verifier; returns false otherwise
Throws:
RemoteException - if a communication-related exception occurs
SecurityException - if a security exception occurs
IllegalArgumentException - if the proxy is not an instance of a dynamic proxy class
NullPointerException - if any argument is null
Since:
2.1

isTrustedProxyInterface

protected boolean isTrustedProxyInterface(Class intf,
                                          TrustVerifier.Context ctx)
                                   throws RemoteException
Returns true if the specified dynamic proxy interface is trusted by this verifier; returns false otherwise. The default implementation of hasTrustedProxyClass calls this method to verify that the dynamic proxy's interfaces are trusted.

BasicJeriTrustVerifier implements this method to return true if the specified class is RemoteMethodControl, TrustEquivalence, or a well-formed remote interface (one that extends Remote and for which all methods declare RemoteException or a superclass in their throws clause).

A subclass can override this method to augment the set of trusted proxy interfaces for Jini ERI proxies.

Parameters:
intf - the dynamic proxy interface
ctx - the trust verifier context, to aid in verification of the specified proxy interface
Returns:
true if the specified dynamic proxy interface is trusted by this verifier; returns false otherwise
Throws:
RemoteException - if a communication-related exception occurs
SecurityException - if a security exception occurs
NullPointerException - if any argument is null
Since:
2.1

isTrustedInvocationHandler

protected boolean isTrustedInvocationHandler(InvocationHandler handler,
                                             TrustVerifier.Context ctx)
                                      throws RemoteException
Returns true if the specified invocation handler is trusted by this trust verifier; returns false otherwise. The isTrustedObject method calls this method to verify trust in the invocation handler.

BasicJeriTrustVerifier implements this method to return true if all of the following are true:

A subclass can override this method to verify that the invocation handler's class is a trusted subclass of BasicInvocationHandler and to verify the contents of the invocation handler. A subclass implementation of this method can invoke the checkInvocationHandlerContent static utility method to verify that the invocation handler's constraints and object endpoint are trusted.

Parameters:
handler - the invocation handler
ctx - the trust verifier context, to aid in verification of the specified handler
Returns:
true if the specified invocation handler is trusted by this trust verifier; returns false otherwise
Throws:
RemoteException - if a communication-related exception occurs
SecurityException - if a security exception occurs
NullPointerException - if any argument is null
Since:
2.1

checkInvocationHandlerContent

protected static boolean checkInvocationHandlerContent(BasicInvocationHandler handler,
                                                       TrustVerifier.Context ctx)
                                                throws RemoteException
Returns true if the specified invocation handler's constraints and object endpoint are trusted; returns false otherwise. The isTrustedInvocationHandler method calls this utility method to check that the invocation handler's constraints and object endpoint are trusted.

The specified invocation handler's constraints and object endpoint are trusted if all of the following are true:

Parameters:
handler - the invocation handler
ctx - the trust verifier context, to aid in verification of the specified handler
Returns:
true if the specified invocation handler's constraints and object endpoint are trusted by this method; returns false otherwise
Throws:
RemoteException - if a communication-related exception occurs
SecurityException - if a security exception occurs
NullPointerException - if any argument is null
Since:
2.1


Copyright 2007, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.