org.mozilla.javascript.PolicySecurityController Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of org.apache.servicemix.bundles.rhino
Show all versions of org.apache.servicemix.bundles.rhino
This OSGi bundle wraps rhino and rhino-engine ${pkgVersion} jar files.
The newest version!
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.javascript;
import java.lang.ref.SoftReference;
import java.lang.reflect.UndeclaredThrowableException;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.SecureClassLoader;
import java.util.Map;
import java.util.WeakHashMap;
import org.mozilla.classfile.ByteCode;
import org.mozilla.classfile.ClassFileWriter;
/**
* A security controller relying on Java {@link Policy} in effect. When you use this security
* controller, your securityDomain objects must be instances of {@link CodeSource} representing the
* location from where you load your scripts. Any Java policy "grant" statements matching the URL
* and certificate in code sources will apply to the scripts. If you specify any certificates within
* your {@link CodeSource} objects, it is your responsibility to verify (or not) that the script
* source files are signed in whatever implementation-specific way you're using.
*
* @author Attila Szegedi
*/
public class PolicySecurityController extends SecurityController {
private static final byte[] secureCallerImplBytecode = loadBytecode();
// We're storing a CodeSource -> (ClassLoader -> SecureRenderer), since we
// need to have one renderer per class loader. We're using weak hash maps
// and soft references all the way, since we don't want to interfere with
// cleanup of either CodeSource or ClassLoader objects.
private static final Map>> callers =
new WeakHashMap<>();
@Override
public Class> getStaticSecurityDomainClassInternal() {
return CodeSource.class;
}
private static class Loader extends SecureClassLoader implements GeneratedClassLoader {
private final CodeSource codeSource;
Loader(ClassLoader parent, CodeSource codeSource) {
super(parent);
this.codeSource = codeSource;
}
@Override
public Class> defineClass(String name, byte[] data) {
return defineClass(name, data, 0, data.length, codeSource);
}
@Override
public void linkClass(Class> cl) {
resolveClass(cl);
}
}
@Override
public GeneratedClassLoader createClassLoader(
final ClassLoader parent, final Object securityDomain) {
return (Loader)
AccessController.doPrivileged(
new PrivilegedAction
© 2015 - 2024 Weber Informatics LLC | Privacy Policy