de.unkrig.commons.lang.security.Sandbox
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
public final class Sandbox
This class establishes a security manager that confines the permissions for code executed through specific classes, which may be specified by class, class name and/or class loader.
To 'execute through a class' means that the execution stack includes the class. E.g., if a method of class A
invokes a method of class B, which then invokes a method of class C, and all three classes were
previously confined, then for all actions that are executed by class C
the intersection of the three Permissions apply.
Once the permissions for a class, class name or class loader are confined, they cannot be changed; this prevents any attempts (e.g. of a confined class itself) to release the confinement.
Code example:
Runnable unprivileged = new Runnable() {
public void run() {
System.getProperty("user.dir");
}
};
// Run without confinement.
unprivileged.run(); // Works fine.
// Set the most strict permissions.
Sandbox.confine(unprivileged.getClass(), new Permissions());
unprivileged.run(); // Throws a SecurityException.
// Attempt to change the permissions.
{
Permissions permissions = new Permissions();
permissions.add(new AllPermission());
Sandbox.confine(unprivileged.getClass(), permissions); // Throws a SecurityException.
}
unprivileged.run();
| Method Summary | |
|---|---|
static void |
confine(java.lang.Class<?> clasS,
java.security.AccessControlContext accessControlContext)
All future actions that are executed through the given clasS will be checked against the given accessControlContext. |
static void |
confine(java.lang.Class<?> clasS,
java.security.Permissions permissions)
All future actions that are executed through the given clasS will be checked against the given permissions. |
static void |
confine(java.lang.Class<?> clasS,
java.security.ProtectionDomain protectionDomain)
All future actions that are executed through the given clasS will be checked against the given protectionDomain. |
static void |
confine(java.lang.ClassLoader classLoader,
java.security.AccessControlContext accessControlContext)
All future actions that are executed through classes that were loaded through the given classLoader
will be checked against the given accessControlContext. |
static void |
confine(java.lang.ClassLoader classLoader,
java.security.Permissions permissions)
All future actions that are executed through classes that were loaded through the given classLoader
will be checked against the given permissions. |
static void |
confine(java.lang.ClassLoader classLoader,
java.security.ProtectionDomain protectionDomain)
All future actions that are executed through classes that were loaded through the given classLoader
will be checked against the given protectionDomain. |
static void |
confine(java.lang.String className,
java.security.AccessControlContext accessControlContext)
All future actions that are executed through the named class will be checked against the given accessControlContext. |
static void |
confine(java.lang.String className,
java.security.Permissions permissions)
All future actions that are executed through the named class will be checked against the given permissions. |
static void |
confine(java.lang.String className,
java.security.ProtectionDomain protectionDomain)
All future actions that are executed through the named class will be checked against the given protectionDomain. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Method Detail |
|---|
public static void confine(java.lang.Class<?> clasS,
java.security.AccessControlContext accessControlContext)
clasS will be checked against the given accessControlContext.
java.lang.SecurityException - Permissions are already confined for the clasS
public static void confine(java.lang.Class<?> clasS,
java.security.ProtectionDomain protectionDomain)
clasS will be checked against the given protectionDomain.
java.lang.SecurityException - Permissions are already confined for the clasS
public static void confine(java.lang.Class<?> clasS,
java.security.Permissions permissions)
clasS will be checked against the given permissions.
java.lang.SecurityException - Permissions are already confined for the clasS
public static void confine(java.lang.String className,
java.security.AccessControlContext accessControlContext)
accessControlContext.
java.lang.SecurityException - Permissions are already confined for the className
public static void confine(java.lang.String className,
java.security.ProtectionDomain protectionDomain)
protectionDomain.
java.lang.SecurityException - Permissions are already confined for the className
public static void confine(java.lang.String className,
java.security.Permissions permissions)
permissions.
java.lang.SecurityException - Permissions are already confined for the className
public static void confine(java.lang.ClassLoader classLoader,
java.security.AccessControlContext accessControlContext)
classLoader
will be checked against the given accessControlContext.
java.lang.SecurityException - Permissions are already confined for the classLoader
public static void confine(java.lang.ClassLoader classLoader,
java.security.ProtectionDomain protectionDomain)
classLoader
will be checked against the given protectionDomain.
java.lang.SecurityException - Permissions are already confined for the classLoader
public static void confine(java.lang.ClassLoader classLoader,
java.security.Permissions permissions)
classLoader
will be checked against the given permissions.
java.lang.SecurityException - Permissions are already confined for the classLoader
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||