< prev index next >

src/java.desktop/share/classes/sun/applet/AppletSecurity.java

Print this page




 243         if (inThreadGroupCheck) {
 244             // if we are in a recursive check, it is because
 245             // inThreadGroup is calling appletLoader.getThreadGroup
 246             // in that case, only do the super check, as appletLoader
 247             // has a begin/endPrivileged
 248             checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION);
 249         } else {
 250             try {
 251                 inThreadGroupCheck = true;
 252                 if (!inThreadGroup(g)) {
 253                     checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION);
 254                 }
 255             } finally {
 256                 inThreadGroupCheck = false;
 257             }
 258         }
 259     }
 260 
 261 
 262     /**
 263      * Throws a <code>SecurityException</code> if the
 264      * calling thread is not allowed to access the package specified by
 265      * the argument.
 266      * <p>
 267      * This method is used by the <code>loadClass</code> method of class
 268      * loaders.
 269      * <p>
 270      * The <code>checkPackageAccess</code> method for class
 271      * <code>SecurityManager</code>  calls
 272      * <code>checkPermission</code> with the
 273      * <code>RuntimePermission("accessClassInPackage."+ pkgname)</code>
 274      * permission.
 275      *
 276      * @param      pkgname   the package name.
 277      * @exception  SecurityException  if the caller does not have
 278      *             permission to access the specified package.
 279      * @see        java.lang.ClassLoader#loadClass(java.lang.String, boolean)
 280      */
 281     public void checkPackageAccess(final String pkgname) {
 282 
 283         // first see if the VM-wide policy allows access to this package
 284         super.checkPackageAccess(pkgname);
 285 
 286         // now check the list of restricted packages
 287         for (Iterator<String> iter = restrictedPackages.iterator(); iter.hasNext();)
 288         {
 289             String pkg = iter.next();
 290 
 291             // Prevent matching "sun" and "sunir" even if they
 292             // starts with similar beginning characters
 293             //
 294             if (pkgname.equals(pkg) || pkgname.startsWith(pkg + "."))
 295             {
 296                 checkPermission(new java.lang.RuntimePermission
 297                             ("accessClassInPackage." + pkgname));
 298             }
 299         }
 300     }
 301 
 302     /**
 303      * Tests if a client can get access to the AWT event queue.
 304      * <p>
 305      * This method calls <code>checkPermission</code> with the
 306      * <code>AWTPermission("accessEventQueue")</code> permission.
 307      *
 308      * @since   1.1
 309      * @exception  SecurityException  if the caller does not have
 310      *             permission to access the AWT event queue.
 311      */
 312     @SuppressWarnings("deprecation")
 313     public void checkAwtEventQueueAccess() {
 314         AppContext appContext = AppContext.getAppContext();
 315         AppletClassLoader appletClassLoader = currentAppletClassLoader();
 316 
 317         if (AppContext.isMainContext(appContext) && (appletClassLoader != null)) {
 318             // If we're about to allow access to the main EventQueue,
 319             // and anything untrusted is on the class context stack,
 320             // disallow access.
 321             super.checkPermission(AWTPermissions.CHECK_AWT_EVENTQUEUE_PERMISSION);
 322         }
 323     } // checkAwtEventQueueAccess()
 324 
 325     /**
 326      * Returns the thread group of the applet. We consult the classloader




 243         if (inThreadGroupCheck) {
 244             // if we are in a recursive check, it is because
 245             // inThreadGroup is calling appletLoader.getThreadGroup
 246             // in that case, only do the super check, as appletLoader
 247             // has a begin/endPrivileged
 248             checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION);
 249         } else {
 250             try {
 251                 inThreadGroupCheck = true;
 252                 if (!inThreadGroup(g)) {
 253                     checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION);
 254                 }
 255             } finally {
 256                 inThreadGroupCheck = false;
 257             }
 258         }
 259     }
 260 
 261 
 262     /**
 263      * Throws a {@code SecurityException} if the
 264      * calling thread is not allowed to access the package specified by
 265      * the argument.
 266      * <p>
 267      * This method is used by the {@code loadClass} method of class
 268      * loaders.
 269      * <p>
 270      * The {@code checkPackageAccess} method for class
 271      * {@code SecurityManager}  calls
 272      * {@code checkPermission} with the
 273      * {@code RuntimePermission("accessClassInPackage."+ pkgname)}
 274      * permission.
 275      *
 276      * @param      pkgname   the package name.
 277      * @exception  SecurityException  if the caller does not have
 278      *             permission to access the specified package.
 279      * @see        java.lang.ClassLoader#loadClass(java.lang.String, boolean)
 280      */
 281     public void checkPackageAccess(final String pkgname) {
 282 
 283         // first see if the VM-wide policy allows access to this package
 284         super.checkPackageAccess(pkgname);
 285 
 286         // now check the list of restricted packages
 287         for (Iterator<String> iter = restrictedPackages.iterator(); iter.hasNext();)
 288         {
 289             String pkg = iter.next();
 290 
 291             // Prevent matching "sun" and "sunir" even if they
 292             // starts with similar beginning characters
 293             //
 294             if (pkgname.equals(pkg) || pkgname.startsWith(pkg + "."))
 295             {
 296                 checkPermission(new java.lang.RuntimePermission
 297                             ("accessClassInPackage." + pkgname));
 298             }
 299         }
 300     }
 301 
 302     /**
 303      * Tests if a client can get access to the AWT event queue.
 304      * <p>
 305      * This method calls {@code checkPermission} with the
 306      * {@code AWTPermission("accessEventQueue")} permission.
 307      *
 308      * @since   1.1
 309      * @exception  SecurityException  if the caller does not have
 310      *             permission to access the AWT event queue.
 311      */
 312     @SuppressWarnings("deprecation")
 313     public void checkAwtEventQueueAccess() {
 314         AppContext appContext = AppContext.getAppContext();
 315         AppletClassLoader appletClassLoader = currentAppletClassLoader();
 316 
 317         if (AppContext.isMainContext(appContext) && (appletClassLoader != null)) {
 318             // If we're about to allow access to the main EventQueue,
 319             // and anything untrusted is on the class context stack,
 320             // disallow access.
 321             super.checkPermission(AWTPermissions.CHECK_AWT_EVENTQUEUE_PERMISSION);
 322         }
 323     } // checkAwtEventQueueAccess()
 324 
 325     /**
 326      * Returns the thread group of the applet. We consult the classloader


< prev index next >