19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.security; 27 28 import java.util.ArrayList; 29 import java.util.List; 30 import sun.security.util.Debug; 31 import sun.security.util.SecurityConstants; 32 33 34 /** 35 * An AccessControlContext is used to make system resource access decisions 36 * based on the context it encapsulates. 37 * 38 * <p>More specifically, it encapsulates a context and 39 * has a single method, <code>checkPermission</code>, 40 * that is equivalent to the <code>checkPermission</code> method 41 * in the AccessController class, with one difference: The AccessControlContext 42 * <code>checkPermission</code> method makes access decisions based on the 43 * context it encapsulates, 44 * rather than that of the current execution thread. 45 * 46 * <p>Thus, the purpose of AccessControlContext is for those situations where 47 * a security check that should be made within a given context 48 * actually needs to be done from within a 49 * <i>different</i> context (for example, from within a worker thread). 50 * 51 * <p> An AccessControlContext is created by calling the 52 * <code>AccessController.getContext</code> method. 53 * The <code>getContext</code> method takes a "snapshot" 54 * of the current calling context, and places 55 * it in an AccessControlContext object, which it returns. A sample call is 56 * the following: 57 * 58 * <pre> 59 * AccessControlContext acc = AccessController.getContext() 60 * </pre> 61 * 62 * <p> 63 * Code within a different context can subsequently call the 64 * <code>checkPermission</code> method on the 65 * previously-saved AccessControlContext object. A sample call is the 66 * following: 67 * 68 * <pre> 69 * acc.checkPermission(permission) 70 * </pre> 71 * 72 * @see AccessController 73 * 74 * @author Roland Schemers 75 */ 76 77 public final class AccessControlContext { 78 79 private ProtectionDomain context[]; 80 // isPrivileged and isAuthorized are referenced by the VM - do not remove 81 // or change their names 82 private boolean isPrivileged; 83 private boolean isAuthorized = false; 84 104 { 105 if (debugInit) 106 return debug; 107 else { 108 if (Policy.isSet()) { 109 debug = Debug.getInstance("access"); 110 debugInit = true; 111 } 112 return debug; 113 } 114 } 115 116 /** 117 * Create an AccessControlContext with the given array of ProtectionDomains. 118 * Context must not be null. Duplicate domains will be removed from the 119 * context. 120 * 121 * @param context the ProtectionDomains associated with this context. 122 * The non-duplicate domains are copied from the array. Subsequent 123 * changes to the array will not affect this AccessControlContext. 124 * @throws NullPointerException if <code>context</code> is <code>null</code> 125 */ 126 public AccessControlContext(ProtectionDomain context[]) 127 { 128 if (context.length == 0) { 129 this.context = null; 130 } else if (context.length == 1) { 131 if (context[0] != null) { 132 this.context = context.clone(); 133 } else { 134 this.context = null; 135 } 136 } else { 137 List<ProtectionDomain> v = new ArrayList<>(context.length); 138 for (int i =0; i< context.length; i++) { 139 if ((context[i] != null) && (!v.contains(context[i]))) 140 v.add(context[i]); 141 } 142 if (!v.isEmpty()) { 143 this.context = new ProtectionDomain[v.size()]; 144 this.context = v.toArray(this.context); 145 } 146 } 147 } 148 149 /** 150 * Create a new <code>AccessControlContext</code> with the given 151 * <code>AccessControlContext</code> and <code>DomainCombiner</code>. 152 * This constructor associates the provided 153 * <code>DomainCombiner</code> with the provided 154 * <code>AccessControlContext</code>. 155 * 156 * <p> 157 * 158 * @param acc the <code>AccessControlContext</code> associated 159 * with the provided <code>DomainCombiner</code>. 160 * 161 * @param combiner the <code>DomainCombiner</code> to be associated 162 * with the provided <code>AccessControlContext</code>. 163 * 164 * @exception NullPointerException if the provided 165 * <code>context</code> is <code>null</code>. 166 * 167 * @exception SecurityException if a security manager is installed and the 168 * caller does not have the "createAccessControlContext" 169 * {@link SecurityPermission} 170 * @since 1.3 171 */ 172 public AccessControlContext(AccessControlContext acc, 173 DomainCombiner combiner) { 174 175 SecurityManager sm = System.getSecurityManager(); 176 if (sm != null) { 177 sm.checkPermission(SecurityConstants.CREATE_ACC_PERMISSION); 178 this.isAuthorized = true; 179 } 180 181 this.context = acc.context; 182 183 // we do not need to run the combine method on the 184 // provided ACC. it was already "combined" when the 185 // context was originally retrieved. 303 return isPrivileged; 304 } 305 306 /** 307 * get the assigned combiner from the privileged or inherited context 308 */ 309 DomainCombiner getAssignedCombiner() { 310 AccessControlContext acc; 311 if (isPrivileged) { 312 acc = privilegedContext; 313 } else { 314 acc = AccessController.getInheritedAccessControlContext(); 315 } 316 if (acc != null) { 317 return acc.combiner; 318 } 319 return null; 320 } 321 322 /** 323 * Get the <code>DomainCombiner</code> associated with this 324 * <code>AccessControlContext</code>. 325 * 326 * <p> 327 * 328 * @return the <code>DomainCombiner</code> associated with this 329 * <code>AccessControlContext</code>, or <code>null</code> 330 * if there is none. 331 * 332 * @exception SecurityException if a security manager is installed and 333 * the caller does not have the "getDomainCombiner" 334 * {@link SecurityPermission} 335 * @since 1.3 336 */ 337 public DomainCombiner getDomainCombiner() { 338 339 SecurityManager sm = System.getSecurityManager(); 340 if (sm != null) { 341 sm.checkPermission(SecurityConstants.GET_COMBINER_PERMISSION); 342 } 343 return getCombiner(); 344 } 345 346 /** 347 * package private for AccessController 348 */ 349 DomainCombiner getCombiner() { | 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.security; 27 28 import java.util.ArrayList; 29 import java.util.List; 30 import sun.security.util.Debug; 31 import sun.security.util.SecurityConstants; 32 33 34 /** 35 * An AccessControlContext is used to make system resource access decisions 36 * based on the context it encapsulates. 37 * 38 * <p>More specifically, it encapsulates a context and 39 * has a single method, {@code checkPermission}, 40 * that is equivalent to the {@code checkPermission} method 41 * in the AccessController class, with one difference: The AccessControlContext 42 * {@code checkPermission} method makes access decisions based on the 43 * context it encapsulates, 44 * rather than that of the current execution thread. 45 * 46 * <p>Thus, the purpose of AccessControlContext is for those situations where 47 * a security check that should be made within a given context 48 * actually needs to be done from within a 49 * <i>different</i> context (for example, from within a worker thread). 50 * 51 * <p> An AccessControlContext is created by calling the 52 * {@code AccessController.getContext} method. 53 * The {@code getContext} method takes a "snapshot" 54 * of the current calling context, and places 55 * it in an AccessControlContext object, which it returns. A sample call is 56 * the following: 57 * 58 * <pre> 59 * AccessControlContext acc = AccessController.getContext() 60 * </pre> 61 * 62 * <p> 63 * Code within a different context can subsequently call the 64 * {@code checkPermission} method on the 65 * previously-saved AccessControlContext object. A sample call is the 66 * following: 67 * 68 * <pre> 69 * acc.checkPermission(permission) 70 * </pre> 71 * 72 * @see AccessController 73 * 74 * @author Roland Schemers 75 */ 76 77 public final class AccessControlContext { 78 79 private ProtectionDomain context[]; 80 // isPrivileged and isAuthorized are referenced by the VM - do not remove 81 // or change their names 82 private boolean isPrivileged; 83 private boolean isAuthorized = false; 84 104 { 105 if (debugInit) 106 return debug; 107 else { 108 if (Policy.isSet()) { 109 debug = Debug.getInstance("access"); 110 debugInit = true; 111 } 112 return debug; 113 } 114 } 115 116 /** 117 * Create an AccessControlContext with the given array of ProtectionDomains. 118 * Context must not be null. Duplicate domains will be removed from the 119 * context. 120 * 121 * @param context the ProtectionDomains associated with this context. 122 * The non-duplicate domains are copied from the array. Subsequent 123 * changes to the array will not affect this AccessControlContext. 124 * @throws NullPointerException if {@code context} is {@code null} 125 */ 126 public AccessControlContext(ProtectionDomain context[]) 127 { 128 if (context.length == 0) { 129 this.context = null; 130 } else if (context.length == 1) { 131 if (context[0] != null) { 132 this.context = context.clone(); 133 } else { 134 this.context = null; 135 } 136 } else { 137 List<ProtectionDomain> v = new ArrayList<>(context.length); 138 for (int i =0; i< context.length; i++) { 139 if ((context[i] != null) && (!v.contains(context[i]))) 140 v.add(context[i]); 141 } 142 if (!v.isEmpty()) { 143 this.context = new ProtectionDomain[v.size()]; 144 this.context = v.toArray(this.context); 145 } 146 } 147 } 148 149 /** 150 * Create a new {@code AccessControlContext} with the given 151 * {@code AccessControlContext} and {@code DomainCombiner}. 152 * This constructor associates the provided 153 * {@code DomainCombiner} with the provided 154 * {@code AccessControlContext}. 155 * 156 * <p> 157 * 158 * @param acc the {@code AccessControlContext} associated 159 * with the provided {@code DomainCombiner}. 160 * 161 * @param combiner the {@code DomainCombiner} to be associated 162 * with the provided {@code AccessControlContext}. 163 * 164 * @exception NullPointerException if the provided 165 * {@code context} is {@code null}. 166 * 167 * @exception SecurityException if a security manager is installed and the 168 * caller does not have the "createAccessControlContext" 169 * {@link SecurityPermission} 170 * @since 1.3 171 */ 172 public AccessControlContext(AccessControlContext acc, 173 DomainCombiner combiner) { 174 175 SecurityManager sm = System.getSecurityManager(); 176 if (sm != null) { 177 sm.checkPermission(SecurityConstants.CREATE_ACC_PERMISSION); 178 this.isAuthorized = true; 179 } 180 181 this.context = acc.context; 182 183 // we do not need to run the combine method on the 184 // provided ACC. it was already "combined" when the 185 // context was originally retrieved. 303 return isPrivileged; 304 } 305 306 /** 307 * get the assigned combiner from the privileged or inherited context 308 */ 309 DomainCombiner getAssignedCombiner() { 310 AccessControlContext acc; 311 if (isPrivileged) { 312 acc = privilegedContext; 313 } else { 314 acc = AccessController.getInheritedAccessControlContext(); 315 } 316 if (acc != null) { 317 return acc.combiner; 318 } 319 return null; 320 } 321 322 /** 323 * Get the {@code DomainCombiner} associated with this 324 * {@code AccessControlContext}. 325 * 326 * <p> 327 * 328 * @return the {@code DomainCombiner} associated with this 329 * {@code AccessControlContext}, or {@code null} 330 * if there is none. 331 * 332 * @exception SecurityException if a security manager is installed and 333 * the caller does not have the "getDomainCombiner" 334 * {@link SecurityPermission} 335 * @since 1.3 336 */ 337 public DomainCombiner getDomainCombiner() { 338 339 SecurityManager sm = System.getSecurityManager(); 340 if (sm != null) { 341 sm.checkPermission(SecurityConstants.GET_COMBINER_PERMISSION); 342 } 343 return getCombiner(); 344 } 345 346 /** 347 * package private for AccessController 348 */ 349 DomainCombiner getCombiner() { |