public interface DynamicPolicy
grant
methods of the
Security
class delegate to the
methods declared by this interface when this interface is implemented by the
installed security policy provider. Permissions are granted on the
granularity of class loader; granting a permission requires (of the calling
context) GrantPermission
for that
permission.Modifier and Type | Method and Description |
---|---|
Permission[] |
getGrants(Class cl,
Principal[] principals)
If this security policy provider supports dynamic permission grants,
returns a new array containing the cumulative set of permissions
dynamically granted to protection domains (including ones not yet
created) that are associated with the class loader of the given class
and possess at least the given set of principals.
|
void |
grant(Class cl,
Principal[] principals,
Permission[] permissions)
If this security policy provider supports dynamic permission grants,
grants the specified permissions to all protection domains (including
ones not yet created) that are associated with the class loader of the
given class and possess at least the given set of principals.
|
boolean |
grantSupported()
Returns
true if this policy provider supports dynamic
permission grants; returns false otherwise. |
boolean grantSupported()
true
if this policy provider supports dynamic
permission grants; returns false
otherwise. Note that this
method may return different values for a given
DynamicPolicy
instance, depending on context. For example,
a policy provider that delegates to different underlying policy
implementations depending on thread state would return true
from this method when the current delegate supports dynamic permission
grants, but return false
when another delegate lacking such
support is in effect.true
if policy supports dynamic permission grants
under current context, false
otherwisevoid grant(Class cl, Principal[] principals, Permission[] permissions)
null
, then the grant applies across all
protection domains that possess at least the specified principals. If
the list of principals is null
or empty, then principals
are effectively ignored in determining the protection domains to which
the grant applies. If this policy provider does not support dynamic
permission grants, then no permissions are granted and an
UnsupportedOperationException
is thrown.
The given class, if non-null
, must belong to either the
system domain or a protection domain whose associated class loader is
non-null
. If the class does not belong to such a
protection domain, then no permissions are granted and an
UnsupportedOperationException
is thrown.
If a security manager is installed, its checkPermission
method is called with a GrantPermission
containing the
permissions to grant; if the permission check fails, then no permissions
are granted and the resulting SecurityException
is thrown.
The principals and permissions arrays passed in are neither modified nor
retained; subsequent changes to the arrays have no effect on the grant
operation.
cl
- class to grant permissions to the class loader of, or
null
if granting across all class loadersprincipals
- if non-null
, minimum set of principals
to which grants applypermissions
- if non-null
, permissions to grantUnsupportedOperationException
- if policy does not support
dynamic grants, or if cl
is non-null
and belongs to a protection domain with a null
class loader other than the system domainSecurityException
- if a security manager is installed and the
calling context does not have sufficient permissions to grant
the given permissionsNullPointerException
- if any element of the principals or
permissions arrays is null
Permission[] getGrants(Class cl, Principal[] principals)
null
, then this method returns the cumulative set of
permissions dynamically granted across all protection domains that
possess at least the specified principals (i.e., through calls to the
grant method where the specified class was null
). If the
list of principals is null
or empty, then the permissions
returned reflect only grants not qualified by principals (i.e., those
performed through calls to the grant method where the specified
principals array was null
or empty). If this policy
provider does not support dynamic permission grants, then an
UnsupportedOperationException
is thrown.
The given class, if non-null
, must belong to either the
system domain or a protection domain whose associated class loader is
non-null
. If the class does not belong to such a
protection domain, then an UnsupportedOperationException
is
thrown.
cl
- class to query the permissions dynamically granted to the
class loader of, or null
if querying permissions
granted across all class loadersprincipals
- if non-null
, principals to query
dynamic grants forUnsupportedOperationException
- if policy does not support
dynamic grants, or if cl
is non-null
and belongs to a protection domain with a null
class loader other than the system domainNullPointerException
- if any element of the principals array is
null
Copyright 2007-2013, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.