130 /* if the permissions object has AllPermission */ |
130 /* if the permissions object has AllPermission */ |
131 private boolean hasAllPerm = false; |
131 private boolean hasAllPerm = false; |
132 |
132 |
133 /* the PermissionCollection is static (pre 1.4 constructor) |
133 /* the PermissionCollection is static (pre 1.4 constructor) |
134 or dynamic (via a policy refresh) */ |
134 or dynamic (via a policy refresh) */ |
135 private boolean staticPermissions; |
135 private final boolean staticPermissions; |
136 |
136 |
137 /* |
137 /* |
138 * An object used as a key when the ProtectionDomain is stored in a Map. |
138 * An object used as a key when the ProtectionDomain is stored in a Map. |
139 */ |
139 */ |
140 final Key key = new Key(); |
140 final Key key = new Key(); |
141 |
141 |
142 /** |
142 /** |
143 * Creates a new ProtectionDomain with the given CodeSource and |
143 * Creates a new ProtectionDomain with the given CodeSource and |
144 * Permissions. If the permissions object is not null, then |
144 * Permissions. If the permissions object is not null, then |
145 * {@code setReadOnly()} will be called on the passed in |
145 * {@code setReadOnly()} will be called on the passed in |
146 * Permissions object. The only permissions granted to this domain |
146 * Permissions object. |
147 * are the ones specified; the current Policy will not be consulted. |
147 * <p> |
|
148 * The permissions granted to this domain are static, i.e. |
|
149 * invoking the {@link #staticPermissionsOnly()} method returns true. |
|
150 * They contain only the ones passed to this constructor and |
|
151 * the current Policy will not be consulted. |
148 * |
152 * |
149 * @param codesource the codesource associated with this domain |
153 * @param codesource the codesource associated with this domain |
150 * @param permissions the permissions granted to this domain |
154 * @param permissions the permissions granted to this domain |
151 */ |
155 */ |
152 public ProtectionDomain(CodeSource codesource, |
156 public ProtectionDomain(CodeSource codesource, |
168 /** |
172 /** |
169 * Creates a new ProtectionDomain qualified by the given CodeSource, |
173 * Creates a new ProtectionDomain qualified by the given CodeSource, |
170 * Permissions, ClassLoader and array of Principals. If the |
174 * Permissions, ClassLoader and array of Principals. If the |
171 * permissions object is not null, then {@code setReadOnly()} |
175 * permissions object is not null, then {@code setReadOnly()} |
172 * will be called on the passed in Permissions object. |
176 * will be called on the passed in Permissions object. |
173 * The permissions granted to this domain are dynamic; they include |
177 * <p> |
174 * both the static permissions passed to this constructor, and any |
178 * The permissions granted to this domain are dynamic, i.e. |
175 * permissions granted to this domain by the current Policy at the |
179 * invoking the {@link #staticPermissionsOnly()} method returns false. |
|
180 * They include both the static permissions passed to this constructor, |
|
181 * and any permissions granted to this domain by the current Policy at the |
176 * time a permission is checked. |
182 * time a permission is checked. |
177 * <p> |
183 * <p> |
178 * This constructor is typically used by |
184 * This constructor is typically used by |
179 * {@link SecureClassLoader ClassLoaders} |
185 * {@link SecureClassLoader ClassLoaders} |
180 * and {@link DomainCombiner DomainCombiners} which delegate to |
186 * and {@link DomainCombiner DomainCombiners} which delegate to |
254 public final PermissionCollection getPermissions() { |
260 public final PermissionCollection getPermissions() { |
255 return permissions; |
261 return permissions; |
256 } |
262 } |
257 |
263 |
258 /** |
264 /** |
|
265 * Returns true if this domain contains only static permissions |
|
266 * and does not check the current {@code Policy} at the time of |
|
267 * permission checking. |
|
268 * |
|
269 * @return true if this domain contains only static permissions. |
|
270 * |
|
271 * @since 9 |
|
272 */ |
|
273 public final boolean staticPermissionsOnly() { |
|
274 return this.staticPermissions; |
|
275 } |
|
276 |
|
277 /** |
259 * Check and see if this ProtectionDomain implies the permissions |
278 * Check and see if this ProtectionDomain implies the permissions |
260 * expressed in the Permission object. |
279 * expressed in the Permission object. |
261 * <p> |
280 * <p> |
262 * The set of permissions evaluated is a function of whether the |
281 * The set of permissions evaluated is a function of whether the |
263 * ProtectionDomain was constructed with a static set of permissions |
282 * ProtectionDomain was constructed with a static set of permissions |
264 * or it was bound to a dynamically mapped set of permissions. |
283 * or it was bound to a dynamically mapped set of permissions. |
265 * <p> |
284 * <p> |
266 * If the ProtectionDomain was constructed to a |
285 * If the {@link #staticPermissionsOnly()} method returns |
267 * {@link #ProtectionDomain(CodeSource, PermissionCollection) |
286 * true, then the permission will only be checked against the |
268 * statically bound} PermissionCollection then the permission will |
287 * PermissionCollection supplied at construction. |
269 * only be checked against the PermissionCollection supplied at |
|
270 * construction. |
|
271 * <p> |
288 * <p> |
272 * However, if the ProtectionDomain was constructed with |
289 * Otherwise, the permission will be checked against the combination |
273 * the constructor variant which supports |
290 * of the PermissionCollection supplied at construction and |
274 * {@link #ProtectionDomain(CodeSource, PermissionCollection, |
|
275 * ClassLoader, java.security.Principal[]) dynamically binding} |
|
276 * permissions, then the permission will be checked against the |
|
277 * combination of the PermissionCollection supplied at construction and |
|
278 * the current Policy binding. |
291 * the current Policy binding. |
279 * |
292 * |
280 * @param permission the Permission object to check. |
293 * @param perm the Permission object to check. |
281 * |
294 * |
282 * @return true if "permission" is implicit to this ProtectionDomain. |
295 * @return true if {@code perm} is implied by this ProtectionDomain. |
283 */ |
296 */ |
284 public boolean implies(Permission permission) { |
297 public boolean implies(Permission perm) { |
285 |
298 |
286 if (hasAllPerm) { |
299 if (hasAllPerm) { |
287 // internal permission collection already has AllPermission - |
300 // internal permission collection already has AllPermission - |
288 // no need to go to policy |
301 // no need to go to policy |
289 return true; |
302 return true; |
290 } |
303 } |
291 |
304 |
292 if (!staticPermissions && |
305 if (!staticPermissions && |
293 Policy.getPolicyNoCheck().implies(this, permission)) |
306 Policy.getPolicyNoCheck().implies(this, perm)) |
294 return true; |
307 return true; |
295 if (permissions != null) |
308 if (permissions != null) |
296 return permissions.implies(permission); |
309 return permissions.implies(perm); |
297 |
310 |
298 return false; |
311 return false; |
299 } |
312 } |
300 |
313 |
301 // called by the VM -- do not remove |
314 // called by the VM -- do not remove |