org.mozilla.javascript

Class SecurityController

java.lang.Object

org.mozilla.javascript.SecurityController

Direct Known Subclasses:

PolicySecurityController

public abstract class SecurityController
extends java.lang.Object

This class describes the support needed to implement security.

Three main pieces of functionality are required to implement security for JavaScript. First, it must be possible to define classes with an associated security domain. (This security domain may be any object incorporating notion of access restrictions that has meaning to an embedding; for a client-side JavaScript embedding this would typically be java.security.ProtectionDomain or similar object depending on an origin URL and/or a digital certificate.) Next it must be possible to get a security domain object that allows a particular action only if all security domains associated with code on the current Java stack allows it. And finally, it must be possible to execute script code with associated security domain injected into Java stack.

These three pieces of functionality are encapsulated in the SecurityController class.

Since:

1.5 Release 4

See Also:

Context.setSecurityController(SecurityController), ClassLoader

Constructor Summary

Constructors

Constructor and Description
SecurityController()

Method Summary

Methods

Modifier and Type	Method and Description
java.lang.Object	callWithDomain(java.lang.Object securityDomain, Context cx, Callable callable, Scriptable scope, Scriptable thisObj, java.lang.Object[] args) Call Callable.call(Context cx, Scriptable scope, Scriptable thisObj, Object[] args) of callable under restricted security domain where an action is allowed only if it is allowed according to the Java stack on the moment of the execWithDomain call and securityDomain.
abstract GeneratedClassLoader	createClassLoader(java.lang.ClassLoader parentLoader, java.lang.Object securityDomain) Get class loader-like object that can be used to define classes with the given security context.
static GeneratedClassLoader	createLoader(java.lang.ClassLoader parent, java.lang.Object staticDomain) Create GeneratedClassLoader with restrictions imposed by staticDomain and all current stack frames.
java.lang.Object	execWithDomain(Context cx, Scriptable scope, Script script, java.lang.Object securityDomain) Deprecated. The application should not override this method and instead override callWithDomain(Object securityDomain, Context cx, Callable callable, Scriptable scope, Scriptable thisObj, Object[] args).
abstract java.lang.Object	getDynamicSecurityDomain(java.lang.Object securityDomain) Get dynamic security domain that allows an action only if it is allowed by the current Java stack and securityDomain.
static java.lang.Class<?>	getStaticSecurityDomainClass()
java.lang.Class<?>	getStaticSecurityDomainClassInternal()
static boolean	hasGlobal() Check if global SecurityController was already installed.
static void	initGlobal(SecurityController controller) Initialize global controller that will be used for all security-related operations.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityController

public SecurityController()

Method Detail

hasGlobal

public static boolean hasGlobal()

Check if global SecurityController was already installed.

See Also:

initGlobal(SecurityController controller)

initGlobal

public static void initGlobal(SecurityController controller)

Initialize global controller that will be used for all security-related operations. The global controller takes precedence over already installed Context-specific controllers and cause any subsequent call to Context.setSecurityController(SecurityController) to throw an exception.

The method can only be called once.

See Also:

hasGlobal()

createClassLoader

public abstract GeneratedClassLoader createClassLoader(java.lang.ClassLoader parentLoader,
                                     java.lang.Object securityDomain)

Get class loader-like object that can be used to define classes with the given security context.

Parameters:

parentLoader - parent class loader to delegate search for classes not defined by the class loader itself

securityDomain - some object specifying the security context of the code that is defined by the returned class loader.

createLoader

public static GeneratedClassLoader createLoader(java.lang.ClassLoader parent,
                                java.lang.Object staticDomain)

Create GeneratedClassLoader with restrictions imposed by staticDomain and all current stack frames. The method uses the SecurityController instance associated with the current Context to construct proper dynamic domain and create corresponding class loader. If no SecurityController is associated with the current Context , the method calls Context.createClassLoader(ClassLoader parent).

Parameters:

parent - parent class loader. If null, Context.getApplicationClassLoader() will be used.

staticDomain - static security domain.

getStaticSecurityDomainClass

public static java.lang.Class<?> getStaticSecurityDomainClass()

getStaticSecurityDomainClassInternal

public java.lang.Class<?> getStaticSecurityDomainClassInternal()

getDynamicSecurityDomain

public abstract java.lang.Object getDynamicSecurityDomain(java.lang.Object securityDomain)

Get dynamic security domain that allows an action only if it is allowed by the current Java stack and securityDomain. If securityDomain is null, return domain representing permissions allowed by the current stack.

callWithDomain

public java.lang.Object callWithDomain(java.lang.Object securityDomain,
                              Context cx,
                              Callable callable,
                              Scriptable scope,
                              Scriptable thisObj,
                              java.lang.Object[] args)

Call Callable.call(Context cx, Scriptable scope, Scriptable thisObj, Object[] args) of callable under restricted security domain where an action is allowed only if it is allowed according to the Java stack on the moment of the execWithDomain call and securityDomain. Any call to getDynamicSecurityDomain(Object) during execution of callable.call(cx, scope, thisObj, args) should return a domain incorporate restrictions imposed by securityDomain and Java stack on the moment of callWithDomain invocation.

The method should always be overridden, it is not declared abstract for compatibility reasons.

execWithDomain

public java.lang.Object execWithDomain(Context cx,
                              Scriptable scope,
                              Script script,
                              java.lang.Object securityDomain)

Deprecated. The application should not override this method and instead override callWithDomain(Object securityDomain, Context cx, Callable callable, Scriptable scope, Scriptable thisObj, Object[] args).