Examples of java.security.ProtectionDomain.implies()

java.security.ProtectionDomain.implies()
Check and see if this ProtectionDomain implies the permissions expressed in the Permission object.
The set of permissions evaluated is a function of whether the ProtectionDomain was constructed with a static set of permissions or it was bound to a dynamically mapped set of permissions.
If the ProtectionDomain was constructed to a {@link #ProtectionDomain(CodeSource,PermissionCollection) statically bound} PermissionCollection then the permission willonly be checked against the PermissionCollection supplied at construction.
However, if the ProtectionDomain was constructed with the constructor variant which supports {@link #ProtectionDomain(CodeSource,PermissionCollection,ClassLoader,java.security.Principal[]) dynamically binding}permissions, then the permission will be checked against the combination of the PermissionCollection supplied at construction and the current Policy binding.
@param permission the Permission object to check. @return true if "permission" is implicit to this ProtectionDomain.

               return cls.getProtectionDomain();
            }
         });


         MBeanTrustPermission permission = new MBeanTrustPermission("register");
         if (!domain.implies(permission))
         {
            throw new AccessControlException("Access denied " + permission + ": MBean class " + cls.getName() + " is not trusted for registration");
         }
      }
   }

View Full Code Here

                } else {
                    final VmType<?> declClass = method.getDeclaringClass();
                    final ProtectionDomain pd = declClass.getProtectionDomain();
                    if (pd != null) {
                        // Unsafe.debug(":pd");
                        if (!pd.implies(perm)) {
                            // Unsafe.debug("Permission denied");
                            throw new AccessControlException("Permission \""
                                + perm + "\" not granted due to "
                                + declClass.getName());
                        }

View Full Code Here

      SecurityManager sm = System.getSecurityManager();
      if (sm != null) {
    ProtectionDomain pd =
        new ProtectionDomain(codeSource, null, this, null);


    if (!pd.implies(downloadPermission)) {
        throw new SecurityException(
      "CodeSource not permitted to define class: " +
      codeSource);
    }
      }

View Full Code Here

      pd = new ProtectionDomain(cs, null, null, null);
       logger.log(Level.FINEST, 
          "Checking protection domain: {0}", pd);
      
      // Check if current domain allows desired permission
      if(!pd.implies(perm)) {
          SecurityException se =  new SecurityException(
        "ProtectionDomain " + pd
        + " does not have required permission: " + perm);
                logger.throwing(ActivateWrapper.class.getName(), 
              "checkPolicyPermission", se);

View Full Code Here

               return cls.getProtectionDomain();
            }
         });


         MBeanTrustPermission permission = new MBeanTrustPermission("register");
         if (!domain.implies(permission))
         {
            throw new AccessControlException("Access denied " + permission + ": MBean class " + cls.getName() + " is not trusted for registration");
         }
      }
   }

View Full Code Here

        final Principal[] principals = this.getPrincipals(account, principalVersusRolesMap);
        final CodeSource codeSource = servletInfo.getServletClass().getProtectionDomain().getCodeSource();
        final ProtectionDomain protectionDomain = new ProtectionDomain(codeSource, null, null, principals);


        // call implies in the protection domain using the constructed WebRoleRefPermission.
        return protectionDomain.implies(permission);
    }


    @Override
    public boolean canAccessResource(List<SingleConstraintMatch> constraints, final Account account, final ServletInfo servletInfo, final HttpServletRequest request, Deployment deployment) {

View Full Code Here

        final Map<String, Set<String>> principalVersusRolesMap = deployment.getDeploymentInfo().getPrincipalVersusRolesMap();
        final Principal[] principals = this.getPrincipals(account, principalVersusRolesMap);
        final CodeSource codeSource = servletInfo.getServletClass().getProtectionDomain().getCodeSource();
        final ProtectionDomain protectionDomain = new ProtectionDomain(codeSource, null, null, principals);


        return protectionDomain.implies(permission);
    }


    @Override
    public TransportGuaranteeType transportGuarantee(TransportGuaranteeType currentConnGuarantee, TransportGuaranteeType configuredRequiredGuarantee, final HttpServletRequest request) {

View Full Code Here

            case NONE: {
                // unprotected connection - create a WebUserDataPermission without any transport guarantee.
                WebUserDataPermission permission = new WebUserDataPermission(canonicalURI, httpMethod, null);


                // if permission was implied then the unprotected connection is ok.
                if (domain.implies(permission)) {
                    return TransportGuaranteeType.NONE;
                }
                else {
                    // if permission was not implied we require protection for the connection.
                    return TransportGuaranteeType.CONFIDENTIAL;

View Full Code Here

            case CONFIDENTIAL: {
                // we will try using both transport guarantees (CONFIDENTIAL and INTEGRAL) as SSL provides both.
                WebUserDataPermission permission = new WebUserDataPermission(canonicalURI, httpMethod,
                        TransportGuaranteeType.CONFIDENTIAL.name());


                if (domain.implies(permission)) {
                    return TransportGuaranteeType.CONFIDENTIAL;
                }
                else {
                    // try with the INTEGRAL connection guarantee type.
                    permission = new WebUserDataPermission(canonicalURI, httpMethod, TransportGuaranteeType.INTEGRAL.name());

View Full Code Here

                    return TransportGuaranteeType.CONFIDENTIAL;
                }
                else {
                    // try with the INTEGRAL connection guarantee type.
                    permission = new WebUserDataPermission(canonicalURI, httpMethod, TransportGuaranteeType.INTEGRAL.name());
                    if (domain.implies(permission)) {
                        return TransportGuaranteeType.INTEGRAL;
                    }
                    else {
                        return TransportGuaranteeType.REJECTED;
                    }

View Full Code Here

0 1 2

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.