@Deprecated public class ProxyTrustVerifier extends Object implements TrustVerifier
ProxyTrust and RemoteMethodControl. If a bootstrap proxy
(or a derivative of it) is known to be trusted, a remote call is made
through it to obtain a trust verifier for the original service proxy.
This class is intended to be specified in a resource to configure the
operation of Security.verifyObjectTrust.
This implementation uses the Logger named
net.jini.security.trust to log
information at the following levels:
| Level | Description |
|---|---|
FAILED |
no verifier is obtained from a ProxyTrustIterator |
HANDLED |
RemoteException being passed to
ProxyTrustIterator.setException |
FINE |
ProxyTrust.getProxyVerifier remote
call returns a trust verifier |
FINER |
an object with a getProxyTrustIterator method is
encountered |
FINER |
each object produced by a ProxyTrustIterator and each
derivative bootstrap proxy |
TrustVerifier.Context| Constructor and Description |
|---|
ProxyTrustVerifier()
Deprecated.
Creates an instance.
|
| Modifier and Type | Method and Description |
|---|---|
boolean |
isTrustedObject(Object obj,
TrustVerifier.Context ctx)
Deprecated.
Returns
true if the specified object is known to be
trusted to correctly implement its contract; returns false
otherwise. |
public boolean isTrustedObject(Object obj, TrustVerifier.Context ctx) throws RemoteException
true if the specified object is known to be
trusted to correctly implement its contract; returns false
otherwise.
This method returns false if the caller context collection
of the specified trust verifier context does not contain a
MethodConstraints instance with non-empty constraints for the
ProxyTrust.getProxyVerifier
method, or if a TrustVerifier cannot be obtained from the
specified object using the steps described below. Otherwise a
TrustVerifier is obtained, its
isTrustedObject method is called
with the same arguments passed to this method, and the result of that
call is returned by this method; any exception thrown by that call
is thrown by this method. If a verifier cannot be obtained but one or
more of the intermediate operations involved in attempting to obtain one
throws a RemoteException, the last such
RemoteException is thrown by this method (rather than this
method returning false). If any intermediate operation
throws a SecurityException exception, that exception is
immediately thrown by this method.
A verifier is obtained from a candidate object as follows.
static
member method with signature:
ProxyTrustIterator getProxyTrustIterator();or the candidate object is an instance of a dynamically generated
Proxy class and the contained invocation handler's class has
such a member method, then the getProxyTrustIterator
method is called (on the candidate object or its invocation handler).
For each object produced by the next
method of the returned iterator, the following substeps are used, until
either a verifier is obtained or the iteration terminates. If no
verifier can be obtained from any object produced by the iterator,
then there is no verifier for the candidate object. For any given
object produced by the iterator, if a verifier cannot be obtained from
the object but an intermediate operation involved in attempting to
obtain a verifier throws a RemoteException, that
exception is passed to the setException method of the iterator, and the iteration continues.
The getProxyTrustIterator method and the
ProxyTrustIterator methods are all invoked in a
restricted security context. If the specified trust verifier
context contains an UntrustedObjectSecurityContext instance,
then the security context returned by its
getContext method
is used. Otherwise, the security context used is equivalent to
the current security context (as returned by
Security.getContext) with
an additional protection domain combined into the access control
context that contains an empty CodeSource
(null location and certificates),
null permissions, null class loader, and
null principals.
ProxyTrust and
RemoteMethodControl (that is, if the object is a bootstrap
proxy), it is verified for trust by calling the specified context's
isTrustedObject method with the object. If
isTrustedObject returns true, then the
object's getProxyVerifier method is
called, using as the client constraints for the remote call the first
MethodConstraints instance obtained from the caller
context collection (of the specified trust verifier context) that has
non-empty constraints for that getProxyVerifier method.
The verifier returned by that remote call is the verifier for the
original top-level object, and the entire search stops. If
isTrustedObject returns false, but a
verifier can be obtained from a trusted derivative bootstrap proxy as
described below, then that verifier is the verifier for the original
top-level object, and the entire search stops. Otherwise, no verifier
can be obtained from the object, and the iteration continues.
ProxyTrust instance, it is
in turn treated as a new candidate object, and the complete set of
steps for a candidate object are used recursively to obtain a verifier
from it. If a verifier can be obtained from it, that verifier is the
verifier for the original top-level object, and the entire search stops.
If a verifier cannot be obtained from it, the iteration continues.
ProxyTrust and
RemoteMethodControl (that is, if the original top-level
object is itself a bootstrap proxy), and a verifier can be obtained
from a trusted derivative bootstrap proxy as described below, that
verifier is the verifier for the original top-level object, and the
entire search stops.
ProxyTrustVerifier (not including the current one) in this
thread; the bootstrap proxy is an instance of a dynamically generated
Proxy class; neither the proxy's class nor the invocation
handler's class has an appropriate getProxyTrustIterator
method; the class loader of the proxy's class is
the proper Java(TM) RMI class
loader (as defined below) for its parent class loader and the class's
codebase (as produced by RMIClassLoader.getClassAnnotation); and both ProxyTrust
and RemoteMethodControl are loadable by the parent class
loader. The derivative that is produced is an instance of a dynamically
generated Proxy class defined by the parent class loader
that implements both ProxyTrust and
RemoteMethodControl and contains the same invocation
handler as the bootstrap proxy. The derivative is a trusted derivative
bootstrap proxy if calling the specified context's
isTrustedObject method with the derivative returns
true. If a trusted derivative bootstrap proxy can be
produced, its getProxyVerifier
method is called, using as the client constraints for the remote call
the first MethodConstraints instance obtained from the
caller context collection (of the specified trust verifier context)
that has non-empty constraints for that getProxyVerifier
method. The returned verifier is used as is, if the class loader of the
returned verifier's class is equal to the class loader of the original
bootstrap proxy's class, or if, in generating a serialization of the
verifier, no class passed to ObjectOutputStream.annotateClass or
ObjectOutputStream.annotateProxyClass has a class loader not equal
to the class loader of the original bootstrap proxy's class but has
a codebase that is equal to the codebase of the original bootstrap
proxy's class. Otherwise, the verifier is remarshalled in a manner
equivalent to creating a MarshalledInstance with
the verifier and then calling the
get
method of that object with the class loader of the original bootstrap
proxy's class as the default loader, with no codebase integrity
verification and with an empty context collection, and the remarshalled
verifier is used instead. If an IOException or
ClassNotFoundException is thrown by this remarshalling, the
exception is wrapped in an UnmarshalException and the resulting
exception is treated as if it had been thrown by the remote call that
returned the verifier.
A class loader of a class is the proper Java RMI class loader for its
parent class loader and the class's codebase if the class loader is
not null, the codebase for the class is a non-empty
string, and calling
RMIClassLoader.getClassLoader
with that codebase, with the thread's context class loader set to the
parent class loader, returns the class loader of the class.
isTrustedObject in interface TrustVerifierobj - the object in which to verify trustctx - the trust verifier context, to aid in verification of
the specified object and its componentstrue if the specified object is known to be
trusted to correctly implement its contract; false
otherwiseRemoteExceptionNullPointerException - if any argument is nullSecurityException - if a security exception occursCopyright © 2016–2018 The Apache Software Foundation. All rights reserved.