ProtectionDomainpublic class ProtectionDomain extends Object {@code ProtectionDomain} represents all permissions that are granted to a
specific code source. The {@link ClassLoader} associates each class with the
corresponding {@code ProtectionDomain}, depending on the location and the
certificates (encapsulates in {@link CodeSource}) it loads the code from.
A class belongs to exactly one protection domain and the protection domain
can not be changed during the lifetime of the class.
|
Fields Summary |
---|
private CodeSource | codeSource | private PermissionCollection | permissions | private ClassLoader | classLoader | private Principal[] | principals | private boolean | dynamicPerms |
Constructors Summary |
---|
public ProtectionDomain(CodeSource cs, PermissionCollection permissions)Constructs a new instance of {@code ProtectionDomain} with the specified
code source and the specified static permissions.
If {@code permissions} is not {@code null}, the {@code permissions}
collection is made immutable by calling
{@link PermissionCollection#setReadOnly()} and it is considered as
granted statically to this {@code ProtectionDomain}.
The policy will not be consulted by access checks against this {@code
ProtectionDomain}.
If {@code permissions} is {@code null}, the method
{@link ProtectionDomain#implies(Permission)} always returns {@code false}
.
this.codeSource = cs;
if (permissions != null) {
permissions.setReadOnly();
}
this.permissions = permissions;
//this.classLoader = null;
//this.principals = null;
//dynamicPerms = false;
| public ProtectionDomain(CodeSource cs, PermissionCollection permissions, ClassLoader cl, Principal[] principals)Constructs a new instance of {@code ProtectionDomain} with the specified
code source, the permissions, the class loader and the principals.
If {@code permissions} is {@code null}, and access checks are performed
against this protection domain, the permissions defined by the policy are
consulted. If {@code permissions} is not {@code null}, the {@code
permissions} collection is made immutable by calling
{@link PermissionCollection#setReadOnly()}. If access checks are
performed, the policy and the provided permission collection are checked.
External modifications of the provided {@code principals} array has no
impact on this {@code ProtectionDomain}.
this.codeSource = cs;
if (permissions != null) {
permissions.setReadOnly();
}
this.permissions = permissions;
this.classLoader = cl;
if (principals != null) {
this.principals = new Principal[principals.length];
System.arraycopy(principals, 0, this.principals, 0,
this.principals.length);
}
dynamicPerms = true;
|
Methods Summary |
---|
public final java.lang.ClassLoader | getClassLoader()Returns the {@code ClassLoader} associated with this {@code
ProtectionDomain}.
return classLoader;
| public final java.security.CodeSource | getCodeSource()Returns the {@code CodeSource} of this {@code ProtectionDomain}.
return codeSource;
| public final java.security.PermissionCollection | getPermissions()Returns the static permissions that are granted to this {@code
ProtectionDomain}.
return permissions;
| public final java.security.Principal[] | getPrincipals()Returns the principals associated with this {@code ProtectionDomain}.
Modifications of the returned {@code Principal} array has no impact on
this {@code ProtectionDomain}.
if( principals == null ) {
return new Principal[0];
}
Principal[] tmp = new Principal[principals.length];
System.arraycopy(principals, 0, tmp, 0, tmp.length);
return tmp;
| public boolean | implies(java.security.Permission permission)Indicates whether the specified permission is implied by this {@code
ProtectionDomain}.
If this {@code ProtectionDomain} was constructed with
{@link #ProtectionDomain(CodeSource, PermissionCollection)}, the
specified permission is only checked against the permission collection
provided in the constructor. If {@code null} was provided, {@code false}
is returned.
If this {@code ProtectionDomain} was constructed with
{@link #ProtectionDomain(CodeSource, PermissionCollection, ClassLoader, Principal[])}
, the specified permission is checked against the policy and the
permission collection provided in the constructor.
// First, test with the Policy, as the default Policy.implies()
// checks for both dynamic and static collections of the
// ProtectionDomain passed...
if (dynamicPerms
&& Policy.getAccessiblePolicy().implies(this, permission)) {
return true;
}
// ... and we get here if
// either the permissions are static
// or Policy.implies() did not check for static permissions
// or the permission is not implied
return permissions == null ? false : permissions.implies(permission);
| public java.lang.String | toString()Returns a string containing a concise, human-readable description of the
this {@code ProtectionDomain}.
//FIXME: 1.5 use StreamBuilder here
StringBuffer buf = new StringBuffer(200);
buf.append("ProtectionDomain\n"); //$NON-NLS-1$
buf.append("CodeSource=").append( //$NON-NLS-1$
codeSource == null ? "<null>" : codeSource.toString()).append( //$NON-NLS-1$
"\n"); //$NON-NLS-1$
buf.append("ClassLoader=").append( //$NON-NLS-1$
classLoader == null ? "<null>" : classLoader.toString()) //$NON-NLS-1$
.append("\n"); //$NON-NLS-1$
if (principals == null || principals.length == 0) {
buf.append("<no principals>\n"); //$NON-NLS-1$
} else {
buf.append("Principals: <\n"); //$NON-NLS-1$
for (int i = 0; i < principals.length; i++) {
buf.append("\t").append( //$NON-NLS-1$
principals[i] == null ? "<null>" : principals[i] //$NON-NLS-1$
.toString()).append("\n"); //$NON-NLS-1$
}
buf.append(">"); //$NON-NLS-1$
}
//permissions here
buf.append("Permissions:\n"); //$NON-NLS-1$
if (permissions == null) {
buf.append("\t\t<no static permissions>\n"); //$NON-NLS-1$
} else {
buf.append("\t\tstatic: ").append(permissions.toString()).append( //$NON-NLS-1$
"\n"); //$NON-NLS-1$
}
if (dynamicPerms) {
if (Policy.isSet()) {
PermissionCollection perms;
perms = Policy.getAccessiblePolicy().getPermissions(this);
if (perms == null) {
buf.append("\t\t<no dynamic permissions>\n"); //$NON-NLS-1$
} else {
buf.append("\t\tdynamic: ").append(perms.toString()) //$NON-NLS-1$
.append("\n"); //$NON-NLS-1$
}
} else {
buf.append("\t\t<no dynamic permissions>\n"); //$NON-NLS-1$
}
}
return buf.toString();
|
|