SecureClassLoader


1   /*
2    * @(#)SecureClassLoader.java   1.85 04/05/05
3    *
4    * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
5    * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
6    */
7    
8   package java.security;
9   
10  import java.util.HashMap  ;
11  import java.util.ArrayList  ;
12  import java.net.URL  ;
13  
14  import sun.security.util.Debug;
15  
16  /** 
17   * This class extends ClassLoader with additional support for defining
18   * classes with an associated code source and permissions which are
19   * retrieved by the system policy by default.
20   *
21   * @version 1.85, 05/05/04
22   * @author  Li Gong 
23   * @author  Roland Schemers
24   */
25  public class SecureClassLoader extends ClassLoader   {
26      /*
27       * If initialization succeed this is set to true and security checks will
28       * succeed. Otherwise the object is not initialized and the object is
29       * useless.
30       */
31      private boolean initialized = false;
32  
33      // HashMap that maps CodeSource to ProtectionDomain
34      private HashMap   pdcache = new HashMap  (11);
35  
36      private static final Debug debug = Debug.getInstance("scl");
37  
38      /**
39       * Creates a new SecureClassLoader using the specified parent
40       * class loader for delegation.
41       *
42       * <p>If there is a security manager, this method first
43       * calls the security manager's <code>checkCreateClassLoader</code> 
44       * method  to ensure creation of a class loader is allowed.
45       * <p>
46       * @param parent the parent ClassLoader
47       * @exception  SecurityException  if a security manager exists and its  
48       *             <code>checkCreateClassLoader</code> method doesn't allow 
49       *             creation of a class loader.
50       * @see SecurityManager#checkCreateClassLoader
51       */
52      protected SecureClassLoader(ClassLoader   parent) {
53      super(parent);
54      // this is to make the stack depth consistent with 1.1
55      SecurityManager   security = System.getSecurityManager();
56      if (security != null) {
57          security.checkCreateClassLoader();
58      }
59      initialized = true;
60      }
61  
62      /**
63       * Creates a new SecureClassLoader using the default parent class
64       * loader for delegation.
65       *
66       * <p>If there is a security manager, this method first
67       * calls the security manager's <code>checkCreateClassLoader</code> 
68       * method  to ensure creation of a class loader is allowed.
69       *
70       * @exception  SecurityException  if a security manager exists and its  
71       *             <code>checkCreateClassLoader</code> method doesn't allow 
72       *             creation of a class loader.
73       * @see SecurityManager#checkCreateClassLoader
74       */
75      protected SecureClassLoader() {
76      super();
77      // this is to make the stack depth consistent with 1.1
78      SecurityManager   security = System.getSecurityManager();
79      if (security != null) {
80          security.checkCreateClassLoader();
81      }
82      initialized = true;
83      }
84  
85      /**
86       * Converts an array of bytes into an instance of class Class,
87       * with an optional CodeSource. Before the
88       * class can be used it must be resolved.
89       * <p>
90       * If a non-null CodeSource is supplied a ProtectionDomain is
91       * constructed and associated with the class being defined.
92       * <p>
93       * @param      name the expected name of the class, or <code>null</code>
94       *                  if not known, using '.' and not '/' as the separator
95       *                  and without a trailing ".class" suffix.
96       * @param      b    the bytes that make up the class data. The bytes in 
97       *             positions <code>off</code> through <code>off+len-1</code> 
98       *             should have the format of a valid class file as defined 
99       *             by the 
100      *             <a HREF="http://java.sun.com/docs/books/vmspec/">Java 
101      *             Virtual Machine Specification</a>.
102      * @param      off  the start offset in <code>b</code> of the class data
103      * @param      len  the length of the class data
104      * @param      cs   the associated CodeSource, or <code>null</code> if none
105      * @return the <code>Class</code> object created from the data,
106      *         and optional CodeSource.
107      * @exception  ClassFormatError if the data did not contain a valid class
108      * @exception  IndexOutOfBoundsException if either <code>off</code> or 
109      *             <code>len</code> is negative, or if 
110      *             <code>off+len</code> is greater than <code>b.length</code>.
111      *
112      * @exception  SecurityException if an attempt is made to add this class
113      *             to a package that contains classes that were signed by
114      *             a different set of certificates than this class, or if 
115      *             the class name begins with "java.".
116      */
117     protected final Class  <?> defineClass(String   name,
118                      byte[] b, int off, int len,
119                      CodeSource   cs)
120     {
121     if (cs == null)
122         return defineClass(name, b, off, len);
123     else 
124         return defineClass(name, b, off, len, getProtectionDomain(cs));
125     }
126 
127     /**
128      * Converts a {@link java.nio.ByteBuffer <tt>ByteBuffer</tt>}
129      * into an instance of class <tt>Class</tt>, with an optional CodeSource. 
130      * Before the class can be used it must be resolved.
131      * <p>
132      * If a non-null CodeSource is supplied a ProtectionDomain is
133      * constructed and associated with the class being defined.
134      * <p>
135      * @param      name the expected name of the class, or <code>null</code>
136      *                  if not known, using '.' and not '/' as the separator
137      *                  and without a trailing ".class" suffix.
138      * @param      b    the bytes that make up the class data.  The bytes from positions
139      *                  <tt>b.position()</tt> through <tt>b.position() + b.limit() -1</tt>
140      *                  should have the format of a valid class file as defined by the
141      *                  <a HREF="http://java.sun.com/docs/books/vmspec/">Java Virtual
142      *                  Machine Specification</a>.
143      * @param      cs   the associated CodeSource, or <code>null</code> if none
144      * @return the <code>Class</code> object created from the data,
145      *         and optional CodeSource.
146      * @exception  ClassFormatError if the data did not contain a valid class
147      * @exception  SecurityException if an attempt is made to add this class
148      *             to a package that contains classes that were signed by
149      *             a different set of certificates than this class, or if 
150      *             the class name begins with "java.".
151      *
152      * @since  1.5
153      */
154     protected final Class  <?> defineClass(String   name, java.nio.ByteBuffer   b,
155                      CodeSource   cs)
156     {
157     if (cs == null)
158         return defineClass(name, b, (ProtectionDomain  )null);
159     else 
160         return defineClass(name, b, getProtectionDomain(cs));
161     }
162 
163     /**
164      * Returns the permissions for the given CodeSource object.
165      * <p>
166      * This method is invoked by the defineClass method which takes
167      * a CodeSource as an argument when it is constructing the
168      * ProtectionDomain for the class being defined.
169      * <p>
170      * @param codesource the codesource.
171      *
172      * @return the permissions granted to the codesource.
173      *
174      */
175     protected PermissionCollection   getPermissions(CodeSource   codesource)
176     {
177     check();
178     return new Permissions  (); // ProtectionDomain defers the binding
179     }
180 
181     /*
182      * Returned cached ProtectionDomain for the specified CodeSource.
183      */
184     private ProtectionDomain   getProtectionDomain(CodeSource   cs) {
185     if (cs == null)
186         return null;
187 
188     ProtectionDomain   pd = null;
189     synchronized (pdcache) {
190         pd = (ProtectionDomain  )pdcache.get(cs);
191         if (pd == null) {
192         PermissionCollection   perms = getPermissions(cs);
193         pd = new ProtectionDomain  (cs, perms, this, null);
194         if (pd != null) {
195             pdcache.put(cs, pd);
196             if (debug != null) {
197             debug.println(" getPermissions "+ pd);
198             debug.println("");
199             }
200         }
201         }
202     }
203     return pd;
204     }
205 
206     /*
207      * Check to make sure the class loader has been initialized.
208      */
209     private void check() { 
210     if (!initialized) {
211         throw new SecurityException  ("ClassLoader object not initialized");
212     }
213     }
214 
215 }
216
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags