org.mozilla.javascript.PolicySecurityController Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of rhino Show documentation

Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users.

The newest version!

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

package org.mozilla.javascript;

import java.lang.ref.SoftReference;
import java.lang.reflect.UndeclaredThrowableException;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.SecureClassLoader;
import java.util.Map;
import java.util.WeakHashMap;
import org.mozilla.classfile.ByteCode;
import org.mozilla.classfile.ClassFileWriter;

/**
 * A security controller relying on Java {@link Policy} in effect. When you use this security
 * controller, your securityDomain objects must be instances of {@link CodeSource} representing the
 * location from where you load your scripts. Any Java policy "grant" statements matching the URL
 * and certificate in code sources will apply to the scripts. If you specify any certificates within
 * your {@link CodeSource} objects, it is your responsibility to verify (or not) that the script
 * source files are signed in whatever implementation-specific way you're using.
 *
 * @author Attila Szegedi
 */
public class PolicySecurityController extends SecurityController {
    private static final byte[] secureCallerImplBytecode = loadBytecode();

    // We're storing a CodeSource -> (ClassLoader -> SecureRenderer), since we
    // need to have one renderer per class loader. We're using weak hash maps
    // and soft references all the way, since we don't want to interfere with
    // cleanup of either CodeSource or ClassLoader objects.
    private static final Map>> callers =
            new WeakHashMap<>();

    @Override
    public Class getStaticSecurityDomainClassInternal() {
        return CodeSource.class;
    }

    private static class Loader extends SecureClassLoader implements GeneratedClassLoader {
        private final CodeSource codeSource;

        Loader(ClassLoader parent, CodeSource codeSource) {
            super(parent);
            this.codeSource = codeSource;
        }

        @Override
        public Class defineClass(String name, byte[] data) {
            return defineClass(name, data, 0, data.length, codeSource);
        }

        @Override
        public void linkClass(Class cl) {
            resolveClass(cl);
        }
    }

    @Override
    public GeneratedClassLoader createClassLoader(
            final ClassLoader parent, final Object securityDomain) {
        return (Loader)
                AccessController.doPrivileged(
                        new PrivilegedAction