1 /*
2 * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
145 if (!v.isEmpty()) {
146 this.context = new ProtectionDomain[v.size()];
147 this.context = v.toArray(this.context);
148 }
149 }
150 }
151
152 /**
153 * Create a new {@code AccessControlContext} with the given
154 * {@code AccessControlContext} and {@code DomainCombiner}.
155 * This constructor associates the provided
156 * {@code DomainCombiner} with the provided
157 * {@code AccessControlContext}.
158 *
159 * @param acc the {@code AccessControlContext} associated
160 * with the provided {@code DomainCombiner}.
161 *
162 * @param combiner the {@code DomainCombiner} to be associated
163 * with the provided {@code AccessControlContext}.
164 *
165 * @exception NullPointerException if the provided
166 * {@code context} is {@code null}.
167 *
168 * @exception SecurityException if a security manager is installed and the
169 * caller does not have the "createAccessControlContext"
170 * {@link SecurityPermission}
171 * @since 1.3
172 */
173 public AccessControlContext(AccessControlContext acc,
174 DomainCombiner combiner) {
175
176 this(acc, combiner, false);
177 }
178
179 /**
180 * package private to allow calls from ProtectionDomain without performing
181 * the security check for {@linkplain SecurityConstants#CREATE_ACC_PERMISSION}
182 * permission
183 */
184 AccessControlContext(AccessControlContext acc,
185 DomainCombiner combiner,
186 boolean preauthorized) {
187 if (!preauthorized) {
188 SecurityManager sm = System.getSecurityManager();
327 AccessControlContext acc;
328 if (isPrivileged) {
329 acc = privilegedContext;
330 } else {
331 acc = AccessController.getInheritedAccessControlContext();
332 }
333 if (acc != null) {
334 return acc.combiner;
335 }
336 return null;
337 }
338
339 /**
340 * Get the {@code DomainCombiner} associated with this
341 * {@code AccessControlContext}.
342 *
343 * @return the {@code DomainCombiner} associated with this
344 * {@code AccessControlContext}, or {@code null}
345 * if there is none.
346 *
347 * @exception SecurityException if a security manager is installed and
348 * the caller does not have the "getDomainCombiner"
349 * {@link SecurityPermission}
350 * @since 1.3
351 */
352 public DomainCombiner getDomainCombiner() {
353
354 SecurityManager sm = System.getSecurityManager();
355 if (sm != null) {
356 sm.checkPermission(SecurityConstants.GET_COMBINER_PERMISSION);
357 }
358 return getCombiner();
359 }
360
361 /**
362 * package private for AccessController
363 */
364 DomainCombiner getCombiner() {
365 return combiner;
366 }
367
368 boolean isAuthorized() {
369 return isAuthorized;
370 }
371
372 /**
373 * Determines whether the access request indicated by the
374 * specified permission should be allowed or denied, based on
375 * the security policy currently in effect, and the context in
376 * this object. The request is allowed only if every ProtectionDomain
377 * in the context implies the permission. Otherwise the request is
378 * denied.
379 *
380 * <p>
381 * This method quietly returns if the access request
382 * is permitted, or throws a suitable AccessControlException otherwise.
383 *
384 * @param perm the requested permission.
385 *
386 * @exception AccessControlException if the specified permission
387 * is not permitted, based on the current security policy and the
388 * context encapsulated by this object.
389 * @exception NullPointerException if the permission to check for is null.
390 */
391 public void checkPermission(Permission perm)
392 throws AccessControlException
393 {
394 boolean dumpDebug = false;
395
396 if (perm == null) {
397 throw new NullPointerException("permission can't be null");
398 }
399 if (getDebug() != null) {
400 // If "codebase" is not specified, we dump the info by default.
401 dumpDebug = !Debug.isOn("codebase=");
402 if (!dumpDebug) {
403 // If "codebase" is specified, only dump if the specified code
404 // value is in the stack.
405 for (int i = 0; context != null && i < context.length; i++) {
406 if (context[i].getCodeSource() != null &&
407 context[i].getCodeSource().getLocation() != null &&
408 Debug.isOn("codebase=" + context[i].getCodeSource().getLocation().toString())) {
409 dumpDebug = true;
|
1 /*
2 * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
145 if (!v.isEmpty()) {
146 this.context = new ProtectionDomain[v.size()];
147 this.context = v.toArray(this.context);
148 }
149 }
150 }
151
152 /**
153 * Create a new {@code AccessControlContext} with the given
154 * {@code AccessControlContext} and {@code DomainCombiner}.
155 * This constructor associates the provided
156 * {@code DomainCombiner} with the provided
157 * {@code AccessControlContext}.
158 *
159 * @param acc the {@code AccessControlContext} associated
160 * with the provided {@code DomainCombiner}.
161 *
162 * @param combiner the {@code DomainCombiner} to be associated
163 * with the provided {@code AccessControlContext}.
164 *
165 * @throws NullPointerException if the provided
166 * {@code context} is {@code null}.
167 *
168 * @throws SecurityException if a security manager is installed and the
169 * caller does not have the "createAccessControlContext"
170 * {@link SecurityPermission}
171 * @since 1.3
172 */
173 public AccessControlContext(AccessControlContext acc,
174 DomainCombiner combiner) {
175
176 this(acc, combiner, false);
177 }
178
179 /**
180 * package private to allow calls from ProtectionDomain without performing
181 * the security check for {@linkplain SecurityConstants#CREATE_ACC_PERMISSION}
182 * permission
183 */
184 AccessControlContext(AccessControlContext acc,
185 DomainCombiner combiner,
186 boolean preauthorized) {
187 if (!preauthorized) {
188 SecurityManager sm = System.getSecurityManager();
327 AccessControlContext acc;
328 if (isPrivileged) {
329 acc = privilegedContext;
330 } else {
331 acc = AccessController.getInheritedAccessControlContext();
332 }
333 if (acc != null) {
334 return acc.combiner;
335 }
336 return null;
337 }
338
339 /**
340 * Get the {@code DomainCombiner} associated with this
341 * {@code AccessControlContext}.
342 *
343 * @return the {@code DomainCombiner} associated with this
344 * {@code AccessControlContext}, or {@code null}
345 * if there is none.
346 *
347 * @throws SecurityException if a security manager is installed and
348 * the caller does not have the "getDomainCombiner"
349 * {@link SecurityPermission}
350 * @since 1.3
351 */
352 public DomainCombiner getDomainCombiner() {
353
354 SecurityManager sm = System.getSecurityManager();
355 if (sm != null) {
356 sm.checkPermission(SecurityConstants.GET_COMBINER_PERMISSION);
357 }
358 return getCombiner();
359 }
360
361 /**
362 * package private for AccessController
363 */
364 DomainCombiner getCombiner() {
365 return combiner;
366 }
367
368 boolean isAuthorized() {
369 return isAuthorized;
370 }
371
372 /**
373 * Determines whether the access request indicated by the
374 * specified permission should be allowed or denied, based on
375 * the security policy currently in effect, and the context in
376 * this object. The request is allowed only if every ProtectionDomain
377 * in the context implies the permission. Otherwise the request is
378 * denied.
379 *
380 * <p>
381 * This method quietly returns if the access request
382 * is permitted, or throws a suitable AccessControlException otherwise.
383 *
384 * @param perm the requested permission.
385 *
386 * @throws AccessControlException if the specified permission
387 * is not permitted, based on the current security policy and the
388 * context encapsulated by this object.
389 * @throws NullPointerException if the permission to check for is null.
390 */
391 public void checkPermission(Permission perm)
392 throws AccessControlException
393 {
394 boolean dumpDebug = false;
395
396 if (perm == null) {
397 throw new NullPointerException("permission can't be null");
398 }
399 if (getDebug() != null) {
400 // If "codebase" is not specified, we dump the info by default.
401 dumpDebug = !Debug.isOn("codebase=");
402 if (!dumpDebug) {
403 // If "codebase" is specified, only dump if the specified code
404 // value is in the stack.
405 for (int i = 0; context != null && i < context.length; i++) {
406 if (context[i].getCodeSource() != null &&
407 context[i].getCodeSource().getLocation() != null &&
408 Debug.isOn("codebase=" + context[i].getCodeSource().getLocation().toString())) {
409 dumpDebug = true;
|