Permissionspublic final class Permissions extends PermissionCollection implements SerializableThis class represents a heterogeneous collection of Permissions. That is,
it contains different types of Permission objects, organized into
PermissionCollections. For example, if any
java.io.FilePermission objects are added to an instance of
this class, they are all stored in a single
PermissionCollection. It is the PermissionCollection returned by a call to
the newPermissionCollection method in the FilePermission class.
Similarly, any java.lang.RuntimePermission objects are
stored in the PermissionCollection returned by a call to the
newPermissionCollection method in the
RuntimePermission class. Thus, this class represents a collection of
PermissionCollections.
When the add method is called to add a Permission, the
Permission is stored in the appropriate PermissionCollection. If no such
collection exists yet, the Permission object's class is determined and the
newPermissionCollection method is called on that class to create
the PermissionCollection and add it to the Permissions object. If
newPermissionCollection returns null, then a default
PermissionCollection that uses a hashtable will be created and used. Each
hashtable entry stores a Permission object as both the key and the value.
Enumerations returned via the elements method are
not fail-fast. Modifications to a collection should not be
performed while enumerating over that collection. |
Fields Summary |
---|
private transient Map | permsMapKey is permissions Class, value is PermissionCollection for that class.
Not serialized; see serialization section at end of class. | private transient boolean | hasUnresolved | PermissionCollection | allPermission | private static final long | serialVersionUID | private static final ObjectStreamField[] | serialPersistentFields |
Constructors Summary |
---|
public Permissions()Creates a new Permissions object containing no PermissionCollections.
permsMap = new HashMap(11);
allPermission = null;
|
Methods Summary |
---|
public void | add(java.security.Permission permission)Adds a permission object to the PermissionCollection for the class the
permission belongs to. For example, if permission is a
FilePermission, it is added to the FilePermissionCollection stored
in this Permissions object.
This method creates
a new PermissionCollection object (and adds the permission to it)
if an appropriate collection does not yet exist.
if (isReadOnly())
throw new SecurityException(
"attempt to add a Permission to a readonly Permissions object");
PermissionCollection pc;
synchronized (this) {
pc = getPermissionCollection(permission, true);
pc.add(permission);
}
// No sync; staleness -> optimizations delayed, which is OK
if (permission instanceof AllPermission) {
allPermission = pc;
}
if (permission instanceof UnresolvedPermission) {
hasUnresolved = true;
}
| public java.util.Enumeration | elements()Returns an enumeration of all the Permission objects in all the
PermissionCollections in this Permissions object.
// go through each Permissions in the hash table
// and call their elements() function.
synchronized (this) {
return new PermissionsEnumerator(permsMap.values().iterator());
}
| private java.security.PermissionCollection | getPermissionCollection(java.security.Permission p, boolean createEmpty)Gets the PermissionCollection in this Permissions object for
permissions whose type is the same as that of p.
For example, if p is a FilePermission,
the FilePermissionCollection
stored in this Permissions object will be returned.
If createEmpty is true,
this method creates a new PermissionCollection object for the specified
type of permission objects if one does not yet exist.
To do so, it first calls the newPermissionCollection method
on p. Subclasses of class Permission
override that method if they need to store their permissions in a
particular PermissionCollection object in order to provide the
correct semantics when the PermissionCollection.implies
method is called.
If the call returns a PermissionCollection, that collection is stored
in this Permissions object. If the call returns null and createEmpty
is true, then
this method instantiates and stores a default PermissionCollection
that uses a hashtable to store its permission objects.
createEmpty is ignored when creating empty PermissionCollection
for unresolved permissions because of the overhead of determining the
PermissionCollection to use.
createEmpty should be set to false when this method is invoked from
implies() because it incurs the additional overhead of creating and
adding an empty PermissionCollection that will just return false.
It should be set to true when invoked from add().
Class c = p.getClass();
PermissionCollection pc = (PermissionCollection) permsMap.get(c);
if (!hasUnresolved && !createEmpty) {
return pc;
} else if (pc == null) {
// Check for unresolved permissions
pc = (hasUnresolved ? getUnresolvedPermissions(p) : null);
// if still null, create a new collection
if (pc == null && createEmpty) {
pc = p.newPermissionCollection();
// still no PermissionCollection?
// We'll give them a PermissionsHash.
if (pc == null)
pc = new PermissionsHash();
}
if (pc != null) {
permsMap.put(c, pc);
}
}
return pc;
| private java.security.PermissionCollection | getUnresolvedPermissions(java.security.Permission p)Resolves any unresolved permissions of type p.
// Called from within synchronized method so permsMap doesn't need lock
UnresolvedPermissionCollection uc =
(UnresolvedPermissionCollection) permsMap.get(UnresolvedPermission.class);
// we have no unresolved permissions if uc is null
if (uc == null)
return null;
List unresolvedPerms = uc.getUnresolvedPermissions(p);
// we have no unresolved permissions of this type if unresolvedPerms is null
if (unresolvedPerms == null)
return null;
java.security.cert.Certificate certs[] = null;
Object signers[] = p.getClass().getSigners();
int n = 0;
if (signers != null) {
for (int j=0; j < signers.length; j++) {
if (signers[j] instanceof java.security.cert.Certificate) {
n++;
}
}
certs = new java.security.cert.Certificate[n];
n = 0;
for (int j=0; j < signers.length; j++) {
if (signers[j] instanceof java.security.cert.Certificate) {
certs[n++] = (java.security.cert.Certificate)signers[j];
}
}
}
PermissionCollection pc = null;
synchronized (unresolvedPerms) {
int len = unresolvedPerms.size();
for (int i = 0; i < len; i++) {
UnresolvedPermission up =
(UnresolvedPermission)unresolvedPerms.get(i);
Permission perm = up.resolve(p, certs);
if (perm != null) {
if (pc == null) {
pc = p.newPermissionCollection();
if (pc == null)
pc = new PermissionsHash();
}
pc.add(perm);
}
}
}
return pc;
| public boolean | implies(java.security.Permission permission)Checks to see if this object's PermissionCollection for permissions of
the specified permission's class implies the permissions
expressed in the permission object. Returns true if the
combination of permissions in the appropriate PermissionCollection
(e.g., a FilePermissionCollection for a FilePermission) together
imply the specified permission.
For example, suppose there is a FilePermissionCollection in this
Permissions object, and it contains one FilePermission that specifies
"read" access for all files in all subdirectories of the "/tmp"
directory, and another FilePermission that specifies "write" access
for all files in the "/tmp/scratch/foo" directory.
Then if the implies method
is called with a permission specifying both "read" and "write" access
to files in the "/tmp/scratch/foo" directory, true is
returned.
Additionally, if this PermissionCollection contains the
AllPermission, this method will always return true.
// No sync; staleness -> skip optimization, which is OK
if (allPermission != null) {
return true; // AllPermission has already been added
} else {
synchronized (this) {
PermissionCollection pc = getPermissionCollection(permission,
false);
if (pc != null) {
return pc.implies(permission);
} else {
// none found
return false;
}
}
}
| private void | readObject(java.io.ObjectInputStream in)
// Don't call defaultReadObject()
// Read in serialized fields
ObjectInputStream.GetField gfields = in.readFields();
// Get allPermission
allPermission = (PermissionCollection) gfields.get("allPermission", null);
// Get permissions
Hashtable perms = (Hashtable)gfields.get("perms", null);
permsMap = new HashMap(perms.size()*2);
permsMap.putAll(perms);
// Set hasUnresolved
UnresolvedPermissionCollection uc =
(UnresolvedPermissionCollection) permsMap.get(UnresolvedPermission.class);
hasUnresolved = (uc != null && uc.elements().hasMoreElements());
| private void | writeObject(java.io.ObjectOutputStream out)
/*
* Writes the contents of the permsMap field out as a Hashtable for
* serialization compatibility with earlier releases. allPermission
* unchanged.
*/
// Don't call out.defaultWriteObject()
// Copy perms into a Hashtable
Hashtable perms = new Hashtable(permsMap.size()*2); // no sync; estimate
synchronized (this) {
perms.putAll(permsMap);
}
// Write out serializable fields
ObjectOutputStream.PutField pfields = out.putFields();
pfields.put("allPermission", allPermission); // no sync; staleness OK
pfields.put("perms", perms);
out.writeFields();
|
|