Source Code Cross Referenced for SecureClassLoader.java in  » 6.0-JDK-Core » security » java » security » Java Source Code / Java DocumentationJava Source Code and Java Documentation

Home
Java Source Code / Java Documentation
1.6.0 JDK Core
2.6.0 JDK Modules
3.6.0 JDK Modules com.sun
4.6.0 JDK Modules com.sun.java
5.6.0 JDK Modules sun
6.6.0 JDK Platform
7.Ajax
8.Apache Harmony Java SE
9.Aspect oriented
10.Authentication Authorization
11.Blogger System
12.Build
13.Byte Code
14.Cache
15.Chart
16.Chat
17.Code Analyzer
18.Collaboration
19.Content Management System
20.Database Client
21.Database DBMS
22.Database JDBC Connection Pool
23.Database ORM
24.Development
25.EJB Server
26.ERP CRM Financial
27.ESB
28.Forum
29.Game
30.GIS
31.Graphic 3D
32.Graphic Library
33.Groupware
34.HTML Parser
35.IDE
36.IDE Eclipse
37.IDE Netbeans
38.Installer
39.Internationalization Localization
40.Inversion of Control
41.Issue Tracking
42.J2EE
43.J2ME
44.JBoss
45.JMS
46.JMX
47.Library
48.Mail Clients
49.Music
50.Net
51.Parser
52.PDF
53.Portal
54.Profiler
55.Project Management
56.Report
57.RSS RDF
58.Rule Engine
59.Science
60.Scripting
61.Search Engine
62.Security
63.Sevlet Container
64.Source Control
65.Swing Library
66.Template Engine
67.Test Coverage
68.Testing
69.UML
70.Web Crawler
71.Web Framework
72.Web Mail
73.Web Server
74.Web Services
75.Web Services apache cxf 2.2.6
76.Web Services AXIS2
77.Wiki Engine
78.Workflow Engines
79.XML
80.XML UI
Java Source Code / Java Documentation » 6.0 JDK Core » security » java.security 
Source Cross Referenced  Class Diagram Java Document (Java Doc) 


001        /*
002         * Copyright 1997-2006 Sun Microsystems, Inc.  All Rights Reserved.
003         * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
004         *
005         * This code is free software; you can redistribute it and/or modify it
006         * under the terms of the GNU General Public License version 2 only, as
007         * published by the Free Software Foundation.  Sun designates this
008         * particular file as subject to the "Classpath" exception as provided
009         * by Sun in the LICENSE file that accompanied this code.
010         *
011         * This code is distributed in the hope that it will be useful, but WITHOUT
012         * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
013         * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
014         * version 2 for more details (a copy is included in the LICENSE file that
015         * accompanied this code).
016         *
017         * You should have received a copy of the GNU General Public License version
018         * 2 along with this work; if not, write to the Free Software Foundation,
019         * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
020         *
021         * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
022         * CA 95054 USA or visit www.sun.com if you need additional information or
023         * have any questions.
024         */
025
026        package java.security;
027
028        import java.util.HashMap;
029        import java.util.ArrayList;
030        import java.net.URL;
031
032        import sun.security.util.Debug;
033
034        /** 
035         * This class extends ClassLoader with additional support for defining
036         * classes with an associated code source and permissions which are
037         * retrieved by the system policy by default.
038         *
039         * @version 1.93, 05/05/07
040         * @author  Li Gong 
041         * @author  Roland Schemers
042         */
043        public class SecureClassLoader extends ClassLoader {
044            /*
045             * If initialization succeed this is set to true and security checks will
046             * succeed. Otherwise the object is not initialized and the object is
047             * useless.
048             */
049            private boolean initialized = false;
050
051            // HashMap that maps CodeSource to ProtectionDomain
052            private HashMap<CodeSource, ProtectionDomain> pdcache = new HashMap<CodeSource, ProtectionDomain>(
053                    11);
054
055            private static final Debug debug = Debug.getInstance("scl");
056
057            /**
058             * Creates a new SecureClassLoader using the specified parent
059             * class loader for delegation.
060             *
061             * <p>If there is a security manager, this method first
062             * calls the security manager's <code>checkCreateClassLoader</code> 
063             * method  to ensure creation of a class loader is allowed.
064             * <p>
065             * @param parent the parent ClassLoader
066             * @exception  SecurityException  if a security manager exists and its  
067             *             <code>checkCreateClassLoader</code> method doesn't allow 
068             *             creation of a class loader.
069             * @see SecurityManager#checkCreateClassLoader
070             */
071            protected SecureClassLoader(ClassLoader parent) {
072                super (parent);
073                // this is to make the stack depth consistent with 1.1
074                SecurityManager security = System.getSecurityManager();
075                if (security != null) {
076                    security.checkCreateClassLoader();
077                }
078                initialized = true;
079            }
080
081            /**
082             * Creates a new SecureClassLoader using the default parent class
083             * loader for delegation.
084             *
085             * <p>If there is a security manager, this method first
086             * calls the security manager's <code>checkCreateClassLoader</code> 
087             * method  to ensure creation of a class loader is allowed.
088             *
089             * @exception  SecurityException  if a security manager exists and its  
090             *             <code>checkCreateClassLoader</code> method doesn't allow 
091             *             creation of a class loader.
092             * @see SecurityManager#checkCreateClassLoader
093             */
094            protected SecureClassLoader() {
095                super ();
096                // this is to make the stack depth consistent with 1.1
097                SecurityManager security = System.getSecurityManager();
098                if (security != null) {
099                    security.checkCreateClassLoader();
100                }
101                initialized = true;
102            }
103
104            /**
105             * Converts an array of bytes into an instance of class Class,
106             * with an optional CodeSource. Before the
107             * class can be used it must be resolved.
108             * <p>
109             * If a non-null CodeSource is supplied a ProtectionDomain is
110             * constructed and associated with the class being defined.
111             * <p>
112             * @param      name the expected name of the class, or <code>null</code>
113             *                  if not known, using '.' and not '/' as the separator
114             *                  and without a trailing ".class" suffix.
115             * @param      b    the bytes that make up the class data. The bytes in 
116             *             positions <code>off</code> through <code>off+len-1</code> 
117             *             should have the format of a valid class file as defined 
118             *             by the 
119             *             <a href="http://java.sun.com/docs/books/vmspec/">Java 
120             *             Virtual Machine Specification</a>.
121             * @param      off  the start offset in <code>b</code> of the class data
122             * @param      len  the length of the class data
123             * @param      cs   the associated CodeSource, or <code>null</code> if none
124             * @return the <code>Class</code> object created from the data,
125             *         and optional CodeSource.
126             * @exception  ClassFormatError if the data did not contain a valid class
127             * @exception  IndexOutOfBoundsException if either <code>off</code> or 
128             *             <code>len</code> is negative, or if 
129             *             <code>off+len</code> is greater than <code>b.length</code>.
130             *
131             * @exception  SecurityException if an attempt is made to add this class
132             *             to a package that contains classes that were signed by
133             *             a different set of certificates than this class, or if 
134             *             the class name begins with "java.".
135             */
136            protected final Class<?> defineClass(String name, byte[] b,
137                    int off, int len, CodeSource cs) {
138                if (cs == null)
139                    return defineClass(name, b, off, len);
140                else
141                    return defineClass(name, b, off, len,
142                            getProtectionDomain(cs));
143            }
144
145            /**
146             * Converts a {@link java.nio.ByteBuffer <tt>ByteBuffer</tt>}
147             * into an instance of class <tt>Class</tt>, with an optional CodeSource. 
148             * Before the class can be used it must be resolved.
149             * <p>
150             * If a non-null CodeSource is supplied a ProtectionDomain is
151             * constructed and associated with the class being defined.
152             * <p>
153             * @param      name the expected name of the class, or <code>null</code>
154             *                  if not known, using '.' and not '/' as the separator
155             *                  and without a trailing ".class" suffix.
156             * @param      b    the bytes that make up the class data.  The bytes from positions
157             *                  <tt>b.position()</tt> through <tt>b.position() + b.limit() -1</tt>
158             *                  should have the format of a valid class file as defined by the
159             *                  <a href="http://java.sun.com/docs/books/vmspec/">Java Virtual
160             *                  Machine Specification</a>.
161             * @param      cs   the associated CodeSource, or <code>null</code> if none
162             * @return the <code>Class</code> object created from the data,
163             *         and optional CodeSource.
164             * @exception  ClassFormatError if the data did not contain a valid class
165             * @exception  SecurityException if an attempt is made to add this class
166             *             to a package that contains classes that were signed by
167             *             a different set of certificates than this class, or if 
168             *             the class name begins with "java.".
169             *
170             * @since  1.5
171             */
172            protected final Class<?> defineClass(String name,
173                    java.nio.ByteBuffer b, CodeSource cs) {
174                if (cs == null)
175                    return defineClass(name, b, (ProtectionDomain) null);
176                else
177                    return defineClass(name, b, getProtectionDomain(cs));
178            }
179
180            /**
181             * Returns the permissions for the given CodeSource object.
182             * <p>
183             * This method is invoked by the defineClass method which takes
184             * a CodeSource as an argument when it is constructing the
185             * ProtectionDomain for the class being defined.
186             * <p>
187             * @param codesource the codesource.
188             *
189             * @return the permissions granted to the codesource.
190             *
191             */
192            protected PermissionCollection getPermissions(CodeSource codesource) {
193                check();
194                return new Permissions(); // ProtectionDomain defers the binding
195            }
196
197            /*
198             * Returned cached ProtectionDomain for the specified CodeSource.
199             */
200            private ProtectionDomain getProtectionDomain(CodeSource cs) {
201                if (cs == null)
202                    return null;
203
204                ProtectionDomain pd = null;
205                synchronized (pdcache) {
206                    pd = pdcache.get(cs);
207                    if (pd == null) {
208                        PermissionCollection perms = getPermissions(cs);
209                        pd = new ProtectionDomain(cs, perms, this , null);
210                        if (pd != null) {
211                            pdcache.put(cs, pd);
212                            if (debug != null) {
213                                debug.println(" getPermissions " + pd);
214                                debug.println("");
215                            }
216                        }
217                    }
218                }
219                return pd;
220            }
221
222            /*
223             * Check to make sure the class loader has been initialized.
224             */
225            private void check() {
226                if (!initialized) {
227                    throw new SecurityException(
228                            "ClassLoader object not initialized");
229                }
230            }
231
232        }
www.java2java.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.