SecureClassLoader.java example

Explorer

phoneme-components-cdc-master
- src
- test
  - share
    - basis
      - gunit
        classes
        gunit
        framework
        TestCase.java
      - gunittests
        tests
        appcontext
        FocusMgmtTest.java
        FullScreenTest.java
        TestLet.java
        ixcpermission
        IxcPermissionTest.java
        volatileImage
        ImageTest.java
      - tests
        drawStringAttr
        DrawString.java
        fullScreenMode
        TestFull.java
        ixc
        AccessControlContext
        restricted
        RestrictedXlet.java
        unrestricted
        RestrictedXletContext.java
        UnrestrictedXlet.java
        Permission
        DummyRemoteObject.java
        DummyXletContext.java
        IxcRegisTest.java
        IxcRegisTest2.java
        Subclass
        A
        MyRemote.java
        XletA.java
        B
        MyRemote.java
        XletB.java
        volatileImage
        TestVolatileComponent.java
        TestVolatileGC.java
        xlets
        ComponentEvents
        TestRunner.java
        TestXlet.java
        ContentClassLoader
        ContextClsLoaderXlet.java
        RoundButton.java
        TestRunner.java
        Lifecycle1
        TestRunner.java
        TestXlet.java
        Lifecycle2
        TestRunner.java
        TestXlet.java
        Lifecycle3
        TestRunner.java
        TestXlet.java
        TopLevel
        TestXlet.java
        TwoXlets
        TestRunner.java
        TestXlet1Auto.java
        TestXlet2Auto.java
        XletArgs
        TestRunner.java
        TestXlet.java
    - cdc
      - java
        lang
        ClassLoader
        Assert.java
        package1
        Class1.java
        package3
        Class3.java
        package2
        Class2.java
        Encoding
        EncodingTest.java
        util
        Currency
        CurrencyTest.java
    - foundation
      - java
        net
        Inet6Address
        IPv6Test.java
        URI
        URITest.java
        URItoURLTest.java
    - gunit
      - classes
        gunit
        container
        AWTTestContainer.java
        framework
        BaseTestCase.java
        TestContainer.java
        TestContext.java
        TestFactory.java
        TestFilter.java
        TestResultDescription.java
        TestResultVerifier.java
        image
        RefImageNotFoundException.java
        lister
        BaseTestLister.java
        textui
        ResultVerifier.java
        TestLister.java
        TestRunner.java
        XMLTestLister.java

/*
 * @(#)SecureClassLoader.java	1.80 06/10/10
 *
 * Copyright  1990-2008 Sun Microsystems, Inc. All Rights Reserved.  
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER  
 *   
 * This program is free software; you can redistribute it and/or  
 * modify it under the terms of the GNU General Public License version  
 * 2 only, as published by the Free Software Foundation.   
 *   
 * This program is distributed in the hope that it will be useful, but  
 * WITHOUT ANY WARRANTY; without even the implied warranty of  
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU  
 * General Public License version 2 for more details (a copy is  
 * included at /legal/license.txt).   
 *   
 * You should have received a copy of the GNU General Public License  
 * version 2 along with this work; if not, write to the Free Software  
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  
 * 02110-1301 USA   
 *   
 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa  
 * Clara, CA 95054 or visit www.sun.com if you need additional  
 * information or have any questions. 
 *
 */
 
package java.security;

import java.util.HashMap;
import java.util.ArrayList;
import java.net.URL;

import sun.security.util.Debug;

/** 
 * This class extends ClassLoader with additional support for defining
 * classes with an associated code source and permissions which are
 * retrieved by the system policy by default.
 *
 * @version 1.73, 02/02/00
 * @author  Li Gong 
 * @author  Roland Schemers
 */
public class SecureClassLoader extends ClassLoader {
    /*
     * If initialization succeed this is set to true and security checks will
     * succeed. Otherwise the object is not initialized and the object is
     * useless.
     */
    private boolean initialized = false;

    // HashMap that maps CodeSource to ProtectionDomain
    private HashMap pdcache = new HashMap(11);

    private static final Debug debug = Debug.getInstance("scl");

    /**
     * Creates a new SecureClassLoader using the specified parent
     * class loader for delegation.
     *
     * <p>If there is a security manager, this method first
     * calls the security manager's <code>checkCreateClassLoader</code> 
     * method  to ensure creation of a class loader is allowed.
     * <p>
     * @param parent the parent ClassLoader
     * @exception  SecurityException  if a security manager exists and its  
     *             <code>checkCreateClassLoader</code> method doesn't allow 
     *             creation of a class loader.
     * @see SecurityManager#checkCreateClassLoader
     */
    protected SecureClassLoader(ClassLoader parent) {
	super(parent);
	// this is to make the stack depth consistent with 1.1
	SecurityManager security = System.getSecurityManager();
	if (security != null) {
	    security.checkCreateClassLoader();
	}
	initialized = true;
    }

    /**
     * Creates a new SecureClassLoader using the default parent class
     * loader for delegation.
     *
     * <p>If there is a security manager, this method first
     * calls the security manager's <code>checkCreateClassLoader</code> 
     * method  to ensure creation of a class loader is allowed.
     *
     * @exception  SecurityException  if a security manager exists and its  
     *             <code>checkCreateClassLoader</code> method doesn't allow 
     *             creation of a class loader.
     * @see SecurityManager#checkCreateClassLoader
     */
    protected SecureClassLoader() {
	super();
	// this is to make the stack depth consistent with 1.1
	SecurityManager security = System.getSecurityManager();
	if (security != null) {
	    security.checkCreateClassLoader();
	}
	initialized = true;
    }

    /**
     * Converts an array of bytes into an instance of class Class,
     * with an optional CodeSource. Before the
     * class can be used it must be resolved.
     * <p>
     * If a non-null CodeSource is supplied a ProtectionDomain is
     * constructed and associated with the class being defined.
     * <p>
     * @param      name the expected name of the class, or <code>null</code>
     *                  if not known, using '.' and not '/' as the separator
     *                  and without a trailing ".class" suffix.
     * @param      b    the bytes that make up the class data. The bytes in 
     *             positions <code>off</code> through <code>off+len-1</code> 
     *             should have the format of a valid class file as defined 
     *             by the 
     *             <a href="http://java.sun.com/docs/books/vmspec/">Java 
     *             Virtual Machine Specification</a>.
     * @param      off  the start offset in <code>b</code> of the class data
     * @param      len  the length of the class data
     * @param      cs   the associated CodeSource, or <code>null</code> if none
     * @return the <code>Class</code> object created from the data,
     *         and optional CodeSource.
     * @exception  ClassFormatError if the data did not contain a valid class
     * @exception  IndexOutOfBoundsException if either <code>off</code> or 
     *             <code>len</code> is negative, or if 
     *             <code>off+len</code> is greater than <code>b.length</code>.
     *
     * @exception  SecurityException if an attempt is made to add this class
     *             to a package that contains classes that were signed by
     *             a different set of certificates than this class, or if 
     *             the class name begins with "java.".
     */
    protected final Class defineClass(String name, byte[] b, int off, int len,
				      CodeSource cs)
    {
	if (cs == null)
	    return defineClass(name, b, off, len);
	else 
	    return defineClass(name, b, off, len, getProtectionDomain(cs));
    }

    /**
     * Returns the permissions for the given CodeSource object.
     * <p>
     * This method is invoked by the defineClass method which takes
     * a CodeSource as an argument when it is constructing the
     * ProtectionDomain for the class being defined.
     * <p>
     * @param codesource the codesource.
     *
     * @return the permissions granted to the codesource.
     *
     */
    protected PermissionCollection getPermissions(CodeSource codesource)
    {
	check();
	return new Permissions(); // ProtectionDomain defers the binding
    }

    /*
     * Returned cached ProtectionDomain for the specified CodeSource.
     */
    private ProtectionDomain getProtectionDomain(CodeSource cs) {
	if (cs == null)
	    return null;

	ProtectionDomain pd = null;
	synchronized (pdcache) {
	    pd = (ProtectionDomain)pdcache.get(cs);
	    if (pd == null) {
		PermissionCollection perms = getPermissions(cs);
		pd = new ProtectionDomain(cs, perms, this, null);
		if (pd != null) {
		    pdcache.put(cs, pd);
		    if (debug != null) {
			debug.println(" getPermissions "+ pd);
			debug.println("");
		    }
		}
	    }
	}
	return pd;
    }

    /*
     * Check to make sure the class loader has been initialized.
     */
    private void check() { 
	if (!initialized) {
	    throw new SecurityException("ClassLoader object not initialized");
	}
    }

}