| Methods Summary |
|---|
| private void | addStaticPerms(java.security.PermissionCollection perms, java.security.PermissionCollection statics)add static permissions to provided permission collection
if (statics != null) {
synchronized (statics) {
Enumeration e = statics.elements();
while (e.hasMoreElements()) {
perms.add((Permission)e.nextElement());
}
}
}
|
| private static void | checkPermission(java.lang.String type)
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SecurityPermission("createPolicy." + type));
}
|
| public static java.security.Policy | getInstance(java.lang.String type, java.security.Policy$Parameters params)Returns a Policy object of the specified type.
This method traverses the list of registered security providers,
starting with the most preferred Provider.
A new Policy object encapsulating the
PolicySpi implementation from the first
Provider that supports the specified type is returned.
Note that the list of registered providers may be retrieved via
the {@link Security#getProviders() Security.getProviders()} method.
checkPermission(type);
try {
GetInstance.Instance instance = GetInstance.getInstance("Policy",
PolicySpi.class,
type,
params);
return new PolicyDelegate((PolicySpi)instance.impl,
instance.provider,
type,
params);
} catch (NoSuchAlgorithmException nsae) {
return handleException(nsae);
}
|
| public static java.security.Policy | getInstance(java.lang.String type, java.security.Policy$Parameters params, java.lang.String provider)Returns a Policy object of the specified type.
A new Policy object encapsulating the
PolicySpi implementation from the specified provider
is returned. The specified provider must be registered
in the provider list.
Note that the list of registered providers may be retrieved via
the {@link Security#getProviders() Security.getProviders()} method.
if (provider == null || provider.length() == 0) {
throw new IllegalArgumentException("missing provider");
}
checkPermission(type);
try {
GetInstance.Instance instance = GetInstance.getInstance("Policy",
PolicySpi.class,
type,
params,
provider);
return new PolicyDelegate((PolicySpi)instance.impl,
instance.provider,
type,
params);
} catch (NoSuchAlgorithmException nsae) {
return handleException (nsae);
}
|
| public static java.security.Policy | getInstance(java.lang.String type, java.security.Policy$Parameters params, java.security.Provider provider)Returns a Policy object of the specified type.
A new Policy object encapsulating the
PolicySpi implementation from the specified Provider
object is returned. Note that the specified Provider object
does not have to be registered in the provider list.
if (provider == null) {
throw new IllegalArgumentException("missing provider");
}
checkPermission(type);
try {
GetInstance.Instance instance = GetInstance.getInstance("Policy",
PolicySpi.class,
type,
params,
provider);
return new PolicyDelegate((PolicySpi)instance.impl,
instance.provider,
type,
params);
} catch (NoSuchAlgorithmException nsae) {
return handleException (nsae);
}
|
| public java.security.Policy$Parameters | getParameters()Return Policy parameters.
This Policy instance will only have parameters if it
was obtained via a call to Policy.getInstance.
Otherwise this method returns null.
return null;
|
| public java.security.PermissionCollection | getPermissions(java.security.CodeSource codesource)Return a PermissionCollection object containing the set of
permissions granted to the specified CodeSource.
Applications are discouraged from calling this method
since this operation may not be supported by all policy implementations.
Applications should solely rely on the implies method
to perform policy checks. If an application absolutely must call
a getPermissions method, it should call
getPermissions(ProtectionDomain).
The default implementation of this method returns
Policy.UNSUPPORTED_EMPTY_COLLECTION. This method can be
overridden if the policy implementation can return a set of
permissions granted to a CodeSource.
return Policy.UNSUPPORTED_EMPTY_COLLECTION;
|
| public java.security.PermissionCollection | getPermissions(java.security.ProtectionDomain domain)Return a PermissionCollection object containing the set of
permissions granted to the specified ProtectionDomain.
Applications are discouraged from calling this method
since this operation may not be supported by all policy implementations.
Applications should rely on the implies method
to perform policy checks.
The default implementation of this method first retrieves
the permissions returned via getPermissions(CodeSource)
(the CodeSource is taken from the specified ProtectionDomain),
as well as the permissions located inside the specified ProtectionDomain.
All of these permissions are then combined and returned in a new
PermissionCollection object. If getPermissions(CodeSource)
returns Policy.UNSUPPORTED_EMPTY_COLLECTION, then this method
returns the permissions contained inside the specified ProtectionDomain
in a new PermissionCollection object.
This method can be overridden if the policy implementation
supports returning a set of permissions granted to a ProtectionDomain.
PermissionCollection pc = null;
if (domain == null)
return new Permissions();
if (pdMapping == null) {
initPolicy(this);
}
synchronized (pdMapping) {
pc = (PermissionCollection)pdMapping.get(domain);
}
if (pc != null) {
Permissions perms = new Permissions();
synchronized (pc) {
for (Enumeration e = pc.elements() ; e.hasMoreElements() ;) {
perms.add((Permission)e.nextElement());
}
}
return perms;
}
pc = getPermissions(domain.getCodeSource());
if (pc == null || pc == UNSUPPORTED_EMPTY_COLLECTION) {
pc = new Permissions();
}
addStaticPerms(pc, domain.getPermissions());
return pc;
|
| public static java.security.Policy | getPolicy()Returns the installed Policy object. This value should not be cached,
as it may be changed by a call to setPolicy.
This method first calls
SecurityManager.checkPermission with a
SecurityPermission("getPolicy") permission
to ensure it's ok to get the Policy object..
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkPermission(SecurityConstants.GET_POLICY_PERMISSION);
return getPolicyNoCheck();
|
| static synchronized java.security.Policy | getPolicyNoCheck()Returns the installed Policy object, skipping the security check.
Used by SecureClassLoader and getPolicy.
if (policy == null) {
String policy_class = null;
policy_class = (String)AccessController.doPrivileged(
new PrivilegedAction() {
public Object run() {
return Security.getProperty("policy.provider");
}
});
if (policy_class == null) {
policy_class = "sun.security.provider.PolicyFile";
}
/**
* Install a bootstrap (sandbox) policy to avoid recursion
* while the configured policy implementation initializes itself.
* After the configured implementation loads, install it over
* the bootstrap policy.
*/
policy = new sun.security.provider.PolicyFile(true);
try {
policy = (Policy)
Class.forName(policy_class).newInstance();
} catch (Exception e) {
// policy_class seems to be an extension
final String pc = policy_class;
Policy p = (Policy)
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
try {
ClassLoader cl =
ClassLoader.getSystemClassLoader();
// we want the extension loader
ClassLoader extcl = null;
while (cl != null) {
extcl = cl;
cl = cl.getParent();
}
return (extcl != null? Class.forName
(pc, true, extcl).newInstance():
null);
} catch (Exception e) {
if (debug != null) {
debug.println("policy provider " +
pc +
" not available");
e.printStackTrace();
}
return null;
}
}
});
/*
* if it loaded install it as the policy provider. Otherwise
* continue to use the bootstrap implementation
*/
if (p != null) {
policy = p;
} else {
if (debug != null) {
debug.println("using sun.security.provider.PolicyFile");
}
}
}
}
return policy;
|
| public java.security.Provider | getProvider()Return the Provider of this Policy.
This Policy instance will only have a Provider if it
was obtained via a call to Policy.getInstance.
Otherwise this method returns null.
return null;
|
| public java.lang.String | getType()Return the type of this Policy.
This Policy instance will only have a type if it
was obtained via a call to Policy.getInstance.
Otherwise this method returns null.
return null;
|
| private static java.security.Policy | handleException(java.security.NoSuchAlgorithmException nsae)
Throwable cause = nsae.getCause();
if (cause instanceof IllegalArgumentException) {
throw (IllegalArgumentException)cause;
}
throw nsae;
|
| public boolean | implies(java.security.ProtectionDomain domain, java.security.Permission permission)Evaluates the global policy for the permissions granted to
the ProtectionDomain and tests whether the permission is
granted.
PermissionCollection pc;
if (pdMapping == null) {
initPolicy(this);
}
synchronized (pdMapping) {
pc = (PermissionCollection)pdMapping.get(domain);
}
if (pc != null) {
return pc.implies(permission);
}
pc = getPermissions(domain);
if (pc == null) {
return false;
}
synchronized (pdMapping) {
// cache it
pdMapping.put(domain, pc);
}
return pc.implies(permission);
|
| private static void | initPolicy(java.security.Policy p)Initialize superclass state such that a legacy provider can
handle queries for itself.
/*
* A policy provider not on the bootclasspath could trigger
* security checks fulfilling a call to either Policy.implies
* or Policy.getPermissions. If this does occur the provider
* must be able to answer for it's own ProtectionDomain
* without triggering additional security checks, otherwise
* the policy implementation will end up in an infinite
* recursion.
*
* To mitigate this, the provider can collect it's own
* ProtectionDomain and associate a PermissionCollection while
* it is being installed. The currently installed policy
* provider (if there is one) will handle calls to
* Policy.implies or Policy.getPermissions during this
* process.
*
* This Policy superclass caches away the ProtectionDomain and
* statically binds permissions so that legacy Policy
* implementations will continue to function.
*/
ProtectionDomain policyDomain = (ProtectionDomain)
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
return p.getClass().getProtectionDomain();
}
});
/*
* Collect the permissions granted to this protection domain
* so that the provider can be security checked while processing
* calls to Policy.implies or Policy.getPermissions.
*/
PermissionCollection policyPerms = null;
synchronized (p) {
if (p.pdMapping == null) {
p.pdMapping = new WeakHashMap();
}
}
if (policyDomain.getCodeSource() != null) {
if (Policy.isSet()) {
policyPerms = policy.getPermissions(policyDomain);
}
if (policyPerms == null) { // assume it has all
policyPerms = new Permissions();
policyPerms.add(SecurityConstants.ALL_PERMISSION);
}
synchronized (p.pdMapping) {
// cache of pd to permissions
p.pdMapping.put(policyDomain, policyPerms);
}
}
return;
|
| static boolean | isSet()package private for AccessControlContext
return policy != null;
|
| public void | refresh()Refreshes/reloads the policy configuration. The behavior of this method
depends on the implementation. For example, calling refresh
on a file-based policy will cause the file to be re-read.
The default implementation of this method does nothing.
This method should be overridden if a refresh operation is supported
by the policy implementation.
|
| public static void | setPolicy(java.security.Policy p)Sets the system-wide Policy object. This method first calls
SecurityManager.checkPermission with a
SecurityPermission("setPolicy")
permission to ensure it's ok to set the Policy.
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(
new SecurityPermission("setPolicy"));
if (p != null) {
initPolicy(p);
}
synchronized (Policy.class) {
Policy.policy = p;
}
|
