river-container-core/src/main/java/org/apache/river/container/security/ContainerCodePolicy.java - river-container - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership. The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License. You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.river.container.security;

 import java.security.*;
 import java.util.ArrayList;
 import java.util.Enumeration;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import org.apache.river.container.MessageNames;

 /**
  Implements the base policy for the container: Anything loaded by the same
 classloader (or one of its ancestors) as this policy has AllPermission.
 Anything loaded by a different classloader has no permissions (and will
 assumedly be granted appropriate permissions dynamically).
  @author trasukg
  */
 public class ContainerCodePolicy extends Policy {
     private static final Logger log=
             Logger.getLogger(ContainerCodePolicy.class.getName(),
             MessageNames.BUNDLE_NAME);

     List<ClassLoader> privilegedClassLoaders=new ArrayList<ClassLoader>();

     public ContainerCodePolicy(ClassLoader bootstrapClassLoader) {
         privilegedClassLoaders.add(bootstrapClassLoader);
         ClassLoader cl=this.getClass().getClassLoader();
         while (cl != null) {
             privilegedClassLoaders.add(cl);
             cl=cl.getParent();
         }
         allPermissions.add(new AllPermission());
         allPermissions.setReadOnly();
         noPermissions.setReadOnly();
     }

     private PermissionCollection allPermissions=new Permissions();
     private PermissionCollection noPermissions=new Permissions();

     @Override
     public PermissionCollection getPermissions(ProtectionDomain domain) {
         if (privilegedClassLoaders.contains(domain.getClassLoader()) ) {
             return copyPermissions(allPermissions);
         } else {
             log.log(Level.FINE, MessageNames.POLICY_DECLINED,
                     new Object[] { domain.getClassLoader() });
             return copyPermissions(noPermissions);
         }
     }

     PermissionCollection copyPermissions(PermissionCollection orig) {
         PermissionCollection pc=new Permissions();
         Enumeration perms=orig.elements();
         while(perms.hasMoreElements()) {
             pc.add((Permission) perms.nextElement());
         }
         return pc;
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.river.container.security;

	import java.security.*;
	import java.util.ArrayList;
	import java.util.Enumeration;
	import java.util.List;
	import java.util.logging.Level;
	import java.util.logging.Logger;
	import org.apache.river.container.MessageNames;

	/**
	Implements the base policy for the container: Anything loaded by the same
	classloader (or one of its ancestors) as this policy has AllPermission.
	Anything loaded by a different classloader has no permissions (and will
	assumedly be granted appropriate permissions dynamically).
	@author trasukg
	*/
	public class ContainerCodePolicy extends Policy {
	private static final Logger log=
	Logger.getLogger(ContainerCodePolicy.class.getName(),
	MessageNames.BUNDLE_NAME);

	List<ClassLoader> privilegedClassLoaders=new ArrayList<ClassLoader>();

	public ContainerCodePolicy(ClassLoader bootstrapClassLoader) {
	privilegedClassLoaders.add(bootstrapClassLoader);
	ClassLoader cl=this.getClass().getClassLoader();
	while (cl != null) {
	privilegedClassLoaders.add(cl);
	cl=cl.getParent();
	}
	allPermissions.add(new AllPermission());
	allPermissions.setReadOnly();
	noPermissions.setReadOnly();
	}

	private PermissionCollection allPermissions=new Permissions();
	private PermissionCollection noPermissions=new Permissions();

	@Override
	public PermissionCollection getPermissions(ProtectionDomain domain) {
	if (privilegedClassLoaders.contains(domain.getClassLoader()) ) {
	return copyPermissions(allPermissions);
	} else {
	log.log(Level.FINE, MessageNames.POLICY_DECLINED,
	new Object[] { domain.getClassLoader() });
	return copyPermissions(noPermissions);
	}
	}

	PermissionCollection copyPermissions(PermissionCollection orig) {
	PermissionCollection pc=new Permissions();
	Enumeration perms=orig.elements();
	while(perms.hasMoreElements()) {
	pc.add((Permission) perms.nextElement());
	}
	return pc;
	}
	}