KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > sun > jmx > remote > security > JMXSubjectDomainCombiner


1 /*
2  * @(#)JMXSubjectDomainCombiner.java 1.7 04/05/27
3  *
4  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
5  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
6  */
7
8 package com.sun.jmx.remote.security;
9
10 import java.security.AccessControlContext JavaDoc;
11 import java.security.AccessController JavaDoc;
12 import java.security.AllPermission JavaDoc;
13 import java.security.CodeSource JavaDoc;
14 import java.security.Permissions JavaDoc;
15 import java.security.ProtectionDomain JavaDoc;
16 import javax.security.auth.Subject JavaDoc;
17 import javax.security.auth.SubjectDomainCombiner JavaDoc;
18
19 /**
20  * <p>This class represents an extension to the {@link SubjectDomainCombiner}
21  * and is used to add a new {@link ProtectionDomain}, comprised of a null
22  * codesource/signers and an empty permission set, to the access control
23  * context with which this combiner is combined.</p>
24  *
25  * <p>When the {@link #combine} method is called the {@link ProtectionDomain}
26  * is augmented with the permissions granted to the set of principals present
27  * in the supplied {@link Subject}.</p>
28  */
29 public class JMXSubjectDomainCombiner extends SubjectDomainCombiner JavaDoc {
30
31     public JMXSubjectDomainCombiner(Subject JavaDoc s) {
32         super(s);
33     }
34
35     public ProtectionDomain JavaDoc[] combine(ProtectionDomain JavaDoc[] current,
36                                       ProtectionDomain JavaDoc[] assigned) {
37         // Add a new ProtectionDomain with the null codesource/signers, and
38 // the empty permission set, to the end of the array containing the
39 // 'current' protections domains, i.e. the ones that will be augmented
40 // with the permissions granted to the set of principals present in
41 // the supplied subject.
42 //
43 ProtectionDomain JavaDoc[] newCurrent;
44         if (current == null || current.length == 0) {
45             newCurrent = new ProtectionDomain JavaDoc[1];
46             newCurrent[0] = pdNoPerms;
47         } else {
48             newCurrent = new ProtectionDomain JavaDoc[current.length + 1];
49             for (int i = 0; i < current.length; i++) {
50                 newCurrent[i] = current[i];
51             }
52             newCurrent[current.length] = pdNoPerms;
53         }
54         return super.combine(newCurrent, assigned);
55     }
56
57     /**
58      * A null CodeSource.
59      */
60     private static final CodeSource JavaDoc nullCodeSource =
61     new CodeSource JavaDoc(null, (java.security.cert.Certificate JavaDoc[]) null);
62
63     /**
64      * A ProtectionDomain with a null CodeSource and an empty permission set.
65      */
66     private static final ProtectionDomain JavaDoc pdNoPerms =
67     new ProtectionDomain JavaDoc(nullCodeSource, new Permissions JavaDoc());
68
69     /**
70      * A permission set that grants AllPermission.
71      */
72     private static final Permissions JavaDoc allPermissions = new Permissions JavaDoc();
73     static {
74     allPermissions.add(new AllPermission JavaDoc());
75     }
76
77     /**
78      * A ProtectionDomain with a null CodeSource and a permission set that
79      * grants AllPermission.
80      */
81     private static final ProtectionDomain JavaDoc pdAllPerms =
82     new ProtectionDomain JavaDoc(nullCodeSource, allPermissions);
83
84     /**
85      * An AccessControlContext that has only system domains on the stack.
86      */
87     private static final AccessControlContext JavaDoc systemACC =
88     new AccessControlContext JavaDoc(new ProtectionDomain JavaDoc[0]);
89
90     /**
91      * Check if the given AccessControlContext contains only system domains.
92      */
93     private static boolean hasOnlySystemCode(AccessControlContext JavaDoc acc) {
94     return systemACC.equals(acc);
95     }
96
97     /**
98      * Get the current AccessControlContext. If all the protection domains
99      * in the current context are system domains then build a new context
100      * that combines the subject with a dummy protection domain that forces
101      * the use of the domain combiner.
102      */
103     public static AccessControlContext JavaDoc getContext(Subject JavaDoc subject) {
104     AccessControlContext JavaDoc currentACC = AccessController.getContext();
105     if (hasOnlySystemCode(currentACC)) {
106         currentACC =
107         new AccessControlContext JavaDoc(new ProtectionDomain JavaDoc[] {pdAllPerms});
108     }
109     return new AccessControlContext JavaDoc(currentACC,
110                     new JMXSubjectDomainCombiner(subject));
111     }
112 }
113
Popular Tags