GigaSpaces XAP 8.0 API

com.sun.jini.start
Class LoaderSplitPolicyProvider

java.lang.Object
  extended by java.security.Policy
      extended by com.sun.jini.start.LoaderSplitPolicyProvider
All Implemented Interfaces:
DynamicPolicy

public class LoaderSplitPolicyProvider
extends Policy
implements DynamicPolicy

Security policy provider which handles permission queries and grants by delegating to different policy providers depending on the class loader involved. Each LoaderSplitPolicyProvider instance wraps two underlying policy providers:

Since:
2.0
Author:
Sun Microsystems, Inc.

Nested Class Summary
 
Nested classes/interfaces inherited from class java.security.Policy
Policy.Parameters
 
Field Summary
 
Fields inherited from class java.security.Policy
UNSUPPORTED_EMPTY_COLLECTION
 
Constructor Summary
LoaderSplitPolicyProvider(ClassLoader loader, Policy loaderPolicy, Policy defaultPolicy)
          Creates a new LoaderSplitPolicyProvider instance which delegates to loaderPolicy any permission query/grant operations involving protection domains or classes with the given class loader, any child class loader of the given class loader, or the null class loader; all other operations are delegated to defaultPolicy (with the exception of refresh, which applies to both policies).
 
Method Summary
 Permission[] getGrants(Class cl, Principal[] principals)
          If both underlying policy providers support dynamic grants, delegates to the getGrants method of the underlying policy associated with the loader of the given class (the loader-specific policy if the class loader is null, the same as or a child of the loader specified in the constructor for this instance, or the default loader otherwise).
 PermissionCollection getPermissions(CodeSource source)
          Delegates to the corresponding getPermissions method of the underlying default policy.
 PermissionCollection getPermissions(ProtectionDomain domain)
          If the given protection domain is the protection domain of this class, then a newly-created PermissionCollection containing AllPermission is returned.
 void grant(Class cl, Principal[] principals, Permission[] permissions)
          If both underlying policy providers support dynamic grants, delegates to the grant method of the underlying policy associated with the loader of the given class (the loader-specific policy if the class loader is null, the same as or a child of the loader specified in the constructor for this instance, or the default loader otherwise).
 boolean grantSupported()
          Returns true if both of the underlying policy providers implement DynamicPolicy and return true from calls to grantSupported; returns false otherwise.
 boolean implies(ProtectionDomain domain, Permission permission)
          If the given protection domain is the protection domain of this class, then true is returned.
 void refresh()
          Invokes refresh on both the loader-specific and default underlying policy providers.
 
Methods inherited from class java.security.Policy
getInstance, getInstance, getInstance, getParameters, getPolicy, getProvider, getType, setPolicy
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

LoaderSplitPolicyProvider

public LoaderSplitPolicyProvider(ClassLoader loader,
                                 Policy loaderPolicy,
                                 Policy defaultPolicy)
Creates a new LoaderSplitPolicyProvider instance which delegates to loaderPolicy any permission query/grant operations involving protection domains or classes with the given class loader, any child class loader of the given class loader, or the null class loader; all other operations are delegated to defaultPolicy (with the exception of refresh, which applies to both policies).

Parameters:
loader - class loader for which associated permission query/grant operations should be forwarded to loaderPolicy
loaderPolicy - class loader-specific security policy provider
defaultPolicy - default security policy provider
Throws:
NullPointerException - if loader, loaderPolicy or defaultPolicy is null
Method Detail

getPermissions

public PermissionCollection getPermissions(CodeSource source)
Delegates to the corresponding getPermissions method of the underlying default policy.

Overrides:
getPermissions in class Policy
Parameters:
source - code source for which to look up permissions
Returns:
set of permissions allowed for the given code source

getPermissions

public PermissionCollection getPermissions(ProtectionDomain domain)
If the given protection domain is the protection domain of this class, then a newly-created PermissionCollection containing AllPermission is returned. If not, delegates to the corresponding getPermissions method of the underlying policy associated with the loader of the given class (the loader-specific policy if the class loader is null, the same as or a child of the loader specified in the constructor for this instance, or the default loader otherwise).

Overrides:
getPermissions in class Policy
Parameters:
domain - protection domain for which to look up permissions
Returns:
set of permissions allowed for given protection domain

implies

public boolean implies(ProtectionDomain domain,
                       Permission permission)
If the given protection domain is the protection domain of this class, then true is returned. If not, delegates to the implies method of the underlying policy associated with the loader of the given class (the loader-specific policy if the class loader is null, the same as or a child of the loader specified in the constructor for this instance, or the default loader otherwise).

Overrides:
implies in class Policy
Parameters:
domain - protection domain in which to check implication
permission - permission to test implication of
Returns:
true if permission is implied by permissions of given protection domain, false otherwise

refresh

public void refresh()
Invokes refresh on both the loader-specific and default underlying policy providers.

Overrides:
refresh in class Policy

grantSupported

public boolean grantSupported()
Returns true if both of the underlying policy providers implement DynamicPolicy and return true from calls to grantSupported; returns false otherwise.

Specified by:
grantSupported in interface DynamicPolicy
Returns:
true if policy supports dynamic permission grants under current context, false otherwise

grant

public void grant(Class cl,
                  Principal[] principals,
                  Permission[] permissions)
If both underlying policy providers support dynamic grants, delegates to the grant method of the underlying policy associated with the loader of the given class (the loader-specific policy if the class loader is null, the same as or a child of the loader specified in the constructor for this instance, or the default loader otherwise). If at least one of the underlying policy providers does not support dynamic grants, throws an UnsupportedOperationException.

Specified by:
grant in interface DynamicPolicy
Parameters:
cl - class to grant permissions to the class loader of, or null if granting across all class loaders
principals - if non-null, minimum set of principals to which grants apply
permissions - if non-null, permissions to grant
Throws:
UnsupportedOperationException - if policy does not support dynamic grants, or if cl is non-null and belongs to a protection domain with a null class loader other than the system domain
SecurityException - if a security manager is installed and the calling context does not have sufficient permissions to grant the given permissions
NullPointerException - if any element of the principals or permissions arrays is null

getGrants

public Permission[] getGrants(Class cl,
                              Principal[] principals)
If both underlying policy providers support dynamic grants, delegates to the getGrants method of the underlying policy associated with the loader of the given class (the loader-specific policy if the class loader is null, the same as or a child of the loader specified in the constructor for this instance, or the default loader otherwise). If at least one of the underlying policy providers does not support dynamic grants, throws an UnsupportedOperationException.

Specified by:
getGrants in interface DynamicPolicy
Parameters:
cl - class to query the permissions dynamically granted to the class loader of, or null if querying permissions granted across all class loaders
principals - if non-null, principals to query dynamic grants for
Returns:
new array containing the permissions dynamically granted to the indicated class loader (if any) and principals
Throws:
UnsupportedOperationException - if policy does not support dynamic grants, or if cl is non-null and belongs to a protection domain with a null class loader other than the system domain
NullPointerException - if any element of the principals array is null

GigaSpaces XAP 8.0 API

Copyright © GigaSpaces.