001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: /**
018: * @author Alexander V. Astapchuk
019: * @version $Revision: 1.1.2.2.4.3 $
020: */package java.security;
021:
022: import java.util.ArrayList;
023: import org.apache.harmony.security.fortress.PolicyUtils;
024:
025: /**
026: * @com.intel.drl.spec_ref
027: */
028: public final class AccessControlContext {
029:
030: // List of ProtectionDomains wrapped by the AccessControlContext
031: // It has the following characteristics:
032: // - 'context' can not be null
033: // - never contains null(s)
034: // - all elements are uniq (no dups)
035: ProtectionDomain[] context;
036:
037: DomainCombiner combiner;
038:
039: // An AccessControlContext inherited by the current thread from its parent
040: private AccessControlContext inherited;
041:
042: /**
043: * @com.intel.drl.spec_ref
044: */
045: public AccessControlContext(AccessControlContext acc,
046: DomainCombiner combiner) {
047: SecurityManager sm = System.getSecurityManager();
048: if (sm != null) {
049: sm.checkPermission(new SecurityPermission(
050: "createAccessControlContext"));
051: }
052: // no need to clone() here as ACC is immutable
053: this .context = acc.context;
054: this .combiner = combiner;
055: }
056:
057: /**
058: * @com.intel.drl.spec_ref
059: */
060: public AccessControlContext(ProtectionDomain[] context) {
061: if (context == null) {
062: throw new NullPointerException("context can not be null");
063: }
064: if (context.length != 0) {
065: // remove dup entries
066: ArrayList<ProtectionDomain> a = new ArrayList<ProtectionDomain>();
067: for (int i = 0; i < context.length; i++) {
068: if (context[i] != null && !a.contains(context[i])) {
069: a.add(context[i]);
070: }
071: }
072: if (a.size() != 0) {
073: this .context = new ProtectionDomain[a.size()];
074: a.toArray(this .context);
075: }
076: }
077: if (this .context == null) {
078: // Prevent numerous checks for 'context==null'
079: this .context = new ProtectionDomain[0];
080: }
081: }
082:
083: /**
084: * Package-level ctor which is used in AccessController.<br>
085: * ProtectionDomains passed as <code>stack</code> is then passed into
086: * {@link #AccessControlContext(ProtectionDomain[])}, therefore:<br>
087: * <il>
088: * <li>it must not be null
089: * <li>duplicates will be removed
090: * <li>null-s will be removed
091: * </li>
092: *
093: * @param stack - array of ProtectionDomains
094: * @param inherited - inherited context, which may be null
095: */
096: AccessControlContext(ProtectionDomain[] stack,
097: AccessControlContext inherited) {
098: this (stack); // removes dups, removes nulls, checks for stack==null
099: this .inherited = inherited;
100: }
101:
102: /**
103: * Package-level ctor which is used in AccessController.<br>
104: * ProtectionDomains passed as <code>stack</code> is then passed into
105: * {@link #AccessControlContext(ProtectionDomain[])}, therefore:<br>
106: * <il>
107: * <li>it must not be null
108: * <li>duplicates will be removed
109: * <li>null-s will be removed
110: * </li>
111: *
112: * @param stack - array of ProtectionDomains
113: * @param inherited - inherited context, which may be null
114: */
115: AccessControlContext(ProtectionDomain[] stack,
116: DomainCombiner combiner) {
117: this (stack); // removes dups, removes nulls, checks for stack==null
118: this .combiner = combiner;
119: }
120:
121: /**
122: * @com.intel.drl.spec_ref
123: */
124: public void checkPermission(Permission perm)
125: throws AccessControlException {
126: if (perm == null) {
127: throw new NullPointerException("Permission cannot be null");
128: }
129: for (int i = 0; i < context.length; i++) {
130: if (!context[i].implies(perm)) {
131: throw new AccessControlException(
132: "Permission check failed " + perm, perm);
133: }
134: }
135: if (inherited != null) {
136: inherited.checkPermission(perm);
137: }
138: }
139:
140: /**
141: * @com.intel.drl.spec_ref
142: */
143: public boolean equals(Object obj) {
144: if (this == obj) {
145: return true;
146: }
147: if (obj instanceof AccessControlContext) {
148: AccessControlContext that = (AccessControlContext) obj;
149: if (!(PolicyUtils.matchSubset(context, that.context) && PolicyUtils
150: .matchSubset(that.context, context))) {
151: return false;
152: }
153: // 'combiner' is not taken into account - see the test
154: // AccessControllerTest.testEqualsObject_01
155: return true;
156: }
157: return false;
158: }
159:
160: /**
161: * @com.intel.drl.spec_ref
162: */
163: public DomainCombiner getDomainCombiner() {
164: SecurityManager sm = System.getSecurityManager();
165: if (sm != null) {
166: sm.checkPermission(new SecurityPermission(
167: "getDomainCombiner"));
168: }
169: return combiner;
170: }
171:
172: /**
173: * @com.intel.drl.spec_ref
174: */
175: public int hashCode() {
176: int hash = 0;
177: for (int i = 0; i < context.length; i++) {
178: hash ^= context[i].hashCode();
179: }
180: return hash;
181: }
182:
183: }
|