More specifically, it encapsulates a context and
* has a single method, checkPermission,
* that is equivalent to the checkPermission method
* in the AccessController class, with one difference: The AccessControlContext
* checkPermission method makes access decisions based on the
* context it encapsulates,
* rather than that of the current execution thread.
*
*
Thus, the purpose of AccessControlContext is for those situations where * a security check that should be made within a given context * actually needs to be done from within a * different context (for example, from within a worker thread). * *
An AccessControlContext is created by calling the
* AccessController.getContext method.
* The getContext method takes a "snapshot"
* of the current calling context, and places
* it in an AccessControlContext object, which it returns. A sample call is
* the following:
*
*
* AccessControlContext acc = AccessController.getContext() ** *
* Code within a different context can subsequently call the
* checkPermission method on the
* previously-saved AccessControlContext object. A sample call is the
* following:
*
*
* acc.checkPermission(permission) ** * @see AccessController * * @author Roland Schemers */ public final class AccessControlContext { private ProtectionDomain context[]; private boolean isPrivileged; // Note: This field is directly used by the virtual machine // native codes. Don't touch it. private AccessControlContext privilegedContext; private DomainCombiner combiner = null; private static boolean debugInit = false; private static Debug debug = null; static Debug getDebug() { if (debugInit) return debug; else { if (Policy.isSet()) { debug = Debug.getInstance("access"); debugInit = true; } return debug; } } /** * Create an AccessControlContext with the given array of ProtectionDomains. * Context must not be null. Duplicate domains will be removed from the * context. * * @param context the ProtectionDomains associated with this context. * The non-duplicate domains are copied from the array. Subsequent * changes to the array will not affect this AccessControlContext. * @throws NullPointerException if
context is null
*/
public AccessControlContext(ProtectionDomain context[])
{
if (context.length == 0) {
this.context = null;
} else if (context.length == 1) {
if (context[0] != null) {
this.context = context.clone();
} else {
this.context = null;
}
} else {
ListAccessControlContext with the given
* AccessControlContext and DomainCombiner.
* This constructor associates the provided
* DomainCombiner with the provided
* AccessControlContext.
*
*
*
* @param acc the AccessControlContext associated
* with the provided DomainCombiner.
*
* @param combiner the DomainCombiner to be associated
* with the provided AccessControlContext.
*
* @exception NullPointerException if the provided
* context is null.
*
* @exception SecurityException if a security manager is installed and the
* caller does not have the "createAccessControlContext"
* {@link SecurityPermission}
* @since 1.3
*/
public AccessControlContext(AccessControlContext acc,
DomainCombiner combiner) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SecurityConstants.CREATE_ACC_PERMISSION);
}
this.context = acc.context;
// we do not need to run the combine method on the
// provided ACC. it was already "combined" when the
// context was originally retrieved.
//
// at this point in time, we simply throw away the old
// combiner and use the newly provided one.
this.combiner = combiner;
}
/**
* package private for AccessController
*/
AccessControlContext(ProtectionDomain context[], DomainCombiner combiner) {
if (context != null) {
this.context = context.clone();
}
this.combiner = combiner;
}
/**
* package private constructor for AccessController.getContext()
*/
AccessControlContext(ProtectionDomain context[],
boolean isPrivileged)
{
this.context = context;
this.isPrivileged = isPrivileged;
}
/**
* Constructor for JavaSecurityAccess.doIntersectionPrivilege()
*/
AccessControlContext(ProtectionDomain[] context,
AccessControlContext privilegedContext)
{
this.context = context;
this.privilegedContext = privilegedContext;
this.isPrivileged = true;
}
/**
* Returns this context's context.
*/
ProtectionDomain[] getContext() {
return context;
}
/**
* Returns true if this context is privileged.
*/
boolean isPrivileged()
{
return isPrivileged;
}
/**
* get the assigned combiner from the privileged or inherited context
*/
DomainCombiner getAssignedCombiner() {
AccessControlContext acc;
if (isPrivileged) {
acc = privilegedContext;
} else {
acc = AccessController.getInheritedAccessControlContext();
}
if (acc != null) {
return acc.combiner;
}
return null;
}
/**
* Get the DomainCombiner associated with this
* AccessControlContext.
*
*
*
* @return the DomainCombiner associated with this
* AccessControlContext, or null
* if there is none.
*
* @exception SecurityException if a security manager is installed and
* the caller does not have the "getDomainCombiner"
* {@link SecurityPermission}
* @since 1.3
*/
public DomainCombiner getDomainCombiner() {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SecurityConstants.GET_COMBINER_PERMISSION);
}
return combiner;
}
/**
* Determines whether the access request indicated by the
* specified permission should be allowed or denied, based on
* the security policy currently in effect, and the context in
* this object. The request is allowed only if every ProtectionDomain
* in the context implies the permission. Otherwise the request is
* denied.
*
*
* This method quietly returns if the access request
* is permitted, or throws a suitable AccessControlException otherwise.
*
* @param perm the requested permission.
*
* @exception AccessControlException if the specified permission
* is not permitted, based on the current security policy and the
* context encapsulated by this object.
* @exception NullPointerException if the permission to check for is null.
*/
public void checkPermission(Permission perm)
throws AccessControlException
{
boolean dumpDebug = false;
if (perm == null) {
throw new NullPointerException("permission can't be null");
}
if (getDebug() != null) {
// If "codebase" is not specified, we dump the info by default.
dumpDebug = !Debug.isOn("codebase=");
if (!dumpDebug) {
// If "codebase" is specified, only dump if the specified code
// value is in the stack.
for (int i = 0; context != null && i < context.length; i++) {
if (context[i].getCodeSource() != null &&
context[i].getCodeSource().getLocation() != null &&
Debug.isOn("codebase=" + context[i].getCodeSource().getLocation().toString())) {
dumpDebug = true;
break;
}
}
}
dumpDebug &= !Debug.isOn("permission=") ||
Debug.isOn("permission=" + perm.getClass().getCanonicalName());
if (dumpDebug && Debug.isOn("stack")) {
Thread.currentThread().dumpStack();
}
if (dumpDebug && Debug.isOn("domain")) {
if (context == null) {
debug.println("domain (context is null)");
} else {
for (int i=0; i< context.length; i++) {
debug.println("domain "+i+" "+context[i]);
}
}
}
}
/*
* iterate through the ProtectionDomains in the context.
* Stop at the first one that doesn't allow the
* requested permission (throwing an exception).
*
*/
/* if ctxt is null, all we had on the stack were system domains,
or the first domain was a Privileged system domain. This
is to make the common case for system code very fast */
if (context == null)
return;
for (int i=0; i< context.length; i++) {
if (context[i] != null && !context[i].implies(perm)) {
if (dumpDebug) {
debug.println("access denied " + perm);
}
if (Debug.isOn("failure") && debug != null) {
// Want to make sure this is always displayed for failure,
// but do not want to display again if already displayed
// above.
if (!dumpDebug) {
debug.println("access denied " + perm);
}
Thread.currentThread().dumpStack();
final ProtectionDomain pd = context[i];
final Debug db = debug;
AccessController.doPrivileged (new PrivilegedAction
* @param obj the object we are testing for equality with this object.
* @return true if obj is an AccessControlContext, and has the
* same set of ProtectionDomains as this context, false otherwise.
*/
public boolean equals(Object obj) {
if (obj == this)
return true;
if (! (obj instanceof AccessControlContext))
return false;
AccessControlContext that = (AccessControlContext) obj;
if (context == null) {
return (that.context == null);
}
if (that.context == null)
return false;
if (!(this.containsAllPDs(that) && that.containsAllPDs(this)))
return false;
if (this.combiner == null)
return (that.combiner == null);
if (that.combiner == null)
return false;
if (!this.combiner.equals(that.combiner))
return false;
return true;
}
private boolean containsAllPDs(AccessControlContext that) {
boolean match = false;
//
// ProtectionDomains within an ACC currently cannot be null
// and this is enforced by the constructor and the various
// optimize methods. However, historically this logic made attempts
// to support the notion of a null PD and therefore this logic continues
// to support that notion.
ProtectionDomain thisPd;
for (int i = 0; i < context.length; i++) {
match = false;
if ((thisPd = context[i]) == null) {
for (int j = 0; (j < that.context.length) && !match; j++) {
match = (that.context[j] == null);
}
} else {
Class thisPdClass = thisPd.getClass();
ProtectionDomain thatPd;
for (int j = 0; (j < that.context.length) && !match; j++) {
thatPd = that.context[j];
// Class check required to avoid PD exposure (4285406)
match = (thatPd != null &&
thisPdClass == thatPd.getClass() && thisPd.equals(thatPd));
}
}
if (!match) return false;
}
return match;
}
/**
* Returns the hash code value for this context. The hash code
* is computed by exclusive or-ing the hash code of all the protection
* domains in the context together.
*
* @return a hash code value for this context.
*/
public int hashCode() {
int hashCode = 0;
if (context == null)
return hashCode;
for (int i =0; i < context.length; i++) {
if (context[i] != null)
hashCode ^= context[i].hashCode();
}
return hashCode;
}
}