PolicySecurityController (Rhino)

java.lang.Object
- org.mozilla.javascript.SecurityController
- - org.mozilla.javascript.PolicySecurityController

```
public class PolicySecurityController
extends SecurityController
```
A security controller relying on Java Policy in effect. When you use this security controller, your securityDomain objects must be instances of CodeSource representing the location from where you load your scripts. Any Java policy "grant" statements matching the URL and certificate in code sources will apply to the scripts. If you specify any certificates within your CodeSource objects, it is your responsibility to verify (or not) that the script source files are signed in whatever implementation-specific way you're using.

Author:

Attila Szegedi

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class PolicySecurityController.SecureCaller

Nested Classes
Modifier and Type	Class and Description
`static class`	`PolicySecurityController.SecureCaller`

Constructor Summary

Constructors
Constructor and Description

PolicySecurityController()

Constructors
Constructor and Description
`PolicySecurityController()`

Method Summary

Methods
Modifier and Type	Method and Description
`java.lang.Object`	`callWithDomain(java.lang.Object securityDomain, Context cx, Callable callable, Scriptable scope, Scriptable thisObj, java.lang.Object[] args)` Call `Callable.call(Context cx, Scriptable scope, Scriptable thisObj, Object[] args)` of callable under restricted security domain where an action is allowed only if it is allowed according to the Java stack on the moment of the execWithDomain call and securityDomain.
`GeneratedClassLoader`	`createClassLoader(java.lang.ClassLoader parent, java.lang.Object securityDomain)` Get class loader-like object that can be used to define classes with the given security context.
`java.lang.Object`	`getDynamicSecurityDomain(java.lang.Object securityDomain)` Get dynamic security domain that allows an action only if it is allowed by the current Java stack and securityDomain.
`java.lang.Class<?>`	`getStaticSecurityDomainClassInternal()`

Methods inherited from class org.mozilla.javascript.SecurityController
createLoader, execWithDomain, getStaticSecurityDomainClass, hasGlobal, initGlobal

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - PolicySecurityController
```
public PolicySecurityController()
```
- Method Detail
  - getStaticSecurityDomainClassInternal
```
public java.lang.Class<?> getStaticSecurityDomainClassInternal()
```
    Overrides:
    
    getStaticSecurityDomainClassInternal in class SecurityController
  - createClassLoader
```
public GeneratedClassLoader createClassLoader(java.lang.ClassLoader parent,
                                     java.lang.Object securityDomain)
```
    Description copied from class: SecurityController
    
    Get class loader-like object that can be used to define classes with the given security context.
    
    Specified by:
    
    createClassLoader in class SecurityController
    
    Parameters:
    parent - parent class loader to delegate search for classes not defined by the class loader itself
    securityDomain - some object specifying the security context of the code that is defined by the returned class loader.
  - getDynamicSecurityDomain
```
public java.lang.Object getDynamicSecurityDomain(java.lang.Object securityDomain)
```
    Description copied from class: SecurityController
    
    Get dynamic security domain that allows an action only if it is allowed by the current Java stack and securityDomain. If securityDomain is null, return domain representing permissions allowed by the current stack.
    
    Specified by:
    
    getDynamicSecurityDomain in class SecurityController
  - callWithDomain
```
public java.lang.Object callWithDomain(java.lang.Object securityDomain,
                              Context cx,
                              Callable callable,
                              Scriptable scope,
                              Scriptable thisObj,
                              java.lang.Object[] args)
```
    Description copied from class: SecurityController
    
    Call Callable.call(Context cx, Scriptable scope, Scriptable thisObj, Object[] args) of callable under restricted security domain where an action is allowed only if it is allowed according to the Java stack on the moment of the execWithDomain call and securityDomain. Any call to SecurityController.getDynamicSecurityDomain(Object) during execution of callable.call(cx, scope, thisObj, args) should return a domain incorporate restrictions imposed by securityDomain and Java stack on the moment of callWithDomain invocation.
    The method should always be overridden, it is not declared abstract for compatibility reasons.
    
    Overrides:
    
    callWithDomain in class SecurityController

Class PolicySecurityController

Nested Class Summary

Constructor Summary

Method Summary

Methods inherited from class org.mozilla.javascript.SecurityController

Methods inherited from class java.lang.Object

Constructor Detail

PolicySecurityController

Method Detail

getStaticSecurityDomainClassInternal

createClassLoader

getDynamicSecurityDomain

callWithDomain