Google Git
Sign in
apache / river-site / HEAD / . / content / release-doc / current / specs / api / net / jini / security / Security.html
blob: 2fc6c86811475f26ed1bca5d3d9b62832bdadd10 [file] [log] [blame]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (1.8.0) on Sun Aug 28 20:41:45 EST 2016 -->
<title>Security (Apache River v3.0.0 Specification-only API Documentation)</title>
<meta name="date" content="2016-08-28">
<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="Style">
<script type="text/javascript" src="../../../script.js"></script>
</head>
<body>
<script type="text/javascript"><!--
try {
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="Security (Apache River v3.0.0 Specification-only API Documentation)";
}
}
catch(err) {
}
//-->
var methods = {"i0":9,"i1":9,"i2":9,"i3":9,"i4":9,"i5":9,"i6":9,"i7":9,"i8":9,"i9":9,"i10":9,"i11":9,"i12":9};
var tabs = {65535:["t0","All Methods"],1:["t1","Static Methods"],8:["t4","Concrete Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar.top">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a name="navbar.top.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../overview-summary.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/Security.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../index-all.html">Index</a></li>
<li><a href="../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../net/jini/security/ProxyPreparer.html" title="interface in net.jini.security"><span class="typeNameLink">Prev&nbsp;Class</span></a></li>
<li><a href="../../../net/jini/security/SecurityContext.html" title="interface in net.jini.security"><span class="typeNameLink">Next&nbsp;Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../index.html?net/jini/security/Security.html" target="_top">Frames</a></li>
<li><a href="Security.html" target="_top">No&nbsp;Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../allclasses-noframe.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a name="skip.navbar.top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<!-- ======== START OF CLASS DATA ======== -->
<div class="header">
<div class="subTitle">net.jini.security</div>
<h2 title="Class Security" class="title">Class Security</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">java.lang.Object</a></li>
<li>
<ul class="inheritance">
<li>net.jini.security.Security</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<hr>
<br>
<pre>public final class <span class="typeNameLabel">Security</span>
extends <a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></pre>
<div class="block">Provides methods for executing actions with privileges enabled, for
snapshotting security contexts, for verifying trust in proxies, for
verifying codebase integrity, and for dynamically granting permissions.
This class cannot be instantiated.</div>
<dl>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>2.0</dd>
<dt><span class="simpleTagLabel">Author:</span></dt>
<dd>Sun Microsystems, Inc.</dd>
</dl>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- ========== METHOD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="method.summary">
<!-- -->
</a>
<h3>Method Summary</h3>
<table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t1" class="tableTab"><span><a href="javascript:show(1);">Static Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Method and Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code>static &lt;T&gt;&nbsp;T</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../net/jini/security/Security.html#doAs-javax.security.auth.Subject-java.security.PrivilegedAction-">doAs</a></span>(<a href="http://docs.oracle.com/javase/6/docs/api/javax/security/auth/Subject.html?is-external=true" title="class or interface in javax.security.auth">Subject</a>&nbsp;subject,
<a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedAction.html?is-external=true" title="class or interface in java.security">PrivilegedAction</a>&lt;T&gt;&nbsp;action)</code>
<div class="block">Performs work as a particular Subject in the presence of untrusted code,
for distributed systems.</div>
</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code>static &lt;T&gt;&nbsp;T</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../net/jini/security/Security.html#doAs-javax.security.auth.Subject-java.security.PrivilegedExceptionAction-">doAs</a></span>(<a href="http://docs.oracle.com/javase/6/docs/api/javax/security/auth/Subject.html?is-external=true" title="class or interface in javax.security.auth">Subject</a>&nbsp;subject,
<a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedExceptionAction.html?is-external=true" title="class or interface in java.security">PrivilegedExceptionAction</a>&lt;T&gt;&nbsp;action)</code>
<div class="block">Performs work as a particular Subject in the presence of untrusted code,
for distributed systems.</div>
</td>
</tr>
<tr id="i2" class="altColor">
<td class="colFirst"><code>static &lt;T&gt;&nbsp;T</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../net/jini/security/Security.html#doAsPrivileged-javax.security.auth.Subject-java.security.PrivilegedAction-net.jini.security.SecurityContext-">doAsPrivileged</a></span>(<a href="http://docs.oracle.com/javase/6/docs/api/javax/security/auth/Subject.html?is-external=true" title="class or interface in javax.security.auth">Subject</a>&nbsp;subject,
<a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedAction.html?is-external=true" title="class or interface in java.security">PrivilegedAction</a>&lt;T&gt;&nbsp;action,
<a href="../../../net/jini/security/SecurityContext.html" title="interface in net.jini.security">SecurityContext</a>&nbsp;context)</code>
<div class="block">Perform work as a particular Subject in the presence of untrusted code
for distributed systems.</div>
</td>
</tr>
<tr id="i3" class="rowColor">
<td class="colFirst"><code>static &lt;T&gt;&nbsp;T</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../net/jini/security/Security.html#doAsPrivileged-javax.security.auth.Subject-java.security.PrivilegedExceptionAction-net.jini.security.SecurityContext-">doAsPrivileged</a></span>(<a href="http://docs.oracle.com/javase/6/docs/api/javax/security/auth/Subject.html?is-external=true" title="class or interface in javax.security.auth">Subject</a>&nbsp;subject,
<a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedExceptionAction.html?is-external=true" title="class or interface in java.security">PrivilegedExceptionAction</a>&lt;T&gt;&nbsp;action,
<a href="../../../net/jini/security/SecurityContext.html" title="interface in net.jini.security">SecurityContext</a>&nbsp;context)</code>
<div class="block">Perform work as a particular Subject in the presence of untrusted code
for distributed systems.</div>
</td>
</tr>
<tr id="i4" class="altColor">
<td class="colFirst"><code>static &lt;T&gt;&nbsp;T</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../net/jini/security/Security.html#doPrivileged-java.security.PrivilegedAction-">doPrivileged</a></span>(<a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedAction.html?is-external=true" title="class or interface in java.security">PrivilegedAction</a>&lt;T&gt;&nbsp;action)</code>
<div class="block">Executes the specified action's <code>run</code> method with privileges
enabled, preserving the domain combiner (if any) of the calling context.</div>
</td>
</tr>
<tr id="i5" class="rowColor">
<td class="colFirst"><code>static &lt;T&gt;&nbsp;T</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../net/jini/security/Security.html#doPrivileged-java.security.PrivilegedExceptionAction-">doPrivileged</a></span>(<a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedExceptionAction.html?is-external=true" title="class or interface in java.security">PrivilegedExceptionAction</a>&lt;T&gt;&nbsp;action)</code>
<div class="block">Executes the specified action's <code>run</code> method with privileges
enabled, preserving the domain combiner (if any) of the calling context.</div>
</td>
</tr>
<tr id="i6" class="altColor">
<td class="colFirst"><code>static <a href="../../../net/jini/security/SecurityContext.html" title="interface in net.jini.security">SecurityContext</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../net/jini/security/Security.html#getContext--">getContext</a></span>()</code>
<div class="block">Returns a snapshot of the current security context, which can be used to
restore the context at a later time.</div>
</td>
</tr>
<tr id="i7" class="rowColor">
<td class="colFirst"><code>static void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../net/jini/security/Security.html#grant-java.lang.Class-java.lang.Class-">grant</a></span>(<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Class.html?is-external=true" title="class or interface in java.lang">Class</a>&nbsp;fromClass,
<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Class.html?is-external=true" title="class or interface in java.lang">Class</a>&nbsp;toClass)</code>
<div class="block">If the installed security policy provider implements the <a href="../../../net/jini/security/policy/DynamicPolicy.html" title="interface in net.jini.security.policy"><code>DynamicPolicy</code></a> interface, takes the set of permissions dynamically
granted to the class loader of <code>fromClass</code> with the current
subject's principals, determines which of those permissions the calling
context is authorized to grant, and dynamically grants that subset of
the permissions to the class loader of <code>toClass</code>, qualified
with the current subject's principals.</div>
</td>
</tr>
<tr id="i8" class="altColor">
<td class="colFirst"><code>static void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../net/jini/security/Security.html#grant-java.lang.Class-java.security.Permission:A-">grant</a></span>(<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Class.html?is-external=true" title="class or interface in java.lang">Class</a>&nbsp;cl,
<a href="http://docs.oracle.com/javase/6/docs/api/java/security/Permission.html?is-external=true" title="class or interface in java.security">Permission</a>[]&nbsp;permissions)</code>
<div class="block">If the installed security policy provider implements the
<a href="../../../net/jini/security/policy/DynamicPolicy.html" title="interface in net.jini.security.policy"><code>DynamicPolicy</code></a> interface, delegates to the security policy
provider to grant the specified permissions to all protection domains
(including ones not yet created) that are associated with the class
loader of the given class and possess at least the principals of the
current subject (if any).</div>
</td>
</tr>
<tr id="i9" class="rowColor">
<td class="colFirst"><code>static void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../net/jini/security/Security.html#grant-java.lang.Class-java.security.Principal:A-java.security.Permission:A-">grant</a></span>(<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Class.html?is-external=true" title="class or interface in java.lang">Class</a>&nbsp;cl,
<a href="http://docs.oracle.com/javase/6/docs/api/java/security/Principal.html?is-external=true" title="class or interface in java.security">Principal</a>[]&nbsp;principals,
<a href="http://docs.oracle.com/javase/6/docs/api/java/security/Permission.html?is-external=true" title="class or interface in java.security">Permission</a>[]&nbsp;permissions)</code>
<div class="block">If the installed security policy provider implements the
<a href="../../../net/jini/security/policy/DynamicPolicy.html" title="interface in net.jini.security.policy"><code>DynamicPolicy</code></a> interface, delegates to the security policy
provider to grant the specified permissions to all protection domains
(including ones not yet created) that are associated with the class
loader of the given class and possess at least the given set of
principals.</div>
</td>
</tr>
<tr id="i10" class="altColor">
<td class="colFirst"><code>static boolean</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../net/jini/security/Security.html#grantSupported--">grantSupported</a></span>()</code>
<div class="block">Returns <code>true</code> if the installed security policy provider
supports dynamic permission grants--i.e., if it implements the <a href="../../../net/jini/security/policy/DynamicPolicy.html" title="interface in net.jini.security.policy"><code>DynamicPolicy</code></a> interface and calling its <a href="../../../net/jini/security/policy/DynamicPolicy.html#grantSupported--"><code>grantSupported</code></a> method returns
<code>true</code>.</div>
</td>
</tr>
<tr id="i11" class="rowColor">
<td class="colFirst"><code>static void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../net/jini/security/Security.html#verifyCodebaseIntegrity-java.lang.String-java.lang.ClassLoader-">verifyCodebaseIntegrity</a></span>(<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;codebase,
<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/ClassLoader.html?is-external=true" title="class or interface in java.lang">ClassLoader</a>&nbsp;loader)</code>
<div class="block">Verifies that the URLs in the specified codebase all provide content
integrity, using verifiers from the specified class loader.</div>
</td>
</tr>
<tr id="i12" class="altColor">
<td class="colFirst"><code>static void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../net/jini/security/Security.html#verifyObjectTrust-java.lang.Object-java.lang.ClassLoader-java.util.Collection-">verifyObjectTrust</a></span>(<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a>&nbsp;obj,
<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/ClassLoader.html?is-external=true" title="class or interface in java.lang">ClassLoader</a>&nbsp;loader,
<a href="http://docs.oracle.com/javase/6/docs/api/java/util/Collection.html?is-external=true" title="class or interface in java.util">Collection</a>&nbsp;context)</code>
<div class="block">Verifies that the specified object can be trusted to correctly implement
its contract, using verifiers from the specified class loader and
using the specified collection of context objects as necessary.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a name="methods.inherited.from.class.java.lang.Object">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;java.lang.<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></h3>
<code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#clone--" title="class or interface in java.lang">clone</a>, <a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#equals-java.lang.Object-" title="class or interface in java.lang">equals</a>, <a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#finalize--" title="class or interface in java.lang">finalize</a>, <a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#getClass--" title="class or interface in java.lang">getClass</a>, <a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#hashCode--" title="class or interface in java.lang">hashCode</a>, <a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#notify--" title="class or interface in java.lang">notify</a>, <a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#notifyAll--" title="class or interface in java.lang">notifyAll</a>, <a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#toString--" title="class or interface in java.lang">toString</a>, <a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#wait--" title="class or interface in java.lang">wait</a>, <a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#wait-long-" title="class or interface in java.lang">wait</a>, <a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#wait-long-int-" title="class or interface in java.lang">wait</a></code></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ============ METHOD DETAIL ========== -->
<ul class="blockList">
<li class="blockList"><a name="method.detail">
<!-- -->
</a>
<h3>Method Detail</h3>
<a name="verifyObjectTrust-java.lang.Object-java.lang.ClassLoader-java.util.Collection-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>verifyObjectTrust</h4>
<pre>public static&nbsp;void&nbsp;verifyObjectTrust(<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a>&nbsp;obj,
<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/ClassLoader.html?is-external=true" title="class or interface in java.lang">ClassLoader</a>&nbsp;loader,
<a href="http://docs.oracle.com/javase/6/docs/api/java/util/Collection.html?is-external=true" title="class or interface in java.util">Collection</a>&nbsp;context)
throws <a href="http://docs.oracle.com/javase/6/docs/api/java/rmi/RemoteException.html?is-external=true" title="class or interface in java.rmi">RemoteException</a></pre>
<div class="block">Verifies that the specified object can be trusted to correctly implement
its contract, using verifiers from the specified class loader and
using the specified collection of context objects as necessary. If a
<code>null</code> class loader is specified, the context class loader
of the current thread is used instead. Code that is itself downloaded
and that carries its own trust verifiers (to trust other downloaded
code) should specify an explicit class loader unless the calling code
is known to be reachable from the context class loader.
<p>
A <a href="../../../net/jini/security/TrustVerifier.Context.html" title="interface in net.jini.security"><code>TrustVerifier.Context</code></a> is created, containing an ordered list
of trust verifiers (obtained as specified below) and the specified class
loader and collection of context objects. The
<a href="../../../net/jini/security/TrustVerifier.Context.html#isTrustedObject-java.lang.Object-"><code>isTrustedObject</code></a> method
of that context is then called with the specified object. If that call
returns <code>true</code>, then this method returns normally. If that
call throws a <code>RemoteException</code> or
<code>SecurityException</code> exception, that exception is thrown by
this method. If that call returns <code>false</code>, a
<code>SecurityException</code> is thrown.
<p>
The collection of context objects is provided as a means for the
caller to communicate additional information to the trust verifiers.
The meaning of an element in this collection is determined by its
type. As a specific example, if any trust verifiers might communicate
with a remote server (in particular, when verifying a proxy for a
remote server), the caller might be responsible for specifying any
necessary client constraints as a context object of type
<a href="../../../net/jini/core/constraint/MethodConstraints.html" title="interface in net.jini.core.constraint"><code>MethodConstraints</code></a>.
<p>
When security is a concern, this method should be called with a
downloaded proxy before making any other use of the proxy, in order to
verify basic trust in the proxy to correctly implement its contract.
This method can also be used to verify trust in other types of objects,
depending on what verifiers have been configured. In general,
verification of an object involves verification of all of its
constituent objects. However, for objects that are instances of
<a href="../../../net/jini/core/constraint/RemoteMethodControl.html" title="interface in net.jini.core.constraint"><code>RemoteMethodControl</code></a>,
the client constraints (that would be returned by
<a href="../../../net/jini/core/constraint/RemoteMethodControl.html#getConstraints--"><code>RemoteMethodControl.getConstraints</code></a>) are not verified; it is assumed
that the caller will either replace them or independently decide that
it trusts them. Verification of other types of objects may similarly
exempt certain application-controlled state.
<p>
The list of trust verifiers is obtained as follows. For each resource
named
<code>META-INF/services/net.jini.security.TrustVerifier</code>
that is visible to the specified class loader, the contents of the
resource are parsed as UTF-8 text to produce a list of class names.
The resource must contain a list of fully qualified class names, one per
line. Space and tab characters surrounding each name, as well as blank
lines, are ignored. The comment character is <tt>'#'</tt>; all
characters on each line starting with the first comment character are
ignored. Each class name (that is not a duplicate of any previous class
name) is loaded through the specified class loader, and the resulting
class must be assignable to <a href="../../../net/jini/security/TrustVerifier.html" title="interface in net.jini.security"><code>TrustVerifier</code></a> and have a public
no-argument constructor. The constructor is invoked to create a trust
verifier instance. An implementation of this method is permitted to
cache the verifier instances associated with a class loader, rather than
recreating them on every call.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>obj</code> - the object in which to verify trust</dd>
<dd><code>loader</code> - the class loader for finding trust verifiers, or
<code>null</code> to use the context class loader</dd>
<dd><code>context</code> - a collection of context objects for use by trust
verifiers</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/SecurityException.html?is-external=true" title="class or interface in java.lang">SecurityException</a></code> - if the object is not trusted, or if a
<code>SecurityException</code> is thrown by the trust verifier context</dd>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/rmi/RemoteException.html?is-external=true" title="class or interface in java.rmi">RemoteException</a></code> - if a communication-related exception occurs</dd>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/NullPointerException.html?is-external=true" title="class or interface in java.lang">NullPointerException</a></code> - if the collection is <code>null</code></dd>
</dl>
</li>
</ul>
<a name="verifyCodebaseIntegrity-java.lang.String-java.lang.ClassLoader-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>verifyCodebaseIntegrity</h4>
<pre>public static&nbsp;void&nbsp;verifyCodebaseIntegrity(<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;codebase,
<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/ClassLoader.html?is-external=true" title="class or interface in java.lang">ClassLoader</a>&nbsp;loader)
throws <a href="http://docs.oracle.com/javase/6/docs/api/java/net/MalformedURLException.html?is-external=true" title="class or interface in java.net">MalformedURLException</a></pre>
<div class="block">Verifies that the URLs in the specified codebase all provide content
integrity, using verifiers from the specified class loader. If a
<code>null</code> class loader is specified, the context class loader of
the current thread is used instead. An ordered list of integrity
verifiers is obtained as specified below. For each URL (if any) in the
specified codebase, the <a href="../../../net/jini/security/IntegrityVerifier.html#providesIntegrity-java.net.URL-"><code>providesIntegrity</code></a> method of each verifier is called (in order) with
the URL. If any verifier call returns <code>true</code>, the URL is
verified (and no further verifiers are called with that URL). If all of
the verifier calls return <code>false</code> for a URL, this method
throws a <code>SecurityException</code>. If all of the URLs are
verified, this method returns normally.
<p>
The list of integrity verifiers is obtained as follows. For each
resource named
<code>META-INF/services/net.jini.security.IntegrityVerifier</code>
that is visible to the specified class loader, the contents of the
resource are parsed as UTF-8 text to produce a list of class names.
The resource must contain a list of fully qualified class names, one per
line. Space and tab characters surrounding each name, as well as blank
lines, are ignored. The comment character is <tt>'#'</tt>; all
characters on each line starting with the first comment character are
ignored. Each class name (that is not a duplicate of any previous class
name) is loaded through the specified class loader, and the resulting
class must be assignable to <a href="../../../net/jini/security/IntegrityVerifier.html" title="interface in net.jini.security"><code>IntegrityVerifier</code></a> and have a public
no-argument constructor. The constructor is invoked to create an
integrity verifier instance. An implementation of this method is
permitted to cache the verifier instances associated with a
class loader, rather than recreating them on every call.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>codebase</code> - space-separated list of URLs, or <code>null</code></dd>
<dd><code>loader</code> - the class loader for finding integrity verifiers, or
<code>null</code> to use the context class loader</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/net/MalformedURLException.html?is-external=true" title="class or interface in java.net">MalformedURLException</a></code> - if the specified codebase contains
an invalid URL</dd>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/SecurityException.html?is-external=true" title="class or interface in java.lang">SecurityException</a></code> - if any URL in the specified codebase
does not provide content integrity</dd>
</dl>
</li>
</ul>
<a name="getContext--">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getContext</h4>
<pre>public static&nbsp;<a href="../../../net/jini/security/SecurityContext.html" title="interface in net.jini.security">SecurityContext</a>&nbsp;getContext()</pre>
<div class="block">Returns a snapshot of the current security context, which can be used to
restore the context at a later time. If either the installed security
manager or policy provider implements the <a href="../../../net/jini/security/policy/SecurityContextSource.html" title="interface in net.jini.security.policy"><code>SecurityContextSource</code></a>
interface, then this method delegates to the <a href="../../../net/jini/security/policy/SecurityContextSource.html#getContext--"><code>getContext</code></a> method of the
implementing object, with precedence given to the security manager. If
neither the security manager nor the policy provider implement
<code>SecurityContextSource</code>, then a new default
<a href="../../../net/jini/security/SecurityContext.html" title="interface in net.jini.security"><code>SecurityContext</code></a> instance is
returned whose methods have the following semantics:
<ul>
<li>The <code>wrap</code> methods each return their respective
<code>PrivilegedAction</code> and <code>PrivilegedExceptionAction</code>
arguments, unmodified
<li>The <code>getAccessControlContext</code> method returns the
<code>AccessControlContext</code> in effect when the security context
was created
</ul></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>snapshot of the current security context</dd>
</dl>
</li>
</ul>
<a name="doPrivileged-java.security.PrivilegedAction-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>doPrivileged</h4>
<pre>public static&nbsp;&lt;T&gt;&nbsp;T&nbsp;doPrivileged(<a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedAction.html?is-external=true" title="class or interface in java.security">PrivilegedAction</a>&lt;T&gt;&nbsp;action)</pre>
<div class="block">Executes the specified action's <code>run</code> method with privileges
enabled, preserving the domain combiner (if any) of the calling context.
If the action's <code>run</code> method throws an unchecked exception,
that exception is thrown by this method. This method is equivalent to
the <a href="http://docs.oracle.com/javase/6/docs/api/java/security/AccessController.html?is-external=true#doPrivileged-java.security.PrivilegedAction-" title="class or interface in java.security"><code>AccessController.doPrivileged</code></a> method of the same signature, except that
it maintains, instead of clears, the domain combiner (if any) in place
at the time of the call. This typically results in preservation of the
current <a href="http://docs.oracle.com/javase/6/docs/api/javax/security/auth/Subject.html?is-external=true" title="class or interface in javax.security.auth"><code>Subject</code></a> (if the combiner is a <a href="http://docs.oracle.com/javase/6/docs/api/javax/security/auth/SubjectDomainCombiner.html?is-external=true" title="class or interface in javax.security.auth"><code>SubjectDomainCombiner</code></a>), thus retaining permissions granted to
principals of the <code>Subject</code>, as well as the ability to use
credentials of the <code>Subject</code> for authentication.</div>
<dl>
<dt><span class="paramLabel">Type Parameters:</span></dt>
<dd><code>T</code> - </dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>action</code> - the action to be executed</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the object returned by the action's <code>run</code> method</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/NullPointerException.html?is-external=true" title="class or interface in java.lang">NullPointerException</a></code> - if the action is <code>null</code></dd>
</dl>
</li>
</ul>
<a name="doPrivileged-java.security.PrivilegedExceptionAction-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>doPrivileged</h4>
<pre>public static&nbsp;&lt;T&gt;&nbsp;T&nbsp;doPrivileged(<a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedExceptionAction.html?is-external=true" title="class or interface in java.security">PrivilegedExceptionAction</a>&lt;T&gt;&nbsp;action)
throws <a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedActionException.html?is-external=true" title="class or interface in java.security">PrivilegedActionException</a></pre>
<div class="block">Executes the specified action's <code>run</code> method with privileges
enabled, preserving the domain combiner (if any) of the calling context.
If the action's <code>run</code> method throws an unchecked exception,
that exception is thrown by this method. This method is equivalent to
the <a href="http://docs.oracle.com/javase/6/docs/api/java/security/AccessController.html?is-external=true#doPrivileged-java.security.PrivilegedExceptionAction-" title="class or interface in java.security"><code>AccessController.doPrivileged</code></a> method of the same signature, except that
it maintains, instead of clears, the domain combiner (if any) in place
at the time of the call. This typically results in preservation of the
current <code>Subject</code> (if the combiner is a
<code>SubjectDomainCombiner</code>), thus retaining permissions granted
to principals of the <code>Subject</code>, as well as the ability to use
credentials of the <code>Subject</code> for authentication.</div>
<dl>
<dt><span class="paramLabel">Type Parameters:</span></dt>
<dd><code>T</code> - </dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>action</code> - the action to be executed</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the object returned by the action's <code>run</code> method</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedActionException.html?is-external=true" title="class or interface in java.security">PrivilegedActionException</a></code> - if the action's <code>run</code>
method throws a checked exception</dd>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/NullPointerException.html?is-external=true" title="class or interface in java.lang">NullPointerException</a></code> - if the action is <code>null</code></dd>
</dl>
</li>
</ul>
<a name="doAs-javax.security.auth.Subject-java.security.PrivilegedAction-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>doAs</h4>
<pre>public static&nbsp;&lt;T&gt;&nbsp;T&nbsp;doAs(<a href="http://docs.oracle.com/javase/6/docs/api/javax/security/auth/Subject.html?is-external=true" title="class or interface in javax.security.auth">Subject</a>&nbsp;subject,
<a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedAction.html?is-external=true" title="class or interface in java.security">PrivilegedAction</a>&lt;T&gt;&nbsp;action)</pre>
<div class="block">Performs work as a particular Subject in the presence of untrusted code,
for distributed systems.
<p>
This method retrieves the current Threads AccessControlContext and
using a SubjectDomainCombiner subclass, prepends a new ProtectionDomain
implementing <code>SubjectDomain</code>,
containing the Principals of the Subject, a
CodeSource with a null URL and null Certificate array, with no
Permission and a null ClassLoader.
<p>
Unlike Subject.doAs, existing ProtectionDomains are not replaced unless
they implement <code>SubjectDomain</code>.
<p>
Policy grants to Principals only are implied when run as the Subject,
combinations of Principal, CodeSource URL and Certificates never imply
this Subjects Principals as it is treated independently of CodeSource
policy grants, nor do any such grants imply any of the ProtectionDomains
that represent code on the call stack, since these ProtectionDomains are
never replaced with ProtectionDomains containing the Subject Principals.
<p>
The SubjectDomainCombiner used treats CodeSource and Principal grants
as separate concerns.
<p>
If a policy provider is installed that recognises
<code>SubjectDomain</code>, then
Subjects who's principals are mutated are effective immediately.
<p>
No AuthPermission is required to call this method, it cannot elevate
privileges, only reduce them to those determined by a policy for a
particular Subject.
<p></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>subject</code> - The Subject the work will be performed as, may be null.</dd>
<dd><code>action</code> - The code to be run as the Subject.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>The value returned by the PrivilegedAction's run() method.</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/NullPointerException.html?is-external=true" title="class or interface in java.lang">NullPointerException</a></code> - if action is null;</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>3.0.0</dd>
</dl>
</li>
</ul>
<a name="doAs-javax.security.auth.Subject-java.security.PrivilegedExceptionAction-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>doAs</h4>
<pre>public static&nbsp;&lt;T&gt;&nbsp;T&nbsp;doAs(<a href="http://docs.oracle.com/javase/6/docs/api/javax/security/auth/Subject.html?is-external=true" title="class or interface in javax.security.auth">Subject</a>&nbsp;subject,
<a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedExceptionAction.html?is-external=true" title="class or interface in java.security">PrivilegedExceptionAction</a>&lt;T&gt;&nbsp;action)
throws <a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedActionException.html?is-external=true" title="class or interface in java.security">PrivilegedActionException</a></pre>
<div class="block">Performs work as a particular Subject in the presence of untrusted code,
for distributed systems.
<p>
This method retrieves the current Thread AccessControlContext and
using a SubjectDomainCombiner subclass, prepends a new ProtectionDomain
implementing <code>SubjectDomain</code>,
containing the Principals of the Subject, a
CodeSource with a null URL and null Certificate array, with no
Permission and a null ClassLoader.
<p>
Unlike Subject.doAs, existing ProtectionDomains are not replaced unless
they implement <code>SubjectDomain</code>.
<p>
Policy grants to Principals only are implied when run as the Subject,
combinations of Principal, CodeSource URL and Certificate grants never imply
this Subjects Principals as it is treated independently of CodeSource
policy grants, nor do any such grants imply any of the ProtectionDomains
that represent code on the call stack, since these ProtectionDomains are
never replaced with ProtectionDomains containing the Subject Principals.
<p>
The SubjectDomainCombiner subclass used treats CodeSource and Principal grants
as separate concerns.
<p>
The SubjectDomainCombiner subclass implementation
is package private and can only be accessed through SubjectDomainCombiner
public methods.
<p>
If a policy provider is installed that recognizes
<code>SubjectDomain</code>, then
Subjects who's principals are mutated are effective immediately.
<p>
No AuthPermission is required to call this method, it cannot elevate
privileges, only reduce them to those determined by a policy for a
particular Subject.
<p></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>subject</code> - The Subject the work will be performed as, may be null.</dd>
<dd><code>action</code> - The code to be run as the Subject.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>The value returned by the PrivilegedAction's run() method.</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/NullPointerException.html?is-external=true" title="class or interface in java.lang">NullPointerException</a></code> - if action is null;</dd>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedActionException.html?is-external=true" title="class or interface in java.security">PrivilegedActionException</a></code></dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>3.0.0</dd>
</dl>
</li>
</ul>
<a name="doAsPrivileged-javax.security.auth.Subject-java.security.PrivilegedAction-net.jini.security.SecurityContext-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>doAsPrivileged</h4>
<pre>public static&nbsp;&lt;T&gt;&nbsp;T&nbsp;doAsPrivileged(<a href="http://docs.oracle.com/javase/6/docs/api/javax/security/auth/Subject.html?is-external=true" title="class or interface in javax.security.auth">Subject</a>&nbsp;subject,
<a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedAction.html?is-external=true" title="class or interface in java.security">PrivilegedAction</a>&lt;T&gt;&nbsp;action,
<a href="../../../net/jini/security/SecurityContext.html" title="interface in net.jini.security">SecurityContext</a>&nbsp;context)</pre>
<div class="block">Perform work as a particular Subject in the presence of untrusted code
for distributed systems.
This method behaves exactly as Security.doAs, except that instead of
retrieving the current Threads <code>AccessControlContext</code>,
it uses the provided <code>SecurityContext</code>. If the provided
<code>SecurityContext</code> is null this method instantiates a new
<code>AccessControlContext</code> with an empty array of ProtectionDomains.
Unlike Security.doAs which doesn't require any privileges, this method
requires the same Permission as Subject.doAsPrivileged to execute.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>subject</code> - The Subject the work will be performed as, may be null.</dd>
<dd><code>action</code> - The code to be run as the Subject.</dd>
<dd><code>context</code> - The SecurityContext to be tied to the specific action
and subject.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>The value returned by the PrivilegedAction's run() method.</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/NullPointerException.html?is-external=true" title="class or interface in java.lang">NullPointerException</a></code> - if the specified PrivilegedExceptionAction
is null.</dd>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/SecurityException.html?is-external=true" title="class or interface in java.lang">SecurityException</a></code> - if the caller doesn't have permission to call
this method.</dd>
</dl>
</li>
</ul>
<a name="doAsPrivileged-javax.security.auth.Subject-java.security.PrivilegedExceptionAction-net.jini.security.SecurityContext-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>doAsPrivileged</h4>
<pre>public static&nbsp;&lt;T&gt;&nbsp;T&nbsp;doAsPrivileged(<a href="http://docs.oracle.com/javase/6/docs/api/javax/security/auth/Subject.html?is-external=true" title="class or interface in javax.security.auth">Subject</a>&nbsp;subject,
<a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedExceptionAction.html?is-external=true" title="class or interface in java.security">PrivilegedExceptionAction</a>&lt;T&gt;&nbsp;action,
<a href="../../../net/jini/security/SecurityContext.html" title="interface in net.jini.security">SecurityContext</a>&nbsp;context)
throws <a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedActionException.html?is-external=true" title="class or interface in java.security">PrivilegedActionException</a></pre>
<div class="block">Perform work as a particular Subject in the presence of untrusted code
for distributed systems.
This method behaves exactly as Security.doAs, except that instead of
retrieving the current Threads <code>AccessControlContext</code>,
it uses the provided <code>SecurityContext</code>. If the provided
<code>SecurityContext</code> is null this method instantiates a new
<code>AccessControlContext</code> with an empty array of ProtectionDomains.
Unlike Security.doAs which doesn't require any privileges, this method
requires the same Permission as Subject.doAsPrivileged to execute.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>subject</code> - The Subject the work will be performed as, may be null.</dd>
<dd><code>action</code> - The code to be run as the Subject.</dd>
<dd><code>context</code> - The SecurityContext to be tied to the specific action
and subject.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>The value returned by the PrivilegedAction's run() method.</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/NullPointerException.html?is-external=true" title="class or interface in java.lang">NullPointerException</a></code> - if the specified PrivilegedExceptionAction
is null.</dd>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/SecurityException.html?is-external=true" title="class or interface in java.lang">SecurityException</a></code> - if the caller doesn't have permission to call
this method.</dd>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/security/PrivilegedActionException.html?is-external=true" title="class or interface in java.security">PrivilegedActionException</a></code> - if the PrivilegedActionException.run
method throws a checked exception.</dd>
</dl>
</li>
</ul>
<a name="grantSupported--">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>grantSupported</h4>
<pre>public static&nbsp;boolean&nbsp;grantSupported()</pre>
<div class="block">Returns <code>true</code> if the installed security policy provider
supports dynamic permission grants--i.e., if it implements the <a href="../../../net/jini/security/policy/DynamicPolicy.html" title="interface in net.jini.security.policy"><code>DynamicPolicy</code></a> interface and calling its <a href="../../../net/jini/security/policy/DynamicPolicy.html#grantSupported--"><code>grantSupported</code></a> method returns
<code>true</code>. Returns <code>false</code> otherwise.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd><code>true</code> if the installed security policy provider
supports dynamic permission grants</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../net/jini/security/Security.html#grant-java.lang.Class-java.security.Permission:A-"><code>grant(Class,Permission[])</code></a>,
<a href="../../../net/jini/security/Security.html#grant-java.lang.Class-java.security.Principal:A-java.security.Permission:A-"><code>grant(Class,Principal[],Permission[])</code></a>,
<a href="../../../net/jini/security/Security.html#grant-java.lang.Class-java.lang.Class-"><code>grant(Class,Class)</code></a></dd>
</dl>
</li>
</ul>
<a name="grant-java.lang.Class-java.security.Permission:A-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>grant</h4>
<pre>public static&nbsp;void&nbsp;grant(<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Class.html?is-external=true" title="class or interface in java.lang">Class</a>&nbsp;cl,
<a href="http://docs.oracle.com/javase/6/docs/api/java/security/Permission.html?is-external=true" title="class or interface in java.security">Permission</a>[]&nbsp;permissions)</pre>
<div class="block">If the installed security policy provider implements the
<a href="../../../net/jini/security/policy/DynamicPolicy.html" title="interface in net.jini.security.policy"><code>DynamicPolicy</code></a> interface, delegates to the security policy
provider to grant the specified permissions to all protection domains
(including ones not yet created) that are associated with the class
loader of the given class and possess at least the principals of the
current subject (if any). If the given class is <code>null</code>, then
the grant applies across all protection domains that possess at least
the current subject's principals. The current subject is determined by
calling <a href="http://docs.oracle.com/javase/6/docs/api/javax/security/auth/Subject.html?is-external=true#getSubject-java.security.AccessControlContext-" title="class or interface in javax.security.auth"><code>Subject.getSubject</code></a> on the context
returned by <a href="http://docs.oracle.com/javase/6/docs/api/java/security/AccessController.html?is-external=true#getContext--" title="class or interface in java.security"><code>AccessController.getContext</code></a>. If the current subject is
<code>null</code> or has no principals, then principals are effectively
ignored in determining the protection domains to which the grant
applies.
<p>
The given class, if non-<code>null</code>, must belong to either the
system domain or a protection domain whose associated class loader is
non-<code>null</code>. If the class does not belong to such a
protection domain, then no permissions are granted and an
<code>UnsupportedOperationException</code> is thrown.
<p>
If a security manager is installed, its <code>checkPermission</code>
method is called with a <a href="../../../net/jini/security/GrantPermission.html" title="class in net.jini.security"><code>GrantPermission</code></a> containing the
permissions to grant; if the permission check fails, then no permissions
are granted and the resulting <code>SecurityException</code> is thrown.
The permissions array passed in is neither modified nor retained;
subsequent changes to the array have no effect on the grant operation.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>cl</code> - class to grant permissions to the class loader of, or
<code>null</code> if granting across all class loaders</dd>
<dd><code>permissions</code> - if non-<code>null</code>, permissions to grant</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/UnsupportedOperationException.html?is-external=true" title="class or interface in java.lang">UnsupportedOperationException</a></code> - if the installed security policy
provider does not support dynamic permission grants, or if
<code>cl</code> is non-<code>null</code> and belongs to a protection
domain other than the system domain with an associated class loader of
<code>null</code></dd>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/SecurityException.html?is-external=true" title="class or interface in java.lang">SecurityException</a></code> - if a security manager is installed and the
calling context does not have <code>GrantPermission</code> for the given
permissions</dd>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/NullPointerException.html?is-external=true" title="class or interface in java.lang">NullPointerException</a></code> - if any element of the permissions array is
<code>null</code></dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../net/jini/security/Security.html#grantSupported--"><code>grantSupported()</code></a>,
<a href="../../../net/jini/security/policy/DynamicPolicy.html#grant-java.lang.Class-java.security.Principal:A-java.security.Permission:A-"><code>DynamicPolicy.grant(Class,Principal[],Permission[])</code></a></dd>
</dl>
</li>
</ul>
<a name="grant-java.lang.Class-java.security.Principal:A-java.security.Permission:A-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>grant</h4>
<pre>public static&nbsp;void&nbsp;grant(<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Class.html?is-external=true" title="class or interface in java.lang">Class</a>&nbsp;cl,
<a href="http://docs.oracle.com/javase/6/docs/api/java/security/Principal.html?is-external=true" title="class or interface in java.security">Principal</a>[]&nbsp;principals,
<a href="http://docs.oracle.com/javase/6/docs/api/java/security/Permission.html?is-external=true" title="class or interface in java.security">Permission</a>[]&nbsp;permissions)</pre>
<div class="block">If the installed security policy provider implements the
<a href="../../../net/jini/security/policy/DynamicPolicy.html" title="interface in net.jini.security.policy"><code>DynamicPolicy</code></a> interface, delegates to the security policy
provider to grant the specified permissions to all protection domains
(including ones not yet created) that are associated with the class
loader of the given class and possess at least the given set of
principals. If the given class is <code>null</code>, then the grant
applies across all protection domains that possess at least the
specified principals. If the list of principals is <code>null</code> or
empty, then principals are effectively ignored in determining the
protection domains to which the grant applies.
<p>
The given class, if non-<code>null</code>, must belong to either the
system domain or a protection domain whose associated class loader is
non-<code>null</code>. If the class does not belong to such a
protection domain, then no permissions are granted and an
<code>UnsupportedOperationException</code> is thrown.
<p>
If a security manager is installed, its <code>checkPermission</code>
method is called with a <code>GrantPermission</code> containing the
permissions to grant; if the permission check fails, then no permissions
are granted and the resulting <code>SecurityException</code> is thrown.
The principals and permissions arrays passed in are neither modified nor
retained; subsequent changes to the arrays have no effect on the grant
operation.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>cl</code> - class to grant permissions to the class loader of, or
<code>null</code> if granting across all class loaders</dd>
<dd><code>principals</code> - if non-<code>null</code>, minimum set of principals to
which grants apply</dd>
<dd><code>permissions</code> - if non-<code>null</code>, permissions to grant</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/UnsupportedOperationException.html?is-external=true" title="class or interface in java.lang">UnsupportedOperationException</a></code> - if the installed security policy
provider does not support dynamic permission grants, or if
<code>cl</code> is non-<code>null</code> and belongs to a protection
domain other than the system domain with an associated class loader of
<code>null</code></dd>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/SecurityException.html?is-external=true" title="class or interface in java.lang">SecurityException</a></code> - if a security manager is installed and the
calling context does not have <code>GrantPermission</code> for the given
permissions</dd>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/NullPointerException.html?is-external=true" title="class or interface in java.lang">NullPointerException</a></code> - if any element of the principals or
permissions arrays is <code>null</code></dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../net/jini/security/Security.html#grantSupported--"><code>grantSupported()</code></a>,
<a href="../../../net/jini/security/policy/DynamicPolicy.html#grant-java.lang.Class-java.security.Principal:A-java.security.Permission:A-"><code>DynamicPolicy.grant(Class,Principal[],Permission[])</code></a></dd>
</dl>
</li>
</ul>
<a name="grant-java.lang.Class-java.lang.Class-">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>grant</h4>
<pre>public static&nbsp;void&nbsp;grant(<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Class.html?is-external=true" title="class or interface in java.lang">Class</a>&nbsp;fromClass,
<a href="http://docs.oracle.com/javase/6/docs/api/java/lang/Class.html?is-external=true" title="class or interface in java.lang">Class</a>&nbsp;toClass)</pre>
<div class="block">If the installed security policy provider implements the <a href="../../../net/jini/security/policy/DynamicPolicy.html" title="interface in net.jini.security.policy"><code>DynamicPolicy</code></a> interface, takes the set of permissions dynamically
granted to the class loader of <code>fromClass</code> with the current
subject's principals, determines which of those permissions the calling
context is authorized to grant, and dynamically grants that subset of
the permissions to the class loader of <code>toClass</code>, qualified
with the current subject's principals. The current subject is
determined by calling <a href="http://docs.oracle.com/javase/6/docs/api/javax/security/auth/Subject.html?is-external=true#getSubject-java.security.AccessControlContext-" title="class or interface in javax.security.auth"><code>Subject.getSubject</code></a> on
the context returned by <a href="http://docs.oracle.com/javase/6/docs/api/java/security/AccessController.html?is-external=true#getContext--" title="class or interface in java.security"><code>AccessController.getContext</code></a>; the permissions dynamically granted to
<code>fromClass</code> are determined by calling the <a href="../../../net/jini/security/policy/DynamicPolicy.html#getGrants-java.lang.Class-java.security.Principal:A-"><code>getGrants</code></a> method of the currently installed
policy, and the permission grant to <code>toClass</code> is performed by
invoking the <a href="../../../net/jini/security/policy/DynamicPolicy.html#grant-java.lang.Class-java.security.Principal:A-java.security.Permission:A-"><code>grant</code></a> method of the current
policy.
<p>
Both of the given classes must be non-<code>null</code>, and must belong
to either the system domain or a protection domain whose associated
class loader is non-<code>null</code>. If either class does not belong
to such a protection domain, then no permissions are granted and an
<code>UnsupportedOperationException</code> is thrown.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>fromClass</code> - class indicating the source class loader of the dynamic
grants to propagate</dd>
<dd><code>toClass</code> - class indicating the target class loader of the dynamic
grants to propagate</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/NullPointerException.html?is-external=true" title="class or interface in java.lang">NullPointerException</a></code> - if <code>fromClass</code> or
<code>toClass</code> is <code>null</code></dd>
<dd><code><a href="http://docs.oracle.com/javase/6/docs/api/java/lang/UnsupportedOperationException.html?is-external=true" title="class or interface in java.lang">UnsupportedOperationException</a></code> - if currently installed policy does
not support dynamic permission grants, or if either specified class
belongs to a protection domain with a <code>null</code> class loader,
other than the system domain</dd>
</dl>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<!-- ========= END OF CLASS DATA ========= -->
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar.bottom">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a name="navbar.bottom.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../overview-summary.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/Security.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../index-all.html">Index</a></li>
<li><a href="../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../net/jini/security/ProxyPreparer.html" title="interface in net.jini.security"><span class="typeNameLink">Prev&nbsp;Class</span></a></li>
<li><a href="../../../net/jini/security/SecurityContext.html" title="interface in net.jini.security"><span class="typeNameLink">Next&nbsp;Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../index.html?net/jini/security/Security.html" target="_top">Frames</a></li>
<li><a href="Security.html" target="_top">No&nbsp;Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../allclasses-noframe.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a name="skip.navbar.bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</body>
</html>