From d7c5ad7d6263fd1baf9bfdbaa4c50b70ef2fbdb2 Mon Sep 17 00:00:00 2001 From: Alexander Sulfrian Date: Tue, 8 Jun 2010 08:22:05 +0200 Subject: reverted folder structure change for better mergeing with upstream --- .../org/mozilla/javascript/SecurityController.html | 507 +++++++++++++++++++++ 1 file changed, 507 insertions(+) create mode 100644 trunk/infrastructure/rhino1_7R1/javadoc/org/mozilla/javascript/SecurityController.html (limited to 'trunk/infrastructure/rhino1_7R1/javadoc/org/mozilla/javascript/SecurityController.html') diff --git a/trunk/infrastructure/rhino1_7R1/javadoc/org/mozilla/javascript/SecurityController.html b/trunk/infrastructure/rhino1_7R1/javadoc/org/mozilla/javascript/SecurityController.html new file mode 100644 index 0000000..92c5c44 --- /dev/null +++ b/trunk/infrastructure/rhino1_7R1/javadoc/org/mozilla/javascript/SecurityController.html @@ -0,0 +1,507 @@ + + + + + + +SecurityController (Rhino) + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + +
+ +
+ + + +
+ +

+ +org.mozilla.javascript +
+Class SecurityController

+
+java.lang.Object
+  extended by org.mozilla.javascript.SecurityController
+
+
+
+
public abstract class SecurityController
extends java.lang.Object
+ + +

+This class describes the support needed to implement security. +

+ Three main pieces of functionality are required to implement + security for JavaScript. First, it must be possible to define + classes with an associated security domain. (This security + domain may be any object incorporating notion of access + restrictions that has meaning to an embedding; for a client-side + JavaScript embedding this would typically be + java.security.ProtectionDomain or similar object depending on an + origin URL and/or a digital certificate.) + Next it must be possible to get a security domain object that + allows a particular action only if all security domains + associated with code on the current Java stack allows it. And + finally, it must be possible to execute script code with + associated security domain injected into Java stack. +

+ These three pieces of functionality are encapsulated in the + SecurityController class. +

+ +

+

+
Since:
+
1.5 Release 4
+
See Also:
Context.setSecurityController(SecurityController), +ClassLoader
+
+ +

+ + + + + + + + + + + +
+Constructor Summary
SecurityController() + +
+           
+  + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+Method Summary
+ java.lang.ObjectcallWithDomain(java.lang.Object securityDomain, + Context cx, + Callable callable, + Scriptable scope, + Scriptable thisObj, + java.lang.Object[] args) + +
+          Call Callable.call(Context cx, Scriptable scope, Scriptable thisObj, + Object[] args) + of callable under restricted security domain where an action is + allowed only if it is allowed according to the Java stack on the + moment of the execWithDomain call and securityDomain.
+abstract  GeneratedClassLoadercreateClassLoader(java.lang.ClassLoader parentLoader, + java.lang.Object securityDomain) + +
+          Get class loader-like object that can be used + to define classes with the given security context.
+static GeneratedClassLoadercreateLoader(java.lang.ClassLoader parent, + java.lang.Object staticDomain) + +
+          Create GeneratedClassLoader with restrictions imposed by + staticDomain and all current stack frames.
+ java.lang.ObjectexecWithDomain(Context cx, + Scriptable scope, + Script script, + java.lang.Object securityDomain) + +
+          Deprecated. The application should not override this method and instead + override + callWithDomain(Object securityDomain, Context cx, Callable callable, Scriptable scope, Scriptable thisObj, Object[] args).
+abstract  java.lang.ObjectgetDynamicSecurityDomain(java.lang.Object securityDomain) + +
+          Get dynamic security domain that allows an action only if it is allowed + by the current Java stack and securityDomain.
+static java.lang.ClassgetStaticSecurityDomainClass() + +
+           
+ java.lang.ClassgetStaticSecurityDomainClassInternal() + +
+           
+static booleanhasGlobal() + +
+          Check if global SecurityController was already installed.
+static voidinitGlobal(SecurityController controller) + +
+          Initialize global controller that will be used for all + security-related operations.
+ + + + + + + +
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
+  +

+ + + + + + + + +
+Constructor Detail
+ +

+SecurityController

+
+public SecurityController()
+
+
+ + + + + + + + +
+Method Detail
+ +

+hasGlobal

+
+public static boolean hasGlobal()
+
+
Check if global SecurityController was already installed. +

+

+
See Also:
initGlobal(SecurityController controller)
+
+
+
+ +

+initGlobal

+
+public static void initGlobal(SecurityController controller)
+
+
Initialize global controller that will be used for all + security-related operations. The global controller takes precedence + over already installed Context-specific controllers and cause + any subsequent call to + Context.setSecurityController(SecurityController) + to throw an exception. +

+ The method can only be called once. +

+

+
See Also:
hasGlobal()
+
+
+
+ +

+createClassLoader

+
+public abstract GeneratedClassLoader createClassLoader(java.lang.ClassLoader parentLoader,
+                                                       java.lang.Object securityDomain)
+
+
Get class loader-like object that can be used + to define classes with the given security context. +

+

+
Parameters:
parentLoader - parent class loader to delegate search for classes + not defined by the class loader itself
securityDomain - some object specifying the security + context of the code that is defined by the returned class loader.
+
+
+
+ +

+createLoader

+
+public static GeneratedClassLoader createLoader(java.lang.ClassLoader parent,
+                                                java.lang.Object staticDomain)
+
+
Create GeneratedClassLoader with restrictions imposed by + staticDomain and all current stack frames. + The method uses the SecurityController instance associated with the + current Context to construct proper dynamic domain and create + corresponding class loader. + + If no SecurityController is associated with the current Context , + the method calls Context.createClassLoader(ClassLoader parent). +

+

+
Parameters:
parent - parent class loader. If null, + Context.getApplicationClassLoader() will be used.
staticDomain - static security domain.
+
+
+
+ +

+getStaticSecurityDomainClass

+
+public static java.lang.Class getStaticSecurityDomainClass()
+
+
+
+
+
+
+ +

+getStaticSecurityDomainClassInternal

+
+public java.lang.Class getStaticSecurityDomainClassInternal()
+
+
+
+
+
+
+ +

+getDynamicSecurityDomain

+
+public abstract java.lang.Object getDynamicSecurityDomain(java.lang.Object securityDomain)
+
+
Get dynamic security domain that allows an action only if it is allowed + by the current Java stack and securityDomain. If + securityDomain is null, return domain representing permissions + allowed by the current stack. +

+

+
+
+
+
+ +

+callWithDomain

+
+public java.lang.Object callWithDomain(java.lang.Object securityDomain,
+                                       Context cx,
+                                       Callable callable,
+                                       Scriptable scope,
+                                       Scriptable thisObj,
+                                       java.lang.Object[] args)
+
+
Call Callable.call(Context cx, Scriptable scope, Scriptable thisObj, + Object[] args) + of callable under restricted security domain where an action is + allowed only if it is allowed according to the Java stack on the + moment of the execWithDomain call and securityDomain. + Any call to getDynamicSecurityDomain(Object) during + execution of callable.call(cx, scope, thisObj, args) + should return a domain incorporate restrictions imposed by + securityDomain and Java stack on the moment of callWithDomain + invocation. +

+ The method should always be overridden, it is not declared abstract + for compatibility reasons. +

+

+
+
+
+
+ +

+execWithDomain

+
+public java.lang.Object execWithDomain(Context cx,
+                                       Scriptable scope,
+                                       Script script,
+                                       java.lang.Object securityDomain)
+
+
Deprecated. The application should not override this method and instead + override + callWithDomain(Object securityDomain, Context cx, Callable callable, Scriptable scope, Scriptable thisObj, Object[] args). +

+

+
+
+
+ +
+ + + + + + + + + + + + + + + + + + + +
+ +
+ + + +
+ + + -- cgit v1.2.3