/* ProtectionDomain.java -- A security domain
- Copyright (C) 1998 Free Software Foundation, Inc.
+ Copyright (C) 1998, 2003, Free Software Foundation, Inc.
This file is part of GNU Classpath.
package java.security;
/**
- * This class represents a group of classes, along with the permissions
- * they are granted. The classes are identified by a <code>CodeSource</code>.
- * Thus, any class loaded from the specified <code>CodeSource</code> is
- * treated as part of this domain. The set of permissions is represented
- * by a <code>PermissionCollection</code>.
- * <p>
- * Every class in the system will belong to one and only one
- * <code>ProtectionDomain</code>.
+ * <p>This <code>ProtectionDomain</code> class encapsulates the characteristics
+ * of a domain, which encloses a set of classes whose instances are granted a
+ * set of permissions when being executed on behalf of a given set of
+ * <i>Principals</i>.
*
- * @version 0.0
+ * <p>A static set of permissions can be bound to a <code>ProtectionDomain</code>
+ * when it is constructed; such permissions are granted to the domain regardless
+ * of the {@link Policy} in force. However, to support dynamic security
+ * policies, a <code>ProtectionDomain</code> can also be constructed such that
+ * it is dynamically mapped to a set of permissions by the current {@link
+ * Policy} whenever a permission is checked.</p>
*
* @author Aaron M. Renn (arenn@urbanophile.com)
+ * @version 0.0
*/
public class ProtectionDomain
{
- /**
- * This is the <code>CodeSource</code> for this protection domain
- */
+ /** This is the <code>CodeSource</code> for this protection domain. */
private CodeSource code_source;
+ /** This is the set of permissions granted to this domain. */
+ private PermissionCollection perms;
+
+ /** The {@link ClassLoader} associated with this domain. */
+ private ClassLoader classloader;
+
+ /** The array of Principals associated with this domain.. */
+ private Principal[] principals;
+
+ /** Post 1.4 the policy may be refreshed! use false for pre 1.4. */
+ private boolean staticBinding;
+
/**
- * This is the set of permissions granted to this domain
+ * Creates a new <code>ProtectionDomain</code> with the given {@link
+ * CodeSource} and {@link Permissions}. If the permissions object is not
+ * <code>null</code>, then <code>setReadOnly()</code> will be called on the
+ * passed in {@link Permissions} object. The only permissions granted to this
+ * domain are the ones specified; the current {@link Policy} will not be
+ * consulted.
+ *
+ * @param codesource the codesource associated with this domain.
+ * @param permissions the permissions granted to this domain
*/
- private PermissionCollection perms;
+ public ProtectionDomain(CodeSource codesource, PermissionCollection permissions)
+ {
+ this(codesource, permissions, null, null, false);
+ }
/**
- * This method initializes a new instance of <code>ProtectionDomain</code>
- * representing the specified <code>CodeSource</code> and permission set.
- * No permissions may be added to the <code>PermissionCollection</code>
- * and this contructor will call the <code>setReadOnly</code> method on
- * the specified permission set.
+ * <p>Creates a new ProtectionDomain qualified by the given CodeSource,
+ * Permissions, ClassLoader and array of Principals. If the permissions
+ * object is not null, then <code>setReadOnly()</code> will be called on the
+ * passed in Permissions object. The permissions granted to this domain are
+ * dynamic; they include both the static permissions passed to this
+ * constructor, and any permissions granted to this domain by the current
+ * Policy at the time a permission is checked.</p>
*
- * @param code_source The <code>CodeSource</code> for this domain
- * @param perms The permission set for this domain
+ * <p>This constructor is typically used by {@link ClassLoader}s and {@link
+ * DomainCombiner}s which delegate to <code>Policy</code> to actively
+ * associate the permissions granted to this domain. This constructor affords
+ * the Policy provider the opportunity to augment the supplied
+ * PermissionCollection to reflect policy changes.</p>
*
- * @see java.security.PermissionCollection#setReadOnly()
- */
- public ProtectionDomain(CodeSource code_source, PermissionCollection perms)
+ * @param codesource the CodeSource associated with this domain.
+ * @param permissions the permissions granted to this domain.
+ * @param classloader the ClassLoader associated with this domain.
+ * @param principals the array of Principals associated with this domain.
+ * @since 1.4
+ * @see Policy#refresh()
+ * @see Policy#getPermissions(ProtectionDomain)
+ */
+ public ProtectionDomain(CodeSource codesource,
+ PermissionCollection permissions,
+ ClassLoader classloader, Principal[] principals)
{
- this.code_source = code_source;
- this.perms = perms;
- if (perms != null)
- perms.setReadOnly();
+ this(codesource, permissions, classloader, principals, false);
+ }
+
+ private ProtectionDomain(CodeSource codesource,
+ PermissionCollection permissions,
+ ClassLoader classloader, Principal[] principals,
+ boolean staticBinding)
+ {
+ super();
+
+ code_source = codesource;
+ if (permissions != null)
+ {
+ perms = permissions;
+ perms.setReadOnly();
+ }
+
+ this.classloader = classloader;
+ this.principals =
+ (principals != null ? (Principal[]) principals.clone() : new Principal[0]);
+ this.staticBinding = staticBinding;
}
/**
- * This method returns the <code>CodeSource</code> for this domain.
- *
- * @return This domain's <code>CodeSource</code>.
+ * Returns the {@link CodeSource} of this domain.
+ *
+ * @return the {@link CodeSource} of this domain which may be <code>null</code>.
+ * @since 1.2
*/
public final CodeSource getCodeSource()
{
}
/**
- * This method returns the set of permissions granted to this domain.
+ * Returns the {@link ClassLoader} of this domain.
*
- * @return The permission set for this domain
+ * @return the {@link ClassLoader} of this domain which may be
+ * <code>null</code>.
+ * @since 1.4
+ */
+ public final ClassLoader getClassLoader()
+ {
+ return this.classloader;
+ }
+
+ /**
+ * Returns an array of principals for this domain.
+ *
+ * @return returns a non-null array of principals for this domain. Changes to
+ * this array will have no impact on the <code>ProtectionDomain</code>.
+ * @since 1.4
+ */
+ public final Principal[] getPrincipals()
+ {
+ return (Principal[]) principals.clone();
+ }
+
+ /**
+ * Returns the static permissions granted to this domain.
+ *
+ * @return the static set of permissions for this domain which may be
+ * <code>null</code>.
+ * @see Policy#refresh()
+ * @see Policy#getPermissions(ProtectionDomain)
*/
public final PermissionCollection getPermissions()
{
}
/**
- * This method tests whether or not the specified <code>Permission</code> is
- * implied by the set of permissions granted to this domain.
+ * <p>Check and see if this <code>ProtectionDomain</code> implies the
+ * permissions expressed in the <code>Permission</code> object.</p>
+ *
+ * <p>The set of permissions evaluated is a function of whether the
+ * <code>ProtectionDomain</code> was constructed with a static set of
+ * permissions or it was bound to a dynamically mapped set of permissions.</p>
*
- * @param perm The <code>Permission</code> to test.
+ * <p>If the <code>ProtectionDomain</code> was constructed to a statically
+ * bound {@link PermissionCollection} then the permission will only be checked
+ * against the {@link PermissionCollection} supplied at construction.</p>
*
- * @return <code>true</code> if the specified <code>Permission</code> is implied for this domain, <code>false</code> otherwise.
+ * <p>However, if the <code>ProtectionDomain</code> was constructed with the
+ * constructor variant which supports dynamically binding permissions, then
+ * the permission will be checked against the combination of the
+ * {@link PermissionCollection} supplied at construction and the current
+ * {@link Policy} binding.
+ *
+ * @param permission the {@link Permission} object to check.
+ * @return <code>true</code> if <code>permission</code> is implicit to this
+ * <code>ProtectionDomain</code>.
*/
- public boolean implies(Permission perm)
+ public boolean implies(Permission permission)
{
- PermissionCollection pc = getPermissions();
- if (pc == null)
- return (false);
-
- return (pc.implies(perm));
+ if (staticBinding)
+ return (perms == null ? false : perms.implies(permission));
+ // Else dynamically bound. Do we have it?
+ // NOTE: this will force loading of Policy.currentPolicy
+ return Policy.getCurrentPolicy().implies(this, permission);
}
/**
- * This method returns a <code>String</code> representation of this
- * object. It will print the <code>CodeSource</code> and
- * permission set associated with this domain.
+ * Convert a <code>ProtectionDomain</code> to a String.
*
- * @return A <code>String</code> representation of this object.
+ * @return a string representation of the object.
*/
public String toString()
{
String linesep = System.getProperty("line.separator");
- StringBuffer sb = new StringBuffer("");
- sb.append("ProtectionDomain (" + linesep);
+ StringBuffer sb = new StringBuffer("ProtectionDomain (").append(linesep);
+
if (code_source == null)
- sb.append("CodeSource:null" + linesep);
+ sb.append("CodeSource:null");
+ else
+ sb.append(code_source);
+
+ sb.append(linesep);
+ if (classloader == null)
+ sb.append("ClassLoader:null");
else
- sb.append(code_source + linesep);
- sb.append(perms);
- sb.append(linesep + ")" + linesep);
-
- return sb.toString();
+ sb.append(classloader);
+
+ sb.append(linesep);
+ sb.append("Principals:");
+ if (principals != null && principals.length > 0)
+ {
+ sb.append("[");
+ Principal pal;
+ for (int i = 0; i < principals.length; i++)
+ {
+ pal = principals[i];
+ sb.append("'").append(pal.getName())
+ .append("' of type ").append(pal.getClass().getName());
+ if (i < principals.length-1)
+ sb.append(", ");
+ }
+ sb.append("]");
+ }
+ else
+ sb.append("none");
+
+ sb.append(linesep);
+ if (!staticBinding) // include all but dont force loading Policy.currentPolicy
+ if (Policy.isLoaded())
+ sb.append(Policy.getCurrentPolicy().getPermissions(this));
+ else // fallback on this one's permissions
+ sb.append(perms);
+ else
+ sb.append(perms);
+
+ return sb.append(linesep).append(")").append(linesep).toString();
}
}
git://gcc.gnu.org / gcc.git / blobdiff