jxl.enclosure.security
Class DynSecurityPolicy

java.lang.Object
  extended by java.security.Policy
      extended by jxl.enclosure.security.DynSecurityPolicy

public final class DynSecurityPolicy
extends java.security.Policy

DynSecurityPolicy is a policy implementation that requests and persists user input regarding permission grants and denies.

Author:
Alex Lynch

Field Summary
static java.security.Permission ENCLOSURE_PERM
           
 
Constructor Summary
DynSecurityPolicy()
          Creates a new instance of DynSecurityPolicy
 
Method Summary
static void checkEnclosure()
          First calls install() then, checks the current call stack for AllPermission.
 java.security.PermissionCollection getPermissions(java.security.CodeSource codeSource)
          Returns a empty Permissions object.
 java.security.PermissionCollection getPermissions(java.security.ProtectionDomain domain)
          returns getPermissions(domain.getCodeSource());
 boolean implies(java.security.ProtectionDomain domain, java.security.Permission permission)
          This method does the actual permission check work.
static void install()
          Install a DynSecurityPolicy (and a SecurityManager) if one is not installed.
 void refresh()
          Silent no op.
 
Methods inherited from class java.security.Policy
getPolicy, setPolicy
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ENCLOSURE_PERM

public static final java.security.Permission ENCLOSURE_PERM
Constructor Detail

DynSecurityPolicy

public DynSecurityPolicy()
Creates a new instance of DynSecurityPolicy

Method Detail

install

public static void install()
Install a DynSecurityPolicy (and a SecurityManager) if one is not installed. This activates the Enclosure security system.


checkEnclosure

public static void checkEnclosure()
                           throws java.lang.SecurityException
First calls install() then, checks the current call stack for AllPermission. This permission is only granted to Enclosure classes and there dependencies, thus we check if this call is being made by Enclosure.

Throws:
java.lang.SecurityException - If this call is not being made by Enclosure (does not have AllPermission)

getPermissions

public java.security.PermissionCollection getPermissions(java.security.CodeSource codeSource)
Returns a empty Permissions object. This is because no permissions are granted to any module by default.

Specified by:
getPermissions in class java.security.Policy

getPermissions

public java.security.PermissionCollection getPermissions(java.security.ProtectionDomain domain)
returns getPermissions(domain.getCodeSource());

Overrides:
getPermissions in class java.security.Policy

implies

public boolean implies(java.security.ProtectionDomain domain,
                       java.security.Permission permission)
This method does the actual permission check work. The checking proccess is as follows.

First - Check to see if the class-loader of domain is not an instance of jxl.enclosure.loader.DynClassLoader.InternalLoader. If it is not then the permission is granted. This is because Enclosure only secures what it controls. The vm class loaders are beyond control. Also by not specifically checking to see if the loader is the System ClassLoader, we allow the vm t use a seperate class-loader to load extentions (as does the sun 1.5 jvm).

Second - Check to see if permission is listed in ForbidenPermissions. If it is emit a stack trace, of a SecurityException explaining the attempted access, and deny the permission. The printed stack trace is to thwart any attemp by the caller to catch the subsequent SecurityException that the AccessController will throw.

Third - Get the CodeSigners of the domain. If the signers are null or empty (no signatures) then emit a small warning and deny the permission.

Forth - Check the persistent permission data for the signers. If any of the signers has previously been granted this permission grant it now. If all have been denied, deny it now.

Fifth - If none of the signers has been granted permission, but not all have been denied, that is one or more of the signers has an undefined state for this permission, then display a security gui asking the user to grant or deny the permission to any or all of the undefied signers. Once the user has given his input the data is persisted, and this method is called recursively to evaluate the new data.

Overrides:
implies in class java.security.Policy
Parameters:
domain - The PermissionDomain of the caller
permission - the permission to check
Returns:
true it this permission is granted, otherwise false

refresh

public void refresh()
Silent no op.

Specified by:
refresh in class java.security.Policy