org.mozilla.javascript.SecureCaller Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of rhino Show documentation
Show all versions of rhino Show documentation
Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically
embedded into Java applications to provide scripting to end users.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.javascript;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.ref.SoftReference;
import java.lang.reflect.UndeclaredThrowableException;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.SecureClassLoader;
import java.util.Map;
import java.util.WeakHashMap;
/**
* @author Attila Szegedi
*/
public abstract class SecureCaller
{
private static final byte[] secureCallerImplBytecode = loadBytecode();
// We're storing a CodeSource -> (ClassLoader -> SecureRenderer), since we
// need to have one renderer per class loader. We're using weak hash maps
// and soft references all the way, since we don't want to interfere with
// cleanup of either CodeSource or ClassLoader objects.
private static final Map>>
callers =
new WeakHashMap>>();
public abstract Object call(Callable callable, Context cx,
Scriptable scope, Scriptable thisObj, Object[] args);
/**
* Call the specified callable using a protection domain belonging to the
* specified code source.
*/
static Object callSecurely(final CodeSource codeSource, Callable callable,
Context cx, Scriptable scope, Scriptable thisObj, Object[] args)
{
final Thread thread = Thread.currentThread();
// Run in doPrivileged as we might be checked for "getClassLoader"
// runtime permission
final ClassLoader classLoader = (ClassLoader)AccessController.doPrivileged(
new PrivilegedAction
© 2015 - 2024 Weber Informatics LLC | Privacy Policy