All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.mozilla.javascript.SecurityController Maven / Gradle / Ivy

Go to download

Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users.

There is a newer version: 1.7.15
Show newest version
/* -*- Mode: java; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

// API class

package org.mozilla.javascript;

/**
 * This class describes the support needed to implement security.
 * 

* Three main pieces of functionality are required to implement * security for JavaScript. First, it must be possible to define * classes with an associated security domain. (This security * domain may be any object incorporating notion of access * restrictions that has meaning to an embedding; for a client-side * JavaScript embedding this would typically be * java.security.ProtectionDomain or similar object depending on an * origin URL and/or a digital certificate.) * Next it must be possible to get a security domain object that * allows a particular action only if all security domains * associated with code on the current Java stack allows it. And * finally, it must be possible to execute script code with * associated security domain injected into Java stack. *

* These three pieces of functionality are encapsulated in the * SecurityController class. * * @see org.mozilla.javascript.Context#setSecurityController(SecurityController) * @see java.lang.ClassLoader * @since 1.5 Release 4 */ public abstract class SecurityController { private static SecurityController global; // The method must NOT be public or protected static SecurityController global() { return global; } /** * Check if global {@link SecurityController} was already installed. * @see #initGlobal(SecurityController controller) */ public static boolean hasGlobal() { return global != null; } /** * Initialize global controller that will be used for all * security-related operations. The global controller takes precedence * over already installed {@link Context}-specific controllers and cause * any subsequent call to * {@link Context#setSecurityController(SecurityController)} * to throw an exception. *

* The method can only be called once. * * @see #hasGlobal() */ public static void initGlobal(SecurityController controller) { if (controller == null) throw new IllegalArgumentException(); if (global != null) { throw new SecurityException("Cannot overwrite already installed global SecurityController"); } global = controller; } /** * Get class loader-like object that can be used * to define classes with the given security context. * @param parentLoader parent class loader to delegate search for classes * not defined by the class loader itself * @param securityDomain some object specifying the security * context of the code that is defined by the returned class loader. */ public abstract GeneratedClassLoader createClassLoader( ClassLoader parentLoader, Object securityDomain); /** * Create {@link GeneratedClassLoader} with restrictions imposed by * staticDomain and all current stack frames. * The method uses the SecurityController instance associated with the * current {@link Context} to construct proper dynamic domain and create * corresponding class loader. *

* If no SecurityController is associated with the current {@link Context} , * the method calls {@link Context#createClassLoader(ClassLoader parent)}. *

* @param parent parent class loader. If null, * {@link Context#getApplicationClassLoader()} will be used. * @param staticDomain static security domain. */ public static GeneratedClassLoader createLoader( ClassLoader parent, Object staticDomain) { Context cx = Context.getContext(); if (parent == null) { parent = cx.getApplicationClassLoader(); } SecurityController sc = cx.getSecurityController(); GeneratedClassLoader loader; if (sc == null) { loader = cx.createClassLoader(parent); } else { Object dynamicDomain = sc.getDynamicSecurityDomain(staticDomain); loader = sc.createClassLoader(parent, dynamicDomain); } return loader; } public static Class getStaticSecurityDomainClass() { SecurityController sc = Context.getContext().getSecurityController(); return sc == null ? null : sc.getStaticSecurityDomainClassInternal(); } public Class getStaticSecurityDomainClassInternal() { return null; } /** * Get dynamic security domain that allows an action only if it is allowed * by the current Java stack and securityDomain. If * securityDomain is null, return domain representing permissions * allowed by the current stack. */ public abstract Object getDynamicSecurityDomain(Object securityDomain); /** * Call {@link * Callable#call(Context cx, Scriptable scope, Scriptable thisObj, * Object[] args)} * of callable under restricted security domain where an action is * allowed only if it is allowed according to the Java stack on the * moment of the execWithDomain call and securityDomain. * Any call to {@link #getDynamicSecurityDomain(Object)} during * execution of callable.call(cx, scope, thisObj, args) * should return a domain incorporate restrictions imposed by * securityDomain and Java stack on the moment of callWithDomain * invocation. *

* The method should always be overridden, it is not declared abstract * for compatibility reasons. */ public Object callWithDomain(Object securityDomain, Context cx, final Callable callable, Scriptable scope, final Scriptable thisObj, final Object[] args) { return execWithDomain(cx, scope, new Script() { @Override public Object exec(Context cx, Scriptable scope) { return callable.call(cx, scope, thisObj, args); } }, securityDomain); } /** * @deprecated The application should not override this method and instead * override * {@link #callWithDomain(Object securityDomain, Context cx, Callable callable, Scriptable scope, Scriptable thisObj, Object[] args)}. */ @Deprecated public Object execWithDomain(Context cx, Scriptable scope, Script script, Object securityDomain) { throw new IllegalStateException("callWithDomain should be overridden"); } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy