5.4. Protection Domains
A protection domain is a grouping of a code source
and permissions--that is, a protection domain represents all the
permissions that are granted to a particular code source. In the
default implementation of the Policy class, a
protection domain is one grant entry in the file. A protection domain
is an instance of the ProtectionDomain class
(java.security.ProtectionDomain) and is constructed as follows:
-
public ProtectionDomain(CodeSource cs, PermissionCollection p)
-
Construct a protection domain based on the given code source and set
of permissions.
When associated with a class, a protection domain means that the
given class was loaded from the site specified in the code source,
was signed by the public keys specified in the code source, and
should have permission to perform the set of operations represented
in the permission collection object. Each
class in the virtual machine may belong
to one and only one protection domain, which is set by the class
loader when the class is defined.
However, not all class loaders have a specific protection
domain associated with them: classes that are loaded by the
primordial class loader have no protection domain. In particular,
this means that classes that exist as part of the system class path
(that is, the Java API classes) have no explicit protection domain.
We can think of these classes as belonging to the system protection
domain.
A protection domain is set for a class inside the
defineClass() method. A protection domain is assigned
to a class depending upon one of the following cases:
-
The defineClass() method accepts a protection
domain as a parameter. In this case, the given protection domain is
assigned to the class. This case is typically unused, since that
method exists in only the ClassLoader class and
not in the SecureClassLoader class.
-
The defineClass() method accepts a code source
as a parameter. In this case, the
getPermissions() method of the
SecureClassLoader is used to determine the
protection domain for the code source. By default, this just uses the
getPermissions() class of the
Policy class to find the permissions that are
defined for the given code base. A secure class loader (including a
URL class loader) has the option of overriding the
getPermissions() method to enhance the
permissions a particular class might have. We'll see an example
of this in Chapter 6, "Implementing Security Policies", when we discuss network permissions in the
class loader.
-
The defineClass() method accepts neither of
these parameters. In this case, a protection domain is defined based
on a code source with null parameters and a set
of permissions that have been defined by the system's security
policy (retrieved with the getPermissions()
method). This case will include the default grant entry we listed
earlier.
There are three utility methods of the
ProtectionDomain class:
-
public CodeSource
getCodeSource()
-
Return the code source that was used to construct this protection
domain.
-
public PermissionCollection
getPermissions()
-
Return the permission collection object that was used to construct
this protection domain.
-
public boolean
implies(Permission p)
-
Indicate whether the given permission is implied by the permissions
object contained in this protection domain.
| | |
5.3. The Policy Class | | 5.5. The AccessController Class |
Copyright © 2001 O'Reilly & Associates. All rights reserved.
|
|