API Overview API Index Package Overview Direct link to this page
JDK 1.6
  java.security. ProtectionDomain View Javadoc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384

/*
 * @(#)ProtectionDomain.java	1.47 05/11/17
 *
 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
 * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
 */
 
package java.security;

import java.util.Enumeration;
import java.util.List;
import java.util.ArrayList;
import sun.security.util.Debug;
import sun.security.util.SecurityConstants;

/** 
 *
 *<p>
 * This ProtectionDomain class encapsulates the characteristics of a domain,
 * which encloses a set of classes whose instances are granted a set 
 * of permissions when being executed on behalf of a given set of Principals.
 * <p>
 * A static set of permissions can be bound to a ProtectionDomain when it is
 * constructed; such permissions are granted to the domain regardless of the
 * Policy in force. However, to support dynamic security policies, a
 * ProtectionDomain can also be constructed such that it is dynamically
 * mapped to a set of permissions by the current Policy whenever a permission
 * is checked.
 * <p>
 * 
 * @version 	1.47, 11/17/05
 * @author Li Gong 
 * @author Roland Schemers
 * @author Gary Ellison
 */

public class ProtectionDomain {

    /* CodeSource */
    private CodeSource codesource ;

    /* ClassLoader the protection domain was consed from */
    private ClassLoader classloader;

    /* Principals running-as within this protection domain */
    private Principal[] principals;

    /* the rights this protection domain is granted */
    private PermissionCollection permissions;

    /* if the permissions object has AllPermission */
    private boolean hasAllPerm = false;

    /* the PermissionCollection is static (pre 1.4 constructor)
       or dynamic (via a policy refresh) */
    private boolean staticPermissions;

    private static final Debug debug = Debug.getInstance("domain");

    /**
     * Creates a new ProtectionDomain with the given CodeSource and
     * Permissions. If the permissions object is not null, then
     *  <code>setReadOnly())</code> will be called on the passed in
     * Permissions object. The only permissions granted to this domain
     * are the ones specified; the current Policy will not be consulted.
     *
     * @param codesource the codesource associated with this domain
     * @param permissions the permissions granted to this domain
     */
    public ProtectionDomain(CodeSource codesource,
			    PermissionCollection permissions) {
	this.codesource = codesource;
	if (permissions != null) {
	    this.permissions = permissions;
	    this.permissions.setReadOnly();
	    if (permissions instanceof Permissions &&
		((Permissions)permissions).allPermission != null) {
		hasAllPerm = true;
	    }
	}
	this.classloader = null;
	this.principals = new Principal[0];
	staticPermissions = true;
    }

    /**
     * Creates a new ProtectionDomain qualified by the given CodeSource,
     * Permissions, ClassLoader and array of Principals. If the
     * permissions object is not null, then <code>setReadOnly()</code>
     * will be called on the passed in Permissions object.
     * The permissions granted to this domain are dynamic; they include
     * both the static permissions passed to this constructor, and any
     * permissions granted to this domain by the current Policy at the
     * time a permission is checked.
     * <p>
     * This constructor is typically used by
     * {@link SecureClassLoader ClassLoaders}
     * and {@link DomainCombiner DomainCombiners} which delegate to 
     * <code>Policy</code> to actively associate the permissions granted to
     * this domain. This constructor affords the
     * Policy provider the opportunity to augment the supplied
     * PermissionCollection to reflect policy changes.
     * <p>
     *
     * @param codesource the CodeSource associated with this domain
     * @param permissions the permissions granted to this domain
     * @param classloader the ClassLoader associated with this domain
     * @param principals the array of Principals associated with this 
     * domain. The contents of the array are copied to protect against 
     * subsequent modification.
     * @see Policy#refresh
     * @see Policy#getPermissions(ProtectionDomain)
     * @since 1.4
     */
    public ProtectionDomain(CodeSource codesource,
			    PermissionCollection permissions,
			    ClassLoader classloader,
			    Principal[] principals) {
	this.codesource = codesource;
	if (permissions != null) {
	    this.permissions = permissions;
	    this.permissions.setReadOnly();
	    if (permissions instanceof Permissions &&
		((Permissions)permissions).allPermission != null) {
		hasAllPerm = true;
	    }
	}
	this.classloader = classloader;
	this.principals = (principals != null ?
			   (Principal[])principals.clone():
			   new Principal[0]);
	staticPermissions = false;
    }

    /**
     * Returns the CodeSource of this domain.
     * @return the CodeSource of this domain which may be null.
     * @since 1.2
     */
    public final CodeSource getCodeSource() {
	return this.codesource;
    }


    /**
     * Returns the ClassLoader of this domain.
     * @return the ClassLoader of this domain which may be null.
     *
     * @since 1.4
     */
    public final ClassLoader getClassLoader() {
	return this.classloader;
    }


    /**
     * Returns an array of principals for this domain.
     * @return a non-null array of principals for this domain.
     * Returns a new array each time this method is called.
     *
     * @since 1.4
     */
    public final Principal[] getPrincipals() {
	return (Principal[])this.principals.clone();
    }

    /** 
     * Returns the static permissions granted to this domain. 
     * 
     * @return the static set of permissions for this domain which may be null.
     * @see Policy#refresh
     * @see Policy#getPermissions(ProtectionDomain)
     */
    public final PermissionCollection getPermissions() {
	return permissions;
    }

    /**
     * Check and see if this ProtectionDomain implies the permissions 
     * expressed in the Permission object. 
     * <p>
     * The set of permissions evaluated is a function of whether the
     * ProtectionDomain was constructed with a static set of permissions
     * or it was bound to a dynamically mapped set of permissions.
     * <p>
     * If the ProtectionDomain was constructed to a 
     * {@link #ProtectionDomain(CodeSource, PermissionCollection)
     * statically bound} PermissionCollection then the permission will
     * only be checked against the PermissionCollection supplied at
     * construction.
     * <p>
     * However, if the ProtectionDomain was constructed with
     * the constructor variant which supports 
     * {@link #ProtectionDomain(CodeSource, PermissionCollection,
     * ClassLoader, java.security.Principal[]) dynamically binding}
     * permissions, then the permission will be checked against the
     * combination of the PermissionCollection supplied at construction and
     * the current Policy binding.
     * <p>
     *
     * @param permission the Permission object to check.
     *
     * @return true if "permission" is implicit to this ProtectionDomain.
     */
    public boolean implies(Permission permission) {

	if (hasAllPerm) {
	    // internal permission collection already has AllPermission -
	    // no need to go to policy
	    return true;
	}

	if (!staticPermissions && 
	    Policy.getPolicyNoCheck().implies(this, permission))
	    return true;
	if (permissions != null) 
	    return permissions.implies(permission);

	return false;
    }

    /**
     * Convert a ProtectionDomain to a String.
     */
    public String toString() {
	String pals = "<no principals>";
	if (principals != null && principals.length > 0) {
	    StringBuilder palBuf = new StringBuilder("(principals ");
	    
	    for (int i = 0; i < principals.length; i++) {
		palBuf.append(principals[i].getClass().getName() +
			    " \"" + principals[i].getName() +
			    "\"");
		if (i < principals.length-1)
		    palBuf.append(",\n");
		else
		    palBuf.append(")\n");
	    }
	    pals = palBuf.toString();
	}

	// Check if policy is set; we don't want to load
	// the policy prematurely here	
	PermissionCollection pc = Policy.isSet() && seeAllp() ?
				      mergePermissions():
	                              getPermissions();

 	return "ProtectionDomain "+
 	    " "+codesource+"\n"+
 	    " "+classloader+"\n"+
 	    " "+pals+"\n"+
	    " "+pc+"\n"; 
    }

    /**
     * Return true (merge policy permissions) in the following cases:
     *
     * . SecurityManager is null
     *
     * . SecurityManager is not null,
     *		debug is not null,
     *		SecurityManager impelmentation is in bootclasspath,
     *		Policy implementation is in bootclasspath
     *		(the bootclasspath restrictions avoid recursion)
     *
     * . SecurityManager is not null,
     *		debug is null,
     *		caller has Policy.getPolicy permission
     */
    private static boolean seeAllp() {
	SecurityManager sm = System.getSecurityManager();

	if (sm == null) {
	    return true;
	} else {
	    if (debug != null) {
		if (sm.getClass().getClassLoader() == null &&
		    Policy.getPolicyNoCheck().getClass().getClassLoader()
								== null) {
		    return true;
		}
	    } else {
		try {
		    sm.checkPermission(SecurityConstants.GET_POLICY_PERMISSION);
		    return true;
		} catch (SecurityException se) {
		    // fall thru and return false
		}
	    }
	}

	return false;
    }

    private PermissionCollection mergePermissions() {
	if (staticPermissions)
	    return permissions;
	
        PermissionCollection perms = (PermissionCollection)
            java.security.AccessController.doPrivileged
            (new java.security.PrivilegedAction() {
                    public Object run() {
                        Policy p = Policy.getPolicyNoCheck();
                        return p.getPermissions(ProtectionDomain.this);
                    }
                });
	
	Permissions mergedPerms = new Permissions();
	int swag = 32;
	int vcap = 8;       
	Enumeration e;
	List pdVector = new ArrayList(vcap);
	List plVector = new ArrayList(swag);
            
	//
	// Build a vector of domain permissions for subsequent merge
	if (permissions != null) {
	    synchronized (permissions) {
		e = permissions.elements();
		while (e.hasMoreElements()) {
		    Permission p = (Permission)e.nextElement();
		    pdVector.add(p);
		}
	    }
	}

	//
	// Build a vector of Policy permissions for subsequent merge
	if (perms != null) {
	    synchronized (perms) {
		e = perms.elements();
		while (e.hasMoreElements()) {
		    plVector.add(e.nextElement());
		    vcap++;
		}
	    }
	}

	if (perms != null && permissions != null) {
	    //
	    // Weed out the duplicates from the policy. Unless a refresh
	    // has occured since the pd was consed this should result in
	    // an empty vector.
	    synchronized (permissions) {
		e = permissions.elements();   // domain vs policy
		while (e.hasMoreElements()) {
		    Permission pdp = (Permission)e.nextElement();
		    Class pdpClass = pdp.getClass();
		    String pdpActions = pdp.getActions();
		    String pdpName = pdp.getName();
		    for (int i = 0; i < plVector.size(); i++) {
			Permission pp = (Permission) plVector.get(i);
			if (pdpClass.isInstance(pp)) {
			    // The equals() method on some permissions
			    // have some side effects so this manual 
			    // comparison is sufficient.
			    if (pdpName.equals(pp.getName()) &&
				pdpActions.equals(pp.getActions())) {
				plVector.remove(i);
				break;
			    } 
			}
		    }
		}
	    }
	}
                
	if (perms !=null) {
	    // the order of adding to merged perms and permissions
	    // needs to preserve the bugfix 4301064
                
	    for (int i = plVector.size()-1; i >= 0; i--) {
		mergedPerms.add((Permission)plVector.get(i));
	    }
	}
	if (permissions != null) {
	    for (int i = pdVector.size()-1; i >= 0; i--) {
		mergedPerms.add((Permission)pdVector.get(i));
	    }
	}

	return mergedPerms;
    }
}

Generated By: JavaOnTracks Doclet 0.1.4     ©Thibaut Colar