|
GigaSpaces XAP 8.0 API | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object java.security.Policy com.sun.jini.start.AggregatePolicyProvider
public class AggregatePolicyProvider
Security policy provider which supports associating security sub-policies
with context class loaders. Permission queries and grants (if supported),
as well as implies
and refresh
operations are
delegated to the currently active sub-policy.
The currently active sub-policy is determined as follows: if the current
thread does not override the getContextClassLoader
method, then that method is called to obtain the
context class loader. If the context class loader is associated with a
sub-policy (via a previous call to setPolicy
), then that
sub-policy is the currently active sub-policy. If no such association
exists, then the same check is performed on each non-null
parent of the context class loader, proceeding up the chain of class loader
delegation, until a sub-policy association is found, in which case the
associated sub-policy is the currently active sub-policy. If no sub-policy
association is found for the context class loader or any of its parents,
then a fallback sub-policy, the main policy, is the currently active
sub-policy. Also, if the current thread overrides the
getContextClassLoader
method, then
getContextClassLoader
is not called and the main policy is the
currently active sub-policy.
Nested Class Summary |
---|
Nested classes/interfaces inherited from class java.security.Policy |
---|
Policy.Parameters |
Field Summary |
---|
Fields inherited from class java.security.Policy |
---|
UNSUPPORTED_EMPTY_COLLECTION |
Constructor Summary | |
---|---|
AggregatePolicyProvider()
Creates a new AggregatePolicyProvider instance, containing
a main policy created as follows: if the
com.sun.jini.start.AggregatePolicyProvider.mainPolicyClass
security property is set, then its value is interpreted as the class
name of the main policy provider; otherwise, a default class name of
"net.jini.security.policy.DynamicPolicyProvider"
is used. |
|
AggregatePolicyProvider(Policy mainPolicy)
Creates a new AggregatePolicyProvider instance with the
given main policy, which must be non-null . |
Method Summary | |
---|---|
SecurityContext |
getContext()
Returns a snapshot of the current security context, which can be used to restore the context at a later time. |
Permission[] |
getGrants(Class cl,
Principal[] principals)
If the currently active sub-policy supports dynamic permission grants, delegates to the corresponding getGrants method of the
currently active sub-policy to return a new array containing the set of
permissions dynamically granted to protection domains which are
associated with the class loader of the given class and possess at least
the given set of principals. |
PermissionCollection |
getPermissions(CodeSource source)
Delegates to the corresponding getPermissions method of the
currently active sub-policy to return the set of permissions allowed for
code from the specified code source, as a newly-created mutable
PermissionCollection which supports heterogeneous
permission types. |
PermissionCollection |
getPermissions(ProtectionDomain domain)
If the given protection domain is the protection domain of this class, then a newly-created PermissionCollection containing AllPermission is returned. |
void |
grant(Class cl,
Principal[] principals,
Permission[] permissions)
If the currently active sub-policy supports dynamic permission grants, delegates to the corresponding grant method of the
currently active sub-policy to grant the specified permissions to all
protection domains (including ones not yet created) which are associated
with the class loader of the given class and possess at least the given
set of principals. |
boolean |
grantSupported()
Returns true if the currently active sub-policy supports
dynamic grants; this is determined by delegating to the
grantSupported method of the currently active sub-policy if
it implements the DynamicPolicy interface. |
boolean |
implies(ProtectionDomain domain,
Permission permission)
If the given protection domain is the protection domain of this class, then true is returned. |
void |
refresh()
Refreshes the currently active sub-policy by delegating to its refresh method. |
void |
setPolicy(ClassLoader loader,
Policy subPolicy)
Changes sub-policy association with given class loader. |
Methods inherited from class java.security.Policy |
---|
getInstance, getInstance, getInstance, getParameters, getPolicy, getProvider, getType, setPolicy |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public AggregatePolicyProvider() throws PolicyInitializationException
AggregatePolicyProvider
instance, containing
a main policy created as follows: if the
com.sun.jini.start.AggregatePolicyProvider.mainPolicyClass
security property is set, then its value is interpreted as the class
name of the main policy provider; otherwise, a default class name of
"net.jini.security.policy.DynamicPolicyProvider"
is used. The main policy is then instantiated using the no-arg public
constructor of the named class. If the main policy class is not found,
is not instantiable via a public no-arg constructor, or if invocation of
its constructor fails, then a PolicyInitializationException
is thrown.
Note that this constructor requires the appropriate
"getProperty"
SecurityPermission
to read the
com.sun.jini.start.AggregatePolicyProvider.mainPolicyClass
security property, and may require "accessClassInPackage.*"
RuntimePermission
s, depending on the package of the main policy
class.
PolicyInitializationException
- if unable to construct the main
policy
SecurityException
- if there is a security manager and the
calling context does not have SecurityPermission
for reading the
com.sun.jini.start.AggregatePolicyProvider.mainPolicy
security property, or if the calling context does not have
adequate permissions to access the main policy classpublic AggregatePolicyProvider(Policy mainPolicy)
AggregatePolicyProvider
instance with the
given main policy, which must be non-null
.
mainPolicy
- main policy
NullPointerException
- if main policy is null
Method Detail |
---|
public PermissionCollection getPermissions(CodeSource source)
getPermissions
method of the
currently active sub-policy to return the set of permissions allowed for
code from the specified code source, as a newly-created mutable
PermissionCollection
which supports heterogeneous
permission types.
getPermissions
in class Policy
source
- code source for which to look up permissions
public PermissionCollection getPermissions(ProtectionDomain domain)
PermissionCollection
containing AllPermission
is returned. Otherwise, delegates to the corresponding
getPermissions
method of the currently active sub-policy to
return the set of permissions allowed for code in the specified
protection domain, as a newly-created mutable
PermissionCollection
which supports heterogeneous
permission types.
getPermissions
in class Policy
domain
- protection domain for which to look up permissions
public boolean implies(ProtectionDomain domain, Permission permission)
true
is returned. Otherwise, delegates to the
implies
method of the currently active sub-policy to
determine if the given permission is implied by the permissions for the
specified protection domain.
implies
in class Policy
domain
- protection domain in which to check implicationpermission
- permission to test implication of
true
if permission is implied by permissions of
given protection domain, false
otherwisepublic void refresh()
refresh
method.
refresh
in class Policy
public void setPolicy(ClassLoader loader, Policy subPolicy)
subPolicy
is non-null
, then it is used as a
new sub-policy to associate with the given class loader, overriding any
previous sub-policy associated with the loader. If
subPolicy
is null
, then any previous
association between a sub-policy and the given class loader is removed.
If loader is null
, then subPolicy
is used as
the new main policy, and must be non-null
. If there is a
security manager, its checkPermission
method is called with
the "setPolicy"
SecurityPermission
.
loader
- class loader with which to associate sub-policy, or
null
if setting main policysubPolicy
- sub-policy to associate with given class loader, or
null
if removing sub-policy association
NullPointerException
- if both loader
and
subPolicy
are null
SecurityException
- if there is a security manager and the
calling context does not have the "setPolicy"
SecurityPermission
public boolean grantSupported()
true
if the currently active sub-policy supports
dynamic grants; this is determined by delegating to the
grantSupported
method of the currently active sub-policy if
it implements the DynamicPolicy
interface. If the currently
active sub-policy does not implement DynamicPolicy
, then
false
is returned.
grantSupported
in interface DynamicPolicy
true
if the currently active sub-policy supports
dynamic grants, or false
otherwisepublic void grant(Class cl, Principal[] principals, Permission[] permissions)
grant
method of the
currently active sub-policy to grant the specified permissions to all
protection domains (including ones not yet created) which are associated
with the class loader of the given class and possess at least the given
set of principals.
grant
in interface DynamicPolicy
cl
- class to grant permissions to the class loader of, or
null
if granting across all class loadersprincipals
- if non-null
, minimum set of principals
to which grants applypermissions
- if non-null
, permissions to grant
UnsupportedOperationException
- if policy does not support
dynamic grants, or if cl
is non-null
and belongs to a protection domain with a null
class loader other than the system domain
SecurityException
- if a security manager is installed and the
calling context does not have sufficient permissions to grant
the given permissions
NullPointerException
- if any element of the principals or
permissions arrays is null
public Permission[] getGrants(Class cl, Principal[] principals)
getGrants
method of the
currently active sub-policy to return a new array containing the set of
permissions dynamically granted to protection domains which are
associated with the class loader of the given class and possess at least
the given set of principals.
getGrants
in interface DynamicPolicy
cl
- class to query the permissions dynamically granted to the
class loader of, or null
if querying permissions
granted across all class loadersprincipals
- if non-null
, principals to query
dynamic grants for
UnsupportedOperationException
- if policy does not support
dynamic grants, or if cl
is non-null
and belongs to a protection domain with a null
class loader other than the system domain
NullPointerException
- if any element of the principals array is
null
public SecurityContext getContext()
The security context returned by this method contains the security
context of the currently active sub-policy (or an equivalent of the
default security context described in the documentation for Security.getContext
, if the currently active sub-policy does not
implement SecurityContextSource
), as well as the current context
class loader. The privileged action wrappers it creates restore the
saved context class loader before delegating to the action wrappers of
the underlying sub-policy security context. The
getAccessControlContext
method of the returned security
context delegates to the corresponding method of the sub-policy security
context.
getContext
in interface SecurityContextSource
|
GigaSpaces XAP 8.0 API | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |