author | igerasim |
Thu, 09 Jul 2015 10:37:07 +0300 | |
changeset 31538 | 0981099a3e54 |
parent 31080 | 00a25f4c4d44 |
child 45434 | 4582657c7260 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
29492
a4bf9a570035
8028266: Tidy warnings cleanup for packages java.security/javax.security
avstepan
parents:
25859
diff
changeset
|
2 |
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package java.security; |
|
27 |
||
28 |
import java.util.Enumeration; |
|
29 |
import java.util.Hashtable; |
|
30 |
import java.util.NoSuchElementException; |
|
31 |
import java.util.Map; |
|
32 |
import java.util.HashMap; |
|
33 |
import java.util.List; |
|
34 |
import java.util.Iterator; |
|
35 |
import java.util.Collections; |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
36 |
import java.util.concurrent.ConcurrentHashMap; |
2 | 37 |
import java.io.Serializable; |
38 |
import java.io.ObjectStreamField; |
|
39 |
import java.io.ObjectOutputStream; |
|
40 |
import java.io.ObjectInputStream; |
|
41 |
import java.io.IOException; |
|
42 |
||
43 |
||
44 |
/** |
|
45 |
* This class represents a heterogeneous collection of Permissions. That is, |
|
46 |
* it contains different types of Permission objects, organized into |
|
47 |
* PermissionCollections. For example, if any |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
48 |
* {@code java.io.FilePermission} objects are added to an instance of |
2 | 49 |
* this class, they are all stored in a single |
50 |
* PermissionCollection. It is the PermissionCollection returned by a call to |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
51 |
* the {@code newPermissionCollection} method in the FilePermission class. |
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
52 |
* Similarly, any {@code java.lang.RuntimePermission} objects are |
2 | 53 |
* stored in the PermissionCollection returned by a call to the |
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
54 |
* {@code newPermissionCollection} method in the |
2 | 55 |
* RuntimePermission class. Thus, this class represents a collection of |
56 |
* PermissionCollections. |
|
57 |
* |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
58 |
* <p>When the {@code add} method is called to add a Permission, the |
2 | 59 |
* Permission is stored in the appropriate PermissionCollection. If no such |
60 |
* collection exists yet, the Permission object's class is determined and the |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
61 |
* {@code newPermissionCollection} method is called on that class to create |
2 | 62 |
* the PermissionCollection and add it to the Permissions object. If |
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
63 |
* {@code newPermissionCollection} returns null, then a default |
2 | 64 |
* PermissionCollection that uses a hashtable will be created and used. Each |
65 |
* hashtable entry stores a Permission object as both the key and the value. |
|
66 |
* |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
67 |
* <p> Enumerations returned via the {@code elements} method are |
2 | 68 |
* not <em>fail-fast</em>. Modifications to a collection should not be |
69 |
* performed while enumerating over that collection. |
|
70 |
* |
|
71 |
* @see Permission |
|
72 |
* @see PermissionCollection |
|
73 |
* @see AllPermission |
|
74 |
* |
|
75 |
* |
|
76 |
* @author Marianne Mueller |
|
77 |
* @author Roland Schemers |
|
78 |
* |
|
79 |
* @serial exclude |
|
80 |
*/ |
|
81 |
||
82 |
public final class Permissions extends PermissionCollection |
|
83 |
implements Serializable |
|
84 |
{ |
|
85 |
/** |
|
86 |
* Key is permissions Class, value is PermissionCollection for that class. |
|
87 |
* Not serialized; see serialization section at end of class. |
|
88 |
*/ |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
89 |
private transient ConcurrentHashMap<Class<?>, PermissionCollection> permsMap; |
2 | 90 |
|
91 |
// optimization. keep track of whether unresolved permissions need to be |
|
92 |
// checked |
|
93 |
private transient boolean hasUnresolved = false; |
|
94 |
||
95 |
// optimization. keep track of the AllPermission collection |
|
96 |
// - package private for ProtectionDomain optimization |
|
97 |
PermissionCollection allPermission; |
|
98 |
||
99 |
/** |
|
100 |
* Creates a new Permissions object containing no PermissionCollections. |
|
101 |
*/ |
|
102 |
public Permissions() { |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
103 |
permsMap = new ConcurrentHashMap<>(11); |
2 | 104 |
allPermission = null; |
105 |
} |
|
106 |
||
107 |
/** |
|
108 |
* Adds a permission object to the PermissionCollection for the class the |
|
109 |
* permission belongs to. For example, if <i>permission</i> is a |
|
110 |
* FilePermission, it is added to the FilePermissionCollection stored |
|
111 |
* in this Permissions object. |
|
112 |
* |
|
113 |
* This method creates |
|
114 |
* a new PermissionCollection object (and adds the permission to it) |
|
29492
a4bf9a570035
8028266: Tidy warnings cleanup for packages java.security/javax.security
avstepan
parents:
25859
diff
changeset
|
115 |
* if an appropriate collection does not yet exist. |
2 | 116 |
* |
117 |
* @param permission the Permission object to add. |
|
118 |
* |
|
119 |
* @exception SecurityException if this Permissions object is |
|
120 |
* marked as readonly. |
|
121 |
* |
|
122 |
* @see PermissionCollection#isReadOnly() |
|
123 |
*/ |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
124 |
@Override |
2 | 125 |
public void add(Permission permission) { |
126 |
if (isReadOnly()) |
|
127 |
throw new SecurityException( |
|
128 |
"attempt to add a Permission to a readonly Permissions object"); |
|
129 |
||
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
130 |
PermissionCollection pc = getPermissionCollection(permission, true); |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
131 |
pc.add(permission); |
2 | 132 |
|
133 |
// No sync; staleness -> optimizations delayed, which is OK |
|
134 |
if (permission instanceof AllPermission) { |
|
135 |
allPermission = pc; |
|
136 |
} |
|
137 |
if (permission instanceof UnresolvedPermission) { |
|
138 |
hasUnresolved = true; |
|
139 |
} |
|
140 |
} |
|
141 |
||
142 |
/** |
|
143 |
* Checks to see if this object's PermissionCollection for permissions of |
|
144 |
* the specified permission's class implies the permissions |
|
145 |
* expressed in the <i>permission</i> object. Returns true if the |
|
146 |
* combination of permissions in the appropriate PermissionCollection |
|
147 |
* (e.g., a FilePermissionCollection for a FilePermission) together |
|
148 |
* imply the specified permission. |
|
149 |
* |
|
150 |
* <p>For example, suppose there is a FilePermissionCollection in this |
|
151 |
* Permissions object, and it contains one FilePermission that specifies |
|
152 |
* "read" access for all files in all subdirectories of the "/tmp" |
|
153 |
* directory, and another FilePermission that specifies "write" access |
|
154 |
* for all files in the "/tmp/scratch/foo" directory. |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
155 |
* Then if the {@code implies} method |
2 | 156 |
* is called with a permission specifying both "read" and "write" access |
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
157 |
* to files in the "/tmp/scratch/foo" directory, {@code true} is |
2 | 158 |
* returned. |
159 |
* |
|
160 |
* <p>Additionally, if this PermissionCollection contains the |
|
161 |
* AllPermission, this method will always return true. |
|
29492
a4bf9a570035
8028266: Tidy warnings cleanup for packages java.security/javax.security
avstepan
parents:
25859
diff
changeset
|
162 |
* |
2 | 163 |
* @param permission the Permission object to check. |
164 |
* |
|
165 |
* @return true if "permission" is implied by the permissions in the |
|
166 |
* PermissionCollection it |
|
167 |
* belongs to, false if not. |
|
168 |
*/ |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
169 |
@Override |
2 | 170 |
public boolean implies(Permission permission) { |
171 |
// No sync; staleness -> skip optimization, which is OK |
|
172 |
if (allPermission != null) { |
|
173 |
return true; // AllPermission has already been added |
|
174 |
} else { |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
175 |
PermissionCollection pc = getPermissionCollection(permission, |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
176 |
false); |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
177 |
if (pc != null) { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
178 |
return pc.implies(permission); |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
179 |
} else { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
180 |
// none found |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
181 |
return false; |
2 | 182 |
} |
183 |
} |
|
184 |
} |
|
185 |
||
186 |
/** |
|
187 |
* Returns an enumeration of all the Permission objects in all the |
|
188 |
* PermissionCollections in this Permissions object. |
|
189 |
* |
|
190 |
* @return an enumeration of all the Permissions. |
|
191 |
*/ |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
192 |
@Override |
2 | 193 |
public Enumeration<Permission> elements() { |
194 |
// go through each Permissions in the hash table |
|
195 |
// and call their elements() function. |
|
196 |
||
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
197 |
return new PermissionsEnumerator(permsMap.values().iterator()); |
2 | 198 |
} |
199 |
||
200 |
/** |
|
201 |
* Gets the PermissionCollection in this Permissions object for |
|
202 |
* permissions whose type is the same as that of <i>p</i>. |
|
203 |
* For example, if <i>p</i> is a FilePermission, |
|
204 |
* the FilePermissionCollection |
|
205 |
* stored in this Permissions object will be returned. |
|
206 |
* |
|
207 |
* If createEmpty is true, |
|
208 |
* this method creates a new PermissionCollection object for the specified |
|
209 |
* type of permission objects if one does not yet exist. |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
210 |
* To do so, it first calls the {@code newPermissionCollection} method |
2 | 211 |
* on <i>p</i>. Subclasses of class Permission |
212 |
* override that method if they need to store their permissions in a |
|
213 |
* particular PermissionCollection object in order to provide the |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
214 |
* correct semantics when the {@code PermissionCollection.implies} |
2 | 215 |
* method is called. |
216 |
* If the call returns a PermissionCollection, that collection is stored |
|
217 |
* in this Permissions object. If the call returns null and createEmpty |
|
218 |
* is true, then |
|
219 |
* this method instantiates and stores a default PermissionCollection |
|
220 |
* that uses a hashtable to store its permission objects. |
|
221 |
* |
|
222 |
* createEmpty is ignored when creating empty PermissionCollection |
|
223 |
* for unresolved permissions because of the overhead of determining the |
|
224 |
* PermissionCollection to use. |
|
225 |
* |
|
226 |
* createEmpty should be set to false when this method is invoked from |
|
227 |
* implies() because it incurs the additional overhead of creating and |
|
228 |
* adding an empty PermissionCollection that will just return false. |
|
229 |
* It should be set to true when invoked from add(). |
|
230 |
*/ |
|
231 |
private PermissionCollection getPermissionCollection(Permission p, |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
232 |
boolean createEmpty) { |
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
233 |
Class<?> c = p.getClass(); |
2 | 234 |
|
235 |
if (!hasUnresolved && !createEmpty) { |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
236 |
return permsMap.get(c); |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
237 |
} |
2 | 238 |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
239 |
// Create and add permission collection to map if it is absent. |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
240 |
// NOTE: cannot use lambda for mappingFunction parameter until |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
241 |
// JDK-8076596 is fixed. |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
242 |
return permsMap.computeIfAbsent(c, |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
243 |
new java.util.function.Function<>() { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
244 |
@Override |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
245 |
public PermissionCollection apply(Class<?> k) { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
246 |
// Check for unresolved permissions |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
247 |
PermissionCollection pc = |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
248 |
(hasUnresolved ? getUnresolvedPermissions(p) : null); |
2 | 249 |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
250 |
// if still null, create a new collection |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
251 |
if (pc == null && createEmpty) { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
252 |
|
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
253 |
pc = p.newPermissionCollection(); |
2 | 254 |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
255 |
// still no PermissionCollection? |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
256 |
// We'll give them a PermissionsHash. |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
257 |
if (pc == null) { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
258 |
pc = new PermissionsHash(); |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
259 |
} |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
260 |
} |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
261 |
return pc; |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
262 |
} |
2 | 263 |
} |
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
264 |
); |
2 | 265 |
} |
266 |
||
267 |
/** |
|
268 |
* Resolves any unresolved permissions of type p. |
|
269 |
* |
|
270 |
* @param p the type of unresolved permission to resolve |
|
271 |
* |
|
272 |
* @return PermissionCollection containing the unresolved permissions, |
|
273 |
* or null if there were no unresolved permissions of type p. |
|
274 |
* |
|
275 |
*/ |
|
276 |
private PermissionCollection getUnresolvedPermissions(Permission p) |
|
277 |
{ |
|
278 |
UnresolvedPermissionCollection uc = |
|
279 |
(UnresolvedPermissionCollection) permsMap.get(UnresolvedPermission.class); |
|
280 |
||
281 |
// we have no unresolved permissions if uc is null |
|
282 |
if (uc == null) |
|
283 |
return null; |
|
284 |
||
285 |
List<UnresolvedPermission> unresolvedPerms = |
|
286 |
uc.getUnresolvedPermissions(p); |
|
287 |
||
288 |
// we have no unresolved permissions of this type if unresolvedPerms is null |
|
289 |
if (unresolvedPerms == null) |
|
290 |
return null; |
|
291 |
||
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
31080
diff
changeset
|
292 |
java.security.cert.Certificate[] certs = null; |
2 | 293 |
|
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
31080
diff
changeset
|
294 |
Object[] signers = p.getClass().getSigners(); |
2 | 295 |
|
296 |
int n = 0; |
|
297 |
if (signers != null) { |
|
298 |
for (int j=0; j < signers.length; j++) { |
|
299 |
if (signers[j] instanceof java.security.cert.Certificate) { |
|
300 |
n++; |
|
301 |
} |
|
302 |
} |
|
303 |
certs = new java.security.cert.Certificate[n]; |
|
304 |
n = 0; |
|
305 |
for (int j=0; j < signers.length; j++) { |
|
306 |
if (signers[j] instanceof java.security.cert.Certificate) { |
|
307 |
certs[n++] = (java.security.cert.Certificate)signers[j]; |
|
308 |
} |
|
309 |
} |
|
310 |
} |
|
311 |
||
312 |
PermissionCollection pc = null; |
|
313 |
synchronized (unresolvedPerms) { |
|
314 |
int len = unresolvedPerms.size(); |
|
315 |
for (int i = 0; i < len; i++) { |
|
316 |
UnresolvedPermission up = unresolvedPerms.get(i); |
|
317 |
Permission perm = up.resolve(p, certs); |
|
318 |
if (perm != null) { |
|
319 |
if (pc == null) { |
|
320 |
pc = p.newPermissionCollection(); |
|
321 |
if (pc == null) |
|
322 |
pc = new PermissionsHash(); |
|
323 |
} |
|
324 |
pc.add(perm); |
|
325 |
} |
|
326 |
} |
|
327 |
} |
|
328 |
return pc; |
|
329 |
} |
|
330 |
||
331 |
private static final long serialVersionUID = 4858622370623524688L; |
|
332 |
||
333 |
// Need to maintain serialization interoperability with earlier releases, |
|
334 |
// which had the serializable field: |
|
335 |
// private Hashtable perms; |
|
336 |
||
337 |
/** |
|
338 |
* @serialField perms java.util.Hashtable |
|
339 |
* A table of the Permission classes and PermissionCollections. |
|
340 |
* @serialField allPermission java.security.PermissionCollection |
|
341 |
*/ |
|
342 |
private static final ObjectStreamField[] serialPersistentFields = { |
|
343 |
new ObjectStreamField("perms", Hashtable.class), |
|
344 |
new ObjectStreamField("allPermission", PermissionCollection.class), |
|
345 |
}; |
|
346 |
||
347 |
/** |
|
348 |
* @serialData Default fields. |
|
349 |
*/ |
|
350 |
/* |
|
351 |
* Writes the contents of the permsMap field out as a Hashtable for |
|
352 |
* serialization compatibility with earlier releases. allPermission |
|
353 |
* unchanged. |
|
354 |
*/ |
|
355 |
private void writeObject(ObjectOutputStream out) throws IOException { |
|
356 |
// Don't call out.defaultWriteObject() |
|
357 |
||
358 |
// Copy perms into a Hashtable |
|
359 |
Hashtable<Class<?>, PermissionCollection> perms = |
|
7970
af1579474d16
7008728: diamond conversion of basic security, permissions, authentication
smarks
parents:
5506
diff
changeset
|
360 |
new Hashtable<>(permsMap.size()*2); // no sync; estimate |
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
361 |
perms.putAll(permsMap); |
2 | 362 |
|
363 |
// Write out serializable fields |
|
364 |
ObjectOutputStream.PutField pfields = out.putFields(); |
|
365 |
||
366 |
pfields.put("allPermission", allPermission); // no sync; staleness OK |
|
367 |
pfields.put("perms", perms); |
|
368 |
out.writeFields(); |
|
369 |
} |
|
370 |
||
371 |
/* |
|
372 |
* Reads in a Hashtable of Class/PermissionCollections and saves them in the |
|
373 |
* permsMap field. Reads in allPermission. |
|
374 |
*/ |
|
375 |
private void readObject(ObjectInputStream in) throws IOException, |
|
376 |
ClassNotFoundException { |
|
377 |
// Don't call defaultReadObject() |
|
378 |
||
379 |
// Read in serialized fields |
|
380 |
ObjectInputStream.GetField gfields = in.readFields(); |
|
381 |
||
382 |
// Get allPermission |
|
383 |
allPermission = (PermissionCollection) gfields.get("allPermission", null); |
|
384 |
||
385 |
// Get permissions |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
386 |
// writeObject writes a Hashtable<Class<?>, PermissionCollection> for |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
387 |
// the perms key, so this cast is safe, unless the data is corrupt. |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
388 |
@SuppressWarnings("unchecked") |
2 | 389 |
Hashtable<Class<?>, PermissionCollection> perms = |
390 |
(Hashtable<Class<?>, PermissionCollection>)gfields.get("perms", null); |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
391 |
permsMap = new ConcurrentHashMap<>(perms.size()*2); |
2 | 392 |
permsMap.putAll(perms); |
393 |
||
394 |
// Set hasUnresolved |
|
395 |
UnresolvedPermissionCollection uc = |
|
396 |
(UnresolvedPermissionCollection) permsMap.get(UnresolvedPermission.class); |
|
397 |
hasUnresolved = (uc != null && uc.elements().hasMoreElements()); |
|
398 |
} |
|
399 |
} |
|
400 |
||
401 |
final class PermissionsEnumerator implements Enumeration<Permission> { |
|
402 |
||
403 |
// all the perms |
|
404 |
private Iterator<PermissionCollection> perms; |
|
405 |
// the current set |
|
406 |
private Enumeration<Permission> permset; |
|
407 |
||
408 |
PermissionsEnumerator(Iterator<PermissionCollection> e) { |
|
409 |
perms = e; |
|
410 |
permset = getNextEnumWithMore(); |
|
411 |
} |
|
412 |
||
413 |
// No need to synchronize; caller should sync on object as required |
|
414 |
public boolean hasMoreElements() { |
|
415 |
// if we enter with permissionimpl null, we know |
|
416 |
// there are no more left. |
|
417 |
||
418 |
if (permset == null) |
|
419 |
return false; |
|
420 |
||
421 |
// try to see if there are any left in the current one |
|
422 |
||
423 |
if (permset.hasMoreElements()) |
|
424 |
return true; |
|
425 |
||
426 |
// get the next one that has something in it... |
|
427 |
permset = getNextEnumWithMore(); |
|
428 |
||
429 |
// if it is null, we are done! |
|
430 |
return (permset != null); |
|
431 |
} |
|
432 |
||
433 |
// No need to synchronize; caller should sync on object as required |
|
434 |
public Permission nextElement() { |
|
435 |
||
436 |
// hasMoreElements will update permset to the next permset |
|
437 |
// with something in it... |
|
438 |
||
439 |
if (hasMoreElements()) { |
|
440 |
return permset.nextElement(); |
|
441 |
} else { |
|
442 |
throw new NoSuchElementException("PermissionsEnumerator"); |
|
443 |
} |
|
444 |
||
445 |
} |
|
446 |
||
447 |
private Enumeration<Permission> getNextEnumWithMore() { |
|
448 |
while (perms.hasNext()) { |
|
449 |
PermissionCollection pc = perms.next(); |
|
450 |
Enumeration<Permission> next =pc.elements(); |
|
451 |
if (next.hasMoreElements()) |
|
452 |
return next; |
|
453 |
} |
|
454 |
return null; |
|
455 |
||
456 |
} |
|
457 |
} |
|
458 |
||
459 |
/** |
|
460 |
* A PermissionsHash stores a homogeneous set of permissions in a hashtable. |
|
461 |
* |
|
462 |
* @see Permission |
|
463 |
* @see Permissions |
|
464 |
* |
|
465 |
* |
|
466 |
* @author Roland Schemers |
|
467 |
* |
|
468 |
* @serial include |
|
469 |
*/ |
|
470 |
||
471 |
final class PermissionsHash extends PermissionCollection |
|
472 |
implements Serializable |
|
473 |
{ |
|
474 |
/** |
|
475 |
* Key and value are (same) permissions objects. |
|
476 |
* Not serialized; see serialization section at end of class. |
|
477 |
*/ |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
478 |
private transient ConcurrentHashMap<Permission, Permission> permsMap; |
2 | 479 |
|
480 |
/** |
|
481 |
* Create an empty PermissionsHash object. |
|
482 |
*/ |
|
483 |
PermissionsHash() { |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
484 |
permsMap = new ConcurrentHashMap<>(11); |
2 | 485 |
} |
486 |
||
487 |
/** |
|
488 |
* Adds a permission to the PermissionsHash. |
|
489 |
* |
|
490 |
* @param permission the Permission object to add. |
|
491 |
*/ |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
492 |
@Override |
2 | 493 |
public void add(Permission permission) { |
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
494 |
permsMap.put(permission, permission); |
2 | 495 |
} |
496 |
||
497 |
/** |
|
498 |
* Check and see if this set of permissions implies the permissions |
|
499 |
* expressed in "permission". |
|
500 |
* |
|
501 |
* @param permission the Permission object to compare |
|
502 |
* |
|
503 |
* @return true if "permission" is a proper subset of a permission in |
|
504 |
* the set, false if not. |
|
505 |
*/ |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
506 |
@Override |
2 | 507 |
public boolean implies(Permission permission) { |
508 |
// attempt a fast lookup and implies. If that fails |
|
509 |
// then enumerate through all the permissions. |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
510 |
Permission p = permsMap.get(permission); |
2 | 511 |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
512 |
// If permission is found, then p.equals(permission) |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
513 |
if (p == null) { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
514 |
for (Permission p_ : permsMap.values()) { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
515 |
if (p_.implies(permission)) |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
516 |
return true; |
2 | 517 |
} |
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
518 |
return false; |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
519 |
} else { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
520 |
return true; |
2 | 521 |
} |
522 |
} |
|
523 |
||
524 |
/** |
|
525 |
* Returns an enumeration of all the Permission objects in the container. |
|
526 |
* |
|
527 |
* @return an enumeration of all the Permissions. |
|
528 |
*/ |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
529 |
@Override |
2 | 530 |
public Enumeration<Permission> elements() { |
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
531 |
return permsMap.elements(); |
2 | 532 |
} |
533 |
||
534 |
private static final long serialVersionUID = -8491988220802933440L; |
|
535 |
// Need to maintain serialization interoperability with earlier releases, |
|
536 |
// which had the serializable field: |
|
537 |
// private Hashtable perms; |
|
538 |
/** |
|
539 |
* @serialField perms java.util.Hashtable |
|
540 |
* A table of the Permissions (both key and value are same). |
|
541 |
*/ |
|
542 |
private static final ObjectStreamField[] serialPersistentFields = { |
|
543 |
new ObjectStreamField("perms", Hashtable.class), |
|
544 |
}; |
|
545 |
||
546 |
/** |
|
547 |
* @serialData Default fields. |
|
548 |
*/ |
|
549 |
/* |
|
550 |
* Writes the contents of the permsMap field out as a Hashtable for |
|
551 |
* serialization compatibility with earlier releases. |
|
552 |
*/ |
|
553 |
private void writeObject(ObjectOutputStream out) throws IOException { |
|
554 |
// Don't call out.defaultWriteObject() |
|
555 |
||
556 |
// Copy perms into a Hashtable |
|
557 |
Hashtable<Permission, Permission> perms = |
|
7970
af1579474d16
7008728: diamond conversion of basic security, permissions, authentication
smarks
parents:
5506
diff
changeset
|
558 |
new Hashtable<>(permsMap.size()*2); |
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
559 |
perms.putAll(permsMap); |
2 | 560 |
|
561 |
// Write out serializable fields |
|
562 |
ObjectOutputStream.PutField pfields = out.putFields(); |
|
563 |
pfields.put("perms", perms); |
|
564 |
out.writeFields(); |
|
565 |
} |
|
566 |
||
567 |
/* |
|
568 |
* Reads in a Hashtable of Permission/Permission and saves them in the |
|
569 |
* permsMap field. |
|
570 |
*/ |
|
571 |
private void readObject(ObjectInputStream in) throws IOException, |
|
572 |
ClassNotFoundException { |
|
573 |
// Don't call defaultReadObject() |
|
574 |
||
575 |
// Read in serialized fields |
|
576 |
ObjectInputStream.GetField gfields = in.readFields(); |
|
577 |
||
578 |
// Get permissions |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
579 |
// writeObject writes a Hashtable<Class<?>, PermissionCollection> for |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
580 |
// the perms key, so this cast is safe, unless the data is corrupt. |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
581 |
@SuppressWarnings("unchecked") |
2 | 582 |
Hashtable<Permission, Permission> perms = |
583 |
(Hashtable<Permission, Permission>)gfields.get("perms", null); |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
584 |
permsMap = new ConcurrentHashMap<>(perms.size()*2); |
2 | 585 |
permsMap.putAll(perms); |
586 |
} |
|
587 |
} |