diff options
Diffstat (limited to 'trunk/infrastructure/rhino1_7R1/src/org/mozilla/javascript/SecurityController.java')
| -rw-r--r-- | trunk/infrastructure/rhino1_7R1/src/org/mozilla/javascript/SecurityController.java | 211 |
1 files changed, 211 insertions, 0 deletions
diff --git a/trunk/infrastructure/rhino1_7R1/src/org/mozilla/javascript/SecurityController.java b/trunk/infrastructure/rhino1_7R1/src/org/mozilla/javascript/SecurityController.java new file mode 100644 index 0000000..ed85dbf --- /dev/null +++ b/trunk/infrastructure/rhino1_7R1/src/org/mozilla/javascript/SecurityController.java @@ -0,0 +1,211 @@ +/* -*- Mode: java; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * + * ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is Rhino code, released + * May 6, 1999. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1997-1999 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Norris Boyd + * Igor Bukanov + * + * Alternatively, the contents of this file may be used under the terms of + * the GNU General Public License Version 2 or later (the "GPL"), in which + * case the provisions of the GPL are applicable instead of those above. If + * you wish to allow use of your version of this file only under the terms of + * the GPL and not to allow others to use your version of this file under the + * MPL, indicate your decision by deleting the provisions above and replacing + * them with the notice and other provisions required by the GPL. If you do + * not delete the provisions above, a recipient may use your version of this + * file under either the MPL or the GPL. + * + * ***** END LICENSE BLOCK ***** */ + +// API class + +package org.mozilla.javascript; + +/** + * This class describes the support needed to implement security. + * <p> + * Three main pieces of functionality are required to implement + * security for JavaScript. First, it must be possible to define + * classes with an associated security domain. (This security + * domain may be any object incorporating notion of access + * restrictions that has meaning to an embedding; for a client-side + * JavaScript embedding this would typically be + * java.security.ProtectionDomain or similar object depending on an + * origin URL and/or a digital certificate.) + * Next it must be possible to get a security domain object that + * allows a particular action only if all security domains + * associated with code on the current Java stack allows it. And + * finally, it must be possible to execute script code with + * associated security domain injected into Java stack. + * <p> + * These three pieces of functionality are encapsulated in the + * SecurityController class. + * + * @see org.mozilla.javascript.Context#setSecurityController(SecurityController) + * @see java.lang.ClassLoader + * @since 1.5 Release 4 + */ +public abstract class SecurityController +{ + private static SecurityController global; + +// The method must NOT be public or protected + static SecurityController global() + { + return global; + } + + /** + * Check if global {@link SecurityController} was already installed. + * @see #initGlobal(SecurityController controller) + */ + public static boolean hasGlobal() + { + return global != null; + } + + /** + * Initialize global controller that will be used for all + * security-related operations. The global controller takes precedence + * over already installed {@link Context}-specific controllers and cause + * any subsequent call to + * {@link Context#setSecurityController(SecurityController)} + * to throw an exception. + * <p> + * The method can only be called once. + * + * @see #hasGlobal() + */ + public static void initGlobal(SecurityController controller) + { + if (controller == null) throw new IllegalArgumentException(); + if (global != null) { + throw new SecurityException("Cannot overwrite already installed global SecurityController"); + } + global = controller; + } + + /** + * Get class loader-like object that can be used + * to define classes with the given security context. + * @param parentLoader parent class loader to delegate search for classes + * not defined by the class loader itself + * @param securityDomain some object specifying the security + * context of the code that is defined by the returned class loader. + */ + public abstract GeneratedClassLoader createClassLoader( + ClassLoader parentLoader, Object securityDomain); + + /** + * Create {@link GeneratedClassLoader} with restrictions imposed by + * staticDomain and all current stack frames. + * The method uses the SecurityController instance associated with the + * current {@link Context} to construct proper dynamic domain and create + * corresponding class loader. + * <par> + * If no SecurityController is associated with the current {@link Context} , + * the method calls {@link Context#createClassLoader(ClassLoader parent)}. + * + * @param parent parent class loader. If null, + * {@link Context#getApplicationClassLoader()} will be used. + * @param staticDomain static security domain. + */ + public static GeneratedClassLoader createLoader( + ClassLoader parent, Object staticDomain) + { + Context cx = Context.getContext(); + if (parent == null) { + parent = cx.getApplicationClassLoader(); + } + SecurityController sc = cx.getSecurityController(); + GeneratedClassLoader loader; + if (sc == null) { + loader = cx.createClassLoader(parent); + } else { + Object dynamicDomain = sc.getDynamicSecurityDomain(staticDomain); + loader = sc.createClassLoader(parent, dynamicDomain); + } + return loader; + } + + public static Class getStaticSecurityDomainClass() { + SecurityController sc = Context.getContext().getSecurityController(); + return sc == null ? null : sc.getStaticSecurityDomainClassInternal(); + } + + public Class getStaticSecurityDomainClassInternal() + { + return null; + } + + /** + * Get dynamic security domain that allows an action only if it is allowed + * by the current Java stack and <i>securityDomain</i>. If + * <i>securityDomain</i> is null, return domain representing permissions + * allowed by the current stack. + */ + public abstract Object getDynamicSecurityDomain(Object securityDomain); + + /** + * Call {@link + * Callable#call(Context cx, Scriptable scope, Scriptable thisObj, + * Object[] args)} + * of <i>callable</i> under restricted security domain where an action is + * allowed only if it is allowed according to the Java stack on the + * moment of the <i>execWithDomain</i> call and <i>securityDomain</i>. + * Any call to {@link #getDynamicSecurityDomain(Object)} during + * execution of <tt>callable.call(cx, scope, thisObj, args)</tt> + * should return a domain incorporate restrictions imposed by + * <i>securityDomain</i> and Java stack on the moment of callWithDomain + * invocation. + * <p> + * The method should always be overridden, it is not declared abstract + * for compatibility reasons. + */ + public Object callWithDomain(Object securityDomain, Context cx, + final Callable callable, Scriptable scope, + final Scriptable thisObj, final Object[] args) + { + return execWithDomain(cx, scope, new Script() + { + public Object exec(Context cx, Scriptable scope) + { + return callable.call(cx, scope, thisObj, args); + } + + }, securityDomain); + } + + /** + * @deprecated The application should not override this method and instead + * override + * {@link #callWithDomain(Object securityDomain, Context cx, Callable callable, Scriptable scope, Scriptable thisObj, Object[] args)}. + */ + public Object execWithDomain(Context cx, Scriptable scope, + Script script, Object securityDomain) + { + throw new IllegalStateException("callWithDomain should be overridden"); + } + + +} |