Java Security - Specification
An Introduction to the Internals |
Prof. David Bernstein |
Computer Science Department |
bernstdh@jmu.edu |
SecurityManager
and
AccessController
Permission
is just allowed or disallowed)abstract boolean implies(Permission other)
returns true
if this
Permission
implies other
(i.e., if other
is a subset of this
)Permission
objects represent positive permissions
(i.e., approvals) so the absence of a particular permission
is implicitly a denialPermission
objects are immutable
Permission dataread, exit; // An example with an action dataread = new FilePermission("/data/census", "read"); // An example without an action exit = new RuntimePermission("exitVM");
Permission
Classpublic abstract String getActions()
:
String
representation of the
actions (usually comma-delimited)public abstract boolean implies(Permission other)
:
true
if this
object's actions imply the other
object's
actions (i.e., if other
is a subset of
this
)PermissionCollection
is not parameterized
but the formal parameter of the add()
method is a
Permission
newPermissionCollection()
in the Permission
class to construct the
PermissionCollection
Permission
can't be
denied by anotherimplies()
method in
the PermissionCollection
class can
use short-circuitingCodeSource
Classpublic CodeSource(URL url, Certificate[] certs)
public boolean implies(CodeSource other)
:
true
if other
is a
subset of this
(e.g., http://cs.jmu.edu/
is a subset
of http://jmu.edu/
) and all
of other
's certificates are included
in this
'sPrincipal
InterfaceProtectionDomain
objects are normally created
by a ClassLoader
ProtectionDomain
is only created the first time
a CodeSource
is encountered (so all classes
with the same CodeSource
are mapped to the same
ProtectionDomain
)null
class loader)CodeSource
and ClassLoader
)
not individual objectsPermission
objects may be bound to
a ProtectionDomain
at load-time (e.g., by the
ClassLoader
)Permission
objects may not be bound to a
ProtectionDomain
until
the ProtectionDomain
is used for a security
check (e.g., by the Policy
)