Examples of java.security.ProtectionDomain

• java.security.ProtectionDomain

  This ProtectionDomain class encapsulates the characteristics of a domain, which encloses a set of classes whose instances are granted a set of permissions when being executed on behalf of a given set of Principals.

  A static set of permissions can be bound to a ProtectionDomain when it is constructed; such permissions are granted to the domain regardless of the Policy in force. However, to support dynamic security policies, a ProtectionDomain can also be constructed such that it is dynamically mapped to a set of permissions by the current Policy whenever a permission is checked.

  @version 1.47, 11/17/05 @author Li Gong @author Roland Schemers @author Gary Ellison

                    list.add(url);
                }
            }
        }

        ProtectionDomain protectionDomain = ShellService.class.getProtectionDomain();
        CodeSource codeSource = protectionDomain.getCodeSource();
        URL loc = codeSource.getLocation();
        list.add(loc);

        return list;
    }

                ".class";
            byte [] cdata = loadClassDataFromFile(classFile);
            if( cdata == null )
                throw new ClassNotFoundException(name);
            if( securityManager != null ) {
                ProtectionDomain pd = new ProtectionDomain(
                        codeSource,permissionCollection);
                clazz = defineClass(name,cdata,0,cdata.length,pd);
            } else {
                clazz = defineClass(name,cdata,0,cdata.length);
            }

    private AccessControlContext createAccessControlContext() {
        return new AccessControlContext(AccessController.getContext(),
                new DomainCombiner() {
                    public ProtectionDomain[] combine(ProtectionDomain[] arg0,
                                                      ProtectionDomain[] arg1) {
                        return new ProtectionDomain[] { new ProtectionDomain(null, null) {
                            public boolean implies(Permission permission) {
                                return bundleContext.getBundle().hasPermission(permission);
                            }
                        }
                    };

        //
        // Create the Rhino ProtectionDomain
        // and AccessControlContext
        //
        ProtectionDomain rhinoProtectionDomain
            = new ProtectionDomain(codeSource,
                                   getPermissions(codeSource));

        rhinoAccessControlContext
            = new AccessControlContext(new ProtectionDomain[]{
                rhinoProtectionDomain});

      parser.usage();
    }
  }

  static String getJarName() {
    ProtectionDomain domain = CliApplication.class.getProtectionDomain();
    String path = domain.getCodeSource().getLocation().getPath();

    return new File(path).getName();
  }

                ignore.printStackTrace();
            }
        }
        if (myJarPath == null) {
            Class cls = Boot.class;
            ProtectionDomain pDomain = cls.getProtectionDomain();
            CodeSource cSource = pDomain.getCodeSource();
            myJarPath = cSource.getLocation().toString();
            System.out.println("myJarPath=" + myJarPath);
            return myJarPath;
        }
        if (myJarPath == null) {

            if (record) {
                record(bytecode);
            }
            // Use a protectionDomain to associate the codebase with the
            // class.
            ProtectionDomain pd = (ProtectionDomain)pdCache.get(bytecode.codebase);
            if (pd == null) {
                try {
                    URL url = urlFactory.getCodeBase(bytecode.codebase);

                    CodeSource source = new CodeSource(url, (Certificate[])null);
                    pd = new ProtectionDomain(source, null, this, null);
                    pdCache.put(bytecode.codebase, pd);
                } catch (MalformedURLException mux) {
                    throw new ClassNotFoundException(name, mux);
                }
            }

            // Do it the simple way.
            byte bytes[] = bytecode.bytes;

      int i = name.lastIndexOf('.');
      if (i != -1) {
        String pkgname = name.substring(0, i);
        // Check if package already loaded.
        Package pkg = getPackage(pkgname);
        Manifest man = bytecode.manifest;
        if (pkg != null) {
          // Package found, so check package sealing.
          if (pkg.isSealed()) {
            // Verify that code source URL is the same.
            if (!pkg.isSealed(pd.getCodeSource().getLocation())) {
              throw new SecurityException("sealing violation: package " + pkgname + " is sealed");
            }

          } else {
            // Make sure we are not attempting to seal the package
            // at this code source URL.
            if ((man != null) && isSealed(pkgname, man)) {
              throw new SecurityException("sealing violation: can't seal package " + pkgname + ": already loaded");
            }
          }
        } else {
          if (man != null) {
            definePackage(pkgname, man, pd.getCodeSource().getLocation());
          } else {
            definePackage(pkgname, null, null, null, null, null, null, null);
          }
        }
      }

            String path = jcl.getOneJarPath() + "!/" + codebase + resource;
            URL url = new URL("jar", "", -1, path, jarHandler);
            return url;
        }
        public URL getCodeBase(String jar) throws MalformedURLException {
            ProtectionDomain cd = JarClassLoader.class.getProtectionDomain();
            URL url = cd.getCodeSource().getLocation();
            if (url != null) {
                url = new URL("jar", "", -1, url + "!/" + jar, jarHandler);
            }
            return url;
        }

            } catch (BundleException e) {
                throw new RuntimeException(e);
            }
        }

        ProtectionDomain protectionDomain = domain;
        if (protectionDomain == null) {
            /**
             * By default Equinox creates a ProtectionDomain for each bundle with AllPermission permission.
             * That breaks Geronimo security checks. See GERONIMO-5480 for details.
             * This work-around prevents Equinox from adding AllPermission permission to each bundle.
             */
            PermissionCollection emptyPermissionCollection = (new AllPermission()).newPermissionCollection();
            protectionDomain = new ProtectionDomain(null, emptyPermissionCollection);
        }

        BaseClassLoader classLoader;
        if (useURLClassLoader) {
            classLoader = new GeronimoClassLoader(this, parent, delegate, protectionDomain, data, classpath, bundle);

    // Allow user to only read any file in docs directory
    final String aHome = System.getenv("ACCUMULO_HOME");
    PermissionCollection pc = new Permissions();
    pc.add(new FilePermission(aHome + "/docs/-", "read"));

    AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] {new ProtectionDomain(null, pc)});

    IOException e = AccessController.doPrivileged(new PrivilegedAction<IOException>() {

      @Override
      public IOException run() {