281 private AccessController() { }
282
283 /**
284 * Performs the specified {@code PrivilegedAction} with privileges
285 * enabled. The action is performed with <i>all</i> of the permissions
286 * possessed by the caller's protection domain.
287 *
288 * <p> If the action's {@code run} method throws an (unchecked)
289 * exception, it will propagate through this method.
290 *
291 * <p> Note that any DomainCombiner associated with the current
292 * AccessControlContext will be ignored while the action is performed.
293 *
294 * @param <T> the type of the value returned by the PrivilegedAction's
295 * {@code run} method.
296 *
297 * @param action the action to be performed.
298 *
299 * @return the value returned by the action's {@code run} method.
300 *
301 * @exception NullPointerException if the action is {@code null}
302 *
303 * @see #doPrivileged(PrivilegedAction,AccessControlContext)
304 * @see #doPrivileged(PrivilegedExceptionAction)
305 * @see #doPrivilegedWithCombiner(PrivilegedAction)
306 * @see java.security.DomainCombiner
307 */
308
309 @CallerSensitive
310 public static <T> T doPrivileged(PrivilegedAction<T> action)
311 {
312 return executePrivileged(action, null, Reflection.getCallerClass());
313 }
314
315 /**
316 * Performs the specified {@code PrivilegedAction} with privileges
317 * enabled. The action is performed with <i>all</i> of the permissions
318 * possessed by the caller's protection domain.
319 *
320 * <p> If the action's {@code run} method throws an (unchecked)
321 * exception, it will propagate through this method.
322 *
323 * <p> This method preserves the current AccessControlContext's
324 * DomainCombiner (which may be null) while the action is performed.
325 *
326 * @param <T> the type of the value returned by the PrivilegedAction's
327 * {@code run} method.
328 *
329 * @param action the action to be performed.
330 *
331 * @return the value returned by the action's {@code run} method.
332 *
333 * @exception NullPointerException if the action is {@code null}
334 *
335 * @see #doPrivileged(PrivilegedAction)
336 * @see java.security.DomainCombiner
337 *
338 * @since 1.6
339 */
340 @CallerSensitive
341 public static <T> T doPrivilegedWithCombiner(PrivilegedAction<T> action) {
342 AccessControlContext acc = getStackAccessControlContext();
343 if (acc == null) {
344 return AccessController.doPrivileged(action);
345 }
346 DomainCombiner dc = acc.getAssignedCombiner();
347 return AccessController.doPrivileged(action,
348 preserveCombiner(dc, Reflection.getCallerClass()));
349 }
350
351
352 /**
353 * Performs the specified {@code PrivilegedAction} with privileges
360 * it will propagate through this method.
361 * <p>
362 * If a security manager is installed and the specified
363 * {@code AccessControlContext} was not created by system code and the
364 * caller's {@code ProtectionDomain} has not been granted the
365 * {@literal "createAccessControlContext"}
366 * {@link java.security.SecurityPermission}, then the action is performed
367 * with no permissions.
368 *
369 * @param <T> the type of the value returned by the PrivilegedAction's
370 * {@code run} method.
371 * @param action the action to be performed.
372 * @param context an <i>access control context</i>
373 * representing the restriction to be applied to the
374 * caller's domain's privileges before performing
375 * the specified action. If the context is
376 * {@code null}, then no additional restriction is applied.
377 *
378 * @return the value returned by the action's {@code run} method.
379 *
380 * @exception NullPointerException if the action is {@code null}
381 *
382 * @see #doPrivileged(PrivilegedAction)
383 * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
384 */
385 @CallerSensitive
386 public static <T> T doPrivileged(PrivilegedAction<T> action,
387 AccessControlContext context)
388 {
389 Class<?> caller = Reflection.getCallerClass();
390 context = checkContext(context, caller);
391 return executePrivileged(action, context, caller);
392 }
393
394
395 /**
396 * Performs the specified {@code PrivilegedAction} with privileges
397 * enabled and restricted by the specified
398 * {@code AccessControlContext} and with a privilege scope limited
399 * by specified {@code Permission} arguments.
400 *
517 }
518
519 /**
520 * Performs the specified {@code PrivilegedExceptionAction} with
521 * privileges enabled. The action is performed with <i>all</i> of the
522 * permissions possessed by the caller's protection domain.
523 *
524 * <p> If the action's {@code run} method throws an <i>unchecked</i>
525 * exception, it will propagate through this method.
526 *
527 * <p> Note that any DomainCombiner associated with the current
528 * AccessControlContext will be ignored while the action is performed.
529 *
530 * @param <T> the type of the value returned by the
531 * PrivilegedExceptionAction's {@code run} method.
532 *
533 * @param action the action to be performed
534 *
535 * @return the value returned by the action's {@code run} method
536 *
537 * @exception PrivilegedActionException if the specified action's
538 * {@code run} method threw a <i>checked</i> exception
539 * @exception NullPointerException if the action is {@code null}
540 *
541 * @see #doPrivileged(PrivilegedAction)
542 * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
543 * @see #doPrivilegedWithCombiner(PrivilegedExceptionAction)
544 * @see java.security.DomainCombiner
545 */
546 @CallerSensitive
547 public static <T> T
548 doPrivileged(PrivilegedExceptionAction<T> action)
549 throws PrivilegedActionException
550 {
551 AccessControlContext context = null;
552 Class<?> caller = Reflection.getCallerClass();
553 try {
554 return executePrivileged(action, context, caller);
555 } catch (RuntimeException e) {
556 throw e;
557 } catch (Exception e) {
558 throw wrapException(e);
559 }
560 }
561
562 /**
563 * Performs the specified {@code PrivilegedExceptionAction} with
564 * privileges enabled. The action is performed with <i>all</i> of the
565 * permissions possessed by the caller's protection domain.
566 *
567 * <p> If the action's {@code run} method throws an <i>unchecked</i>
568 * exception, it will propagate through this method.
569 *
570 * <p> This method preserves the current AccessControlContext's
571 * DomainCombiner (which may be null) while the action is performed.
572 *
573 * @param <T> the type of the value returned by the
574 * PrivilegedExceptionAction's {@code run} method.
575 *
576 * @param action the action to be performed.
577 *
578 * @return the value returned by the action's {@code run} method
579 *
580 * @exception PrivilegedActionException if the specified action's
581 * {@code run} method threw a <i>checked</i> exception
582 * @exception NullPointerException if the action is {@code null}
583 *
584 * @see #doPrivileged(PrivilegedAction)
585 * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
586 * @see java.security.DomainCombiner
587 *
588 * @since 1.6
589 */
590 @CallerSensitive
591 public static <T> T doPrivilegedWithCombiner(PrivilegedExceptionAction<T> action)
592 throws PrivilegedActionException
593 {
594 AccessControlContext acc = getStackAccessControlContext();
595 if (acc == null) {
596 return AccessController.doPrivileged(action);
597 }
598 DomainCombiner dc = acc.getAssignedCombiner();
599 return AccessController.doPrivileged(action,
600 preserveCombiner(dc, Reflection.getCallerClass()));
601 }
602
655 * exception, it will propagate through this method.
656 * <p>
657 * If a security manager is installed and the specified
658 * {@code AccessControlContext} was not created by system code and the
659 * caller's {@code ProtectionDomain} has not been granted the
660 * {@literal "createAccessControlContext"}
661 * {@link java.security.SecurityPermission}, then the action is performed
662 * with no permissions.
663 *
664 * @param <T> the type of the value returned by the
665 * PrivilegedExceptionAction's {@code run} method.
666 * @param action the action to be performed
667 * @param context an <i>access control context</i>
668 * representing the restriction to be applied to the
669 * caller's domain's privileges before performing
670 * the specified action. If the context is
671 * {@code null}, then no additional restriction is applied.
672 *
673 * @return the value returned by the action's {@code run} method
674 *
675 * @exception PrivilegedActionException if the specified action's
676 * {@code run} method threw a <i>checked</i> exception
677 * @exception NullPointerException if the action is {@code null}
678 *
679 * @see #doPrivileged(PrivilegedAction)
680 * @see #doPrivileged(PrivilegedAction,AccessControlContext)
681 */
682 @CallerSensitive
683 public static <T> T
684 doPrivileged(PrivilegedExceptionAction<T> action,
685 AccessControlContext context)
686 throws PrivilegedActionException
687 {
688 Class<?> caller = Reflection.getCallerClass();
689 context = checkContext(context, caller);
690 try {
691 return executePrivileged(action, context, caller);
692 } catch (RuntimeException e) {
693 throw e;
694 } catch (Exception e) {
695 throw wrapException(e);
696 }
697 }
973 if (acc == null) {
974 // all we had was privileged system code. We don't want
975 // to return null though, so we construct a real ACC.
976 return new AccessControlContext(null, true);
977 } else {
978 return acc.optimize();
979 }
980 }
981
982 /**
983 * Determines whether the access request indicated by the
984 * specified permission should be allowed or denied, based on
985 * the current AccessControlContext and security policy.
986 * This method quietly returns if the access request
987 * is permitted, or throws an AccessControlException otherwise. The
988 * getPermission method of the AccessControlException returns the
989 * {@code perm} Permission object instance.
990 *
991 * @param perm the requested permission.
992 *
993 * @exception AccessControlException if the specified permission
994 * is not permitted, based on the current security policy.
995 * @exception NullPointerException if the specified permission
996 * is {@code null} and is checked based on the
997 * security policy currently in effect.
998 */
999
1000 public static void checkPermission(Permission perm)
1001 throws AccessControlException
1002 {
1003 //System.err.println("checkPermission "+perm);
1004 //Thread.currentThread().dumpStack();
1005
1006 if (perm == null) {
1007 throw new NullPointerException("permission can't be null");
1008 }
1009
1010 AccessControlContext stack = getStackAccessControlContext();
1011 // if context is null, we had privileged system code on the stack.
1012 if (stack == null) {
1013 Debug debug = AccessControlContext.getDebug();
1014 boolean dumpDebug = false;
1015 if (debug != null) {
|
281 private AccessController() { }
282
283 /**
284 * Performs the specified {@code PrivilegedAction} with privileges
285 * enabled. The action is performed with <i>all</i> of the permissions
286 * possessed by the caller's protection domain.
287 *
288 * <p> If the action's {@code run} method throws an (unchecked)
289 * exception, it will propagate through this method.
290 *
291 * <p> Note that any DomainCombiner associated with the current
292 * AccessControlContext will be ignored while the action is performed.
293 *
294 * @param <T> the type of the value returned by the PrivilegedAction's
295 * {@code run} method.
296 *
297 * @param action the action to be performed.
298 *
299 * @return the value returned by the action's {@code run} method.
300 *
301 * @throws NullPointerException if the action is {@code null}
302 *
303 * @see #doPrivileged(PrivilegedAction,AccessControlContext)
304 * @see #doPrivileged(PrivilegedExceptionAction)
305 * @see #doPrivilegedWithCombiner(PrivilegedAction)
306 * @see java.security.DomainCombiner
307 */
308
309 @CallerSensitive
310 public static <T> T doPrivileged(PrivilegedAction<T> action)
311 {
312 return executePrivileged(action, null, Reflection.getCallerClass());
313 }
314
315 /**
316 * Performs the specified {@code PrivilegedAction} with privileges
317 * enabled. The action is performed with <i>all</i> of the permissions
318 * possessed by the caller's protection domain.
319 *
320 * <p> If the action's {@code run} method throws an (unchecked)
321 * exception, it will propagate through this method.
322 *
323 * <p> This method preserves the current AccessControlContext's
324 * DomainCombiner (which may be null) while the action is performed.
325 *
326 * @param <T> the type of the value returned by the PrivilegedAction's
327 * {@code run} method.
328 *
329 * @param action the action to be performed.
330 *
331 * @return the value returned by the action's {@code run} method.
332 *
333 * @throws NullPointerException if the action is {@code null}
334 *
335 * @see #doPrivileged(PrivilegedAction)
336 * @see java.security.DomainCombiner
337 *
338 * @since 1.6
339 */
340 @CallerSensitive
341 public static <T> T doPrivilegedWithCombiner(PrivilegedAction<T> action) {
342 AccessControlContext acc = getStackAccessControlContext();
343 if (acc == null) {
344 return AccessController.doPrivileged(action);
345 }
346 DomainCombiner dc = acc.getAssignedCombiner();
347 return AccessController.doPrivileged(action,
348 preserveCombiner(dc, Reflection.getCallerClass()));
349 }
350
351
352 /**
353 * Performs the specified {@code PrivilegedAction} with privileges
360 * it will propagate through this method.
361 * <p>
362 * If a security manager is installed and the specified
363 * {@code AccessControlContext} was not created by system code and the
364 * caller's {@code ProtectionDomain} has not been granted the
365 * {@literal "createAccessControlContext"}
366 * {@link java.security.SecurityPermission}, then the action is performed
367 * with no permissions.
368 *
369 * @param <T> the type of the value returned by the PrivilegedAction's
370 * {@code run} method.
371 * @param action the action to be performed.
372 * @param context an <i>access control context</i>
373 * representing the restriction to be applied to the
374 * caller's domain's privileges before performing
375 * the specified action. If the context is
376 * {@code null}, then no additional restriction is applied.
377 *
378 * @return the value returned by the action's {@code run} method.
379 *
380 * @throws NullPointerException if the action is {@code null}
381 *
382 * @see #doPrivileged(PrivilegedAction)
383 * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
384 */
385 @CallerSensitive
386 public static <T> T doPrivileged(PrivilegedAction<T> action,
387 AccessControlContext context)
388 {
389 Class<?> caller = Reflection.getCallerClass();
390 context = checkContext(context, caller);
391 return executePrivileged(action, context, caller);
392 }
393
394
395 /**
396 * Performs the specified {@code PrivilegedAction} with privileges
397 * enabled and restricted by the specified
398 * {@code AccessControlContext} and with a privilege scope limited
399 * by specified {@code Permission} arguments.
400 *
517 }
518
519 /**
520 * Performs the specified {@code PrivilegedExceptionAction} with
521 * privileges enabled. The action is performed with <i>all</i> of the
522 * permissions possessed by the caller's protection domain.
523 *
524 * <p> If the action's {@code run} method throws an <i>unchecked</i>
525 * exception, it will propagate through this method.
526 *
527 * <p> Note that any DomainCombiner associated with the current
528 * AccessControlContext will be ignored while the action is performed.
529 *
530 * @param <T> the type of the value returned by the
531 * PrivilegedExceptionAction's {@code run} method.
532 *
533 * @param action the action to be performed
534 *
535 * @return the value returned by the action's {@code run} method
536 *
537 * @throws PrivilegedActionException if the specified action's
538 * {@code run} method threw a <i>checked</i> exception
539 * @throws NullPointerException if the action is {@code null}
540 *
541 * @see #doPrivileged(PrivilegedAction)
542 * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
543 * @see #doPrivilegedWithCombiner(PrivilegedExceptionAction)
544 * @see java.security.DomainCombiner
545 */
546 @CallerSensitive
547 public static <T> T
548 doPrivileged(PrivilegedExceptionAction<T> action)
549 throws PrivilegedActionException
550 {
551 AccessControlContext context = null;
552 Class<?> caller = Reflection.getCallerClass();
553 try {
554 return executePrivileged(action, context, caller);
555 } catch (RuntimeException e) {
556 throw e;
557 } catch (Exception e) {
558 throw wrapException(e);
559 }
560 }
561
562 /**
563 * Performs the specified {@code PrivilegedExceptionAction} with
564 * privileges enabled. The action is performed with <i>all</i> of the
565 * permissions possessed by the caller's protection domain.
566 *
567 * <p> If the action's {@code run} method throws an <i>unchecked</i>
568 * exception, it will propagate through this method.
569 *
570 * <p> This method preserves the current AccessControlContext's
571 * DomainCombiner (which may be null) while the action is performed.
572 *
573 * @param <T> the type of the value returned by the
574 * PrivilegedExceptionAction's {@code run} method.
575 *
576 * @param action the action to be performed.
577 *
578 * @return the value returned by the action's {@code run} method
579 *
580 * @throws PrivilegedActionException if the specified action's
581 * {@code run} method threw a <i>checked</i> exception
582 * @throws NullPointerException if the action is {@code null}
583 *
584 * @see #doPrivileged(PrivilegedAction)
585 * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
586 * @see java.security.DomainCombiner
587 *
588 * @since 1.6
589 */
590 @CallerSensitive
591 public static <T> T doPrivilegedWithCombiner(PrivilegedExceptionAction<T> action)
592 throws PrivilegedActionException
593 {
594 AccessControlContext acc = getStackAccessControlContext();
595 if (acc == null) {
596 return AccessController.doPrivileged(action);
597 }
598 DomainCombiner dc = acc.getAssignedCombiner();
599 return AccessController.doPrivileged(action,
600 preserveCombiner(dc, Reflection.getCallerClass()));
601 }
602
655 * exception, it will propagate through this method.
656 * <p>
657 * If a security manager is installed and the specified
658 * {@code AccessControlContext} was not created by system code and the
659 * caller's {@code ProtectionDomain} has not been granted the
660 * {@literal "createAccessControlContext"}
661 * {@link java.security.SecurityPermission}, then the action is performed
662 * with no permissions.
663 *
664 * @param <T> the type of the value returned by the
665 * PrivilegedExceptionAction's {@code run} method.
666 * @param action the action to be performed
667 * @param context an <i>access control context</i>
668 * representing the restriction to be applied to the
669 * caller's domain's privileges before performing
670 * the specified action. If the context is
671 * {@code null}, then no additional restriction is applied.
672 *
673 * @return the value returned by the action's {@code run} method
674 *
675 * @throws PrivilegedActionException if the specified action's
676 * {@code run} method threw a <i>checked</i> exception
677 * @throws NullPointerException if the action is {@code null}
678 *
679 * @see #doPrivileged(PrivilegedAction)
680 * @see #doPrivileged(PrivilegedAction,AccessControlContext)
681 */
682 @CallerSensitive
683 public static <T> T
684 doPrivileged(PrivilegedExceptionAction<T> action,
685 AccessControlContext context)
686 throws PrivilegedActionException
687 {
688 Class<?> caller = Reflection.getCallerClass();
689 context = checkContext(context, caller);
690 try {
691 return executePrivileged(action, context, caller);
692 } catch (RuntimeException e) {
693 throw e;
694 } catch (Exception e) {
695 throw wrapException(e);
696 }
697 }
973 if (acc == null) {
974 // all we had was privileged system code. We don't want
975 // to return null though, so we construct a real ACC.
976 return new AccessControlContext(null, true);
977 } else {
978 return acc.optimize();
979 }
980 }
981
982 /**
983 * Determines whether the access request indicated by the
984 * specified permission should be allowed or denied, based on
985 * the current AccessControlContext and security policy.
986 * This method quietly returns if the access request
987 * is permitted, or throws an AccessControlException otherwise. The
988 * getPermission method of the AccessControlException returns the
989 * {@code perm} Permission object instance.
990 *
991 * @param perm the requested permission.
992 *
993 * @throws AccessControlException if the specified permission
994 * is not permitted, based on the current security policy.
995 * @throws NullPointerException if the specified permission
996 * is {@code null} and is checked based on the
997 * security policy currently in effect.
998 */
999
1000 public static void checkPermission(Permission perm)
1001 throws AccessControlException
1002 {
1003 //System.err.println("checkPermission "+perm);
1004 //Thread.currentThread().dumpStack();
1005
1006 if (perm == null) {
1007 throw new NullPointerException("permission can't be null");
1008 }
1009
1010 AccessControlContext stack = getStackAccessControlContext();
1011 // if context is null, we had privileged system code on the stack.
1012 if (stack == null) {
1013 Debug debug = AccessControlContext.getDebug();
1014 boolean dumpDebug = false;
1015 if (debug != null) {
|