public boolean implies(Permission permission) {
if (permission.getClass().getSimpleName().equals("URLPermission")) {
return isAllowed(URL_PERMISSION);
} else {
return isAllowed(permission);
}
}
/** readObject is called to restore the state of the BasicPermissionCollection from a stream. */
private void readObject(java.io.ObjectInputStream in) throws IOException, ClassNotFoundException {
// Don't call defaultReadObject()
// Read in serialized fields
ObjectInputStream.GetField gfields = in.readFields();
// Get permissions
Hashtable permissions = (Hashtable) gfields.get("permissions", null);
perms = new HashMap(permissions.size() * 2);
perms.putAll(permissions);
// Get all_allowed
all_allowed = gfields.get("all_allowed", false);
// Get permClass
permClass = (Class) gfields.get("permClass", null);
if (permClass == null) {
// set permClass
Enumeration e = permissions.elements();
if (e.hasMoreElements()) {
Permission p = (Permission) e.nextElement();
permClass = p.getClass();
}
}
}
@Override
public boolean implies(Permission permission) {
if (permission == null || this.getClass() != permission.getClass()) {
return false;
}
PrivateCredentialPermission that = (PrivateCredentialPermission) permission;
if (!("*".equals(credentialClass)
|| credentialClass //$NON-NLS-1$
.equals(that.getCredentialClass()))) {
return false;
}
if (that.offset == 0) {
return true;
}
CredOwner[] thisCo = set;
CredOwner[] thatCo = that.set;
int thisPrincipalsSize = offset;
int thatPrincipalsSize = that.offset;
for (int i = 0, j; i < thisPrincipalsSize; i++) {
for (j = 0; j < thatPrincipalsSize; j++) {
if (thisCo[i].implies(thatCo[j])) {
break;
}
}
if (j == thatCo.length) {
return false;
}
}
return true;
}
public void add(Permission p) {
Class c = p.getClass();
PermissionCollection pc = collections.get(c);
if (pc == null) {
pc = p.newPermissionCollection();
if (pc == null) {
pc = new MyPermissionCollection();
}
collections.put(c, pc);
}
pc.add(p);
}
public void add(Permission permission) {
if (isReadOnly()) {
throw new SecurityException("ClusterPermissionCollection is read-only!");
}
boolean shouldAdd =
(permClass != null && permClass.equals(permission.getClass()))
|| (permission instanceof ClusterPermission);
if (shouldAdd && !implies(permission)) {
perms.add(permission);
}
}
/**
* Checks if the specified permission is "implied" by this object.
*
* <p>More specifically, this method returns true if:
*
* <p>
*
* <ul>
* <li><i>p</i>'s class is the same as this object's class, and
* <p>
* <li><i>p</i>'s name equals or (in the case of wildcards) is implied by this object's name.
* For example, "a.b.*" implies "a.b.c".
* </ul>
*
* @param p the permission to check against.
* @return true if the passed permission is equal to or implied by this permission, false
* otherwise.
*/
public boolean implies(Permission p) {
if ((p == null) || (p.getClass() != getClass())) return false;
BasicPermission that = (BasicPermission) p;
if (this.wildcard) {
if (that.wildcard)
// one wildcard can imply another
return that.path.startsWith(path);
else
// make sure ap.path is longer so a.b.* doesn't imply a.b
return (that.path.length() > this.path.length()) && that.path.startsWith(this.path);
} else {
if (that.wildcard) {
// a non-wildcard can't imply a wildcard
return false;
} else {
return this.path.equals(that.path);
}
}
}
/**
* Determines whether the access request indicated by the specified permission should be allowed
* or denied, based on the security policy currently in effect, and the context in this object.
* The request is allowed only if every ProtectionDomain in the context implies the permission.
* Otherwise the request is denied.
*
* <p>This method quietly returns if the access request is permitted, or throws a suitable
* AccessControlException otherwise.
*
* @param perm the requested permission.
* @exception AccessControlException if the specified permission is not permitted, based on the
* current security policy and the context encapsulated by this object.
* @exception NullPointerException if the permission to check for is null.
*/
public void checkPermission(Permission perm) throws AccessControlException {
boolean dumpDebug = false;
if (perm == null) {
throw new NullPointerException("permission can't be null");
}
if (getDebug() != null) {
// If "codebase" is not specified, we dump the info by default.
dumpDebug = !Debug.isOn("codebase=");
if (!dumpDebug) {
// If "codebase" is specified, only dump if the specified code
// value is in the stack.
for (int i = 0; context != null && i < context.length; i++) {
if (context[i].getCodeSource() != null
&& context[i].getCodeSource().getLocation() != null
&& Debug.isOn("codebase=" + context[i].getCodeSource().getLocation().toString())) {
dumpDebug = true;
break;
}
}
}
dumpDebug &=
!Debug.isOn("permission=")
|| Debug.isOn("permission=" + perm.getClass().getCanonicalName());
if (dumpDebug && Debug.isOn("stack")) {
Thread.currentThread().dumpStack();
}
if (dumpDebug && Debug.isOn("domain")) {
if (context == null) {
debug.println("domain (context is null)");
} else {
for (int i = 0; i < context.length; i++) {
debug.println("domain " + i + " " + context[i]);
}
}
}
}
/*
* iterate through the ProtectionDomains in the context.
* Stop at the first one that doesn't allow the
* requested permission (throwing an exception).
*
*/
/* if ctxt is null, all we had on the stack were system domains,
or the first domain was a Privileged system domain. This
is to make the common case for system code very fast */
if (context == null) return;
for (int i = 0; i < context.length; i++) {
if (context[i] != null && !context[i].implies(perm)) {
if (dumpDebug) {
debug.println("access denied " + perm);
}
if (Debug.isOn("failure") && debug != null) {
// Want to make sure this is always displayed for failure,
// but do not want to display again if already displayed
// above.
if (!dumpDebug) {
debug.println("access denied " + perm);
}
Thread.currentThread().dumpStack();
final ProtectionDomain pd = context[i];
final Debug db = debug;
AccessController.doPrivileged(
new PrivilegedAction<Void>() {
public Void run() {
db.println("domain that failed " + pd);
return null;
}
});
}
throw new AccessControlException("access denied " + perm, perm);
}
}
// allow if all of them allowed access
if (dumpDebug) {
debug.println("access allowed " + perm);
}
return;
}
/* */ Permission resolve(Permission paramPermission, Certificate[] paramArrayOfCertificate)
/* */ {
/* 230 */ if (this.certs != null)
/* */ {
/* 232 */ if (paramArrayOfCertificate == null) {
/* 233 */ return null;
/* */ }
/* */
/* 238 */ for (int j = 0; j < this.certs.length; j++) {
/* 239 */ int i = 0;
/* 240 */ for (int k = 0; k < paramArrayOfCertificate.length; k++) {
/* 241 */ if (this.certs[j].equals(paramArrayOfCertificate[k])) {
/* 242 */ i = 1;
/* 243 */ break;
/* */ }
/* */ }
/* 246 */ if (i == 0) return null;
/* */ }
/* */ }
/* */ try
/* */ {
/* 250 */ Class localClass = paramPermission.getClass();
/* */
/* 252 */ if ((this.name == null) && (this.actions == null)) {
/* */ try {
/* 254 */ Constructor localConstructor1 = localClass.getConstructor(PARAMS0);
/* 255 */ return (Permission) localConstructor1.newInstance(new Object[0]);
/* */ } catch (NoSuchMethodException localNoSuchMethodException2) {
/* */ try {
/* 258 */ Constructor localConstructor4 = localClass.getConstructor(PARAMS1);
/* 259 */ return (Permission) localConstructor4.newInstance(new Object[] {this.name});
/* */ }
/* */ catch (NoSuchMethodException localNoSuchMethodException4) {
/* 262 */ Constructor localConstructor6 = localClass.getConstructor(PARAMS2);
/* 263 */ return (Permission)
localConstructor6.newInstance(new Object[] {this.name, this.actions});
/* */ }
/* */ }
/* */ }
/* */
/* 268 */ if ((this.name != null) && (this.actions == null)) {
/* */ try {
/* 270 */ Constructor localConstructor2 = localClass.getConstructor(PARAMS1);
/* 271 */ return (Permission) localConstructor2.newInstance(new Object[] {this.name});
/* */ }
/* */ catch (NoSuchMethodException localNoSuchMethodException3) {
/* 274 */ Constructor localConstructor5 = localClass.getConstructor(PARAMS2);
/* 275 */ return (Permission)
localConstructor5.newInstance(new Object[] {this.name, this.actions});
/* */ }
/* */ }
/* */
/* 279 */ Constructor localConstructor3 = localClass.getConstructor(PARAMS2);
/* 280 */ return (Permission)
localConstructor3.newInstance(new Object[] {this.name, this.actions});
/* */ }
/* */ catch (NoSuchMethodException localNoSuchMethodException1)
/* */ {
/* 285 */ if (debug != null) {
/* 286 */ debug.println(
"NoSuchMethodException:\n could not find proper constructor for " + this.type);
/* */
/* 288 */ localNoSuchMethodException1.printStackTrace();
/* */ }
/* 290 */ return null;
/* */ } catch (Exception localException) {
/* 292 */ if (debug != null) {
/* 293 */ debug.println("unable to instantiate " + this.name);
/* 294 */ localException.printStackTrace();
/* */ }
/* */ }
/* 296 */ return null;
/* */ }
