public class AggregatePolicyProvider extends AbstractPolicy implements DynamicPolicy, SecurityContextSource, ScalableNestedPolicy
implies
and refresh
operations are
delegated to the currently active sub-policy.
The currently active sub-policy is determined as follows: if the current
thread does not override the getContextClassLoader
method, then that method is called to obtain the
context class loader. If the context class loader is associated with a
sub-policy (via a previous call to setPolicy
), then that
sub-policy is the currently active sub-policy. If no such association
exists, then the same check is performed on each non-null
parent of the context class loader, proceeding up the chain of class loader
delegation, until a sub-policy association is found, in which case the
associated sub-policy is the currently active sub-policy. If no sub-policy
association is found for the context class loader or any of its parents,
then a fallback sub-policy, the main policy, is the currently active
sub-policy. Also, if the current thread overrides the
getContextClassLoader
method, then
getContextClassLoader
is not called and the main policy is the
currently active sub-policy.
Policy.Parameters
ALL_PERMISSION, comparator, umbrella
UNSUPPORTED_EMPTY_COLLECTION
Constructor and Description |
---|
AggregatePolicyProvider()
Creates a new
AggregatePolicyProvider instance, containing
a main policy created as follows: if the
org.apache.river.start.AggregatePolicyProvider.mainPolicyClass
security property is set, then its value is interpreted as the class
name of the main policy provider; otherwise, a default class name of
"net.jini.security.policy.DynamicPolicyProvider"
is used. |
AggregatePolicyProvider(Policy mainPolicy)
Creates a new
AggregatePolicyProvider instance with the
given main policy, which must be non-null . |
Modifier and Type | Method and Description |
---|---|
SecurityContext |
getContext()
Returns a snapshot of the current security context, which can be used to
restore the context at a later time.
|
Permission[] |
getGrants(Class cl,
Principal[] principals)
If the currently active sub-policy supports dynamic permission grants,
delegates to the corresponding
getGrants method of the
currently active sub-policy to return a new array containing the set of
permissions dynamically granted to protection domains which are
associated with the class loader of the given class and possess at least
the given set of principals. |
List<PermissionGrant> |
getPermissionGrants(ProtectionDomain domain) |
PermissionCollection |
getPermissions(CodeSource source)
Delegates to the corresponding
getPermissions method of the
currently active sub-policy to return the set of permissions allowed for
code from the specified code source, as a newly-created mutable
PermissionCollection which supports heterogeneous
permission types. |
PermissionCollection |
getPermissions(ProtectionDomain domain)
If the given protection domain is the protection domain of this class,
then a newly-created
PermissionCollection containing AllPermission is returned. |
void |
grant(Class cl,
Principal[] principals,
Permission[] permissions)
If the currently active sub-policy supports dynamic permission grants,
delegates to the corresponding
grant method of the
currently active sub-policy to grant the specified permissions to all
protection domains (including ones not yet created) which are associated
with the class loader of the given class and possess at least the given
set of principals. |
boolean |
grantSupported()
Returns
true if the currently active sub-policy supports
dynamic grants; this is determined by delegating to the
grantSupported method of the currently active sub-policy if
it implements the DynamicPolicy interface. |
boolean |
implies(ProtectionDomain domain,
Permission permission)
If the given protection domain is the protection domain of this class,
then
true is returned. |
void |
refresh()
Refreshes the currently active sub-policy by delegating to its
refresh method. |
void |
setPolicy(ClassLoader loader,
Policy subPolicy)
Changes sub-policy association with given class loader.
|
checkCallerHasGrants, checkNullElements, convert, expandUmbrella, extractGrantFromPolicy, processGrants
getInstance, getInstance, getInstance, getParameters, getPolicy, getProvider, getType, setPolicy
public AggregatePolicyProvider() throws PolicyInitializationException
AggregatePolicyProvider
instance, containing
a main policy created as follows: if the
org.apache.river.start.AggregatePolicyProvider.mainPolicyClass
security property is set, then its value is interpreted as the class
name of the main policy provider; otherwise, a default class name of
"net.jini.security.policy.DynamicPolicyProvider"
is used. The main policy is then instantiated using the no-arg public
constructor of the named class. If the main policy class is not found,
is not instantiable via a public no-arg constructor, or if invocation of
its constructor fails, then a PolicyInitializationException
is thrown.
Note that this constructor requires the appropriate
"getProperty"
SecurityPermission
to read the
org.apache.river.start.AggregatePolicyProvider.mainPolicyClass
security property, and may require "accessClassInPackage.*"
RuntimePermission
s, depending on the package of the main policy
class.
PolicyInitializationException
- if unable to construct the main
policySecurityException
- if there is a security manager and the
calling context does not have SecurityPermission
for reading the
org.apache.river.start.AggregatePolicyProvider.mainPolicy
security property, or if the calling context does not have
adequate permissions to access the main policy classpublic AggregatePolicyProvider(Policy mainPolicy)
AggregatePolicyProvider
instance with the
given main policy, which must be non-null
.mainPolicy
- main policyNullPointerException
- if main policy is null
public PermissionCollection getPermissions(CodeSource source)
getPermissions
method of the
currently active sub-policy to return the set of permissions allowed for
code from the specified code source, as a newly-created mutable
PermissionCollection
which supports heterogeneous
permission types.getPermissions
in class Policy
source
- code source for which to look up permissionspublic PermissionCollection getPermissions(ProtectionDomain domain)
PermissionCollection
containing AllPermission
is returned. Otherwise, delegates to the corresponding
getPermissions
method of the currently active sub-policy to
return the set of permissions allowed for code in the specified
protection domain, as a newly-created mutable
PermissionCollection
which supports heterogeneous
permission types.getPermissions
in class Policy
domain
- protection domain for which to look up permissionspublic boolean implies(ProtectionDomain domain, Permission permission)
true
is returned. Otherwise, delegates to the
implies
method of the currently active sub-policy to
determine if the given permission is implied by the permissions for the
specified protection domain.public void refresh()
refresh
method.public List<PermissionGrant> getPermissionGrants(ProtectionDomain domain)
getPermissionGrants
in interface ScalableNestedPolicy
public void setPolicy(ClassLoader loader, Policy subPolicy)
subPolicy
is non-null
, then it is used as a
new sub-policy to associate with the given class loader, overriding any
previous sub-policy associated with the loader. If
subPolicy
is null
, then any previous
association between a sub-policy and the given class loader is removed.
If loader is null
, then subPolicy
is used as
the new main policy, and must be non-null
. If there is a
security manager, its checkPermission
method is called with
the "setPolicy"
SecurityPermission
.loader
- class loader with which to associate sub-policy, or
null
if setting main policysubPolicy
- sub-policy to associate with given class loader, or
null
if removing sub-policy associationNullPointerException
- if both loader
and
subPolicy
are null
SecurityException
- if there is a security manager and the
calling context does not have the "setPolicy"
SecurityPermission
public boolean grantSupported()
true
if the currently active sub-policy supports
dynamic grants; this is determined by delegating to the
grantSupported
method of the currently active sub-policy if
it implements the DynamicPolicy
interface. If the currently
active sub-policy does not implement DynamicPolicy
, then
false
is returned.grantSupported
in interface DynamicPolicy
true
if the currently active sub-policy supports
dynamic grants, or false
otherwisepublic void grant(Class cl, Principal[] principals, Permission[] permissions)
grant
method of the
currently active sub-policy to grant the specified permissions to all
protection domains (including ones not yet created) which are associated
with the class loader of the given class and possess at least the given
set of principals.grant
in interface DynamicPolicy
cl
- principals
- permissions
- UnsupportedOperationException
SecurityException
NullPointerException
public Permission[] getGrants(Class cl, Principal[] principals)
getGrants
method of the
currently active sub-policy to return a new array containing the set of
permissions dynamically granted to protection domains which are
associated with the class loader of the given class and possess at least
the given set of principals.getGrants
in interface DynamicPolicy
cl
- principals
- UnsupportedOperationException
NullPointerException
public SecurityContext getContext()
The security context returned by this method contains the security
context of the currently active sub-policy (or an equivalent of the
default security context described in the documentation for Security.getContext
, if the currently active sub-policy does not
implement SecurityContextSource
), as well as the current context
class loader. The privileged action wrappers it creates restore the
saved context class loader before delegating to the action wrappers of
the underlying sub-policy security context. The
getAccessControlContext
method of the returned security
context delegates to the corresponding method of the sub-policy security
context.
getContext
in interface SecurityContextSource
Copyright © 2016–2018. All rights reserved.