19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import java.util.ArrayList;
29 import java.util.List;
30 import sun.security.util.Debug;
31 import sun.security.util.SecurityConstants;
32
33
34 /**
35 * An AccessControlContext is used to make system resource access decisions
36 * based on the context it encapsulates.
37 *
38 * <p>More specifically, it encapsulates a context and
39 * has a single method, <code>checkPermission</code>,
40 * that is equivalent to the <code>checkPermission</code> method
41 * in the AccessController class, with one difference: The AccessControlContext
42 * <code>checkPermission</code> method makes access decisions based on the
43 * context it encapsulates,
44 * rather than that of the current execution thread.
45 *
46 * <p>Thus, the purpose of AccessControlContext is for those situations where
47 * a security check that should be made within a given context
48 * actually needs to be done from within a
49 * <i>different</i> context (for example, from within a worker thread).
50 *
51 * <p> An AccessControlContext is created by calling the
52 * <code>AccessController.getContext</code> method.
53 * The <code>getContext</code> method takes a "snapshot"
54 * of the current calling context, and places
55 * it in an AccessControlContext object, which it returns. A sample call is
56 * the following:
57 *
58 * <pre>
59 * AccessControlContext acc = AccessController.getContext()
60 * </pre>
61 *
62 * <p>
63 * Code within a different context can subsequently call the
64 * <code>checkPermission</code> method on the
65 * previously-saved AccessControlContext object. A sample call is the
66 * following:
67 *
68 * <pre>
69 * acc.checkPermission(permission)
70 * </pre>
71 *
72 * @see AccessController
73 *
74 * @author Roland Schemers
75 */
76
77 public final class AccessControlContext {
78
79 private ProtectionDomain context[];
80 // isPrivileged and isAuthorized are referenced by the VM - do not remove
81 // or change their names
82 private boolean isPrivileged;
83 private boolean isAuthorized = false;
84
104 {
105 if (debugInit)
106 return debug;
107 else {
108 if (Policy.isSet()) {
109 debug = Debug.getInstance("access");
110 debugInit = true;
111 }
112 return debug;
113 }
114 }
115
116 /**
117 * Create an AccessControlContext with the given array of ProtectionDomains.
118 * Context must not be null. Duplicate domains will be removed from the
119 * context.
120 *
121 * @param context the ProtectionDomains associated with this context.
122 * The non-duplicate domains are copied from the array. Subsequent
123 * changes to the array will not affect this AccessControlContext.
124 * @throws NullPointerException if <code>context</code> is <code>null</code>
125 */
126 public AccessControlContext(ProtectionDomain context[])
127 {
128 if (context.length == 0) {
129 this.context = null;
130 } else if (context.length == 1) {
131 if (context[0] != null) {
132 this.context = context.clone();
133 } else {
134 this.context = null;
135 }
136 } else {
137 List<ProtectionDomain> v = new ArrayList<>(context.length);
138 for (int i =0; i< context.length; i++) {
139 if ((context[i] != null) && (!v.contains(context[i])))
140 v.add(context[i]);
141 }
142 if (!v.isEmpty()) {
143 this.context = new ProtectionDomain[v.size()];
144 this.context = v.toArray(this.context);
145 }
146 }
147 }
148
149 /**
150 * Create a new <code>AccessControlContext</code> with the given
151 * <code>AccessControlContext</code> and <code>DomainCombiner</code>.
152 * This constructor associates the provided
153 * <code>DomainCombiner</code> with the provided
154 * <code>AccessControlContext</code>.
155 *
156 * <p>
157 *
158 * @param acc the <code>AccessControlContext</code> associated
159 * with the provided <code>DomainCombiner</code>.
160 *
161 * @param combiner the <code>DomainCombiner</code> to be associated
162 * with the provided <code>AccessControlContext</code>.
163 *
164 * @exception NullPointerException if the provided
165 * <code>context</code> is <code>null</code>.
166 *
167 * @exception SecurityException if a security manager is installed and the
168 * caller does not have the "createAccessControlContext"
169 * {@link SecurityPermission}
170 * @since 1.3
171 */
172 public AccessControlContext(AccessControlContext acc,
173 DomainCombiner combiner) {
174
175 SecurityManager sm = System.getSecurityManager();
176 if (sm != null) {
177 sm.checkPermission(SecurityConstants.CREATE_ACC_PERMISSION);
178 this.isAuthorized = true;
179 }
180
181 this.context = acc.context;
182
183 // we do not need to run the combine method on the
184 // provided ACC. it was already "combined" when the
185 // context was originally retrieved.
303 return isPrivileged;
304 }
305
306 /**
307 * get the assigned combiner from the privileged or inherited context
308 */
309 DomainCombiner getAssignedCombiner() {
310 AccessControlContext acc;
311 if (isPrivileged) {
312 acc = privilegedContext;
313 } else {
314 acc = AccessController.getInheritedAccessControlContext();
315 }
316 if (acc != null) {
317 return acc.combiner;
318 }
319 return null;
320 }
321
322 /**
323 * Get the <code>DomainCombiner</code> associated with this
324 * <code>AccessControlContext</code>.
325 *
326 * <p>
327 *
328 * @return the <code>DomainCombiner</code> associated with this
329 * <code>AccessControlContext</code>, or <code>null</code>
330 * if there is none.
331 *
332 * @exception SecurityException if a security manager is installed and
333 * the caller does not have the "getDomainCombiner"
334 * {@link SecurityPermission}
335 * @since 1.3
336 */
337 public DomainCombiner getDomainCombiner() {
338
339 SecurityManager sm = System.getSecurityManager();
340 if (sm != null) {
341 sm.checkPermission(SecurityConstants.GET_COMBINER_PERMISSION);
342 }
343 return getCombiner();
344 }
345
346 /**
347 * package private for AccessController
348 */
349 DomainCombiner getCombiner() {
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import java.util.ArrayList;
29 import java.util.List;
30 import sun.security.util.Debug;
31 import sun.security.util.SecurityConstants;
32
33
34 /**
35 * An AccessControlContext is used to make system resource access decisions
36 * based on the context it encapsulates.
37 *
38 * <p>More specifically, it encapsulates a context and
39 * has a single method, {@code checkPermission},
40 * that is equivalent to the {@code checkPermission} method
41 * in the AccessController class, with one difference: The AccessControlContext
42 * {@code checkPermission} method makes access decisions based on the
43 * context it encapsulates,
44 * rather than that of the current execution thread.
45 *
46 * <p>Thus, the purpose of AccessControlContext is for those situations where
47 * a security check that should be made within a given context
48 * actually needs to be done from within a
49 * <i>different</i> context (for example, from within a worker thread).
50 *
51 * <p> An AccessControlContext is created by calling the
52 * {@code AccessController.getContext} method.
53 * The {@code getContext} method takes a "snapshot"
54 * of the current calling context, and places
55 * it in an AccessControlContext object, which it returns. A sample call is
56 * the following:
57 *
58 * <pre>
59 * AccessControlContext acc = AccessController.getContext()
60 * </pre>
61 *
62 * <p>
63 * Code within a different context can subsequently call the
64 * {@code checkPermission} method on the
65 * previously-saved AccessControlContext object. A sample call is the
66 * following:
67 *
68 * <pre>
69 * acc.checkPermission(permission)
70 * </pre>
71 *
72 * @see AccessController
73 *
74 * @author Roland Schemers
75 */
76
77 public final class AccessControlContext {
78
79 private ProtectionDomain context[];
80 // isPrivileged and isAuthorized are referenced by the VM - do not remove
81 // or change their names
82 private boolean isPrivileged;
83 private boolean isAuthorized = false;
84
104 {
105 if (debugInit)
106 return debug;
107 else {
108 if (Policy.isSet()) {
109 debug = Debug.getInstance("access");
110 debugInit = true;
111 }
112 return debug;
113 }
114 }
115
116 /**
117 * Create an AccessControlContext with the given array of ProtectionDomains.
118 * Context must not be null. Duplicate domains will be removed from the
119 * context.
120 *
121 * @param context the ProtectionDomains associated with this context.
122 * The non-duplicate domains are copied from the array. Subsequent
123 * changes to the array will not affect this AccessControlContext.
124 * @throws NullPointerException if {@code context} is {@code null}
125 */
126 public AccessControlContext(ProtectionDomain context[])
127 {
128 if (context.length == 0) {
129 this.context = null;
130 } else if (context.length == 1) {
131 if (context[0] != null) {
132 this.context = context.clone();
133 } else {
134 this.context = null;
135 }
136 } else {
137 List<ProtectionDomain> v = new ArrayList<>(context.length);
138 for (int i =0; i< context.length; i++) {
139 if ((context[i] != null) && (!v.contains(context[i])))
140 v.add(context[i]);
141 }
142 if (!v.isEmpty()) {
143 this.context = new ProtectionDomain[v.size()];
144 this.context = v.toArray(this.context);
145 }
146 }
147 }
148
149 /**
150 * Create a new {@code AccessControlContext} with the given
151 * {@code AccessControlContext} and {@code DomainCombiner}.
152 * This constructor associates the provided
153 * {@code DomainCombiner} with the provided
154 * {@code AccessControlContext}.
155 *
156 * <p>
157 *
158 * @param acc the {@code AccessControlContext} associated
159 * with the provided {@code DomainCombiner}.
160 *
161 * @param combiner the {@code DomainCombiner} to be associated
162 * with the provided {@code AccessControlContext}.
163 *
164 * @exception NullPointerException if the provided
165 * {@code context} is {@code null}.
166 *
167 * @exception SecurityException if a security manager is installed and the
168 * caller does not have the "createAccessControlContext"
169 * {@link SecurityPermission}
170 * @since 1.3
171 */
172 public AccessControlContext(AccessControlContext acc,
173 DomainCombiner combiner) {
174
175 SecurityManager sm = System.getSecurityManager();
176 if (sm != null) {
177 sm.checkPermission(SecurityConstants.CREATE_ACC_PERMISSION);
178 this.isAuthorized = true;
179 }
180
181 this.context = acc.context;
182
183 // we do not need to run the combine method on the
184 // provided ACC. it was already "combined" when the
185 // context was originally retrieved.
303 return isPrivileged;
304 }
305
306 /**
307 * get the assigned combiner from the privileged or inherited context
308 */
309 DomainCombiner getAssignedCombiner() {
310 AccessControlContext acc;
311 if (isPrivileged) {
312 acc = privilegedContext;
313 } else {
314 acc = AccessController.getInheritedAccessControlContext();
315 }
316 if (acc != null) {
317 return acc.combiner;
318 }
319 return null;
320 }
321
322 /**
323 * Get the {@code DomainCombiner} associated with this
324 * {@code AccessControlContext}.
325 *
326 * <p>
327 *
328 * @return the {@code DomainCombiner} associated with this
329 * {@code AccessControlContext}, or {@code null}
330 * if there is none.
331 *
332 * @exception SecurityException if a security manager is installed and
333 * the caller does not have the "getDomainCombiner"
334 * {@link SecurityPermission}
335 * @since 1.3
336 */
337 public DomainCombiner getDomainCombiner() {
338
339 SecurityManager sm = System.getSecurityManager();
340 if (sm != null) {
341 sm.checkPermission(SecurityConstants.GET_COMBINER_PERMISSION);
342 }
343 return getCombiner();
344 }
345
346 /**
347 * package private for AccessController
348 */
349 DomainCombiner getCombiner() {
|