📄 accesscontroller.java
字号:
* * @version 1.48 00/05/03 * @author Li Gong * @author Roland Schemers */public final class AccessController { /** * Don't allow anyone to instantiate an AccessController */ private AccessController() { } /** * Performs the specified <code>PrivilegedAction</code> with privileges * enabled. The action is performed with <i>all</i> of the permissions * possessed by the caller's protection domain. * <p> * If the action's <code>run</code> method throws an (unchecked) exception, * it will propagate through this method. * * @param action the action to be performed. * @return the value returned by the action's <code>run</code> method. * @see #doPrivileged(PrivilegedAction,AccessControlContext) * @see #doPrivileged(PrivilegedExceptionAction) */ public static Object doPrivileged(PrivilegedAction action) { return doPrivileged(action, null); } /** * Performs the specified <code>PrivilegedAction</code> with privileges * enabled and restricted by the specified <code>AccessControlContext</code>. * The action is performed with the intersection of the permissions * possessed by the caller's protection domain, and those possessed * by the domains represented by the specified * <code>AccessControlContext</code>. * <p> * If the action's <code>run</code> method throws an (unchecked) exception, * it will propagate through this method. * * @param action the action to be performed. * @param context an <i>access control context</i> representing the * restriction to be applied to the caller's domain's * privileges before performing the specified action. * @return the value returned by the action's <code>run</code> method. * @see #doPrivileged(PrivilegedAction) * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext) */ public static Object doPrivileged(PrivilegedAction action, AccessControlContext context) { return action.run(); } /** * Performs the specified <code>PrivilegedExceptionAction</code> with * privileges enabled. The action is performed with <i>all</i> of the * permissions possessed by the caller's protection domain. * <p> * If the action's <code>run</code> method throws an <i>unchecked</i> * exception, it will propagate through this method. * * @param action the action to be performed * @return the value returned by the action's <code>run</code> method * @throws PrivilegedActionException if the specified action's * <code>run</code> method threw a <i>checked</i> exception * @see #doPrivileged(PrivilegedAction) * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext) */ public static Object doPrivileged(PrivilegedExceptionAction action) throws PrivilegedActionException { return doPrivileged(action, null); } /** * Performs the specified <code>PrivilegedExceptionAction</code> with * privileges enabled and restricted by the specified * <code>AccessControlContext</code>. The action is performed with the * intersection of the the permissions possessed by the caller's * protection domain, and those possessed by the domains represented by the * specified <code>AccessControlContext</code>. * <p> * If the action's <code>run</code> method throws an <i>unchecked</i> * exception, it will propagate through this method. * * @param action the action to be performed * @param context an <i>access control context</i> representing the * restriction to be applied to the caller's domain's * privileges before performing the specified action * @return the value returned by the action's <code>run</code> method * @throws PrivilegedActionException if the specified action's * <code>run</code> method * threw a <i>checked</i> exception * @see #doPrivileged(PrivilegedAction) * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext) */ public static Object doPrivileged(PrivilegedExceptionAction action, AccessControlContext context) throws PrivilegedActionException { try { return action.run(); } catch (RuntimeException e) { // mimic JDK behavior throw e; } catch (Exception e) { // slight deviation from JDK behavior, but not spec // They always wrap, for some reason (bug?) throw new PrivilegedActionException(e); } catch (Throwable e) { throw CVM.throwLocalException(e); } } /** * Returns the AccessControl context. i.e., it gets * the protection domains of all the callers on the stack, * starting at the first class with a non-null * ProtectionDomain. * * @return the access control context based on the current stack or * null if there was only privileged system code. * * */ private static AccessControlContext sysACC = new AccessControlContext(null, false, null); private static AccessControlContext privACC = new AccessControlContext(null, true, null); private static native void fillInContext(ProtectionDomain[] ctx, int n); private static native int computeContext(boolean[] isPrivilegedRef, AccessControlContext[] ctxRef); private static AccessControlContext getStackAccessControlContext() { AccessControlContext[] privilegedContextRef = new AccessControlContext[1]; boolean[] isPrivilegedRef = new boolean[1]; int count = computeContext(isPrivilegedRef, privilegedContextRef); boolean isPrivileged = isPrivilegedRef[0]; AccessControlContext privilegedContext = privilegedContextRef[0]; // either all the domains on the stack were system domains, or // we had a privileged system domain if (count == 0) { if (isPrivileged && privilegedContext == null) { return null; } else if (privilegedContext != null) { return new AccessControlContext(null, isPrivileged, privilegedContext); } else if (!isPrivileged) { return sysACC; } else { throw new InternalError(); } } ProtectionDomain[] ctx = new ProtectionDomain[count]; fillInContext(ctx, count); return new AccessControlContext(ctx, isPrivileged, privilegedContext); } /** * Returns the "inherited" AccessControl context. This is the context * that existed when the thread was created. Package private so * AccessControlContext can use it. */ static native AccessControlContext getInheritedAccessControlContext(); /** * This method takes a "snapshot" of the current calling context, which * includes the current Thread's inherited AccessControlContext, * and places it in an AccessControlContext object. This context may then * be checked at a later point, possibly in another thread. * * @see AccessControlContext * * @return the AccessControlContext based on the current context. */ public static AccessControlContext getContext() { AccessControlContext acc = getStackAccessControlContext(); if (acc == null) { // all we had was privileged system code. We don't want // to return null though, so we construct a real ACC. return privACC; } else { return acc.optimize(); } } /** * Determines whether the access request indicated by the * specified permission should be allowed or denied, based on * the security policy currently in effect. * This method quietly returns if the access request * is permitted, or throws a suitable AccessControlException otherwise. * * @param perm the requested permission. * * @exception AccessControlException if the specified permission * is not permitted, based on the current security policy. */ public static void checkPermission(Permission perm) throws AccessControlException { //System.err.println("checkPermission "+perm); //Thread.currentThread().dumpStack(); AccessControlContext stack = getStackAccessControlContext(); // if context is null, we had privileged system code on the stack. if (stack == null) { Debug debug = AccessControlContext.getDebug(); if (debug != null) { if (Debug.isOn("stack")) Thread.currentThread().dumpStack(); if (Debug.isOn("domain")) { debug.println("domain (context is null)"); } debug.println("access allowed "+perm); } return; } AccessControlContext acc = stack.optimize(); acc.checkPermission(perm); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -